Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,870 --> 00:00:07,200 If you want to turn all the traffic from any other application through Tor such as maybe your email 2 00:00:07,200 --> 00:00:09,080 client you won't have to go through Tor. 3 00:00:09,210 --> 00:00:11,940 You have to be very careful how you set it up. 4 00:00:11,940 --> 00:00:19,200 The Tor browser is built not to leak protocols but all the applications may not be. 5 00:00:19,260 --> 00:00:24,700 For example your email client may send all the emails to. 6 00:00:24,840 --> 00:00:30,690 And then not do DNS through Tor instead doing it normally ignoring its proxy settings. 7 00:00:30,690 --> 00:00:33,090 This does happen it has happened. 8 00:00:33,300 --> 00:00:35,620 So you have to be very careful. 9 00:00:35,640 --> 00:00:41,010 That is the big worry with using older applications with Tor. 10 00:00:41,160 --> 00:00:50,580 Hey we're in the talk default file which shows we are running the socket port on 9 1 5 0 and the control 11 00:00:50,580 --> 00:00:53,600 port on 9 1 5 1. 12 00:00:53,700 --> 00:01:00,890 So it's a socket port that we care about for setting up all the applications 9 1 5 0. 13 00:01:00,900 --> 00:01:10,030 In this case if we run a net stat currently Tor is not running. 14 00:01:10,080 --> 00:01:12,050 So the socket port is not there. 15 00:01:12,060 --> 00:01:14,070 Let's start Tor 16 00:01:19,350 --> 00:01:20,390 and there we go. 17 00:01:20,400 --> 00:01:24,560 We can see it's established here and listening. 18 00:01:24,560 --> 00:01:32,220 Here is our control port and there's a socket port that we care about 9 1 5 0. 19 00:01:32,430 --> 00:01:41,790 Applications such as any browser that supports Sock's proxies can be configured to connect to this port 20 00:01:42,090 --> 00:01:49,250 or whatever port you choose to assign it as an eternal traffic through the Tor socks proxy. 21 00:01:49,440 --> 00:01:52,640 So let me show you how you do that in ice weasel. 22 00:01:53,520 --> 00:02:04,380 So here we are in ice weazel which is essentially Firefox on Debian Meteo to preferences advanced network 23 00:02:04,860 --> 00:02:10,770 settings and here we need to enter what is already entered in here. 24 00:02:10,800 --> 00:02:15,200 The local host and then whichever port we've got it set to. 25 00:02:15,980 --> 00:02:16,770 OK 26 00:02:21,830 --> 00:02:26,330 and that done the search through Tor and we can check we're on tour. 27 00:02:26,430 --> 00:02:27,040 I can see. 28 00:02:27,060 --> 00:02:30,130 Congratulations his browser is configured to use Tor. 29 00:02:30,330 --> 00:02:33,430 However it does not appear to be that or browser. 30 00:02:33,450 --> 00:02:37,320 Of course it does not have all the hardening and security. 31 00:02:37,410 --> 00:02:42,020 And of course we cannot see the circuit and all the other things. 32 00:02:42,030 --> 00:02:53,580 Now here we are in the Tor browser and if we do exactly the same thing on surprisingly we will also 33 00:02:53,580 --> 00:03:00,340 see that this is set up to use Isaak's proxy 9 1 5 0. 34 00:03:01,440 --> 00:03:04,260 We can change the socket proxy port if we wanted to 35 00:03:07,680 --> 00:03:10,210 save that. 36 00:03:11,330 --> 00:03:17,550 Then let's restart Tor. 37 00:03:22,230 --> 00:03:30,930 So here we can see the port was changed to 6 6 6 6 and we would need to configure this to work on the 38 00:03:30,930 --> 00:03:31,860 new port 39 00:03:47,520 --> 00:03:56,570 and there we are going to the 6 6 6 6 port that we've just set up in the toc file. 40 00:03:57,180 --> 00:04:02,670 Pretty straightforward with Isaak's proxies each application. 41 00:04:02,670 --> 00:04:10,140 So here for example ice weazel and that all browser uses a different tour circuit. 42 00:04:10,140 --> 00:04:19,050 This protects against identity co-relation through Tor Serkis sharing for optimal separation between 43 00:04:19,050 --> 00:04:20,940 contextual identities. 44 00:04:20,940 --> 00:04:26,000 I recommend you use separate workstations or machines per identity. 45 00:04:26,040 --> 00:04:32,880 You would not want to be even sharing the same socket port even though you have separate circuits 46 00:04:42,580 --> 00:04:48,720 and just to demonstrate I've changed I'd always go back to 6 6 6 6 and we can see at the same time see 47 00:04:48,760 --> 00:04:56,760 the same socks port we are using different circuits we have different exit node IP addresses but there's 48 00:04:56,800 --> 00:05:04,120 no guarantee that ice weazel or any application will send all traffic through the Tor proxy. 49 00:05:04,120 --> 00:05:05,930 This is the problem. 50 00:05:05,950 --> 00:05:10,090 It could and classically DNS is a problem send. 51 00:05:10,090 --> 00:05:12,430 DNS is on proxied. 52 00:05:12,430 --> 00:05:20,260 You can't guarantee that whatever application you are using will abide by the proxy setting if you're 53 00:05:20,260 --> 00:05:26,380 going to be setting up other applications then you need to check for leaks and Tor has some functionality 54 00:05:26,710 --> 00:05:34,330 that allows for that if you set test socks worn in the toc file and then watch the logs as you use your 55 00:05:34,330 --> 00:05:43,690 applications or will then log for each socket connection whether is using a good variant or a bad variant 56 00:05:43,810 --> 00:05:47,570 if you want to automatically disable all bad variants. 57 00:05:47,590 --> 00:05:57,780 Then you need to also set that in the talks file a save and restart the browser. 58 00:05:58,990 --> 00:06:07,780 But really the absolute best way is to look at the traffic using a protocol analyzer such as wireshark 59 00:06:08,170 --> 00:06:16,090 on your router or firewall or on the workstation that the Tor browser is on to see if there are any 60 00:06:16,090 --> 00:06:20,200 leaks and you might want to run it for a little while as well. 61 00:06:20,200 --> 00:06:26,290 Personally I prefer to have it on the route and or firewall as all traffic goes through that if it's 62 00:06:26,290 --> 00:06:32,820 going to the Internet on a workstation maybe something will be missed in the section on detection and 63 00:06:32,830 --> 00:06:35,350 monitoring network security. 64 00:06:35,350 --> 00:06:38,840 Why are we covered this very thing. 65 00:06:39,190 --> 00:06:41,550 Well let me just give you a quick example here. 66 00:06:41,560 --> 00:06:47,680 So I'm as is aging into the router and pulling off the network traffic. 67 00:06:47,680 --> 00:06:56,620 Live with TZP dump and piping it into Wireshark. 68 00:07:03,550 --> 00:07:06,030 And there he wants doing it now. 69 00:07:06,040 --> 00:07:07,960 So it is run some traffic 70 00:07:11,290 --> 00:07:13,990 . 71 00:07:15,700 --> 00:07:18,910 There we can see the traffic 72 00:07:21,400 --> 00:07:23,900 DNS query. 73 00:07:25,220 --> 00:07:31,660 So I was concerned that there was a DNS request here that was actually being sent out of two or so. 74 00:07:31,680 --> 00:07:40,500 Yes so what that is is that's wireshark itself resolving IP addresses which is a good example of how 75 00:07:40,500 --> 00:07:44,640 other applications that you're using Don't go over the Tor network. 76 00:07:44,710 --> 00:07:55,880 So it's clear that the rest of the traffic that we see is all Tor traffic as is expected. 77 00:07:57,670 --> 00:08:04,180 As I said we cover this in it's own section monitoring and checking for traffic. 78 00:08:05,440 --> 00:08:13,150 You should also consider preventing the leaks by firewalling the traffic set a deny all rule for everything 79 00:08:13,180 --> 00:08:14,780 apart from Tor. 80 00:08:14,830 --> 00:08:20,650 See the firewall section for recommendations on firewalls and how to do that with the various operating 81 00:08:20,650 --> 00:08:25,620 systems in the example we've just gone through with eyes weazel. 82 00:08:25,720 --> 00:08:32,770 It was easy to send the application through Tor because it's supported Sock's proxies but not all applications 83 00:08:33,070 --> 00:08:39,850 have some sort of configurable way of sending its traffic through a socks proxy. 84 00:08:39,850 --> 00:08:47,470 If it doesn't the Tor Project suggest to install Privoxy which is here but you need to spend some time 85 00:08:47,530 --> 00:08:51,560 understanding Privoxy as it's for advanced users. 86 00:08:51,700 --> 00:08:58,470 If you're using an open source router you could configure Privoxy there and it's easier. 87 00:08:58,510 --> 00:09:09,400 DD w r t for example has Privoxy set up and there is somewhat of a gooey for it and Privoxy has an example 88 00:09:09,400 --> 00:09:13,770 configuration for tool with Privoxy. 89 00:09:14,760 --> 00:09:21,010 Well then Privoxy if you're unable to use the applications native proxy settings you might be able to 90 00:09:21,010 --> 00:09:26,190 force the application to use a proxy using something called a proxy fi. 91 00:09:26,350 --> 00:09:34,780 And here in front of view or a whole bunch of them proxy chains that you can see here I demo proxy chains 92 00:09:34,780 --> 00:09:38,540 and how to use that in the area on proxies. 93 00:09:38,620 --> 00:09:44,090 But again just a word of warning you do also have to trust these proxy fires. 94 00:09:44,440 --> 00:09:52,510 And units can be used to run other applications through toll even if they don't have proxy functionality 95 00:09:52,510 --> 00:09:52,660 . 96 00:09:52,660 --> 00:09:56,600 Let me remind you about how Unix does this. 97 00:09:56,830 --> 00:10:04,960 Well you can see here is a representation of the UNIX workstation here the Unix gateway here and then 98 00:10:04,960 --> 00:10:13,810 the three hop circuit of the Tor network first node second node third node and then the destination 99 00:10:14,700 --> 00:10:26,610 the Houdini's gateway here acts as both a transparent Tor proxy and a socks proxy. 100 00:10:26,740 --> 00:10:35,200 Transparent means that even if downloaded applications aren't configured to use Tor they will still 101 00:10:35,260 --> 00:10:43,750 go through the Whoniverse gateway and be transparent the Tor find transparent as in transparent or proxy 102 00:10:43,750 --> 00:10:44,050 . 103 00:10:44,050 --> 00:10:45,520 This is a good feature. 104 00:10:45,520 --> 00:10:48,970 It means you can download and install things that you need. 105 00:10:49,030 --> 00:10:53,390 And they don't need to be specifically configured to use Tor. 106 00:10:53,500 --> 00:11:03,190 They can go through the transparent proxy but no it all trans proxied apps use the same Tor circuit 107 00:11:03,900 --> 00:11:05,830 as you can see illustrated here. 108 00:11:05,980 --> 00:11:14,290 They go through the same nodes they'll have the same exit IP address and be seen as the same to the 109 00:11:14,290 --> 00:11:21,850 destination and Sox proxies on the other hand is used when an application is specifically configured 110 00:11:21,850 --> 00:11:24,010 to use Tor as a proxy. 111 00:11:24,010 --> 00:11:28,630 So for example the proxy settings within the browser. 112 00:11:29,050 --> 00:11:37,630 My personal recommendation and the safest way to run other applications over Tor is to use Unix and 113 00:11:37,630 --> 00:11:40,660 use it with cubes if you can. 114 00:11:40,660 --> 00:11:47,260 One of the main goals of Unix is to greatly reduce the risk of any additional software not exclusively 115 00:11:47,260 --> 00:11:54,970 designed to use Tor or indeed proxies to still use Tor if you install an application on the Unix workstation 116 00:11:54,970 --> 00:11:55,240 . 117 00:11:55,240 --> 00:11:59,260 You're good to go without the need to worry about protocol leaks. 118 00:11:59,290 --> 00:12:04,130 You don't get a stream in isolation but that's better than not going over Tor. 119 00:12:04,630 --> 00:12:08,680 You can use a tool hardware router with a transparent proxy. 120 00:12:08,740 --> 00:12:16,480 If your application doesn't have proxy settings or a socks proxy or with a socks proxy if your application 121 00:12:16,480 --> 00:12:23,680 does have proxy settings or you can use a router that forwards Tor traffic you can build on these yourself 122 00:12:23,680 --> 00:12:30,760 such as the one here or you can buy a commercial version then all traffic routed to the router it will 123 00:12:30,760 --> 00:12:34,450 be too refined no matter what application is. 124 00:12:34,450 --> 00:12:41,380 There are pros and cons to this and we have a separate section on toll and VPN routers. 125 00:12:41,380 --> 00:12:46,300 There are some applications that have been developed for blocking non Tor traffic. 126 00:12:46,300 --> 00:12:47,880 Here is a tall tale too. 127 00:12:48,010 --> 00:12:53,320 There is a free open source solution for Windows that transparently. 128 00:12:53,440 --> 00:12:56,970 All TZP and DNS traffic through Tor. 129 00:12:56,980 --> 00:13:01,780 You might consider this if you want to use Windows and it leaks worry you. 130 00:13:01,990 --> 00:13:04,640 I would not recommend Windows though. 131 00:13:04,660 --> 00:13:11,050 Boy you still could use this as a gateway by some sort of virtual machine and you wouldn't have to be 132 00:13:11,050 --> 00:13:14,680 using Windows as your main workstation. 133 00:13:14,710 --> 00:13:18,630 This is current or this is a tall traffic whitelist listing gateway. 134 00:13:18,630 --> 00:13:26,140 This allows only connections to all relays to pass through so no clear text leaks but client computers 135 00:13:26,140 --> 00:13:30,960 are themselves responsible for Tor firing their own traffic. 136 00:13:30,970 --> 00:13:36,390 In other words it is a filtering gateway not a proxy find gateway. 137 00:13:36,440 --> 00:13:39,210 Again set up to prevent leaks. 138 00:13:39,220 --> 00:13:42,370 You could also use this in a VM as well. 139 00:13:42,370 --> 00:13:45,890 As I said you have Unix pre-built anyway. 140 00:13:46,150 --> 00:13:52,510 So those are the various options for getting any sort of application to go through Tor making it as 141 00:13:52,600 --> 00:13:54,660 safe as possible. 15289