Posts Tagged ‘proxy’
OS-X: Using Tor for All HTTPS Connections December 13, 2011 | 01:29 pm

I am a big fan of Tor, especially as the Great Firewall of America is going up. I previously posted instructions on how to set up Tor on OS-X, and I wanted to update that guide a bit.

One of the problems with Tor is that the entry nodes and exit nodes can see your raw traffic. This is just the nature of the beast: sooner or later, someone is going to see everything. And it’s still better than the entire internet seeing your raw traffic and having it mapped directly back to your IP address, which is the default mode on the internet.

HTTPS, for all its flaws, basically solves this problem. It provides the encryption necessary to obscure traffic going over Tor. So the common advice was to be cognizant of whether you were going over HTTP or HTTPS and to never transmit any personally identifying information over HTTP, because that would compromise your Tor anonymity. This is, suffice it to say, tricky.

While poking around my Network Settings on OS-X, I discovered something interesting: you can specify per-protocol proxies. So, instead of using a blanket proxy for my web browser, I now simply set my system to use an HTTPS proxy. Problem solved. HTTP traffic goes directly over the Internet, and HTTPS traffic goes over Tor. In theory, someone could correlate my HTTP and HTTPS traffic if a website uses both (e.g. serving up static content over HTTP, dynamic over HTTPS), but that’s both unlikely and not really my concern. If I want total anonymity at the cost of routing HTTP over Tor, I’ll fire up Firefox and click my Torbutton.

Similarly, I can set up just a SOCKS proxy, so anything that speaks at that low of a level can route its traffic through Tor.

The way to do this is to hop into System Preferences > Network > Advanced… > Proxies. Click on Secure Web Proxy (HTTPS) and set the server to localhost and the port (the part after the colon) as 8118. Then click on SOCKS Proxy and set the server to localhost and the port (the part after the colon) as 9050. You have to click Advanced... for each interface that you want to route over Tor.