Portable Privoxy and Tor, Revisited

Back in July, I wrote about an implementation of the TOR router that can be used from pretty much anywhere you have internet access. At the time, I wrote that I was having problems getting Privoxy to work. I figured out the problem a few days later, but never got around to mentioning it. I’ve been using Tor and Privoxy via this method for three months, so I thought I’d provide some updates on what I’ve learned.

First of all, a remotely-accessible implementation of Privoxy, as described in the post linked to above, turns out to be dead simple to setup, easy to use, and quite reliable in use. The problems I was having were because I – for some reason – thought Privoxy was a SOCKS proxy, which it isn’t. It’s an HTTP proxy, and once you configure your software of choice appropriately, it works beautifully. (I know, I know. I’m just too used to using SOCKS proxies for the last mumble years, that I never even considered the fact that Privoxy wasn’t one. Doh.) In my opinion, Tor is too slow – and frankly, just too damned user-unfriendly – for widespread use by people who aren’t computer geeks or pedophiles, but Privoxy adds a fair number of usability and security enhancements to web browsing without any significant drawbacks, and while you could certainly install Privoxy on everyone’s computer in a business, say, I think using it as a sort of “remote gateway” to the web is both more elegant, technologically, and easier to maintain. (Network admins, your choice: Upgrade client software on everyone’s desktop machine several times a year, or upgrade – without the end-user ever noticing – the software on one server the same number of times? Yeah, that’s what I thought.)

Tor is another matter entirely. The developer of the Portable Tor Bundle doesn’t see the point in connecting to a remote server running Tor via SSH, and running it that way. While I admit I like the plug-and-play, no-cost approach that project takes, I’m unconvinced it doesn’t leave the potential for unwanted information disclosures, however inadvertent. The advantage of Tor-over-SSH is that all the traffic identifiable as Tor (like directory requests) come from the remote machine; all your local ISP, network administrator, or government snoops see is an encrypted SSH session between two machines. Further, even though they’re run as “portable apps” from (say) a flash drive (encrypted or not, doesn’t really matter), with the portable “bundle”, you’re still running Tor, Privoxy, et cetera on your machine. Are traces of this left behind on the computer? Potentially. (It’s not that I don’t trust the developer of the Portable Tor suite; rather, it’s that I don’t particularly trust Windows – in this case, the memory management.)

It’s all down to that infamous rallying cry of the deviant, criminal, and paranoid: “plausible deniability”. I’d rather have Tor, Privoxy, et cetera running on a server in another country, than on my personal desktop or laptop computers, or even a flash drive, however well encrypted. Others, of course, feel differently, and perhaps with good reason; I’m not saying this is the “best” way to do things, let alone a “good” way to do so, only that it’s the way I do it, and that it can be done this way. What you choose to do with that information – if anything – is up to you…

Published in: General, Security | on October 2nd, 2008| Comments Off on Portable Privoxy and Tor, Revisited

Both comments and pings are currently closed.

Comments are closed.