# How to install tor browser in FreeBSD?



## Dr.Topaz (May 20, 2017)

How can I install tor browser in FreeBSD, I already installed tor.


----------



## Deleted member 48958 (May 20, 2017)

There are several ways how you can use tor in FreeBSD…
After security/tor installation, add

```
tor_enable="YES"
```
 to /etc/rc.conf and

```
# prevent traffic analysis that exploits sequential IP IDs
net.inet.ip.random_id=1
```
 to /etc/sysctl.conf,
execute `# service tor start` and `# sysctl net.inet.ip.random_id=1`, then you will be able to use tor service,
that "Opening Socks listener on 127.0.0.1:9050", so you can connect to 127.0.0.1:9050 from firefox,
or any other browser. To use tor in firefox, open settings — network — connection,
and add "127.0.0.1:9050" to "SOCKS" column





Also make sure to tick an option at the bottom of "connection settings", to send DNS requests through tor when using SOCKS 5






Also you can use tor with every application or browser via net/torsocks.
To make any application work through tor, launch it like this:
`% torsocks chrome`
or
`% torsocks xterm`
etc...

There is no need in "tor-browser" that is available on windows,
because in fact "tor-browser" is a www/firefox-esr with another icon and few "addons" pre-installed:


			
				https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Tor_Browser said:
			
		

> The Tor Browser, previously known as the Tor Browser Bundle (TBB), is the flagship product of the Tor Project. It consists of a modified Mozilla Firefox ESR web browser, the TorButton, TorLauncher, NoScript and HTTPS Everywhere Firefox extensions and the Tor proxy.


----------



## Beeblebrox (May 24, 2017)

When using Tor, there are several important considerations:
1. DNS Leaks: If you use a browser add-on like FoxyProxy or such, the DNS lookups can continue to be made using host's /etc/resolv.conf rather than the Tor network DNS services.
2. As far as I recall, TorBrowser is an integrated package of mozilla browser + www/polipo, where an un-bundled polipo was found to leak certain information (don't recall details).
3. Read about online privacy vs. anonymity (which is a lot more difficult to correctly implement).
4. Seriously consider www/privoxy as a front-end to security/tor and security/obfsclient to obfuscate Tor traffic against DPI (Deep Packet Inspection).

The torproject website is an excellent source of information on all these issues.


----------



## Deleted member 48958 (Jun 13, 2017)

Here is nice addon for www/firefox  or www/firefox-esr , that allows you to switch proxy on the fly.


----------



## SirDice (Jun 14, 2017)

Beeblebrox said:


> As far as I recall, TorBrowser is an integrated package of mozilla browser + www/polipo,


Yes, that looks correct. It's just a convenient package that bundles Firefox, polipo and tor in a single package. On FreeBSD you just install and configure all three separately to get the same result.


----------



## SirDice (Jun 14, 2017)

Yeah, even for 'advanced' users it's tricky. But you could always "borrow" a prefs.js from an existing TorBrowser installation.


----------



## Deleted member 48958 (Jun 14, 2017)

To fully cover the topic, here is a little "how to", for those who want to use www/polipo, a caching web proxy, with  www/tor.

1. Install tor and polipo.

2. Edit /usr/local/etc/polipo/config:

```
proxyAddress = "127.0.0.1"
proxyPort = 8118
allowedClients = 127.0.0.1
allowedPorts = 1-65535
proxyName = "localhost"
cacheIsShared = false
socksParentProxy = "localhost:9050"
socksProxyType = socks5
diskCacheRoot = ""
localDocumentRoot = ""
disableLocalInterface = true
disableConfiguration = true
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from, accept-language
censorReferer = maybe
```
3. Add 
	
	



```
polipo_enable="YES"
```
 to /etc/rc.conf

4. Start polipo with `# service polipo start`.

5. Now you are able to use tor with polipo, just change your firefox proxy settings





6. Check your current public IP here.






Disable WebRTC support in firefox, open about:config, and set "media.peerconnection.enabled" to "false".
Use "private" mode in firefox, FF won't save browser history, cache and cookies in this mode.
To start firefox in private mode by default, open about:config, find
"browser.privatebrowsing.autostart" and set it to "true".

Also it is possible to use additional addons, like User Agent Overrider,
to change your user agent string, here is few user agent strings for example:


Spoiler



# BSD
FreeBSD / Firefox 53: Mozilla/5.0 (X11; FreeBSD amd64; rv:53.0) Gecko/20100101 Firefox/53.0

# Linux
Linux / Firefox 53: Mozilla/5.0 (X11; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Linux / Chrome 57: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

# Mac
Mac / Firefox 53: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:53.0) Gecko/20100101 Firefox/53.0
Mac / Chrome 57: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Mac / Safari 9: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17

# Windows
Windows / Firefox 53: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Windows / Chrome 57: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Windows / IE 10: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

# Android
Android / Firefox 53: Mozilla/5.0 (Android; Mobile; rv:53.0) Gecko/29.0 Firefox/53.0
Android / Chrome 57: Mozilla/5.0 (Linux; Android 4.4.2; Nexus 4 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Mobile Safari/537.36

# iOS
iOS / Chrome 34: Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) CriOS/34.0.1847.18 Mobile/11B554a Safari/9537.53
iOS / Safari 7: Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53

# Others
Google Bot: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Play Station 4: Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko)


 Add them to "User Agent Overrider" settings. 

NoScript addon can be useful also, also try HTTPS Everywhere, Disconnect and uBlock...


----------



## Deleted member 9563 (Jun 15, 2017)

drhowarddrfine said:


> I always think about why people would use Tor,



I like it for when I need to check something on Facebook. I'm too embarrassed to go there otherwise. 



> the type of people known to use Tor,



I'm not sure where one would get that information, nor if it's even possible. Do you know? One could, of course, imagine.


----------



## drhowarddrfine (Jun 15, 2017)

OJ From what I hear and read, there are a lot of bad and strange people who use Tor for bad and strange things. I've never bothered to look but who writes and controls the Tor software and the servers it goes through? No need to answer but it's like saying you are sending all your financial records via servers in North Korea. I'm not one who would feel comfortable with that.


----------



## SirDice (Jun 16, 2017)

There are perfectly valid reasons to use Tor, not everything Tor is related to doing something "illegal" or nefarious. This is not a discussion about whether or not it _can_ be used to hide illegal actions, this is a thread about setting up Tor. Lets keep it that way.


----------



## oops (Jun 17, 2017)

Beeblebrox said:


> 2. As far as I recall, TorBrowser is an integrated package of mozilla browser + www/polipo, where an un-bundled polipo was found to leak certain information (don't recall details).


polipo isn't bundled. Maybe extract Tor Browser for Linux then replace binary components (tor, pluggable transports, *patched* firefox-esr) with native ones. However, due to lack of sandboxing Linux version running under Linux (not linuxulator) will always be more secure against deanonymizing attacks.

https://www.torproject.org/projects/torbrowser/design/


----------



## Deleted member 9563 (Jun 18, 2017)

In my opinion if one is going to install Torbrowser in FreeBSD then it should be for research or developmental purposes. If it is for serious security use then it's probably better to use Linux. My personal opsec does not require ultimate security, but I'm time limited and not a professional so just have a separate computer for security use.


----------



## Dr.Topaz (Jun 26, 2017)

Gosh guys,how did this question turn into a debate?


----------



## ikbendeman (Aug 18, 2017)

TL;DR Read handbook, figure out your security and anonymity requirement(s) and/or goal(s), read at links on Tor.

There's also a need to check for things like DNS leaks and using a VPN is recommended.
https://www.dnsleaktest.com/

If it's just experimental, or for some modicum of privacy in the modern age, as most use it for, you probably don't need all the bells and whistles.

However, security-wise, There's always compiling a Xen kernel xen(4)(),

```
#Add to your kernel config file for Xen support.
      options XENHVM
       device xenpci
```
using bHyve bhyve(8)(), or Virtualbox (emulators/virtualbox-ose. I'd recommend an encrypted disk zfs(8)() and geli(8)(). If possible, configure/install with hardened options (ram/swap encryption, disk encryption). Use pf, ipfw, or whatever you're most comfortable with, then just run Tails (linux-OS in a virtual machine).

Maybe best to start with this on OpenBSD, NetBSD, or Mir (which I have virtually know knowledge of).... or even pFsense. Don't use root, etc. etc.
I can't give you specific advise because I don't know your intended designs/requirements, nor am I an expert Tor. Tor guides will generally steer you in a safe direction.... with the exception of Microsoft (and possibly Apple's) keylogging and constant data flow, the most minimal system you can have, hardened, and trusted would provide the best security, along with virtual networking devices, etc. etc. The handbook and man pages are a _man_'s best friend  Jails are also another option.

I'd read all of the Security section of the handbook (Chapter 13) (probably a must), 14: Jails, 15: Mandatory Access Control, 29: Firewalls, and 30: Advanced Networking

We can probably help with specefics but it all depends on how much tin foil you need to wear/what you are doing etc.
Breeze through the synopses of the Handbook, figure out a desired setup, and then perhaps we can give better advice.

For ultimate tinfoil hat, hardened NetBSD (I'm not sure about OpenBSD and Xen, but if there's a Xen kernel, maybe OpenBSD)...  FreeBSD+Jailed vbox/bhyve+tails+a dns caching server or two, and ZFS and/or NetBSD's upgraded UFS, virtual hosts/networking, VPN (or two, or three)... but TBH tails does a decent job, especially with a VPN, of anonymizing traffic (though, as stated before, anonymous traffic != secure! But with a setup like that, you might just get hired at the NSA, assuming they'll give you any kind of clearance after you start your anti-psychotics.

Oh and if you're worried about security, everything should be wired, no wireless devices. Especially unencrypted keyboards and mice... but also wifi and bluetooth, obviously, kind of defeats the purpose of encrypting things when someone can easily access your encryption keys and everything you've ever typed in your system .

Oh! Make sure you're gateway and routers are secure, otherwise, again, what's the point? For that matter, tor has a page for good and bad ISPs.

Do be careful with what you click on and where you browse on Tor. Some hidden services are quite unsavory and I have browsed some but luckily not seen anything so bad that it traumatized me, but it's out there... Pedofiles and the like, who should just be castrated, murder for hire (yup, seen the sights, not sure if they're real, scams, setups, or what, but it's pretty weird to see it), but I think they're a minority of the users. Also tails is very good at paying attention to your nodes, but entry/exit nodes are a whole topic that is well documented on the Tor site itself. 

Sorry for long post, haven't been on the forums in forever.


----------



## ikbendeman (Aug 18, 2017)

Dr.Topaz said:


> Gosh guys,how did this question turn into a debate?



Because BSD users all have the same necessities, that's why we build our OSes the way we do


----------



## ikbendeman (May 5, 2018)

A question for someone else to answer... are there concerns with cryptography and export laws with node networks?


----------



## bsdnoob (Jul 16, 2019)

Very very useful topic and all the stated configs work like magic.
I've learnt a lot from it. 
The queer happening is tha i can't access this thread or the f'bsd forum as ff can't find the address. :oops:


----------



## bsdnoob (Jul 16, 2019)

ILUXA said:


> because in fact "tor-browser" is a www/firefox-esr with another icon and few "*addons*" pre-installed:


This link is broken. Other info is really great. Thanks.


----------



## getopt (Jul 16, 2019)

bsdnoob 
I do not see any benefit of your postings to this old thread except that you quoted a statement that is not the whole story and as such is misleading.

The Tor-Browser is in fact a highly sophisticated configuration of firefox-esr which you won't get just by installing it and adding some addons. What you will miss is the configuration.


----------



## kernel-of-truth (Jan 22, 2020)

Per the tor-project site, there's a lot more to anonymous browsing than simply using the onion-ring router as a proxy.

The tor-project site recommends AGAINST ad hoc use of the router with applications that have not been tested.


DuckDuckGo.com Search: using tor site:torproject.org

RESULTS






						What programs can I use with Tor? | Tor Project | Support
					

Defend yourself against tracking and surveillance. Circumvent censorship. | What programs can I use with Tor?




					support.torproject.org
				




From the above page,

"There are plenty of other programs you can use with Tor, but we haven't researched the application-level anonymity issues on all of them well enough to be able to recommend a safe configuration. Our wiki has a community-maintained list of instructions for Torifying specific applications. Please add to these lists and help us keep them accurate!

Most people use Tor Browser, which includes everything you need to browse the web safely using Tor. Using Tor with other browsers is [dangerous and not recommended]{https://support.torproject.org/tbb/tbb-9/}"


The tor wiki (https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO) describes issues surrounding the loss of anonymity due to tor-level vs. application-level-protocol leaks.

kot


----------



## eldaemon (Jan 29, 2020)

Generally speaking, using Firefox with a local Tor SOCKS proxy is a really bad idea. Tor Browser has many adjustments to prevent leaking all kinds of data, mostly through Javascript. If you disable Javascript you'd probably be okay but I'd still be cautious.

I think the best designs are something like Whonix where the Tor layer is separate from your usage. It'd be on two different VMs or two different machines.


----------



## BobSlacker (Dec 7, 2022)

What I don't understand is that OBSD have the browser o it's repo and FBSD doesn't. Why is that?
And configuring a FF-ESR with the Tor service and some addons is not the best approach. One should use the official Tor-Browser to access the Tor network.


----------

