# Privoxy + Tor Questions



## Beeblebrox (Mar 31, 2011)

I have my *privoxy* + *tor* setup and running, but I had several questions to which I have not been able to find good answers, so here goes:

1. Why is *privoxy* preferred in the *tor* setup over *squid*?  It seems *squid* has more features (caching) and can certainly forward socks.  Is it due to DNS leaks?

2. If I specify in torrc any of the following, *tor* cannot start. The folder configs give permission problems, while specifying a user results in "must start as root" mesage.  The proxy has the daemon flag set, so the process daemonises to the background.

```
Log notice file /var/log/tor/notices.log  # folder permissions (_tor:_tor)
DataDirectory /var/lib/tor  # folder permissions (root:wheel - mod 700)
User _tor
Group _tor
```

3. Does anyone have any experience with with multiple node setup explained in the link?  Can anyone give an opinion about the effectiveness / speed?  I assume nodes can be lowered to 4 or 6?  http://www.howtoforge.com/ultimate-security-proxy-with-tor
The start-up scripts given at end of the page are problematic for FreeBSD though; I tried unsuccessfully to modify the script myself and *privoxy* refused to start.

4. Since *torbutton* extension does not currently work with *firefox-4* or on other browsers, I need to use separate proxy settings with separate browsers.  I would still like all browsers to go through *privoxy* though, and only need to enable / disable the socks settings on the browser proxy configuration.  However, since *privoxy* is told in the config file to listen for socks, the browser / *privoxy* are always deferring to *tor* as a default.  How can I set *privoxy* *ONLY* (without *tor*) from browser settings, without disabling the socks listen in *privoxy*?


----------



## SirDice (Apr 1, 2011)

1) it isn't. The bundled tor distribution even includes polipo instead of privoxy.

2) My torrc is bog standard, no editing required.

3) Can't comment on that.

4) Alternatively you could use FoxyProxy which does work with Firefox 4.0.


----------



## Beeblebrox (Apr 1, 2011)

Hi, Sir Dice.

1. I have read a certain number of "dislikes" about *polipo*, but have never tried it.  *Squid* however includes caching so I would prefer it, if it has same functionality with privoxy/polipo.

2. Editing is required on my side if I want to do #3!!

4. The problem is not "the button" really. Let's say I want to use *midori* or *epiphany* and I want it to go through privoxy/polipo but not *tor*.  If in the browser setting I set socks proxy value as "null & 0", it does not work as *privoxy* forwards to socks anyway.


----------



## flyweight (Apr 7, 2011)

First tell Squid 3.1 to use privoxy as parent.

/usr/local/etc/squid/squid.conf


```
cache_peer localhost parent 8118 7 no-digest no-query
never_direct allow all
```

Then forward requests to tor !!!don't forget the dot!!!

/usr/local/etc/privoxy/config


```
forward-socks4a / 127.0.0.1:9050 .
```

Also hide Tor exit notation in the Host and Referer Header.

/usr/local/etc/privoxy/default.action


```
{+client-header-filter{hide-tor-exit-notation}}
/
+hide-referrer{forge}
```

In my case squid is listening on port 8888 and my browsers are configured on 
	
	



```
localhost:8888
```
 for http requests.

After configuration I always do a Tor test. But remember that tor is experimental and you can't rely on it fully. Today I did a Browser Information Test on various websites and I could see my own IP once which is bad.


----------



## Beeblebrox (Apr 7, 2011)

Hi, flyweight:

Already using socks5 on *privoxy* and referrer, header etc are changed.  My point is, why chain *squid* -> *privoxy* in the first place? *squid* has socks5 capability and more (including privacy, even if *privoxy* is much better in this regard).  What am I missing if I just go with sock5/4a in *squid*?

My second point is admittedly harder and now that I think of it, will require a second *privoxy* node:  I want to toggle *privoxy*'s (or other proxy) socks on a per browser basis.  So I might be using one browser with *privoxy* + *tor* while using another browser with *privoxy* only! And I just answered my own #4.

Therefore, how to get #3 in original post working - this I'll have to look up scripting rules obviously.


----------



## flyweight (Apr 7, 2011)

I use *Privoxy* only for additional header stripping, but it isn't working as expected. If you use the *Gnome-config-deamon* you could set system-wide proxy settings in a Gnome session.

I use the *gnome-config-daemon* on *Openbox* and have set up IP aliases for my net interface and also set additional hostnames in /etc/hosts. This makes the proxy configuration easier.


```
tor.hostname.domain privoxy.hostname.domain squid.hostname.domain
```

When I test my browser on some sites I can still see the HTTP-referrer header. Squid Privoxy and tor are all working. Do you have any tips?


----------



## Beeblebrox (Apr 9, 2011)

@ flyweight:  Sorry, not much I can offer on your problem.  I stopped tweaking my *privoxy* when I decided I wanted to first clearly understand "what is privoxy doing that squid is unable to?"


----------



## bes (Apr 9, 2011)

> Since torbutton extension does not currently work with firefox-4..


BTW, current alpha version: Torbutton 1.3.2-alpha works with firefox-4. You can install alpha from  torproject website.


----------

