tor Archives - Page 2 of 2 - Michael Altfield's Tech Blog

Featured Articles

Techlore Interview (BusKill, Interdiction, and OpSec)

Why I was banned from GrapheneOS by Daniel Micay

Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)

WordPress Profiling with XHProf (Debugging & Optimizing Speed)

Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)

Hardening Guide for phpList

Crowdfunding on Crowd Supply (Review of my experience)

Detecting (Malicious) Unicode in GitHub PRs

WordPress Multisite on the Darknet (Mercator .onion alias)

Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

By Michael Altfield, on August 20th, 2017

This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN–and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.

* Assuming your config doesn’t leak DNS; see improvements section

Update 2017-08-25: Added “kill switch” firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN’s vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the ‘home’ wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP–giving a false sense of privacy).

Update 2021-02-01: Fixed GitHub URL of cryptostorm’s free OpenVPN configuration file Update 2021-02-14: Fixed GitHub URL of cryptostorm’s paid OpenVPN configuration file

Update: I wrote this guide in 2017. It’s intended for an audience that has
. . . → Read More: Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

Tor->VPN in TAILS to bypass tor-blocking

By Michael Altfield, on May 31st, 2015

This post will describe how to route outgoing traffic in a python script running on TAILS first through Tor, then through a SOCKS proxy created with an ssh tunnel. This is helpful when you want to use the anonymizing capabilities of tor, but you need to access a website that explicitly blocks tor exit nodes (common with sites running CloudFlare on default settings).

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: Tor->VPN in TAILS to bypass tor-blocking

pycurl through Tor without leaking DNS lookups

By Michael Altfield, on February 22nd, 2015

This article describes the correct way to use pycurl over Tor, such that both DNS lookup data and HTTP(S) traffic is sent through Tor’s SOCKS5 proxy.

If you google “pycurl tor”, one of the first results is a stackoverflow post that describes how to configure pycurl using the pycurl.PROXYTYPE_SOCKS5 setting. Indeed, even the tutorial To Russia With Love on the Tor Project’s Official Website describes how to pass pycurl through Tor using the pycurl.PROXYTYPE_SOCKS5 setting.

However, using pycurl.PROXYTYPE_SOCKS5 will leak DNS queries associated with your HTTP requests outside of the Tor network! Instead you should use pycurl.PROXYTYPE_SOCKS5_HOSTNAME.

The –socks5-hostname argument was added to libcurl v7.26.0. The pycurl.PROXYTYPE_SOCKS5_HOSTNAME argument wasn’t added to pycurl until pycurl v7.19.5.1, which (at the time of writing) was less than 2 months ago!

This article will describe how to install pycurl v7.19.5.1 onto the latest version of TAILS at the time of writing, which is TAILS v1.2.3.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: pycurl through Tor without leaking DNS lookups