Arti – An implementation of Tor in Rust (opens in new tab)

The introduction was here: https://blog.torproject.org/announcing-arti/

Towards the flagged sibling comment about the tor network providing a hiding place for illegal activities and terrorism:

While it's non-trivial to inspect many aspects of tor traffic, an often used study metric has been the (determinable) percentage of connections to hidden services, which are usually assumed to be disproportionately malicious.

This ranges around ~5% across most studies, the most recent one I can find shows similar results[0].

Results are limited by the inability to account for lawful use of hidden services, but also the percentage of malicious use outside of them.

[0] https://www.pnas.org/doi/full/10.1073/pnas.2011893117

I don't think you can generally expect all processes to transparently use a SOCKS proxy? You might be able to finagle a custom vpn around it, I suppose. But AFAIK SOCKS isn't 100% transparent at the IP layer allowing all protocols to transparently layer on top?

I guess SOCKS5 handles tcp and udp - so you might get away with redsocks (which explicitly recommends against using with TOR):

https://github.com/darkk/redsocks

See also transocks (SOCKS4 tcp only): https://transocks.sourceforge.net

And transocks (in go) https://github.com/cybozu-go/transocks

Ed: see also https://news.ycombinator.com/item?id=30684574

One way is to enable a global `LD_PRELOAD=libtsocks.so` (transparent socks) environment variable where you provide an optionally suid (to allow suid binaries to use it if you want) library that overrides `connect`, etc. and forwards them to your socks proxy. Make sure you get ipv4 and ipv6 support if you care. This is not bullet proof by any means. Any application that doesn't using the C library (e.g. go) will not proxy, but most things will.

You have to be careful proxying everything through Tor if you care about using Tor to its full effectiveness, widely known issues with exit nodes aside, applications may naively sent through the same circuit: https://www.whonix.org/wiki/Stream_Isolation

Best option is to use software that supports SOCKS. Alternatively you can set up local proxies (eg stunnel) or inject SOCKS support into the TCP calls of your app (eg. ProxyChains)

Tor only supports TCP, so you cannot route all traffic over Tor, you will have to drop a bunch.

The way it's done is described here:

https://unix.stackexchange.com/questions/166692/how-does-a-t...

A part from tor I don't know if there's a generic tool packaging this.

Isn't that just NAT through a SOCKS proxy as transport.

Never would have imaged that use case.

Theoretically with systemd there is a way to create a container to do this. But its too complex, i could not get it to work.

<NOTIFICATION: Incoming chat from random IT person> Hey so I’ve been meaning to ask you about all this ssh traffic coming from your box. Do you know what that could be?

Right now it's not possible, but you could open an issue and maybe someday it will be! If you want to open an issue, it's here https://gitlab.torproject.org/tpo/core/arti/-/issues . If you don't want to create an account, say it and I'll create the issue for you.

Edit: corrected typo in link

Unfortunely there are tons of domains that it will never happen, given the existing ecosystem

We as society basically have to undo 50 years of going into the wrong direction, without the economical incentives to fix them, rather mitigate their faults.

Yeah I hate to always be that guy, but while I think Tor is great in that it exists at all and has inspired other projects, I think I2P is an overall better design. Not having a history with the US military or funding from DARPA is a plus, IMO. Tor isn't necessarily flawed for that reason, but I trust less anything the US government takes an interest in.

For anyone wondering what we're talking about:

https://geti2p.net (Official Java implementation)

https://github.com/PurpleI2P/i2pd (C++ implementation)

The unfortunate thing is that, as far as I'm aware, I2P doesn't have a "Tor Browser" of sorts, and most people would want to use I2P as a clearnet proxy; the audience for I2P may always be significantly less than that of Tor even if it was revealed that Tor was totally flawed.

I think that I2P could benefit from selling itself less as a means of anonymity and more as decentralized, censorship-resistant web hosting. The clearnet should then have inproxies to expose I2P sites rather than the other way around, as is the typical use case for Tor. That way you can spin up an I2P instance anywhere, instantly have a web server on a unique address, and have it be available on any number of clearnet inproxy nodes as well as to anyone connected directly to the network.

Having played a lot with I2P recently, I find it more "fun" than using Tor. It lacks in content, but its focus on hidden services (eepsites) and the relatively small number of users is reminiscent of he web back when I first started using it in the 90s. I like that it has a sort of DNS system that is only as centralized as you want it, and that it has a built in way of assigning your own domain aliases. Even if you (the reader) aren't interested in anonymous decentralized networking for any practical reason, I'd say it's worth testing out I2P just to get a kick out of how novel it is.

How so?