The below section contains instructions on tools and programs commonly used with Tor, but do not have enough required information to warrant their own individual pages.
=== Filesharing / Bittorrent ===
It is '''highly advised''' against torrenting over Tor. Not only is it unsecured and prone to leakage, it creates a significant load on the network that it is not designed to manage. This harms every other person using it.
### Filesharing / Bittorrent
It is **highly advised** against torrenting over Tor. Not only is it unsecured and prone to leakage, it creates a significant load on the network that it is not designed to manage. This harms every other person using it.
=== SSH ===
### SSH
More recent dedicated article [SSH](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/ssh).
More recent dedicated article [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/ssh SSH].[[BR]]
The information originally found under the [#ssh_2 SSH] section has been merged to that page as well.
=== youtube-dl ===
### youtube-dl
Use [https://youtube-dl.org/ youtube-dl]'s `--proxy` option to use it through Tor.
Use [youtube-dl](https://youtube-dl.org/)'s `--proxy` option to use it through Tor.
@@ -27,73 +28,73 @@ Often, the YouTube server will be blocking the exit relay and you will get an er
{{{
ERROR: Unable to download webpage: HTTP Error 429: Too Many Requests
ERROR: Unable to download webpage: No status line received - the server has closed the connection
}}}
```
If you keep running the same youtube-dl command, you will keep getting the same exit relay, and keep getting the same error message. You can work around the block using Tor's [https://2019.www.torproject.org/docs/tor-manual.html.en#SocksPort circuit isolation]. If you provide a different username and password to the SOCKS port, it will cause Tor to use a different circuit and exit relay. In the Unix shell, `$RANDOM` is a convenient way to get a random string. Keep trying the command until you get an exit relay that works.
{{{
If you keep running the same youtube-dl command, you will keep getting the same exit relay, and keep getting the same error message. You can work around the block using Tor's [circuit isolation](https://2019.www.torproject.org/docs/tor-manual.html.en#SocksPort). If you provide a different username and password to the SOCKS port, it will cause Tor to use a different circuit and exit relay. In the Unix shell, `$RANDOM` is a convenient way to get a random string. Keep trying the command until you get an exit relay that works.
By default, youtube-dl will download the video in a high-resolution format. If you prefer a smaller video file, use the `-F` option to list the available formats and `-f` to choose a lower resolution. See [https://github.com/ytdl-org/youtube-dl/blob/master/README.md#format-selection FORMAT SELECTION]. The [https://archiveteam.org/index.php?title=YouTube#.28Manual.29_Recommended_way_to_archive_YouTube_videos Archive Team wiki] has other tips on getting the most from youtube-dl.
{{{
By default, youtube-dl will download the video in a high-resolution format. If you prefer a smaller video file, use the `-F` option to list the available formats and `-f` to choose a lower resolution. See [FORMAT SELECTION](https://github.com/ytdl-org/youtube-dl/blob/master/README.md#format-selection). The [Archive Team wiki](https://archiveteam.org/index.php?title=YouTube#.28Manual.29_Recommended_way_to_archive_YouTube_videos) has other tips on getting the most from youtube-dl.
In place of `480p` you can use e.g. `720p`, `best`. By default it will try to run `vlc` or another player that it finds; use the `--player=<command>` option to customize. Notice the `socks5h` scheme on the proxy URLs. [https://github.com/shazow/urllib3/issues/1035 The `h` means to do DNS lookups through the proxy]; this is an artifact of the urllib3 library that streamlink uses underneath. If you use just plain `socks5` instead of `socks5h`, you will definitely leak DNS requests.
```
In place of `480p` you can use e.g. `720p`, `best`. By default it will try to run `vlc` or another player that it finds; use the `--player=<command>` option to customize. Notice the `socks5h` scheme on the proxy URLs. [The `h` means to do DNS lookups through the proxy](https://github.com/shazow/urllib3/issues/1035); this is an artifact of the urllib3 library that streamlink uses underneath. If you use just plain `socks5` instead of `socks5h`, you will definitely leak DNS requests.
=== TLS / SSL / HTTPS ===
### TLS / SSL / HTTPS
Tor Browser uses HTTPS Everywhere to make preference for TLS connections.
Tor Browser also pins the https://check.torproject.org SSL certificate, see [https://trac.torproject.org/projects/tor/ticket/3555 TBB: hardcode SSL cert check to prevent MITM].
Tor Browser also pins the https://check.torproject.org SSL certificate, see [TBB: hardcode SSL cert check to prevent MITM](https://trac.torproject.org/projects/tor/ticket/3555).
To enhance the situation there are several ways:
* Pin the [https://en.wikipedia.org/wiki/Certificate_authority SSL CA]. This assumes, that the issuing SSL CA must be compromised. Therefore not any SSL CA can issue a fraudulent certificate. It's more secure, but not perfect.
* Pin the [SSL CA](https://en.wikipedia.org/wiki/Certificate_authority). This assumes, that the issuing SSL CA must be compromised. Therefore not any SSL CA can issue a fraudulent certificate. It's more secure, but not perfect.
* (For your own servers:) Use self-signed certificates and check the fingerprint or save the public key in your keyring. The fingerprints must be shared over a pre-shared secure channel, such as a meeting (where you do not need to stay anonymous) or GPG encrypted.
=== Wget (HTTP) ===
'''Quick note:''' wget sends a User-Agent that often provides both a wget version number and the originating platform. For example, Tails 2.5 provides {{{wget/1.16 (linux-gnu)}}} as its User-Agent. Every operating system will provide different versions of wget in their repositories at any given time, thus allowing a hypothetical observer to make an educated guess at your current operating system. It's advisable to either fake your User-Agent (you can find the one Tor Browser is using by searching {{{general.useragent.override}}} in {{{about:config}}}), use a common operating system like Ubuntu or Debian, or simply by using a distribution like Tails that is designed to create a consistent anonymous set for all of its users.
### Wget (HTTP)
**Quick note:** wget sends a User-Agent that often provides both a wget version number and the originating platform. For example, Tails 2.5 provides `wget/1.16 (linux-gnu)` as its User-Agent. Every operating system will provide different versions of wget in their repositories at any given time, thus allowing a hypothetical observer to make an educated guess at your current operating system. It's advisable to either fake your User-Agent (you can find the one Tor Browser is using by searching `general.useragent.override` in `about:config`), use a common operating system like Ubuntu or Debian, or simply by using a distribution like Tails that is designed to create a consistent anonymous set for all of its users.
In wget, spoofing the User Agent can be done with the {{{-U}}} or {{{--user-agent}}} option. An example:
In wget, spoofing the User Agent can be done with the `-U` or `--user-agent` option. An example:
{{{
```
wget -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" [urlhere]
}}}
```
==== Method 1: Torsocks ====
Wget can be torified by using [https://trac.torproject.org/projects/tor/wiki/doc/torsocks Torsocks]. This can be accomplished simply by invoking:
#### Method 1: Torsocks
Wget can be torified by using [Torsocks](https://trac.torproject.org/projects/tor/wiki/doc/torsocks). This can be accomplished simply by invoking:
{{{
```
torsocks wget [fileaddress]
}}}
```
==== Method 2: Proxy / Modifying wgetrc ====
Wget will also respect the http_proxy enviroment variable, however you can simplify the process by editing {{{/etc/wgetrc}}} after installing Privoxy or similar:
#### Method 2: Proxy / Modifying wgetrc
Wget will also respect the http_proxy enviroment variable, however you can simplify the process by editing `/etc/wgetrc` after installing Privoxy or similar:
{{{
```
...
http_proxy = http://localhost:8118
use_proxy = on
...
}}}
```
Please note port 8118 is simply the default port of Privoxy, and should be adjusted as per your local setup / software.
=== cURL ===
'''Notice''': Like for wget above, you must spoof your User Agent. Replace the {{{--user-agent}}} option in the below example with the relevant one from the {{{general.useragent.override}}} field in your Tor Browser's {{{about:config}}}.
### cURL
**Notice**: Like for wget above, you must spoof your User Agent. Replace the `--user-agent` option in the below example with the relevant one from the `general.useragent.override` field in your Tor Browser's `about:config`.
==== Method 1: Proxy Settings
cURL can be torified by simply using its {{{--proxy}}} argument. An example:
cURL can be torified by simply using its `--proxy` argument. An example:
