Tor Security for Android and Desktop Linux

Tor for Desktop Linux

The simple answer to Tor on desktop Linux is to use Tails, a custom Debian-derived distribution that forces all traffic into Tor guard nodes. Please reference Kyle Rankin's previous Linux Journal article on Tails. There have been critical flaws in previous versions of Tails, so it is important to keep up to date.

Given that Tor functionality is desired on non-Tails distributions, let me investigate the installation of Tor components on Oracle Linux 7 (similar to CentOS/Red Hat/Scientific Linux).

A preconfigured Tor browser and proxy is available from the project website. The Tor browser package is the safest way to use Tor on a (non-TAILS) Linux client. Download the package, move it to your desktop, and unpack it:

$ tar xvJf tor-browser-linux64-6.5.1_en-US.tar.xz
$ head tor-browser_en-US/start-tor-browser.desktop
#!/usr/bin/env ./Browser/execdesktop
# This file is a self-modifying .desktop file that can be run from the
# shell. It preserves arguments and environment for the start-tor-browser
# script.
# Run './start-tor-browser.desktop --help' to display the full set of
# options.
# When invoked from the shell, this file must always be in a Tor Browser
# root directory. When run from the file manager or desktop GUI, it is
# relocatable.

Use a graphical file manager to navigate to the tor-browser_en-US directory and launch Tor. A dialog will be presented asking if bridge nodes are required before the browser will launch.

If you wish to use exit nodes in a specific country code, shut down your Tor browser and add this setting to your torrc:

$ cd tor-browser_en-US/Browser/TorBrowser/Data/Tor/
$ echo -e "ExitNodes {us}\nStrictNodes 1" >> torrc

After restarting your browser, your exit nodes should be restricted to the selected countries.

While the Tor browser is running, you will find two new processes, ./firefox --class Tor Browser and the Tor proxy:

  -f tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc
  DataDirectory tor-browser_en-US/Browser/TorBrowser/Data/Tor
  GeoIPFile tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip
  GeoIPv6File tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6
  HashedControlPassword xxx __OwningControllerProcess 1234

If you wish to join the Tor network as a relay node, you likely should load a version of Tor that interfaces with your init system. Such a version exists in the EPEL repository. Load EPEL, then install the system version of Tor (note that this approach does not include Orfox):

# yum install tor
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
--> Running transaction check
---> Package tor.x86_64 0: will be installed
--> Processing Dependency: torsocks for: tor-
--> Running transaction check
---> Package torsocks.x86_64 0:2.1.0-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

 Package     Arch            Version                  Repository     Size
 tor         x86_64           epel          2.4 M
Installing for dependencies:
 torsocks    x86_64          2.1.0-1.el7              epel           61 k

Transaction Summary
Install  1 Package (+1 Dependent package)

Total download size: 2.5 M
Installed size: 11 M
Is this ok [y/d/N]: y
Downloading packages:
(1/2): torsocks-2.1.0-1.el7.x86_64.rpm                   |  61 kB   00:09
(2/2): tor-                     | 2.4 MB   00:20
Total                                            125 kB/s | 2.5 MB  00:20
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : torsocks-2.1.0-1.el7.x86_64                            1/2
  Installing : tor-                              2/2
  Verifying  : tor-                              1/2
  Verifying  : torsocks-2.1.0-1.el7.x86_64                            2/2

  tor.x86_64 0:

Dependency Installed:
  torsocks.x86_64 0:2.1.0-1.el7


From here, you can configure your relay policies as outlined in the FAQ.


Verizon and AT&T have been granted "common carrier" status as a courtesy from the citizenry, but they are now abusing this privilege. While they acknowledge that phone records deserve privacy, they contend that network traffic that passes over the same infrastructure should be theirs to take. This is reprehensible.

The only answer for a concerned individual is to blind them with Tor. This comes at a cost—network performance is reduced, potential exposure to hostile guard and exit nodes requires more care, and a large amount of software must be loaded and maintained to participate in the Tor network. This is a price that we must pay.

I have avoided the discussion of Tor on non-Linux systems here as documentation on the subject exists elsewhere. A few relevant resources include Apple iOS and Microsoft Windows, but these are now secondary platforms, as Linux has become the most popular operating system on the internet.

We can only hope that, first, a significant percentage of subscribers load Tor clients, and second, the citizenry takes a far more active role in restricting the privileges that have been granted to these undeserving and abusive corporations. They must know unambiguously that this is a step too far.

Disclaimer: the opinions expressed in this article are those of the author and do not necessarily represent those of Linux Journal.


Charles Fisher has an electrical engineering degree from the University of Iowa and works as a systems and database administrator for a Fortune 500 mining and manufacturing corporation.