Torsocks: use socks-friendly applications with Tor
Torsocks allows you to use most socks-friendly applications in a safe way with Tor. It ensures that DNS requests are handled safely and explicitly rejects UDP traffic from the application you're using.
Torsocks is known to work on Linux and some distributions of Unix. Mac OSX is currently not supported.
Once you have installed torsocks, just launch it like so:
usewithtor [application]
So, for example you can use ssh to a some.ssh.com by doing:
usewithtor ssh username @ some.ssh.com
or launch pidgin by doing:
usewithtor pidgin
An alternative to usewithtor is torsocks:
torsocks pidgin
The tables below list applications that usewithtor/torsocks will send through Tor. At the moment a 100% guarantee of safe interoperability with Tor can only be given for a few of them. This is because the operation of the applications and the data they transmit has not been fully researched, so it is possible that a given application can leak user/system data at a level that neither Tor nor torsocks can control.
The following administrative applications are known to be compatible with usewithtor:
| Application | 100% Safe | DNS | Comments |
| ssh | M | Y | Potential for identity leaks through login. |
| telnet | M | Y | Potential for identity leaks through login and password. |
| svn | M | Y | |
| gpg | M | Y | gpg --refresh-keys works well enough. |
The following messaging applications are known to be compatible with usewithtor:
| Application | 100% Safe | DNS | Comments |
| pidgin | M | Y | Potential for identity leaks through login and password. |
| kopete | M | Y | Potential for identity leaks through login and password. |
| konversation | M | Y | Potential for identity leaks through login and password. |
| irssi | M | Y | Potential for identity leaks through login and password. |
| silc | M | Y | Potential for identity leaks through login and password. |
The following email applications are known to be compatible with usewithtor:
| Application | 100% Safe | DNS | Comments |
| claws-mail | M | Y | http://rorschachstagebuch.wordpress.com/2008/11/02/claws-mail-zweit-profil-fur-tor/ |
| thunderbird | N | Y | Probable identity leaks through javascript, mail headers. Potential for identity leaks through login, password. |
The following file transfer applications are known to be compatible with usewithtor:
| Application | 100% Safe | DNS | Comments |
| wget | N | Y | Probable identity leaks through http headers. Privoxy and polipo a better solution. |
| ftp | M | Y | Passive mode works well generally. |
Table legend:
DNS: DNS requests safe for Tor?
N - The application is known to leak DNS requests when used with torsocks.
Y - Testing has shown that application does not leak DNS requests.
100% Safe: Fully verified to have no interoperability issues with Tor?
N - Anonymity issues suspected, see comments column.
M - Safe enough in theory, but either not fully researched or anonymity can be compromised
through indiscreet use (e.g. email address, login, passwords).
Y - Application has been researched and documented to be safe with Tor.Differences between torsocks and tsocks
A complete history of changes is maintained in the Changelog. The initial working copy of torsocks was obtained through the following steps in June 2008:
- Tsocks was downloaded from the project's sourceforge repository.
- All patches listed at TSocksPatches in March 2008 were applied. In particular, the patch from Total Information Security that hooks DNS requests and passesthem to Tor. The original link for this patch is now dead and the authors are no longer available at the email addresses supplied in the patch's source.
- Weasel's getpeername() patch and some build-related patches from Ruben Garcia were applied.
- All references to tsocks in the project source files were renamed to torsocks.
- The project was then migrated to an automake/autoconf build system.
To help with reconstructing the above steps a list of applied patches is available in the patches subdirectory of the torsocks source tree.
Enhancements unique to torsocks
The first release of torsocks contained the following enhancements:
- Torifying reverse dns requests through gethostbyaddr()
- Blocking of UDP traffic from sendto() and its variants.
- Use of Tor-friendly defaults if no configuration file available.
- The addition of all RFC defined private address ranges to the default configuration.
