[Tor-BSD] tor Ports 9050 and 9150

George Rosamond george at ceetonetechnology.com
Sat Aug 1 01:47:34 EDT 2015


Michael McConville:
> teor wrote:
>> I wanted to explain why Tor Browser uses tor SOCKS port 9150, but the
>> default system tor port is 9050.
>>
>> Tor Browser is designed to run its own instance of tor on 9150, and to
>> not conflict with any existing system tor install on 9050. (This, of
>> course, causes some confusion, and some tor clients look on 9050, and
>> others on 9150.)
>>
>> If you want to use the system tor for both Tor Browser and other apps,
>> why not just have it listen on both 9050 and 9150?
>>
>> There are security implications of using the same tor instance for
>> multiple apps (mainly cache sharing, denial of service, and
>> single-point-of-hack/failure). However, there are also advantages in
>> combining all your tor traffic together, as it's (slightly) harder to
>> analyse that way.
> 
> I think we should stick to the project's defaults unless we have a very
> good reason not to. I feel like there's headache and subtle breakage to
> be had here.

Yes, of course, and the decisions we've made on porting Tor Browser have
done so.  Even if ugly, our TB needs to be a photocopy of the current
official TB.  But in the future, there are certainly a number of things
we'd push upstream in the interest of portability, in particular.

HTTPS Everywhere is one of the core components of the TB not in
OpenBSD's ports.  But it requires bash, of all things, when it could
easily be done in POSIX shell. That is only one glaring example.

Well, not just portability, considering the long list of bash CVEs over
the years. . .

On that note, if anyone's interested, we're on the third version, 4.5.3,
of the browser.

If you're running a recent amd64 OpenBSD snapshot, definitely give the
install a try.

http://mirrors.nycbug.org/pub/snapshots/packages/amd64

The README should be clear enough.  Of course jumping into GitHub is
appreciated.  https://torbsd.github.io provides the links to the repos.

We're not there yet, but it's operational and we're getting to a decent
place.  Needless to say, the Tor people say "be wary" if you need strong
anonymity... in our case, wariness should be a state, not a consideration :)

g



More information about the Tor-BSD mailing list