# WARNING: This config uses two guards by default instead of just one, # search for NumEntryGuards 2, this may make Tor instance doing this more # identifiable and same applies to some other changes I am doing. # Run by your own responsibility. DataDirectory /var/lib/tor-client Log notice syslog # This instance will appear in syslog as "Tor-client" SyslogIdentityTag client # Use the default SocksPort, but also isolate streams going to different # destination addresses and in case of DualStack Exits prefer IPv6, because # they aren't publicly listed and may let through Tor blocks. # https://trac.torproject.org/projects/tor/ticket/16947 SocksPort 9050 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth SocksPort 9052 PreferIPv6 IsolateSOCKSAuth SocksPort 9060 OnionTrafficOnly IsolateSOCKSAuth # HTTP Proxy port # This works only for HTTPS and similar, so I ended up using Privoxy to get # apt-listchanges and apt-listbugs also through Tor. #HTTPTunnelPort 8118 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth HTTPTunnelPort 9119 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth # Uncomment to disable IPv4 #ClientUseIPv4 0 # Allow Tor to connect to relay/bridge over IPv6. As the default is # IPv4-only, this may cause less anonymity if the guard is bad (and # especially if you are behind CGN?) ClientUseIPv6 1 # Always prefer IPv6 over IPv4 (see previous), maybe this would be useful # in a DS network preventing Tor over IPv4. ClientPreferIPv6ORPort 1 ## Mapping clearnet domains to onions for certificate validation if ## accessed through Tor # My personal server, most likely used for IRC MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion # https://liberta.casa/ confirmed from oper MapAddress irc.liberta.casa cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion # Ergo IRCd's home, confirmed from channel MapAddress irc.ergo.chat vrw7zcuarwx4oeju3iikiz3jffrvuijsysyznqf53mxizxrebomfnrid.onion # Heard from staffer, also https://libera.chat/guides/connect#verifying-tor-tls-connections MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion # https://www.oftc.net/Tor/ MapAddress irc.oftc.net oftcnet6xg6roj6d7id4y4cu6dchysacqj2ldgea73qzdagufflqxrid.onion # From operator and their MOTD MapAddress irc.hybridirc.com rhnxdpf3h7z6f4g6cvm7fuadzoucdjnvscgczsv7d6dolddbfwb5upid.onion # Disable control access #ControlPort 0 #ControlSocket 0 # If these have been disabled in the main Tor or OneHopOnion and something # should work with the Debian defaults (e.g. zeronet) # Uncommented due to how I would uncomment them anyway in my setup. See ### # below CookieAuthentication 1 CookieAuthFileGroupReadable 1 CookieAuthFile /run/tor/control.authcookie ControlPort 9051 ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck ControlSocketsGroupWritable 1 SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6 ### Disabling the Above in Debian Torrc (judging by my running system) ##ControlPort 0 ##ControlSocket 0 ##CookieAuthentication 0 ##CookieAuthFile 0 # https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt # Possibly dangerous or more easily fingerprintable as it's not the default # yet! NumEntryGuards 2