[tor-talk] TorWall - experimental transparent Tor proxy for Windows

Roger Dingledine arma at mit.edu
Fri Jul 5 21:45:04 UTC 2013

On Thu, Jul 04, 2013 at 08:34:35PM -0700, reqrypt wrote:
> In a nutshell, TorWall does two things:
> 1) It (transparently) reroutes all HTTP traffic through the Tor anonymity network; and
> 2) It blocks all non-Tor traffic (including DNS) to and from your computer.


Bastik pointed out the trademark thing:

But I'll take it a step farther to explain that there actually
already *is* a Torwall in the past:
which is an aborted little applet to turn on or off your firewall with
respect to allowing Tor. Hopefully that explains how easy the confusion
will be if you have a name like this.

> The main advantage of TorWall is that it works with any web browser
>(without re-configuration), including Chrome, Internet Explorer, etc.
>The firewall component is can also prevent leaks (e.g. DNS leaks) whilst
>TorWall is running.  Note that TorWall blocks *all* other traffic, so
>(for example) a corrupt plugin cannot leak information via a non-HTTP
>traffic.  To help prevent leaks via HTTP TorWall also routes web traffic
>through Privoxy.
> There are some disadvantages to this approach as well.  The
>TorBorwserBundle contains a browser specifically designed for Tor.
>Also, the current TorWall prototype does not support HTTPS.

Hm. These both seem like pretty big impediments. As intrigeri said, Tails
stopped doing the transparent proxy thing years ago, on the theory that
if the given application isn't specifically configured to use Tor, it's
probably going to screw up privacy-wise. Privoxy is really no substitute
for correctly anonymizing the application-level traffic.

(This is the same reason I'm wary of the "provide a wireless access point
that transparently Torifies traffic through it" ideas -- it seems like
those would be more safely done by giving the user a captive portal that
forces her to install TBB, and then only allows Tor traffic to a given
set of bridges / relays. But that's another topic.)

Back to this topic: is it intercepting outgoing port 80, or is it DPIing
on traffic flows to decide they're http? I would be nervous about both
of these in terms of the "corrupt plugin" you mention above.


More information about the tor-talk mailing list