HowTo: Use Tor for all network traffic by default on Mac OS X

Recently, I had the gratifying experience of doing some political work that earned me a bunch of hate mail and some threats of physical violence. It had already gotten to the point where I was being harassed by a self-described “Internet stalker” who would call up venues I went to and get the employees to find me and give me the phone. Enough is enough.

This prompted several changes in my behavior in order to protect myself. For instance, I started “checking in” to venues on Foursquare as I left rather than as I arrived. For the full belt and suspenders, I also started making much heavier use than I’d previously been doing of privacy-enhancing services like Tor: The Onion Router.

Tor is a best-in-class, free, open source anonymizing network proxy. Using a tool like Tor can help you obscure details about who you are and what you’re doing from an Internet Service Provider (ISP), company network filter, or other entities. And it turns out that its reputation as a piece of black magic is largely undeserved. Tor is simple to set up, very strong, and woefully underutilized by “normal people.”

So I thought I’d do what I can to demystify Tor and encourage you to use it, even if you’re a muggle rather than a technomage. :)

Why use Tor?

Every time you turn on your computer, you’re sending all kinds of signals to all kinds of people and companies about who and where you are, and what you’re doing. Naturally, some of these are necessary to complete your tasks, like logging into your email account to read your messages. But if you’re using a Wi-Fi hotspot at a café, why should everyone at the café, the café’s owners, and the café’s ISP know that you’re checking your email? Moreover, why should your email provider know that you’re at that specific Joe’s Coffee on the corner?

I realize this might not seem like a big problem to most people. After all, everyone and their mother knows you fancy the cute barista at Joe’s Coffee since you’ve confessed your undying love of their ability to serve you a mocha with perfect latte art every time, you snob. But after just a few visits to Joe’s, it becomes pretty easy for any of those companies (or, more to the point, the unscrupulous employees working in the IT department) to guess your next move, since you’ve (unknowingly?) been sharing your every move with them already. And it’s trivial for government agencies to do the same kind of spying on you.

Now, you might not be worried about government agencies tracking you, and you might feel like you have some legal recourse if a company abuses your information, but as an individual (who “has nothing to hide”), you are more likely to be targeted or stalked by other individuals than by institutions. This was exactly what happened to me when I picked up my mob of cyberbullies. So if you leave an “anonymous” comment on a blog, why tell the blog owner where you are?

What Tor can and can’t do

Tor isn’t magic. It’s not going to make you “Invincible!” That’s why when you go to download Tor the first thing you’ll see is a warning from the developers saying “You need to change some of your habits” for Tor “to really work.” I recommend reading their list of warnings, but at the end of this howto I’ll also offer you some guidelines for a few simple things you can do to set yourself up for success.

For now, you simply need to understand that Tor isn’t encryption. For instance, if you log into Facebook without checking for the little lock icon in your browser (HTTPS, or SSL/TLS) then people who are watching Internet traffic can still see, intercept, and modify the pages you’re seeing. Moreover, Facebook still knows who you are, and if you load any page that has one of Facebook’s “Like” widgets installed, Facebook will still be able to track where you go online. It’s just that, if you use Tor, Facebook won’t know where you are in person.

To block trackers like Facebook’s “Like” button, see the “Block trackers and web bugs” section at the end of this post.


Okay, so. Here is the world. Round! I mean, how are we gonna make this work?

Privacy and security are both like a chain. The strength of the chain is only as strong as its weakest link. So in order for something like Tor to be useful, you need to use it for anything and everything, if possible. Moreover, the more people who use it, the more useful it becomes for everyone using it since fewer and fewer uses of Tor will, themselves, arouse suspicion. Private browsing should be the default, not the exception.

But in order for something like Tor to actually get used, it needs to be unobtrusive, easy to use, and easy to stop using. In other words, we need a quick and easy “On/Off” switch for using Tor or not using Tor. We’ll get there, and then we’ll go one step further.

Step 1: Install the Tor Browser Bundle

First things first. Install the Tor Browser Bundle (TBB). Do this:

  1. Using your Web browser, go to the Download Tor page.
  2. Find the software for your operating system. Download and install it just as you would any other piece of software.

EDITOR’S NOTE: At the time of this article’s publication, the Mac OS X version of the Tor Browser Bundle included an additional application called Vidalia that offered a graphical interface for managing your connection to the Tor network. When version 3.5 of the Tor Browser Bundle for Mac OS X was released, Vidalia was replaced with a component built into the TorBrowser itself. The bad news is that advanced configuration of your connection to the Tor network on Mac OS X is harder. The good news is that, if you don’t want to do anything fancy, you can just ignore every part of this article that references “Vidalia” and assume that whatever was described in that step is already done for you; this means you can skip all of “Step 2.” If you do want to do the fancy stuff, see “One Minute Mac Tip: Open multiple Tor circuits in the new TorBrowserBundle 3.5 for Mac OS X.” With this new Tor Browser Bundle at version 3.5.x, as long as you keep the TorBrowser open, then by default you’ll have a connection to the Tor network on port 9150. Thanks, Tor developers!

The Tor Browser Bundle is a package deal. It gives you the Tor software itself, plus a graphical tool called Vidalia used to manage and configure your connection to the Tor network, as well as a completely clean browser based on Mozilla Firefox with some privacy-enhancing add-ons already pre-installed. When you run the TorBrowser for the first time, all three applications open and you’re sent to If everything’s working as it should, you’ll be greeted with a message that reads “Congratulations. Your browser is configured to use Tor.”

If all you wanted to do is browse the Web anonymously, you’re technically done. Using the TorBrowser, you can bypass Web censors that filter your view of the Web and surf the ‘net reasonably assured that your identity can’t be tracked (as long as you don’t log in to any services with your account, obviously).

However, only the TorBrowser application is using Tor. This means you’re still trackable if you use another browser. In fact, if you now go to in Safari, you’ll see a message that reads “Sorry. You are not using Tor.”

Let’s fix that.

Step 2: Configure Tor to use an unchanging port

Since Tor is a network proxy, it works by accepting connections, forwarding them on behalf of the initiator, and then passing back any responses it receives. This means you need to tell your operating system to send connection requests it wants to make to Tor instead of out onto the network itself. But in order to do that, you need to know where Tor will be listening for connection requests.

EDITOR’S NOTE: In the past, the Tor Browser Bundle was configured to automatically find an unused network port. It was recently changed to use port 9150 by default. But since this guide was written before that change, its instructions refer to port 9050. All this means is that wherever you see me refer to port 9050 or similar, replace it with 9150 instead. (Thanks, milo!)

By default, the Tor Browser Bundle is configured to look for an unused network port on your system and use that. But this means we can’t know, ahead of time, where Tor will be listening, so we’re going to disable this feature and instead use a static port. The Tor FAQ provides instructions for doing this:

In Vidalia, go to Settings → Advanced and uncheck the box that says ‘Configure ControlPort automatically’. Click OK and restart TBB. Your Socks port will then be on 9050.

Step 3: Make a new Network Location for Tor

At this point, you should have a running Tor instance listening on its default port (9050) for incoming connection requests. All you need to do now is tell your operating system to send all its network requests to that location. To do this, we’ll make use of Mac OS X’s Network “Locations” feature. A network Location is simply a set of preferences you can switch to using the  (Apple) menu.

Apple provides instructions for making a new Network Location:

  1. Choose System Preferences from the Apple () menu.
  2. Choose Network from the View menu.
  3. Choose Edit Locations… from the Location menu.
  4. Click the + icon to add a new location.
  5. Type a name for your new location, such as Mobile, then click Done. […]

In the last step listed above, I typed “Automatic (via Tor [localhost:9050])”, because I like to stuff as much information as possible into the names of things, but you can type whatever makes sense to you.

At this point, we have a “toggle” for turning our system-wide use of Tor on or off, but the toggle doesn’t actually toggle anything, yet.

Step 4: Configure your new Network Location to use Tor

With your new Network Location for Tor active, do this:

  1. Select Airport from the list of interfaces.
  2. Click Advanced…. The advanced Airport network options sheet will open.
  3. Click Proxies in the list of panes.
  4. Activate SOCKS Proxy by ticking its checkbox in the Select a protocol to configure: box.
  5. In the SOCKS Proxy Server box, type localhost and 9050. (Remember, 9050 is the port Tor is listening on. If you used more than one SocksPort in Step 2, you can use any of the port numbers you configured.)
  6. Click OK and then click Apply.

Repeat the above steps for each interface you have available, such as “Ethernet.”

To test that this worked, while you are connected to the Internet and have your Tor Network Location active, open Safari and go to If you were presented with the congratulatory message, you’ve done everything right!

At this point, any time an app on your system tries to access the network, the connection will be routed through Tor. All the built-in applications, like, and all well-behaved third-party applications, will now be transparently proxied through the Tor network. Some applications, such as Adium, may still need to be explicitly told to use the “system wide” configuration rather than the app’s own defaults, though, so I strongly suggest double-checking the network preferences for every app you use. And if you’d like to isolate Adium’s or any other specific application’s network traffic from other traffic you send, then configure the app to use a SOCKS proxy on one of the additional Tor listening ports you configured in Step 2.

You can now easily toggle Tor on and off simply by changing the active Network Location from the Apple () Menu.

On my computer, the Network Location for Tor is the default, and I almost never change it away from that. I also set up the TorBrowser to open when I log in to my computer. (For obvious reasons, when the Network Location is set to use Tor but Tor isn’t running, it’s as if I have no internet connection available.) This means I now tunnel all my traffic through Tor by default.

But all or nothing is a rather blunt approach. Sometimes I really don’t want to use Tor, such as when I’m editing Wikipedia (which expressly blocks Tor exit nodes from making edits), so let’s set up some finer-grained control. We can do this in one of two ways. I’ll show you both, but I only use the latter.

Step 5-A: Bypass Tor using Network Proxies Preferences

If you know you never want to use Tor for specific domains or websites, you can enter them in a comma-separated list back where you set up the SOCKS proxy. For instance, if you never want to use Tor to get to Wikipedia, enter , into the “Bypass proxy settings for these Hosts & Domains:” text box, as shown below:

Screenshot of Mac OS X Proxies Network Preferences.

You can also use this method to bypass Tor for multi-media sites like YouTube or Pandora Internet Radio, which are often frustratingly slow when proxied. Just be aware that any time you bypass Tor, the server you’re connecting to gets additional information about you from your IP address, and so on, so use this sparingly.

Anyway, this configuration will always bypass Tor for accessing any domain name regardless of what application initiated the connection. For instance, I monitor my Wikipedia watchlist using RSS feeds in, but I read and edit Wikipedia in my Web browser

Since there’s no issue reading Wikipedia over Tor, only editing, using this configuration isn’t as private as it could be. I’m leaking information to Wikipedia about my whereabouts even when I’m just reading their articles. That’s why I don’t use this configuration, opting instead for a Web browser proxy manager that lets me bypass Tor only when I’m making an edit.

Step 5-B: Bypass Tor on-demand using Web browser proxy managers

A more secure (and, in my humble opinion, more convenient) option for bypassing Tor is to use a Web browser proxy manager, such as Proxy SwitchySharp for Google Chrome or FoxyProxy, which works in Mozilla Firefox, Google Chrome, and Internet Explorer. Since I use Proxy SwitchySharp, I’ll describe how I’ve set up that tool to bypass Tor so I can edit Wikipedia and more comfortably stream music from Pandora.

Do this:

  1. If you haven’t already, install Proxy SwitchySharp to your Google Chrome Web browser.
  2. Once installed, click the Proxy SwitchySharp icon (which looks like a grey globe) and select Options.
  3. Click the + New Profile button to create a new Proxy Profile.
  4. In the Profile Name field, type a meaningful name. I chose “Tor (localhost:9050)”.
  5. Select the Manual Configuration radio button.
  6. In the SOCKS Host field, type localhost. In the associated Port field, type 9050. Remember, this is where Tor is listening for connections.
  7. Select the SOCKS v5 radio button. (SOCKS5 is what Tor uses. SOCKS4 is an older protocol we don’t need for this purpose.) When complete, it should look something like the following screenshot:
    Screenshot of Proxy SwitchySharp Options screen showing several Proxy Profiles.
  8. Click Save.

Proxy SwitchySharp lets you change Google Chrome’s proxy settings at the press of a button. It’s basically Network Locations but for Chrome instead of your whole Mac OS X system. If you want to send Chrome’s traffic through a different Tor circuit from any other application’s traffic, be sure to use a SOCKS port number in this Proxy Profile that’s different from the SOCKS port number you used for your Tor Network Location. You can also make multiple Proxy Profiles that each use a different port number you configured in Step 2.

In addition to each Proxy Profile you define (and, as you can see, I’ve defined three), Proxy SwitchySharp also always offers a “Direct Connection,” which means no proxy is used. Have a go at changing your active Proxy Profile and reloading to get a sense of what it’s like.

When you’re comfortable with that, do this:

  1. Open the Proxy SwitchySharp Options page again, and this time select the Switch Rules tab.
  2. If it isn’t already, tick the checkbox labelled Enable Switch Rules.
  3. In the “Default Rule” row, select the Proxy Profile you created for Tor from the Proxy Profile drop-down menu. This sets Proxy SwitchySharp to use Tor by default when you use the smart Switch Rules feature, which we’re about to.
  4. At the bottom of the rules table, click the + New Rule button.
  5. In the Rule Name column, type a meaningful name. I chose “Wikipedia editing” but, obviously, make the name relevant to the function of the rule.
  6. In the URL Pattern column, copy-and-paste the URL you want to access using a different profile, and replace any variables with an asterisk (*) or the appropriate regular expression. For editing the English Wikipedia, I entered:\?title=.*&action=(edit|submit)
  7. In the Pattern Type column, choose the appropriate pattern. For the pattern to edit English Wikipedia pages, I set it to “RegExp”. (Regular expressions are beyond the scope of this how to. Suffice it to say that they’re extremely powerful, but you can also just use several different wildcard expressions to achieve the same effect.)
  8. In the Proxy Profile column, select [Direct Connection].
  9. Click Save, and close the tab.
  10. Click the Proxy SwitchySharp icon (the grey globe) and select Auto Switch Mode.

That’s that! With this Proxy Rule configuration, which is very reminiscent of email rules, all of my Web browsing with the exception of editing Wikipedia articles will automatically be routed through Tor. I can now add additional bypass rules for browsing, say, or if I really wanted, and when I go to those sites, Proxy SwitchySharp will automatically re-route the network request away from Tor.

However, I prefer to write as few exceptions as possible, and sometimes I get a Tor connection that’s good enough to let me stream short videos, anyway. I don’t really mind the slowdown I experience using Tor because it forces me to do more of my work in batches (like email) and respond slower, to think more, to other things (like Twitter).

Still, sometimes Tor will dump me on the Internet from Romania or some country where Pandora blocks access. In those cases, I can click the Proxy SwitchySharp icon and select the name of the domain (in this case, “”), which adds a temporary rule for the current website. Next time I open Pandora, Chrome will first attempt to connect through Tor—the default Proxy Profile I’ve set—again, which is what I want.

Step 6: Change your habits

You’ve now got your computer routing all of your network traffic through Tor by default, which protects you from the prying eyes of your ISP and your fellow Wi-Fi café patrons, but there’s still more you can do. For those of you who think the belt-and-suspenders approach is just too groovy to ignore, here are some additional things you could do to protect your privacy.

Consider using DNSCrypt to keep your DNS queries private, too.

When you joined that Wi-Fi hotspot, you were given the address of a Domain Name System (DNS) server operated by the ISP of whoever’s running the hotspot. A DNS server is a computer your computer asks to translate domain names (like “”) into IP addresses. Even though you’re now using Tor for Web browsing, your computer will still have to eventually ask a DNS server for the IP address of the websites you’re going to. This means whoever operates that DNS server is going to know where you’re going, because you’re asking them for directions! is a reputable company who offers a free utility called DNSCrypt that sets up an encrypted tunnel between your computer and their DNS servers. Using DNSCrypt, you’re not asking the Wi-Fi hotspot’s ISP for directions to websites. In fact, they never even know you’re sending DNS queries.

Block third-party cookies.

Cookies have long been a notorious privacy concern, but they’re also fundamental to the way the Web works. However, third-party cookies are arguably only useful for tracking purposes. We really don’t need them.

Sadly, every major browser vendor currently ships with third-party cookies enabled by default, with the notable exception of Apple’s Safari. If you’re not already blocking them, consider doing so. Instructions for blocking third-party cookies depend on the browser you’re using, and are left as an exercise for the reader.

That said, Steve Gibson over at offers a very thorough breakdown of cookie privacy and related Internet surveillance issues.

Block trackers and web bugs.

As mentioned earlier, just using Tor won’t stop the Web server sending you the page that you’re loading from knowing who you are. And if that page contains an advertiser’s tracking code, then the advertiser will still be able to track you. To stop this from happening, you need to take some extra steps to pro-actively block trackers (sometimes called “web bugs,” “beacons,” or “widgets”) from loading and running code in your browser.

I recommend installing at least the following browser add-ons:

The only trustworthy ad blocking add-on also happens to be both the best and simplest one: uBlock Origin, and it is available for both Mozilla Firefox and Google Chrome. It’s actually a general-purpose blocking tool that is more akin to an HTML firewall than merely an “ad blocker,” but that also means it’s the best ad blocker around. Don’t bother with AdBlock Plus, Ghostery, or Each of those tools are made by companies that actually track you. :(

Use HTTPS, everywhere.

While Tor will stop people in your immediate vicinity from snooping on your network traffic, it isn’t a substitute for end-to-end encryption. In other words, if you request an insecure connection, you’ll get an insecure connection on that last hop from the Tor network to your final destination. Therefore, you really want to use HTTPS (SSL/TLS) everywhere you can. Luckily, the Electronic Frontier Foundation (EFF), the same folks who champion Tor, wrote a browser add-on called HTTPS Everywhere that does just that. In fact, it even comes bundled with the TorBrowser! Install it, use it, love it!

Anonymize your search queries.

In addition to outright tracking, monitoring, and other direct surveillance techniques, your identity and activities can be determined by inference after collating and analyzing a bunch of data about you. Your “Internet paper trail” (or “data trail”) can reveal things about you just as your IP address can. That’s why it’s prudent to do what you can to anonymize as much of your data trail, such as your search history, as possible.

Google claims to offer private search and the ability to erase your Google search history, but why give it to them in the first place? The TorBrowser’s home page is set to, which is a privacy-focused search service. It does a bunch of stuff to protect your privacy, and it’ll even proxy your search query to Google and return their results for you, so you don’t even have to stop using fancy Google search features.

To make sure I don’t accidentally query Google, I’ve switched my default search engine in all my Web browsers to use Consider doing the same!

Fake your Referer HTTP header

When you click on a link from a given web page, let’s call it Page A, and that link takes you to another page, let’s call it Page B, your browser adds a bit of information to the request for Page B telling Page B’s server that you came by way of Page A. This information is known as a Referer [sic.] header because it tells the server you’re accessing which server referred you to it. If someone were to examine all the Referer headers you sent to all the servers you visited (for instance, if they sold this information like this to advertisers, which they do, it’s called “clickstream”), then that person could figure out the exact path you took through the Web that day.

Most Web browsers have an add-on that lets you control or disable the Referer header, and I’d suggest installing and using one. On Google Chrome you can use Referer Control for a simple solution, or ScriptSafe for a more robust one, which by default masks your Referer header as well as disabling JavaScript (another best practice, but outside the scope of this article).

Use your Web browser’s private browsing mode

In technical terms, a Web browser is called a User Agent because it’s basically the embodiment of you, on the Web. Now, you’re pretty unique. Your hair color, eye color, height, weight, and a vast array of other biometrics can be used to identify you. You’ve got a literal fingerprint, too. What you need to be aware of is that so does your Web browser. Everything from the make and model of your browser to your screen size to the fonts you have installed on your system can be used to pick you out of a crowd (of Web browsers).

This is even more true if you’ve gone all power-user and tricked out your cyber ride with a bunch of extensions and add-ons that weren’t written with privacy in mind. If that description fits you, then consider using your Web browser’s private browsing mode for any cyber-sleuthing you’re doing while trying to keep a low profile. On Google Chrome, this mode is called “Incognito,” but many other browsers have similar features where add-ons, bells, and whistles are disabled.

To test how unique (or plain-Jane) you are online, use the EFF’s Panopticlick, where you’re hoping for a low uniqueness score, labelled on their site as “bits of identifying information.” Section 6 of their whitepaper (on page 16 of this PDF) called “Defending Against Fingerprinting” is also worth a read. (TL;DR? Use NoScript, and tools like it.) Also, while not identical to Chrome’s Incognito mode, Mozilla Firefox has a “Safe Mode,” which might help.

Spoof your MAC address.

Every piece of network hardware, called a Network Interface Card (or NIC), contains its own globally-unique serial number, which itself is called a Media Access Control (or MAC) address. (Don’t confuse this with your Apple Mac’s serial number!) When you connect to a Wi-Fi hotspot or plug into a wired Ethernet network, your computer sends this MAC address to other computers on the physical network you’re connecting to as part of a lower-level protocol (called Address Resolution Protocol or ARP) in order to establish its physical connection to the network.

Every network-capable device, including Wi-Fi routers, have such MAC addresses. Anyone can scan the network looking for them. And yup, you guessed it, this MAC address can be tracked to the computer you’re using, which can then be tracked to you.

Think of a NIC’s MAC address like a license plate on a car, posted on the outside for anyone within line of sight to see. Changing your MAC address is called “spoofing,” and while spoofing a MAC address is a bit of a pain on Mac OS X, it can be done. I recommend doing this if you’re willing to get your hands a bit dirty.

Turn on “Do Not Track” and “Tracking Protection” options.

Remember telemarketers? I hate telemarketing. To stop them from calling, I listed myself in the “Do Not Call” list. When they called me anyway, I’d ask them to identify what company they worked for, and then I’d file FCC complaints against those companies.

While not quite the same thing, an emerging technology standard called “Do Not Track” (DNT) is making its way into browsers that will, hopefully, one day be legally enforceable in much the same way that the “Do Not Call” list is today. Every major browser vendor offers you the option to turn on the “Do Not Track” signal, which I recommend you do even if it doesn’t do anything other than express your intent to not be tracked. (The previous advice about blocking trackers and web bugs is what will actually keep your browser tracker-free, regardless of how DNT evolves.)

As with blocking third-party cookies, Instructions for turning on “Do Not Track” depend on the browser you’re using, and are left as an exercise for the reader.

UPDATE, May 8th, 2015: Two years after I wrote this post, the “Do Not Track” option seems to have failed. Unfortunately, simply by its nature as a voluntary self-regulation, almost no tracking companies obey this signal, making it worse than useless. In fact, adding “Do Not Track” to browsers that do not have it enabled by default (which, as of this update, is all of them) makes you more trackable, not less. So the new advice is to not turn on “Do Not Track” if it’s not on by default in your browser, and to not turn it off if it’s already enabled by default in your browser. Instead of Do Not Track, a new feature in Mozilla Firefox called “Tracking Protection” is integrating the web-bug blocking features from various popular browser add-ons into the browser itself. When that feature becomes generally available (slated for release in Firefox version 39), I suggest you turn it on. (Advanced users can already turn it on by typing about:config in their Firefox address bar, searching for trackingprotection and ensuring the privacy.trackingprotection.enabled flag is set to true.)

Step 7: Pay it forward

If you got all the way here, gain 10,000 experience points, and level up!! You are now a fledgling technomage.

Your mission, should you choose to accept it, is to share what you’ve learned with anyone and everyone who’ll listen. In the age of online social networks, protecting your privacy is a network problem. That means your friends need to be in on it, too! It’s all very nice and well to have your Web browser locked down, but if I find your Facebook profile and all of your friends are doing that kiss-and-tell thing….

Well, let’s just say there are many ways of tracking people online.

33 replies on “HowTo: Use Tor for all network traffic by default on Mac OS X”

  1. For those who don’t speak technomage, which is (obviously?) who this HowTo was written for, Montauk is talking about Homebrew, a package manager (like the built in “Software Update,” except for non-Apple software) for Mac OS X. Using that, you can download the Tor software without a graphical interface, which you can then use in much the same way as described above (except without a point-and-click interface). Doing it this way means you install less actual software, saving some disk space, and you may tax your computer less.

    However, if you already know how to use brew, then frankly I don’t know why you’re reading this page. Like I told Jacob Appelbaum when he suggested the same thing, Montauk, I wanted someone who followed this howto to have a functional Tor in the very first step, yet still be able to configure and use their installation like an expert.

    On a personal note, it really bothers me that there’s this prevailing attitude among technically savvy people that encourages them to display such callous disregard for other people going through the process of learning technology. If it’s hard for a beginner to use, then, bluntly, it sucks. (And yes, under this definition, most technology sucks. Y’know why? Because most technology sucks.)

    I wrote this guide with the explicit intent to empower someone who had never even heard of Tor before to not only do the things described (“give a person a fish”) but also to understand on a far deeper level what was actually going on (“teach a person to fish”). In my experience, the overwhelming majority of technical writing is utter shit precisely because it assumes prior knowledge that one needs to have in order to understand the writing, which if one did have, one wouldn’t be reading the writing in the first place, or it’s written with such a blatantly condescending tone that it’s basically the equivalent of an SNL skit.

    It’s embarrassing, and I think the tech and hacker communities need to cut that shit out.

    Okay, end soapbox.

  2. I wouldn’t really call my self very technologically savvy, since installing homebrew really wasn’t that difficult, especially since you don’t have to configure your ports manually, which does seem like the most difficult step in your tutorial. And I didn’t really explain myself further because, quite frankly, I don’t feel obligated to. Typing “brew tor mac” into google will almost certainly tell you all you need to know in very easy to follow instructions. All you then have to do is type “tor” into the command line and change your SOCKS proxy to and port 9050.

    Granted, surfing with the TBB is much safer for the average user etc., so your method definitely has its merit on many fronts. To me it just seemed easier to “brew install tor” and then change the SOCKS proxy, it also seeming more ‘elegant’ and ‘pretty’ – which is probably the reason many people (including myself) bought a mac. ;)

    But thanks for your DNSCrypt recommendation – that has definitely increased my security. :)

    Keep up the good work!

  3. …installing homebrew really wasn’t that difficult[…]. And I didn’t really explain myself further because, quite frankly, I don’t feel obligated to. Typing “brew tor mac” into google will almost certainly tell you all you need to know in very easy to follow instructions. All you then have to do is type “tor” into the command line and change your SOCKS proxy to and port 9050.

    Yeah, I’m gonna go ahead and just say you missed my earlier point about technology sucking, Montauk. Also, since I’m getting kind of pissed off at you personally now (I get that way when people seem to deliberately miss simple points being made that they are obviously intelligent enough to grasp), I’m also letting you know that I’m going to block future comments from you on this post.

    But thanks for your DNSCrypt recommendation – that has definitely increased my security. :)

    You’re welcome.

  4. ok some of this is block other stuff i have going on. facebook (i know) but i do use it to keep mt people where i need them. hotmail (via mail.client) albeit, i may actually run this through gmail if its possible. i would like to make sure these services are running but i’ve now followed your guide and i wouldn’t have a clue which implementation is causing them not to work. how do i check?

  5. ok i’m back. i spent some time finding DL and installign the soft recommented by yourself under tOR and all that seem to happen is that nothign utilising the internet actually work. none of the browsers, mail clients, virus checkers etc… i fail to see the point in undergoing such precautions if you cant even really enjoy the internet. seriously, constantly changing your setting is a pain in the arse. now the strange thing is i set this up and seemingly on the 14th things were slow but working 15th nothing. what do you suggest cause i have just taken the proxy off and any other settings effecting the connection.

  6. so I’m trying to follow your directions… latest version of TorBrowser and Vidalia seems to use 9150 as SOCKS and 9151 as ControlPort… I tried updating your instructions accordingly using


    1) you should specify that “Apply All” gives an “error at line 1: “”, you need to only select the changed parts and hit “Apply selection only”

    2) even when you do that, you get “Unacceptable option value: Invalid SocksPort/SocksListenAddress configuration”

    so I’m stuck there. using vidalia 0.2.21 Tor


  7. so I’m trying to follow your directions… latest version of TorBrowser and Vidalia seems to use 9150 as SOCKS and 9151 as ControlPort… I tried updating your instructions accordingly using

    Yup, it seems the Tor Browser Bundle changed the settings with which it ships. I’ve made a note of this in the post, above. Thanks so much for noting this in your comment, milo.

    2) even when you do that, you get “Unacceptable option value: Invalid SocksPort/SocksListenAddress configuration”

    so I’m stuck there. using vidalia 0.2.21 Tor


    Sadly, you’ve hit a bug in Vidalia.

    It seems that for now the only solution is to close Vidalia, open up the torrc file (which will be at a path like /Applications/ in a competent text editor (like and manually write out the SocksPort lines. Then re-open Vidalia and your settings should be active.

    A future release of Vidalia should not have this problem. Again, thanks for your comment.

  8. I followed steps 1-4 (except for the multiple ports, as Vidalia hasn’t been fixed yet and I don’t feel like digging around for the torrc file right now), but the tor checker is still saying that I’m not using Tor (except in TorBrowser, of course). Thoughts?

  9. For some reason, my computer doesn’t seem to be able to activate/deactivate proxy servers without completely restarting the computer – changing my location from Tor to Automatic just makes my Internet stop working, and changing from Automatic back to Tor has no effect until I restart. Have you ever seen this before?

  10. Routing all traffic through tor by default is a bad idea considering that some of the applications you’re using are likely going to be transferring identifying information such as your IP address. Worse, because tor shares circuits across multiple application streams, all it takes is for a single one of these applications to provide identifying information and the exit node will be able to associate all other streams going over that circuit with your identity.

    Here’s a post from the tor project which illustrates how using bittorrent over tor will expose your web traffic’s identity:

  11. I’m crankly this morning, so basically I’m just gonna say exactly what’s up on my mind: nxn, did you just, like, not read the several paragraph chunks in which I talk specifically about isolating application traffic in this post? I mean, I know it can be fun to leave a comment on a blog post in order to make yourself feel really smart and l33t, but it’s probably a good idea to make sure the post doesn’t already address the issue you’re commenting about before you post some drive-by stop-energy trying to puff your chest up.

    Also, FFS, if your application just writes your IP address into the traffic it sends out no amount of Tor’ing is going to help you and you should stop trying to use that application anonymously. (Obviously?)

    nxn, nothing you’ve written is exactly helpful or useful or novel advice, so again, thanks for nothing. Please don’t ever comment on anything I write ever again unless you can be at least slightly useful.

    For instance, this post never mentions BitTorrent, but if readers do want to try using BitTorrent anonymously, consider a setup using an HTTPS proxy or similar. Setup instructions differ per client, but they generally are similar to the client configuration routine wrote up.

  12. Nothing you’ve said in your post, or comment, actually addressed the issue I raised.

    Answer yourself: do you not have a port that you set for the network location? Wont running applications by default use that in most cases? Will they *by default* not share the same circuit? Why, amazingly, all of those things will happen and if a single one of those applications leaks your identity the others should no longer be considered anonymous.

    Your answer of setting the proxy manually for each applications you want on a different circuit is what should have been done in the first place, without all this “use tor for everything by default” nonsense.

    Then you have the nerve to tell me that if an application leaks your IP “no amount of Tor’ing is going to help you”? I’m not the one that’s proposing to use tor BY DEFAULT for everything, you are.

    The entire point here is that, unless you know very damn well that each of your running processes will not transfer any identifying information, they shouldn’t be routed over Tor. Your approach pisses on this principle by sending numerous applications, a lot of which you have no control over, through a single circuit, making it insecure BY DEFAULT.

  13. I followed steps 1 through 5A and then began browsing through Tor using Safari (with Javascript and plugins turned off).

    Unfortunately, I noticed the DNS queries are leaking. I found this by using LittleSnitch and logging the traffic to a pcap file by right clicking in mDNSResponder in the Network Monitor and choosing to Capture traffic of mDNSResponder. I then opened the resulting pcap file in wireshark and found DNS queries in plan text. If I add Little Snitch rules to block all mDNSResponder traffic from both local and internet networks and turn off the protected system rule for that process, then this issue goes away and the Tor appears secure. When finished with Tor I must then disable the blocking rules and re-enable the protected system rule, or regular web browser will not be able to resolve any host names. This testing was done in Snow Leopard 10.6.8.

  14. Just wanted to add that I also verified the DNS leak is occurring using Wireshark to monitor all port 53 traffic and then saw URLs I had typed into Safari in DNS queries. Most times I connect this way, I find the leaks occurring until I block them using Little Snitch so that mDNSResponder system process cannot access the Internet. However sometimes, I made the connection as described in steps 1 through 5A and found it not leaking. In every case, whether I have leaks or not, I verified successfully that the IP address my web access come from was modified by Tor ( I do not understand why the variation on whether the leak occurs or not.

  15. nxn, your statement that:

    Nothing you’ve said in your post, or comment, actually addressed the issue I raised.

    seems inherently in conflict with this other thing you said in the same comment:

    Your answer of setting the proxy manually for each applications you want on a different circuit is what should have been done in the first place, without all this “use tor for everything by default” nonsense.

    So fuck you very much, go die in a fire, never comment here again.

  16. Hi Meitar,

    I am very new to TOR and “all this” (sorry to be so simplistic) but have been reading up as many things as possible over the past few weeks, tweaking things as much as I could, trying to get a grasp of the theory as well as following tutorials such as yours – which by the way is incredible.

    I followed all your instructions and tested every browser I could find and it all works ! However, I then wanted to test to see if my terminal was going through TOR as well (I don’t know if that makes sense) and it wasn’t.. I did a “traceroute” and both my internal and external IP addresses (the two first hops if I’m correct?) were the same as without TOR.

    Maybe I completely misunderstood basic networking, but I wanted to be able to see a new random IP address in my terminal every time I asked for a new identity on TOR – I felt that was the best way to make sure that all my network traffic was really going through the dedicated TOR ports. Is that possible, and if so, what I am not getting ?

  17. Hi Val,

    You didn’t misunderstand basic networking, you misunderstand Mac OS X’s architecture. The terminal is typically a direct shell to the unix underpinnings of the graphical interface, which you can think of like a largely separate environment. The Tor network proxy described in this post exists in the GUI Mac OS X layer, so commands like traceroute won’t typically go through the proxy, either. In the language of this tutorial, such command line programs are basically not “well-behaved” Mac OS X applications (because they are not really Mac OS X applications in the first place) so you have to ensure they have been explicitly told to make network connections via Tor rather than directly.

    There is a simple command line utility called torsocks that you can install on Mac OS X as a wrapper for most command line programs to make them aware of Tor, though. Using it, you can mimic the example I run through with Web browsers on your Mac. For instance, the curl command is a program that makes a network connection, and is a web page that shows you your external (public-facing) IP address.

    So if you do this at a Terminal shell:


    you should expect to see whatever IP address you would see “without Tor.”

    But if you install torsocks and then do this:

    torsocks curl

    you should expect to see whatever IP address you would see with Tor. That’s because the second command is actually running torsocks, which in turn runs curl.

    Most griping about this tutorial I’ve seen is that it’s “not really all network traffic by default” because of this architectural distinction, and that’s technically true. It’s also not a useful distinction for someone who’s just learning how to start off with Tor, which is what this tutorial was (obviously?) designed to help people do.

  18. That’s awesome Meitar, thanks a lot ! And yes you’re right about the objectives of this tutorial, I just figured I asked you because your post is awesome so I thought I’d get a clear answer, which I did :)
    Thanks for your time !

  19. I applaud your efforts but many(maybe most) people I know have no idea about most of this. Even if they could follow your advice they probably won’t take the time. The question I have is why don’t browsers and operating systems do all of this by default with a simple way to override if necessary?

  20. Thank you for the tutorial. Very thorough and easy to follow.

    I’m looking to use SSH over tor. Any thoughts on how I can verify SSH is correctly being routed through tor?

  21. I’m looking to use SSH over tor. Any thoughts on how I can verify SSH is correctly being routed through tor?

    If you want to verify that your SSH connection is indeed going through a Tor circuit, the most reliable way to do so is to inspect the actual traffic packets on the network using a tool like Wireshark. If you just want to make sure you’ve got a working connection, you can use the netstat or lsof -i commands to show you a list of active Internet sockets on your machine. If what you’re trying to do is verify that the SSH session from an incoming client terminates its TCP connection from a Tor exit node to anonymize your original IP address, then you’ll either want to check the logs on the server or inspect the SSH_CLIENT or SSH_CONNECTION environment variables from the client session itself, which contain that information for each successful SSH login.

    If what you’re trying to do is create an SSH connection through Tor, then you’ll probably want to make use of SSH’s ProxyCommand option along with NetCat (nc) to configure a proxy or proxy chain. Two good guides for doing this specifically for anonymizing SSH sessions by going through Tor are “Anonymous SSH Sessions with Tor” and this Q&A on the Tor Stack Exchange site.

    Hope this helps.

Comments are closed.