[tor-talk] Tor as a network filter

WhonixQubes whonixqubes at riseup.net
Mon Feb 9 15:53:10 UTC 2015 

On 2015-02-09 9:51 am, Yuri wrote:
> On 02/09/2015 00:55, spencerone at openmailbox.org wrote:
>> 
>> Yes, "..separate identification from routing.”, but isn't Tor 
>> filtering my connection to the internet by routing my connection 
>> through its network?  Because, if so, I am wondering if it is possible 
>> to have that onion routing process do more than just automatically 
>> proxy my connection.  I am thinking it could allow me to deny certain 
>> connection attempts completely while allowing others.  If applications 
>> can make connections to the internet through the Tor network, via 
>> Orbot or TorBirdy, for example, how much control can I have over this 
>> on a desk/laptop environment?
>> 
>> Where would I look to find information on this?  Is Vidalia or "system 
>> Tor" relevant to this?
> 
> No, tor doesn't filter anything. The closest definition of what tor is
> would be "routing software". It routes user traffic through the
> anonymization network. There is no degree of control in terms of what
> is and isn't sent beyond the fact of connection. You need to really
> read about tor in order to understand it. But "filter" concept doesn't
> describe tor in any way. This is the misunderstanding.
> 
> Yuri


No problem. :)

Yuri is correct. Tor does not provide an internet filter for 
applications.

Sounds like you are looking for what is known as an "Application 
Firewall".

An application firewall would be on the desktop machine or as a separate 
machine on the network, in-between your apps and the regular or Tor 
internet connection.

Then the rules you set for the application firewall would determine 
which apps get access to the internet or Tor, and at what times of day, 
for which users, etc.


Potential configurations might look like:

Applications --> Application Firewall --> Tor Network --> Normal 
Internet

Applications --> Application Firewall --> Normal Internet


Whonix works good for sending your OS's traffic through the Tor network. 
An application firewall could also be installed with Whonix or other 
systems by the user to control the filtering of access on a per 
application basis.


WhonixQubes

More information about the tor-talk mailing list