Ubuntu Tutorials

This evening I got to thinking about web browsers and privacy. Privacy is, of course, a regular concern for many of us and there are many different “solutions” out there. Recently web browsers have been adding privacy modes, which allow us to browse the web without storing a lot of cookies, history, etc. Google Chrome (or Chromium) provide the “Incognito” mode, which allows for private browsing. This mode can be launched using the key combination “shift-ctrl-n” or selecting “New Incognito Window” from the menu. The only missing piece is until recently there hasn’t been a way to launch this mode by default.

In this article I will outline how to update your system to launch Google Chrome’s Incognito mode by default. This includes launching it from the Applications menu as well as making it the default when opening new links.

Step 1:

Edit your Application menu entry for Google Chrome (or Chromium) using the ‘alacarte’ application. You can launch this command directly or right-click on the Applications menu and “Edit Menu”. Navigate to “Internet” section and select the Google Chrome (or Chromium) entry.

Once selected, simply double-click the item to open its properties and update the command, description or title.

As you can see from the screenshot above, the addition you’ll want to make is the “--incognito” between the existing chromium and %U. This will update the Applications menu, essentially setting Incognito mode as the default when launching this application new.

Step 2:

In addition, if you want links to be opened in Incognito mode you’ll also need to update your Preferred Applications configuration. This is done in the Preferences > Preferred Applications. This is assuming that Google Chrome (or Chromium) is set as your default. In the screenshot below, you’ll see that we’ll essentially make the same change as we did above.

Conclusion

These two simple steps will configure your browser to perpetual private mode. From my searching, I couldn’t find any documentation specific to Linux, so here it is. I hope you find it helpful!

As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.

If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.

Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.

Installing Squid

By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.

To install squid use the command (or click on the link):

sudo aptitude install squid

Finding Your Public IP Address

You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.

Configuring Squid

We’ll now customize three things within the squid configuration.

1. Select a random port other than the default of 3128
2. Define access control list to allow Iranian subnets
3. Disable logging for anonymity of Iranian users

Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128″. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.

Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.

Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:

acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15

http_access allow TRUSTED
http_access deny all

access_log none
cache_store_log none

visible_hostname <your public IP>

Once you have saved these changes run the following two commands to activate things:

sudo squid -z
sudo /etc/init.d/squid start

If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.

me@austinheap.com and smallworldnews@gmail.com

I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.

You can find more information and inside updates here here and here.

More and more I’ve been using ssh tunneling, encrypted emails or privacy networks while I’m online. Between (US) government sponsored wiretaps, to identity theft there are plenty of people out there that want to know what you’re doing and get your information. This is one of the reasons I recently looked into donating some bandwidth to the Tor network.

If you’re not familiar with the Tor network it is “The Onion Router”, basically meaning that between your machine and the machines you end up connecting to there are layers. Layers of encryption and anonymity that can help ensure your privacy.

Now this system (just like any system) can be abused. There are some people out there that feel the Tor network is simply for crackers and terrorists trying to do bad things. On the contrary, its for real people like you and me that don’t care for our personal information to be so freely available just by casual browsing.

I used the Tor network fairly early on and it was great. Eventually more and more people started using it and the limited donated bandwidth was running short and therefore your Tor-enabled private connections were slower. This became a common complaint about using Tor–it was too slow.

Well, we can help change that by donating a throttled section of our bandwidth to the Tor network. If one-hundred more people donated a bit of their bandwidth it would open the network quite a bit.

In any event, lets get to the details. (note: This was tested on Ubuntu 6.06.1 but should function on later versions)

Downloading the Tor software

The first thing we need to do is install the latest Tor software for handling the private connections. While the tor package is available it is not the latest version (with 6.06.1 backports) and not compatible with the latest network. We’ll need to add the latest package by adding this to our sources.list: The version we need is >=0.1.2.15

deb http://mirror.noreply.org/pub/tor dapper main

(replace dapper, of course, with the distribution version you are running)

You may also want to add the GPG key the package was signed with to validate it:

gpg --keyserver subkeys.pgp.net --recv 94C09C7F

gpg --export 94C09C7F | sudo apt-key add -

Once you have added that line to your /etc/sources.list file you’ll need to run these commands: (or use your favorite package manager front-end)

sudo aptitude update

sudo aptitude install tor

Config Preparation

We’ll now prepare the machine to run as a Tor server. Two things need to be done here.

1. Make sure your time clock is up to date
2. Make sure your machine can resolve DNS properly

We can do this via these two commands:

sudo ntpdate pool.ntp.org

(this will synchronize the clock unless you are already running the ntd daemon. If so you're probably synched)

host google.com / host ubuntu.com / host some-random-domain.com

(the host tool will resolve names to IPs using DNS lookups. If your machine is able to resolve domains quickly and easily you're set. If not, consider configuring OpenDNS on your machine)

Configure the Tor Server

Three last things to do and your machine will join the Tor network. We’ll need to set a Tor unique server ID and the ports to use. If you are behind a router you’ll need to configure NAT for the second step.

Edit your /etc/tor/torrc file:

sudo vim/nano/gedit /etc/tor/torrc

1. Find the line that says “Nickname” and define a nickname for your server. It’ll need to be something unique.
2. Find the line that says “ORPort” and define the port number. You can use the defaults (uncomment existing lines) or define an alternate port.
3. You’ll also probably want to define the bandwidth limitations that will be donated to the network. Look for “BandwidthRate” for the minimum long-term bandwidth rate. The minimum to join the network is 20K. Also find “BandwidthBurstRate” for occasional burst speeds across the network. The overall average, even with the burst rate will stay to the lower value. You may also want to look at the Hibernation value which lets you put a total cap on a timeline basis on shared bandwidth.

Running the Server

You’re now ready to start running the server and donating to the Tor privacy network. You’ll simply need to start the service and quickly watch a log file to see that everything functions as it should. If it does not please see the Tor FAQ for help.

sudo /etc/init.d/tor start

tail -f /var/log/tor/log

If you see a message like “Self-testing indicates your ORPort is reachable from the outside. Excellent” then you are ready to go. You can close the log (ctrl-c) and just let it go.

You’ll probably want to watch your bandwidth for the next day or two and find the best limit for your connection.

Thank you for donating to the Tor network. Thousands of privacy-concerned citizens around the world appreciate it!