Using tor with Polipo

Tor is a network of anonymising TCP proxies. In order to use tor to access the web, your web browser needs to go through a proxy that can speak to tor; this is usually Privoxy, but Polipo can be used instead.

Unlike Privoxy, Polipo has a number of features (pipelining, caching, smart use of range requests) that make it (seem) faster on slow networks; and, since tor is not the fastest network around, Polipo over tor is noticeably more responsive than Privoxy over tor.

The downside is that Polipo does not perform application-layer anonimisation by default. While it is possible to configure Polipo to perform some sanitisation of HTTP headers, this does not come even close to the amount of munging that Privoxy can do. Please make sure to read all of this document before switching to Polipo, notably the sections about tweaking Polipo and your web browser below.

Additionally, Polipo has some rather specific traffic patterns (agressive pipelining, range requests) that make it rather easy to spot. The websites you access won't know who you are, but they might realise you're running Polipo.

Installing Polipo

Installing Polipo under Unix

Installing Polipo under Unix is a simple matter of

$ make all
$ make install

If you are running a major Linux distribution or a major BSD Unix, it may be simpler to either install the binaries provided by your distributor or one of the binaries listed on the Polipo web page.

(Yes, Virginia, Mac OS X is a BSD Unix.)

Installing Polipo under Windows

If you're the kind of person that runs Windows, you may be better served by running the precompiled Windows binary that you will find linked from the Polipo web page.

(It is not too late: upgrade to Linux, upgrade to FreeBSD, upgrade to NetBSD, and all is forgiven.)

Configuring Polipo

Polipo is configured by setting a number of configuration variables in Polipo's configuration file, which is either ~/.polipo or /etc/polipo/config, whichever exists. In order to tell Polipo to use tor and not to cache any fetched pages on disk, you will want to add the following lines to your configuration file:

socksParentProxy = localhost:9050
diskCacheRoot=""

You will also want to disable the local configuration interface in order to protect yourself from browser vulnerabilities:

disableLocalInterface=true

If you want to specify a different location for the configuration file (for example because you are running Windows), you can specify it by using the -c flag on Polipo's command line (see below).

Note that if you installed Polipo from a distribution-provided binary, it will probably not take ~/.polipo into account — you will need to edit /etc/polipo/config.

Running Polipo

If you installed Polipo from a distribution-provided package, Polipo is probably already running; you will need to restart it so it takes its new configuration into account. Otherwise, just grab a free terminal window and type

$ polipo

If you are using a non-standard location for Polipo's configuration file, specify it on the command line, for example

$ polipo -c "/Program Files/Polipo/config.txt"
Note that even under Windows you must use Unix syntax for the filename (using forward slashes) and you cannot specify a device (“drive”) to use.

Checking that it works

Go to check.torproject.org.

Tweaking Polipo

Polipo has almost a hundred configuration variables that can be tweaked to your liking. You can list them all by typing

$ polipo -v
and they should all be documented in the Polipo manual.

You will probably want to perform some sanitisation of HTTP headers; you could for example say

censoredHeaders = from, accept-language, x-pad
censorReferer = maybe

There are some other options that will make Polipo faster (but less standard); please check the Polipo manual for the variables relaxTransparency and mindlesslyCacheVary (you should only set them if you understand what they do). It might also be worthwile to experiment with the optimal values of serverSlots and maxServerSlots.

(Remember to restart Polipo after making your changes.)

Tweaking your web browser

Unlike Privoxy, Polipo doesn't attempt to munge web pages to make your browser less vulnerable; I believe that disabling various features of the web browser is best done in the browser itself.

You will probably want to do the following:

(This section needs expanding.)

And remember...

You may be running tor, you may have followed all of the directions in this document, you may completely understand your web browser and operating system, but you're still not anonymous. So don't do anything silly.

Back to the Polipo web page