Forcing all connections through Tor - like in TAILS

Is their a method by which all connections of openSUSE get forced through Tor like it is done in TAILS OS. Not just browser but everything.

And will it help given that Tor also has been compromised by NSA

TAILS implements Tor for many if not most of the installed apps. If you want multi-app privacy, then TAILS is pre-configured to do it for you. If you install Tor (by any means, including the recommended Tor bundle) the same can be configured but requires a lot of work.

From what I understand, Tor has not been fundamentally compromised by anyone including the NSA but individual connections can be vulnerable by indirect means… ie gaining strategic access to both entry and exit nodes and applying analytics. This requires special conditions that aren’t easy to setup (unless you believe the NSA or whoever can do this at will) and considerable computing power. Sure, this is likely much more possible than only theoretical but far from common place and if you believe that random computers are that vulnerable or the overall number of Tor nodes are deployed by the NSA, then… well, that’s just the way things might be.

TSU

set up a KVM
install tor on the host

configure the VM bridge to use tor
then the Virtual OS can only use tor

that would make ANY “clear net” tag on a .onion site USE TOR and not the clear net

[QUOTE=JohnVV;2704598]set up a KVM
install tor on the host

configure the VM bridge to use tor
then the Virtual OS can only use tor

that would make ANY “clear net”
You might need to be a bit more descriptive how your suggestion is configured and the issues it solves.

So, exactly what do you mean by “install tor on the host?”
Are you suggesting setting up the HostOS as an entry node and not just as a client? ]
If you set up as a client, I don’t see how there is any advantage, the only supported tor connections likely will be https only.
If you set up as an entry node, I’m not sure how there is much of an advantage over just connecting to other entry nodes except that you are contributing to the tor network. The Guest may be better hidden and less exposed to sniffing, but your HostOS becomes more visible as a potential target for anyone trying to hack tor.
In either case, I don’t see how this addresses the original issues configuring the client’s(now in a KVM guest) non-ssl apps to use tor.

IMO but open to correction and enlightenment, :slight_smile:
TSU

“install tor on the host?”

i would have thought that as self explanatory


su -
zypper in tor

set the kvm bridge to use 127.0.0.1:9050

launch the kvm manager and start the VM

the os in the vm then can ONLY use 127.0.0.1:9050

so
zypper on the VM will use tor
iceweasel will use tor ( if debian then apt-get will use tor)
wget will use tor

iceweasel and wget both are http/https apps.
For any http/https app, it doesn’t matter if you point the tor client to your HostOS running tor (assuming that your HostOS is configured to forward traffic) or a remote machine running a tor entry node.
TAILS pre-configures many more apps using other protocols to operate over TOR, like IMAP, POP, SMTP, FTP, various chat and more… Which is what I’m pretty sure the OP in this thread desires.
By default a tor client configures only http/https connections, you need to do additional work which may be considerable for apps using other protocols which is why TAILS can be a time and effort saver.

TSU

Would it be okay if I add this feature on openFATE

You can always request new features that way.

Or, I would think if you are interested in actually running a little project like this, you could set up a github or obs project and invite people to collaborate on a project like this… Get the word out that people would be invited to contribute configuring only one app and see if people show up. Include a compelling request, why you’d be interested in an openSUSE version of TAILS, what may be the same and what may be different.

You might get some interest because any contributions would be mostly configuration all which is likely in the TOR documentation, shouldn’t require any coding knowledge and might require only a few minutes per app.

TSU