How to Route All Traffic Through Tor?

When discussing anonymous browsing, Tor is often the first tool that comes to mind. Its anonymity and security features are among the best in similar software (of course, this assumes you use it correctly and wisely). With the release of the Tor Browser, accessing the internet via Tor has become more convenient, and more and more people have started using it. While browsing websites with Tor is easy, configuring every application on your system to use Tor can be cumbersome, often requiring individual setup. So, you might wonder, is there a way to route all traffic through Tor? The short answer is: no, not entirely.

⚠️ Before explaining why it's not entirely possible, I need to clarify a few things: While Tor is theoretically secure, there are numerous ways in practice that a user's identity can be exposed (for example, when "all" traffic is routed through the same Tor network, traffic containing identifiable information, such as logging into a service account, can potentially lead to de-anonymization). This article is purely a technical discussion on "how to route all traffic through Tor"; other topics are beyond the scope of this article. Any privacy leaks or identity exposure when using Tor are not the responsibility of the author. Additionally, any illegal activities conducted using Tor, or using Tor in countries where it is prohibited, are solely the user's responsibility. Lastly, I encourage everyone to always think critically and independently.

Now, let's get back to the main point. The reason there's no complete way to route all traffic through Tor is simple: Tor doesn't support all protocols. For example, the Internet Control Message Protocol (ICMP), used by the ping command, cannot be routed through Tor. Additionally, UDP traffic isn't supported either, as Tor only offers a UDP DNS port. So, what's the solution for "routing all traffic through Tor"? It's actually straightforward: block any traffic that can't go through Tor (you can refer to the design principles of Tails, a well-known anonymous Linux distribution, for inspiration)! While this approach might seem overly simplistic, it's actually quite effective—less traffic means better security. Given that most applications support TCP, you shouldn't face too many inconveniences in everyday use.

The implementation also seems simple: you can use iptables or its successor, nftables, to configure the necessary rules. There are plenty of templates online that you can "borrow," but integrating them all can still be quite troublesome. Fortunately, someone has already created scripts to simplify this process. Allow me to introduce: TorGhost, and its fork, TorPhantom.

TorGhost

TorGhost is primarily designed for Kali Linux, according to its description. I found it to be very user-friendly and highly recommend it. But what if you're using Arch Linux? I initially planned to write my own script, but then I discovered the following fork.

TorPhantom

TorPhantom is actually the highlight of this article. Besides being compatible with Debian-based systems, TorPhantom also supports other distros like Arch, and even macOS. Moreover, it includes macchanger functionality, which enhances anonymity by changing the MAC address. However, there are still some minor issues during use (some of which are difficult to resolve and seem to be compromises made by the original developer):

0. <interface(s)>

Before diving into the issues, let me quickly explain what <interface(s)> refers to, just in case someone isn't familiar. Here, <interface(s)> refers to "network interfaces" (this term isn't entirely precise, but it gets the point across). You can easily check their names and corresponding MAC addresses using either ip link show or ifconfig.

1. Issues with macchanger

First, there's a problem with macchanger. If you run: 

torphantom start -i <interface(s)>

TorPhantom uses macchanger to alter the MAC address. However, when you run: 

torphantom stop

TorPhantom doesn't restore the original MAC address. This is tricky to address because TorPhantom can't know which interfaces the user modified earlier. Restoring all interfaces might undo changes the user intentionally made for other scenarios. A better solution might be for the script to notify the user during the stop process that the MAC address needs to be manually restored. To restore it manually, simply run the following command: 

macchanger -p <interface>

You can verify whether the target interface(s) has been restored by running: 

macchanger -s <interface>

If the Current MAC and Permanent MAC match, the address has been restored.

2. How to Uninstall

Another issue is that TorPhantom doesn't provide an uninstall option. Fortunately, this is easy to solve. First, stop TorPhantom by running: 

torphantom stop

Then, delete it with:

rm /usr/bin/torphantom

And that's it. Alternatively, if you're using Arch Linux, installing via AUR should also make it easy to uninstall, although I haven't tested it myself.

Testing Anonymity

I've briefly reviewed the source code for both scripts, so I feel reasonably confident in them. But if you're using other anonymity methods, how can you test their effectiveness?

Here are a few tips (by no means exhaustive):

  1. Check your IP address;
  2. Run a DNS leak test;
  3. Try pinging something—you should see that it's blocked;
  4. And more...

Conclusion

There is no such thing as absolute anonymity or security as long as you're online. For those seeking complete privacy, cutting off from the internet entirely would be the solution. While this is an effective way to stay anonymous, it's not a realistic option for most people. Therefore, finding a balance between the convenience that technology brings and the risks it poses is something worth continuous reflection. I hope everyone can find a solution that works best for them ヾ(●゜▽゜●)♡