OS X Vidalia Bundle Thoughts

by phobos | October 30, 2008

A few weeks ago, I watched some non-technical OS X users attempt to install the Vidalia-Tor Bundle. Many of them tried to drag the installation package to Applications. A few were surprised it required an installation at all.

In Vidalia trunk I committed a different way to install Vidalia, Tor, and Polipo. In this new dmg, you just open it up and drag the Vidalia icon into Applications. You now have Tor, Vidalia, and Polipo pre-configured and running completely out of Applications. While this works well for users that never installed Tor/Vidalia before, it doesn't work so well for existing installations.

Is it smart to think users will un-install their existing Vidalia/Tor bundle before using the drag and drop installation method? My inclination is that it isn't smart. This installation method also removes the ability to automatically install Torbutton for Firefox.

In comparison, the current method is to ship a dmg which contains a metapackage. This metapackage contains a few scripts to run pre and post-installation, which do smart things to save current configurations, upgrade existing software binaries, and try to install Torbutton for Firefox. In general, this method has worked well for most users. I've heard from enough people to know they tried to drag and drop the metapackage into Applications at first, and when that didn't work, double-clicked the metapackage to start the installer.

I'm now leaning towards creating a Tor Browser Bundle for OS X; which can run out of the dmg or be installed via drag and drop. Much like the current Tor Browser Bundle (also, we should stop naming everything Tor), it would be self-contained and leave zero trace on the machine after closing.

Thoughts on ways to make the OS X install easier, ostensibly via drag and drop install? Or is the effort to create a TBB for OS X a better use of resources?

Comments

Please note that the comment area below has been archived.

October 30, 2008

Permalink

Many OSX apps get installed via a package. Just set your .dmg so that it contains a graphical hint to double-click and install.
Drag-and-drop apps do a similar thing adding a graphic display to instruct the user to move the app to Application folder.

October 30, 2008

Permalink

i've been using the vidalia bundle for a while on my mac, but it has privoxy installed (and starting up with the machine). if i install a new version of tor that uses polipo, what happens to my privoxy then?

October 30, 2008

Permalink

Installers, while not uncommon, should be used only as a last resort when there is absolutely no way to have things run sensibly from within fully independent bundles. (An example of something that legitimately warrants the use of an installer would be the massive amount of code/resources shared among the apps in Adobe's creative suite.)

For Tor, ignoring the browser bundle option, I think the best route to go would be to redesign Vidalia as a .prefpane and include tor and polipo inside the bundle.
Preference panes are very user-friendly because double-clicking one opens it in System Preferences with the option of installing it on a per-user or system-wide basis. Uninstallation is also simple, as a user can remove a prefpane by control-clicking on it.

November 04, 2008

Permalink

"Much like the current Tor Browser Bundle (also, we should stop naming everything Tor), it would be self-contained and leave zero trace on the machine after closing."

I believe this would only work a) on OpenBSD or b) if you do not use swap or a pagefile.sys.

On OpenBSD, it can work because OpenBSD encrypts swap with highly volatile keys. That is, once the application is done using swap, the key is deleted, effectively deleted traces of the application in swap.
http://www.openbsd.org/papers/swapencrypt.ps
http://www.openbsd.org/papers/swapencrypt-slides.ps

In Linux, if you encrypt the swap partition (dm-crypt or loop-aes) with the random key option, it will at least choose a new random key each time the computer boots. So, as long as you remember to reboot the computer after use, this should be good enough.

November 04, 2008

Permalink

All versions of OSX say they encrypt swap files, but do not do so completely. strings your /var/vm/swapfile0 after opening Mail.app and notice all of the plaintext in there. I've opened a bug report for every version of OSX since 10.2 with this bug only to be ignored by Apple.

Not all versions. I have Mac OS X 10.2.8, and and I can't find any swap encryption or secure virtual memory feature in the Preferences. (Incidentally, Tor doesn't work on Mac OS X 10.2.8 either. Any chance of fixing that? Well, at least JAP works, and I have another computer on which Tor does work.)

I believe the bug you mentioned can occur if you switch to using swap encryption after not using it. Things that were in swap before it got encrypted stay unencrypted, unless you take additional measures like overwriting swap with 0s or, better yet, randomness, before encrypting it. At least that's what I'd guess based on what I've read.

But I can't find any sort of technical description on the implementation. They obviously don't bother deleting what's already there. What about the keys? Is there just one key you have to type in every time you boot? (Unlikely, not user friendly, but that is the case for Windows users using Truecrypt to access a partition containing their pagefile.sys.) If that were the case, the information would not be deleted, just unavailable to anyone who does not know the password when the computer is shut off. Does it generate a random key at each boot, like Linux? This is quite likely, but then the information is still available until the computer is shut down and the key deleted. Or does it use highly volatile keys like OpenBSD? That would be great, but considering they didn't even bother to automatically overwrite the swap file with random data when a user switches to encrypted swap, I doubt they thought it through that carefully.

The main reason tor no longer works in jaguar/10.2.8 is because we lack a copy of the OS and machine capable of running it. Feel free to report bugs, even better if you've tried to compile tor and vidalia and can report those bugs.

Tor is a non-profit and can accept donations. (hint hint)

The build machine for panther is an old imac dv (g3 power and all). Dual booting OSXes may be possible, too.

November 17, 2008

In reply to phobos

Permalink

I downloaded the source for 0.2.0.31, the latest stable version at the moment. ./configure worked fine, but make did not. Here is the output from make:

  1. <br />
  2. make all-recursive<br />
  3. Making all in src<br />
  4. Making all in common<br />
  5. source='log.c' object='log.o' libtool=no \<br />
  6. DEPDIR=.deps depmode=gcc /bin/sh ../../depcomp \<br />
  7. gcc -DHAVE_CONFIG_H -I. -I../.. -I../common -g -O2 -Wall -g -O2 -c log.c<br />
  8. ./compat.h:276: undefined type, found `socklen_t'<br />
  9. cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode<br />
  10. In file included from ./util.h:18,<br />
  11. from log.c:26:<br />
  12. ./compat.h:276: parse error before "socklen_t"<br />
  13. make[3]: *** [log.o] Error 1<br />
  14. make[2]: *** [all-recursive] Error 1<br />
  15. make[1]: *** [all-recursive] Error 1<br />
  16. make: *** [all] Error 2<br />

I have the same problem with Tor 0.2.1.7-alpha.

  1. <br />
  2. make all-recursive<br />
  3. Making all in src<br />
  4. Making all in common<br />
  5. source='address.c' object='address.o' libtool=no \<br />
  6. DEPDIR=.deps depmode=gcc /bin/sh ../../depcomp \<br />
  7. gcc -DHAVE_CONFIG_H -I. -I../.. -I../common -g -O2 -Wall -g -O2 -c address.c<br />
  8. compat.h:307: undefined type, found `socklen_t'<br />
  9. cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode<br />
  10. In file included from address.c:15:<br />
  11. compat.h:307: parse error before "socklen_t"<br />
  12. make[3]: *** [address.o] Error 1<br />
  13. make[2]: *** [all-recursive] Error 1<br />
  14. make[1]: *** [all-recursive] Error 1<br />
  15. make: *** [all] Error 2<br />

Thanks; it looks like socklen_t was used before we defined a replacement for socklen_t for platforms that don't have one. I've checked fixes for 0.2.0.x and 0.2.1.x into the repository; does it build better for you now?

November 07, 2008

Permalink

osx torbrowser would be great! I currently use it often on wxp but would love to use it within osx.

Yes, this is on the list to do. There is much research to figure out what and where updates are written to reflect usage of TBB on OS X. For what's committed to vidalia's svn, some minor tweaks to vidalia control code and you have an insecure TBB already.

January 13, 2009

In reply to phobos

Permalink

I thought Mike Perry said TorButton was not fully functional in FF3 yet. I thought he said he would email or-talk when it was fully functional on FF3?

December 13, 2008

Permalink

Yes, please! I recently downloaded the Vidalia bundle and installed it from the .dmg. The onion icon happily changes color and all seems to be humming along beautifully. Except... I don't know how to configure Firefox 3.0.4 so everybody plays nicely together. I considered replacing the whole shebang with the Tor Browser Bundle when I became aware it existed; alas, it's Windows. So, I'm almost there when almost isn't good enough. I'd happily buy a commercial version if it included a "Tor for Idiots" book. Meantime, any help would be appreciated.

open a bug at bugs.torproject.org. most likely, the installation completed fine but some sub-part of the postflight script failed. apple only has the binary ALL GOOD or ALL BAD status, so if anything produces an error, it's ALL BAD according to apple. In my testing, even with these ALL BAD reports, everything works fine.

January 09, 2009

Permalink

What about computers that require a password. If we could drag n' drop vidalia right into the applications folder or on the desktop would we still have to enter the pass? It's really annoying with my school computers, the windows zero-install pack. looks good for this but my school uses macs. Any hope of that type of thing?

We'd like to do a Tor Browser Bundle for OS X. It's in the 3-year roadmap, but it needs some research so as to not leave a trace it was used, analyze anonymity and security issues, and put together so it works on computers running 10.3 and newer the same way.

I'm also working on a drag-and-drop vidalia installer. I'll post an alpha test of the package soon.

February 05, 2009

Permalink

I am having problems downloading the file for OSX, could my IP block me from doing so?

February 21, 2009

Permalink

I downloaded the OS x Vidalia bundle with no issues however once I had to configure it thats when I got stuck. It says "Vidalia was unable to start Tor. Check your settings to ensure the correct name and location of your Tor executable is specified." I'm not sire what to enter in. Any pointers would be greatly appreciated.

November 07, 2009

In reply to phobos

Permalink

I need help installing tor on mac os x snow leopard i keep getting the message "Vidalia was unable to start Tor. Check your settings to ensure the correct name and location of your Tor executable is specified" need ideas on what to do????

February 22, 2009

Permalink

I downloaded the Vidalia bundle 0.2.0.34 mac universal and it installed fine. But isnt privoxy supposed to be included in the bundle? Anyway when i run the program and hit the "use a new identity"-button it still shows the same IP when i type seemyip.com in my firefox browser. What am i doing wrong? I dont see privoxy anywhere in the bundle and its not mentioned anywhere in the help function. Any help would be deeply appreciated.

March 24, 2009

In reply to phobos

Permalink

I'm also having the same issues as a couple of the guys: nothing on localhost:8118. When I run "ps -elf" from a terminal window I can see a privoxy process running.

I took a look at the post install log, and I see:

Privoxy was installed here: /Library/Privoxy
Running the following AppleScript:
tell application "Finder"
set myURLFile to POSIX file "/Library/Privoxy/ConfigPrivoxyURL.webloc"
set creator type of myURLFile to "MACS"
set file type of myURLFile to "ilht"
end tell
Results (stack overflow error is expected on OSX 10.x):
/tmp/fixurl:99:138: execution error: Finder got an error: CanĂ­t set creator type of file "Macintosh HD:Library:Privoxy:ConfigPrivoxyURL.webloc" to "MACS".
(-10006)
Done.

I am running 10.5.6, and I installed with the defaults from vidalia-bundle-0.2.0.34-0.1.10-universal.dmg

Firewall is turned off.

I'll try to reinstall.

eh, I think I misunderstood. I was expecting an admin webpage at localhost:8118. Pointing my browser at that url as a proxy works.

Yes, a drag and drop install is nice to have. Sometimes I like the easy way, and it's great to have this on a OS X machine (in contrast to Windows).

July 17, 2009

Permalink

I have downloaded Tor and Privoxy. Both signal they are working, but even after downloading the Torbutton onto Firefox, nothing shows up, unless the TorButton is the onion icon on the toolbar at the bottom. In addition, how does one go through Tor to surf the internet? I have repeatedly checked my IP address, and it is the same, i.e. my real one, so I am obviously not doing something right.

The help is not helpful. I have read it several times now, and nothing points to how you actually use Tor. It is just basically, download it and you are going through the relays, which is not true.

juli

July 17, 2009

Permalink

Ok, just went through all the FAQs on TorButton. Nothing is helping me. I checked the message blog, it is up and running, but I checked checktor and I am not on Tor. What is the preventing TorButton from appearing on Firefox?

juli

July 17, 2009

Permalink

Problem solved. No need to reply to that part, but please confirm though, what the TorButton looks like, is it the onion icon at the bottom toolbar?
juli

July 19, 2009

In reply to phobos

Permalink

I downloaded the Torbutton but I have nothing that says Tor Enabled or Tor Disabled. I find that only if I go to Tools and then to Add-ons on Firefox, where I find this as an extension, not a plugin. Is the Torbutton supposed to appear anywhere on Firefox as a "button"?

Also, I have gone through FAQ and all the other info, and put in "toggle" in the search box but cannot find the answer to the following problem. (I realise that you give preference in answering questions to relayers, but I just started using Tor.)

When I toggle off Tor and Privoxy it doesn't just turn them off, it locks up Firefox preventing my netsurfing at all. I get only 404s. I can now surf the net only if I enable Tor and Privoxy. What is the problem here?

July 18, 2009

In reply to phobos

Permalink

my os is WinXp Ver2002 SP3. I was install Bundle Ver."vidalia-bundle-0.2.0.35-0.1.15" but it dose not work. I had an error in Message log, that is "Error from libevent: evsignal_init: socketpair: No error". OLder bundle Ver. "vidalia-bundle-0.1.2.19-0.0.16" was work in my pc but I had some warning in message log same >>>>>>>>>"[Warning] Please upgrade! This version of Tor (0.1.2.19) is obsolete, according to 3/3 version-listing network statuses. Versions recommended by at least 1 authority are: 0.2.0.33, 0.2.0.34, 0.2.0.35, 0.2.1.11-alpha, 0.2.1.12-alpha, 0.2.1.13-alpha, 0.2.1.14-rc, 0.2.1.15-rc, 0.2.1.16-rc, 0.2.1.17-rc" please help me.

July 19, 2009

In reply to phobos

Permalink

my Os.pc is WinXp Ver2002 SP3. I was install Bundle Ver."vidalia-bundle-0.2.0.35-0.1.15" but it dose not work. I had an error in Message log, that is "Error from libevent: evsignal_init: socketpair: No error". OLder bundle Ver. "vidalia-bundle-0.1.2.19-0.0.16" was work in my pc but I had some warning in message log same this message >>>>>>>>>"[Warning] Please upgrade! This version of Tor (0.1.2.19) is obsolete, according to 3/3 version-listing network statuses. Versions recommended by at least 1 authority are: 0.2.0.33, 0.2.0.34, 0.2.0.35, 0.2.1.11-alpha, 0.2.1.12-alpha, 0.2.1.13-alpha, 0.2.1.14-rc, 0.2.1.15-rc, 0.2.1.16-rc, 0.2.1.17-rc" Please help me.

November 23, 2009

Permalink

I had previously had problems with Vidalia being unreliable. I decided to try the bundle again when the latest version of tor was released. Uninstalled every last trace of tor and privoxy that I had been using and then dragged the Vidalia bundle to Applications, changed the settings in Network prefs and all is well .....

with Safari.

However, with Firefox, even with torbutton installed via the script, I keep getting an error when I click Test Settings. Says "Internal Error." I am unable to reach any website with Tor Enabled.

This is with FF 3.5.5. Help!!!!!!!!!!!!!!!!

December 02, 2009

In reply to by Anonymous (not verified)

Permalink

Torbutton does not work out of the box or otherwise. Tried it out with Firefox 3.0.15 and 3.5.5. Tor and polipo connect up fine under VIdalia but I can find no possible way to make the Tor button work. Turn it on and you cannot connect to the internet. Use the Test Settings button and you will always get "Tor proxy test: Internal error." Does no one have a solution for this? I saw a bug opened for this issue but then mysteriously closed with no work, no work around, and no solution. Is anyone in the world actually using this thing?

Roughly a few million people use torbutton fine. There's a bug where once you fail a test, you'll always fail a test.

This most likely happened because you did a "Test Settings" test from
the Torbutton proxy preferences menu while polipo was not working.
This test most likely failed.

To clear this, simply run "Test Settings" again now that you've got it
working. This should reset the pref "extensions.torbutton.test_failed"
back to false, and the warning should go away.

I have exactly the same problem, vidalia is connecting to the tor-network properly, but as I try to start Torbutton it doesn't work. Is there really no solution for this problem?

December 05, 2009

Permalink

I see that Phobos made a comment, though irrelevant, gave me the idea of attempting to adjust the torbutton settings using about:config. I reset the extensions.torbutton.test_failed to false with Vidalia and Polipo already running, reset Firefox, started the Torbutton and failed to connect and the boolean was reset to true. I still see no solution but will attempt to redefine the torbutton configuration to make it work. Anyone else have any suggestions?

December 08, 2009

Permalink

apparently nobody

December 14, 2009

Permalink

Just tried it on a black macbook os x 10.4.11 and vidalia won't even launch

Clicking on the Vidalia icon in Applications does nothing - it makes a very brief attempt to launch but nothing ever happens e.g.: no icon appears in dock

tried running the .exec's using terminal - they launch but can't/don't communicate with FF3.5.5 and torbutton 1.2.3

December 15, 2009

Permalink

Ya someone broke it for us.

Just happened to me too....launched vidalia and it told me it was now out of date, so I downloaded the new version, uninstalled all the old and followed the directions for installing the new one...

now its broke, says it needs version 7 of some lib but only 5 is found...

January 07, 2010

Permalink

Tor was working great but I made the mistake of upgrading to latest release. Now I am being prompted for a password. . In FAQs, it says error could be caused by:

"You set Tor to run as a service. When Tor is set to run as a service, it starts up when the system boots up. If you configured Tor to start as a service through Vidalia, a random password was set and saved in Tor. When you reboot, Tor starts up and uses the random password it saved. You login and start up Vidalia. Vidalia attempts to talk to the already running Tor. Vidalia generates a random password, but it is different than the saved password in the Tor service. You need to reconfigure Tor to not be a service. See Tor as a service for more info."

the directions are useless as they are for windows only. help!

February 07, 2010

Permalink

If anyone gets the Vidalia is unable to start tor becuase it can't find the executable on OSX change the tor executable path to:
/Applications/Vidalia.app/Contents/MacOS/tor

May 22, 2010

Permalink

"/Applications/Vidalia.app/Contents/MacOS/tor"

Thank you!!!

How on earth was I supposed to know that Vidalia.app contains tor executable? And if it's a part of Vidalia, why is there a setting for its path?

June 01, 2010

Permalink

Finally! It was so simple yet so stupid to not have the correct path of the executable..

Thanks @ the solver.