Tor is a network of anonymising TCP proxies. In order to use tor to access the web, your web browser needs to go through a proxy that can speak to tor; this is usually Privoxy, but Polipo can be used instead.
Unlike Privoxy, Polipo has a number of features (pipelining, caching, smart use of range requests) that make it (seem) faster on slow networks; and, since tor is not the fastest network around, Polipo over tor is noticeably more responsive than Privoxy over tor.
The downside is that Polipo does not perform application-layer anonimisation by default. While it is possible to configure Polipo to perform some sanitisation of HTTP headers, this does not come even close to the amount of munging that Privoxy can do. Please make sure to read all of this document before switching to Polipo, notably the sections about tweaking Polipo and your web browser below.
Additionally, Polipo has some rather specific traffic patterns (agressive pipelining, range requests) that make it rather easy to spot. The websites you access won't know who you are, but they might realise you're running Polipo.
Installing Polipo under Unix is a simple matter of
If you are running a major Linux distribution or a major BSD Unix, it may be simpler to either install the binaries provided by your distributor or one of the binaries listed on the Polipo web page.
(Yes, Virginia, Mac OS X is a BSD Unix.)
If you're the kind of person that runs Windows, you may be better served by running the precompiled Windows binary that you will find linked from the Polipo web page.
(It is not too late: upgrade to Linux, upgrade to FreeBSD, upgrade to NetBSD, and all is forgiven.)
Polipo is configured by setting a number of configuration variables in Polipo's configuration file, which is either ~/.polipo or /etc/polipo/config, whichever exists. In order to tell Polipo to use tor and not to cache any fetched pages on disk, you will want to add the following lines to your configuration file:
You will also want to disable the local configuration interface in order to protect yourself from browser vulnerabilities:
If you want to specify a different location for the configuration file (for example because you are running Windows), you can specify it by using the -c flag on Polipo's command line (see below).
Note that if you installed Polipo from a distribution-provided binary, it will probably not take ~/.polipo into account — you will need to edit /etc/polipo/config.
If you installed Polipo from a distribution-provided package, Polipo is probably already running; you will need to restart it so it takes its new configuration into account. Otherwise, just grab a free terminal window and type
If you are using a non-standard location for Polipo's configuration file, specify it on the command line, for example
Go to ipid.shat.net. It should show you an address that you've never heard about.
Polipo has almost a hundred configuration variables that can be tweaked to your liking. You can list them all by typing
You will probably want to perform some sanitisation of HTTP headers; you could for example say
There are some other options that will make Polipo faster (but less standard); please check the Polipo manual for the variables relaxTransparency and mindlesslyCacheVary (you should only set them if you understand what they do). It might also be worthwile to experiment with the optimal values of serverSlots and maxServerSlots.
(Remember to restart Polipo after making your changes.)
Unlike Privoxy, Polipo doesn't attempt to munge web pages to make your browser less vulnerable; I believe that disabling various features of the web browser is best done in the browser itself.
You will probably want to do the following:
(This section needs expanding.)
You may be running tor, you may have followed all of the directions in this document, you may completely understand your web browser and operating system, but you're still not anonymous. So don't do anything silly.
Back to the Polipo web page