Accessing Git Through Tor
The Tor network is a decentralized, anonymizing network designed to improve privacy and security on the internet. It does this by routing users’ web traffic through a worldwide network of volunteer-run servers (called “relays”). This process, known as onion routing, encrypts the data multiple times (like the layers of an onion…) as it passes through the relays, peeling off one layer of encryption at each step. This ensures that the origin, destination, and content of the internet traffic remain anonymous to anyone monitoring or attempting to analyze the traffic.
While Tor is oftern associated with the “Dark web” and other not-so-legal activities, it also provides those who care about their own privacy a method to circumvent the mass-tracking of web activity that we have normalised over the past few decades.
Maybe that’s not such a bad thing
Since I’m a developer and use git regularly, I thought it would be interesting to see if there was a method for using Git over Tor. It’s not something that’s done particularly often but I thought I’d document my findings here for those who prefer to keep their development activity private 🥸
Installing Tor and Torsocks
The first step is to install the required tools. Here is an example of how to do that on Linux:
sudo apt install tor
Next, enable the tor service
sudo systemctl enable --now tor
Typically you won’t need to do any more customization but if you do need to you can read the manual for tor here
Next, we’ll use torsocks to proxy network requests through the Tor network. Most applications don’t typically support Tor, but torsocks can be used to force an application’s network traffic to use Tor to allow you to provide additional privacy and security.
To install torsocks:
sudo apt install torsocks
Now, to send the network traffic for an application through Tor, you can run:
torsocks [your command]
# e.g.
torsocks curl https://google.com
You can also toggle torsocks on/off to proxy all of your traffic through torsocks for a shell session which can come in handy if you’re using multiple applications that you want to proxy. You can do this by doing:
# Activate torsocks for the currect shell session
torsocks on
# deactivate it
torsocks off
Using torsocks with git
Once you’ve got tor and torsocks working you can proxy your git commands over the Tor network.
If you’re using HTTPS authentication for git, you can use the method above fairly easily. I typically just turn torsocks on for the shell session, and disable it when I’m done:
sudo torsocks on
git commit -a -m "Updates"
git push origin master
But if you’re using git over SSH, you’ll need to take a different approach. In order to proxy your SSH traffic, you’ll need to use an SSH ProxyCommand. In your SSH config (typically located at ~/.ssh/config), edit the configuration for your git host like this:
Host <your git host e.g. github>
HostName <your host name e.g. github.com>
IdentityFile /path/to/your/private_key
User git
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
To summarize, this config uses ProxyCommand to proxy the traffic through your local Tor proxy at 127.0.0.1:9050, where %h and %p are placeholders for the host and port that you will provide when you give your SSH command. With this done, every time you interact with the host you specified through git, it will be proxied over Tor.