System-wide Tor support proposal

This is a proposal on ways to integrate Tor in Debian to increase security.

The problem: Installing Tor and torifying the existing applications is a non-trivial task and it's currently left to the user. Detecting and preventing leaks requires a lot of effort due to the number of network-enabled applications running on the average system, especially desktops.

Use cases:

Requirements:

Implementation

Version 1:

A script is used to set up a firewall to drop non-Tor traffic. A wrapper is used to set an environment variable to proxy *only* a set of whitelisted "Tor-safe" applications.

 export http_proxy=http://........./
 export https_proxy=$http_proxy
 export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"

The whitelist is maintained by the developers of the script.

Version 2:

Tor-safe applications are packaged with a new field in the debian/control file or a dedicated "tor.conf" configuration file to instruct the wrapper on how to torify them is the right way.

Some application might be designed to behave differently depending if they are going through a regular proxy or Tor. (e.g. disable unsafe features/plugins, mangle/hide timestamps...)