Skip to main content

Why Use Tor with gitGost?

gitGost strips your name, email, and commit timestamps—but your IP address is still visible to the server during the push. If you need stronger anonymity guarantees, route your Git push through the Tor network.
Tor routes your connection through three encrypted relay nodes worldwide, so the gitGost server only sees a Tor exit node IP, not yours.

How Tor Anonymizes Your Push

The gitGost server sees the Tor exit node’s IP, not yours. Combined with gitGost’s metadata stripping, this provides strong anonymity.
Tor is slow. A push that normally takes seconds may take several minutes. gitGost’s 10 MB commit limit is partly sized with Tor in mind.

Installation

Linux (Debian/Ubuntu)

sudo apt update
sudo apt install tor torsocks

Linux (Arch)

sudo pacman -S tor torsocks

macOS (Homebrew)

brew install tor torsocks

Windows

See Windows alternatives below. torsocks is not available natively on Windows.

Starting Tor

# Start Tor daemon
sudo systemctl start tor

# Enable on boot (optional)
sudo systemctl enable tor

# Check status
sudo systemctl status tor
Tor listens on 127.0.0.1:9050 (SOCKS5 proxy) by default.

Pushing Through Tor

1

Verify Tor is running

Test that Tor is active:
torsocks curl https://check.torproject.org/api/ip
Expected output:
{"IsTor": true, "IP": "185.220.101.x"}
If you see "IsTor": false, Tor is not running. Check the service status.
2

Push with torsocks

Wrap your Git push with torsocks:
torsocks git \
  -c http.extraHeader="X-Gost-Authorship-Confirmed: 1" \
  push gost my-feature:main
The X-Gost-Authorship-Confirmed header acknowledges you’re making an anonymous contribution.
3

Wait for completion

The push will be significantly slower due to Tor routing:
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 8 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 342 bytes | 342.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0), pack-reused 0
remote: gitGost: Processing your anonymous contribution...
Expect 2-5 minutes for small pushes, longer for larger ones. This is normal for Tor.

Persistent Configuration

To avoid typing the full command every time, configure Git:

Per-Repository

Inside your repository: 
# Set the authorship header
git config http.extraHeader "X-Gost-Authorship-Confirmed: 1"

# Now push normally with torsocks
torsocks git push gost my-branch:main

Global Alias

Add a ghost alias to your ~/.gitconfig: 
git config --global alias.ghost '!torsocks git'
Then use: 
git ghost push gost my-branch:main

Combined Configuration

For full automation: 
# Inside your repo
git config http.extraHeader "X-Gost-Authorship-Confirmed: 1"

# In ~/.gitconfig
[alias]
    ghost = "!torsocks git"
Now a simple command does everything: 
git ghost push gost feature:main

Windows Alternatives

torsocks is not available on Windows natively. Use one of these options:

Option 1: Tor Browser + SOCKS5 (Easiest)

1

Download Tor Browser

Get it from: https://www.torproject.org/download/
2

Launch Tor Browser

Open Tor Browser and leave it running. It exposes a SOCKS5 proxy on 127.0.0.1:9150.
3

Configure Git to use the proxy

# Per-repository
git config http.proxy socks5h://127.0.0.1:9150
git config http.extraHeader "X-Gost-Authorship-Confirmed: 1"

# Or globally (not recommended)
git config --global http.proxy socks5h://127.0.0.1:9150
Use socks5h:// (with the h), not socks5://. The h ensures DNS resolution happens through Tor, preventing DNS leaks.
4

Push normally

git push gost my-branch:main
Git will route through Tor automatically.
5

Remove proxy when done

# Per-repo
git config --unset http.proxy

# Global (if you set it globally)
git config --global --unset http.proxy

Option 2: WSL2 (Windows Subsystem for Linux)

If you have WSL2, use the Linux instructions: 
# Inside WSL2 (Ubuntu/Debian)
sudo apt update
sudo apt install tor torsocks
sudo service tor start

# Verify Tor is working
torsocks curl https://check.torproject.org/api/ip

# Push through Tor
torsocks git push gost my-branch:main
WSL2 has its own network stack separate from Windows, so anonymity is preserved correctly.

Verifying Your IP is Hidden

Before pushing, verify Tor is routing your traffic: 
torsocks curl https://check.torproject.org/api/ip
Expected response: 
{
  "IsTor": true,
  "IP": "185.220.101.42"
}
The IP shown is the Tor exit node, not your real IP.

Without torsocks (for comparison)

curl https://check.torproject.org/api/ip
Response: 
{
  "IsTor": false,
  "IP": "203.0.113.45"
}
This shows your real IP. ❌

Performance Considerations

Expected Push Times

Commit SizeWithout TorWith Tor
< 1 KB2-5 seconds30-60 seconds
100 KB5-10 seconds1-2 minutes
1 MB10-20 seconds2-5 minutes
10 MB30-60 seconds5-15 minutes
Keep commits small when using Tor. Aim for < 1 MB per commit for reasonable push times.

Why is Tor Slow?

Your data passes through three relay nodes:
  1. Entry node: Your computer → Entry (encrypted)
  2. Middle node: Entry → Middle (encrypted)
  3. Exit node: Middle → Exit (encrypted)
  4. Destination: Exit → gitGost (HTTPS)
Each hop adds latency. Additionally, Tor bandwidth is limited by volunteer relay capacity.

Tor Circuit Changes

Tor rotates circuits periodically. If your push fails mid-transfer: 
fatal: the remote end hung up unexpectedly
Solution: Retry the push. Tor will establish a new circuit. 
torsocks git push gost my-branch:main

Advanced: Tor Configuration

Customize Tor behavior by editing /etc/tor/torrc (Linux/macOS):

Use Specific Exit Nodes

Force Tor to use exits in certain countries: 
# /etc/tor/torrc
ExitNodes {us},{ca},{gb}
StrictNodes 1
Restart Tor: 
sudo systemctl restart tor

Increase Circuit Timeout

For large pushes: 
# /etc/tor/torrc
CircuitBuildTimeout 120
Modifying Tor configuration can impact anonymity. Only change settings if you understand the implications.

Combining Tor with Other Anonymity Practices

For maximum anonymity:

Tor Browser

Use Tor Browser (not regular browser) to view your PR after creation. This prevents GitHub from linking your IP to the PR.

Unique Style

Avoid unique coding patterns. Use common formatting (e.g., gofmt, prettier) to blend in.

Generic Messages

Write commit messages in neutral language. Avoid phrases like “I always…” or company-specific jargon.

Random Timing

Push at irregular times to avoid timezone correlation. Don’t push only during your local work hours.

Troubleshooting

”Connection refused” Error

fatal: unable to access 'https://gitgost.leapcell.app/...': Failed to connect to 127.0.0.1 port 9050
Cause: Tor is not running. Solution: Start Tor: 
sudo systemctl start tor

“DNS resolution failed” Error

If using Windows with SOCKS5: 
fatal: unable to access '...': Could not resolve host
Cause: Using socks5:// instead of socks5h://. Solution: Update proxy URL: 
git config http.proxy socks5h://127.0.0.1:9150
The h suffix makes DNS resolution happen through Tor.

Tor Circuit Building Fails

SOCKS error: general failure
Cause: Tor can’t build a circuit (network issues, firewall). Solution:
  1. Check Tor logs: sudo journalctl -u tor -f
  2. Ensure firewall allows Tor (ports 9001, 9030)
  3. Try using bridges if Tor is blocked in your region

Push Hangs Indefinitely

If the push hangs for > 20 minutes:
  1. Cancel with Ctrl+C
  2. Verify Tor is working: torsocks curl https://check.torproject.org/api/ip
  3. Retry with a smaller commit

Security Best Practices

Do not mix anonymous and identified activity. If you push through Tor, don’t immediately visit the PR URL from your regular browser without Tor.
Use Tor Browser to view PRs. This ensures your IP isn’t linked to the contribution when you check the PR status.

Viewing Your PR Anonymously

After pushing, the gitGost server returns a PR URL: 
remote: PR URL: https://github.com/owner/repo/pull/123
To view it anonymously:
  1. Open Tor Browser (not your regular browser)
  2. Navigate to the PR URL
  3. Don’t log into GitHub in Tor Browser
This way, GitHub sees a Tor exit node IP, not yours.

Limitations of Tor Anonymity

Tor protects your IP address, but not:
  • Code style (stylometry)
  • Timing patterns (when you push)
  • Commit message phrasing
  • File naming conventions
Advanced adversaries with significant resources may correlate these signals. Tor + gitGost provides strong anonymity for most threat models, but not nation-state-level adversaries.
See the Threat Model for details on what gitGost protects against.

Next Steps

Commit Messages

Write effective commit messages without revealing your identity

Threat Model

Understand gitGost’s anonymity guarantees

Anonymous Push

Learn what metadata gitGost strips

Basic Usage

Review core gitGost workflows

Build docs developers (and LLMs) love

Get started for freeTalk to us