# New Tor Oniux Tool Anonymizes Any Linux App's Network Traffic

The Tor Project has announced the release of a new command-line tool called Oniux, which allows users to route any Linux application securely through the Tor network for anonymized network connections. This innovative tool uses Linux namespaces to create a fully isolated network environment for each application, preventing data leaks even if the app is malicious or misconfigured.

Unlike classic methods like Torsocks, which rely on user-space tricks, Oniux uses Linux namespaces to isolate apps at the kernel level, forcing all their traffic through Tor. This approach ensures leak-proof, kernel-enforced Tor isolation for any Linux app.

The technology behind Oniux is based on Arti and onionmasq, two other projects developed by the Tor Project. Here's how it works: each app is placed in its own network namespace with no access to the host's interfaces, and instead attached a virtual interface (onion0) that routes through Tor using onionmasq. Additionally, Oniux uses mount namespaces to inject a custom /etc/resolv.conf for Tor-safe DNS, and user/PID namespaces to safely set up the environment with minimal privileges.

Oniux achieves this by creating a new network namespace for each application, isolating it from the rest of the system. This ensures that even if an app is malicious or misconfigured, its traffic will be routed through Tor, preventing data leaks.

In contrast to Torsocks, Oniux has several advantages. While Torsocks works by using an 'LD_PRELOAD' hack to intercept network-related function calls in dynamically linked Linux applications and redirect them through a Tor SOCKS proxy, Oniux uses Linux namespaces to isolate apps at the kernel level, making it more secure.

Torsocks also has some limitations: it doesn't work with static binaries at all, and doesn't offer true isolation, as apps still access the host's real network interfaces. Moreover, raw system calls aren't caught by Torsocks, and malicious apps can avoid using libc functions to cause leaks.

The Tor Project has published a comparison table highlighting the qualitative differences between Oniux and Torsocks, making it easier for users to understand the benefits of using this new tool.

Despite its advantages, Oniux is still an experimental tool that hasn't been tested extensively under multiple conditions and scenarios. The Tor Project therefore warns against using it in critical operations until further testing has been done.

However, enthusiasts are encouraged to test Oniux and report any problems they encounter so the tool can reach maturity quickly and become ready for broader deployment.

To get started with Oniux, users must first ensure they have Rust installed on their Linux distribution, and then install the tool using the command: `tor iuxx`. The Tor Project has also published some usage examples, such as accessing an .onion site (oniux curl http://example.onion), "torifying" the shell session (oniux bash), or running a GUI app over Tor in the desktop environment (oniux hexchat).

The Oniux tool is available for immediate testing and evaluation.