Opened 8 months ago

Closed 7 months ago

#21058 closed defect (fixed)

Manual Modifications: Correction and Improvement

Reported by: agd Owned by: dgoulet
Priority: Medium Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please modify the Manual as follows: 1) At StrictNodes: A) Please change "will treat" to "treats solely"; B) At the end of the first sentence, please add "(StrictNodes applies to neither ExcludeExitNodes nor to ExitNodes)"; 2) At ExcludeExitNodes, please bold "outside" 3) At ExitNodes: A) please bold both usages of "outside"; B) In the third paragraph, to the end of the second sentence, please add: "(i.e. Onion Circuits shows third nodes which DO NOT EXIT the Tor network, but are used exclusively internally by Tor)".

For further discussion of this, https://tor.stackexchange.com/questions/13134 has some relevance.

It is imperative, in order to maintain user trust in Tor, that the manual accurately and precisely describe Tor's behavior.

PLEASE NOTE: I am uncertain if, in fact, StrictNodes applies solely to ExcludeNodes; so please verify that as necessary. I am quite certain regarding the other requested modification [1B] to StrictNodes. All other requested modifications merely improve understandability.

In-line, the above modifications would modify the relevant portions of the Manual to read as follows [modifications offset by ">>" and "<<"]:

StrictNodes 0|1

If StrictNodes is set to 1, Tor >>treats solely<< the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you >>(StrictNodes applies to neither ExcludeExitNodes nor to ExitNodes)<<. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0)

ExcludeExitNodes node,node,…

A list of identity fingerprints, country codes, and address patterns of nodes to never use when picking an exit node---that is, a node that delivers traffic for you >>outside<< the Tor network. Note that any node listed in ExcludeNodes is automatically considered to be part of this list too. See the ExcludeNodes option for more information on how to specify nodes. See also the caveats on the "ExitNodes" option below.

ExitNodes node,node,…

A list of identity fingerprints, country codes, and address patterns of nodes to use as exit node---that is, a node that delivers traffic for you >>outside<< the Tor network. See the ExcludeNodes option for more information on how to specify nodes.

Note that if you list too few nodes here, or if you exclude too many exit nodes with ExcludeExitNodes, you can degrade functionality. For example, if none of the exits you list allows traffic on port 80 or 443, you won’t be able to browse the web.

Note also that not every circuit is used to deliver traffic >>outside<< of the Tor network. It is normal to see non-exit circuits (such as those used to connect to hidden services, those that do directory fetches, those used for relay reachability self-tests, and so on) that end at a non-exit node >>(i.e. Onion Circuits shows third nodes which DO NOT EXIT the Tor network, but are used exclusively internally by Tor)<<. To keep a node from being used entirely, see ExcludeNodes and StrictNodes.

The ExcludeNodes option overrides this option: any node listed in both ExitNodes and ExcludeNodes is treated as excluded.

The .exit address notation, if enabled via AllowDotExit, overrides this option.

Child Tickets

Change History (5)

comment:1 Changed 8 months ago by cypherpunks

Component: - Select a componentCore Tor/Tor

comment:2 Changed 8 months ago by nickm

Milestone: Tor: 0.3.0.x-final

comment:3 Changed 7 months ago by dgoulet

Owner: set to dgoulet
Status: newaccepted

comment:4 Changed 7 months ago by dgoulet

Status: acceptedneeds_review

See branch bug21058_030_01

I've added a couple of clarifications also for hidden service options. The one I didn't go for is this one because it is explicitly explained in the sentence before that hidden service use non-exit circuits and the concept of "Onion Circuits" is not really a thing.

>>(i.e. Onion Circuits shows third nodes which DO NOT EXIT the Tor network, but are used exclusively internally by Tor)<<.

comment:5 Changed 7 months ago by nickm

Resolution: fixed
Status: needs_reviewclosed

ok, merged!

Note: See TracTickets for help on using tickets.