Opened 11 months ago
Last modified 9 months ago
#25412 new defect
TrackHostExits option in torrc file not working as documented
| Reported by: | LittleTorFanAnnie | Owned by: | |
|---|---|---|---|
| Priority: | Medium | Milestone: | Tor: unspecified |
| Component: | Core Tor/Tor | Version: | |
| Severity: | Normal | Keywords: | easy, doc, 034-triage-20180328, 034-removed-20180328 |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | 0.1 | |
| Reviewer: | Sponsor: |
Description
- Shut down Tor
- Edit torrc file at c:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Data\Tor\torrc so that it has the line:
TrackHostExits .
According to docs, this should mean to use the same exit node for all websites.
- Launch Tor, and open any two websites - let's say https://duckduckgo.com/ and https://www.nasa.gov/
- Note that the exit node for each website may differ. If not reproducing, try using the IP addresses rather than URLs.
Why is this a problem? Some sites will generate a link that only works from the same IP as the original page. (In my case, one link is an IP that cannot be resolved to a URL, so using a URL isn't an option.)
Version: Tor 7.5 (The versions in the picker are massively out of date - not a good sign.)
Child Tickets
Change History (12)
comment:1 Changed 11 months ago by
| Component: | - Select a component → Core Tor/Tor |
|---|
comment:2 Changed 11 months ago by
Replying to LittleTorFanAnnie:
Version: Tor 7.5 (The versions in the picker are massively out of date - not a good sign.)
Btw, the explanation for this one is that you mean Tor Browser 7.5. Tor Browser and Tor are different programs.
https://blog.torproject.org/tor-browser-75-released
links to the Tor Browser changelog:
https://gitweb.torproject.org/builders/tor-browser-build.git/plain/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt?h=maint-7.5
which tells you that the Tor version is 0.3.2.9.
comment:3 Changed 11 months ago by
| Keywords: | doc-maybe added |
|---|---|
| Milestone: | → Tor: 0.3.4.x-final |
comment:4 follow-up: 5 Changed 11 months ago by
TracExitHosts is not supposed to make every destination use the same website: it is supposed to make it so that every time you go to the _same_ destination, you get the _same_ website.
For your example, I would expect every visit to duckduckgo to use some exit A, and every visit to nasa.gov to use some exit B, but I wouldn't expect "A" and "B" to be the same exit.
Is this something that the documentation should be more clear about?
comment:5 Changed 11 months ago by
Replying to nickm:
TracExitHosts is not supposed to make every destination use the same website: it is supposed to make it so that every time you go to the _same_ destination, you get the _same_ website.
Is this something that the documentation should be more clear about?
Yes. The man page right now says "For each value in the comma separated list, Tor will track recent connections to hosts that match this value and attempt to reuse the same exit node for each. [...] If one of the values is just a '.', it means match everything." To me that means every time you get a match, you try to reuse the same exit node as for previous matches, and . is always a match.
comment:6 Changed 11 months ago by
| Keywords: | easy doc added; doc-maybe removed |
|---|---|
| Points: | → 0.1 |
comment:7 Changed 11 months ago by
OK, if the error is in the docs and TrackHostExits isn't intended to provide that behavior, then is there another way to solve the problem?
The situation is that I visit a web page that generates a link which is just an IP (and not the IP associated with that page). I need to open that link with Tor using the same IP used to visit the page, or it won't work - because it detects the connecting IP.
comment:8 Changed 11 months ago by
Tor isn't really designed to pin exits like this. You could try using NoIsolateDestAddr on your SOCKSPort, but it really isn't safe to use it for general browsing.
comment:9 Changed 10 months ago by
If I add the following line to my torrc, the result is that the TOR browser no longer starts:
SocksPort 9150 NoIsolateDestAddr
This is the port listed in the browser's TOR network configuration. I know it's the right port because if I use a different one in the torrc file, TOR browser starts normally but it has no effect - a different exit IP is still used for each connection like before.
[Note: I've corrected the torrc line which originally had the wrong option, NoIsolateClientAddr, but the problem remains. The TOR Browser won't start with that line in place.]
comment:10 Changed 10 months ago by
| Keywords: | 034-triage-20180328 added |
|---|
comment:11 Changed 10 months ago by
| Keywords: | 034-removed-20180328 added |
|---|
Per our triage process, these tickets are pending removal from 0.3.4.
comment:12 Changed 9 months ago by
| Milestone: | Tor: 0.3.4.x-final → Tor: unspecified |
|---|
These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.
Note that Tor Browser configures its Tor in a nonstandard way, by using the socks isolation feature to separate each socks request (browser tab) to a different circuit.
I suggest you start by taking a standard Tor, run by itself and not as part of Tor Browser, and see if TrackHostExits works for you there. (It looks like you're on Windows? In that case you probably want the Windows Expert Bundle.)
If using it on a vanilla Tor works, then the bug is that TrackHostExits and IsolateSOCKSAuth don't play well together, and maybe we fix it by documenting the difference better, or maybe there's some better fix.