Tor not reading torrc-defaults when started from command line, while it reads it successfully when started from Tor Browser

[omareg94]

I'm using this command in order to start Tor from command line (Windows 10):

cd "C:\Tor Browser\Browser\"
"C:\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" | more

Some times Tor is able to connect successfully, but many times problems occur. On the other side when starting Tor from Browser, the problems never happen and every thing go smoothly.

---

Comparison between my experience of starting Tor from command line and starting it from Tor Browser:

When starting Tor from command line:

Connection hangs a lot. And when I have some request like:

curl --socks5-hostname localhost:9050 http://checkip.amazonaws.com/

I get:

curl: (7) Can't complete SOCKS5 connection to 0.0.0.0:0. (6)

When starting Tor from Tor Browser:

Everything goes very smooth and no hanging happens. Even the same meek address is being used and hasn't changed.

So, I guess the problem isn't with the meek address, I think I'm missing something with the configuration when starting Tor from command line.

A log snippet of starting Tor from command line:

Mar 11 05:04:03.000 [notice] Tor 0.3.2.10 opening new log file.
Mar 11 05:04:03.000 [notice] Tor 0.3.2.10 running on Windows 8 with Libevent 2.0.22-stable, OpenSSL 1.0.2n, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.
Mar 11 05:04:03.000 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 11 05:04:03.000 [notice] Read configuration file "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc".
Mar 11 05:04:03.000 [notice] Scheduler type KISTLite has been enabled.
Mar 11 05:04:03.000 [notice] Opening Socks listener on 127.0.0.1:9050
Mar 11 05:04:03.000 [notice] Opening Control listener on 127.0.0.1:9051
Mar 11 05:04:03.000 [notice] Parsing GEOIP IPv4 file C:\Tor Browser\Browser\TorBrowser\Data\Tor\geoip.
Mar 11 05:04:04.000 [notice] Parsing GEOIP IPv6 file C:\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6.
Mar 11 05:04:06.000 [notice] Bootstrapped 0%: Starting
Mar 11 05:04:10.000 [notice] Starting with guard context "bridges"
Mar 11 05:04:10.000 [notice] new bridge descriptor 'TorLandMeek' (cached): $A1A1234A123AB12345A1234A1A1234A123456789~TorLandMeek at 0.0.2.0
Mar 11 05:04:10.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Mar 11 05:04:12.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Mar 11 05:04:13.000 [notice] Delaying directory fetches: No running bridges
Mar 11 05:07:12.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)
Mar 11 05:07:39.000 [notice] Application request when we haven't received a consensus with exits. Optimistically trying known bridges again.
Mar 11 05:07:41.000 [notice] Delaying directory fetches: No running bridges
Mar 11 05:09:39.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)
Mar 11 05:09:49.000 [notice] Application request when we haven't received a consensus with exits. Optimistically trying known bridges again.
Mar 11 05:09:51.000 [notice] Delaying directory fetches: No running bridges
Mar 11 05:11:50.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)

A log snippet of starting Tor from Tor Browser:

Mar 11 05:12:10.000 [notice] Tor 0.3.2.10 opening log file.
Mar 11 05:12:10.000 [notice] Tor 0.3.2.10 running on Windows 8 with Libevent 2.0.22-stable, OpenSSL 1.0.2n, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.
Mar 11 05:12:10.000 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 11 05:12:10.000 [notice] Read configuration file "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults".
Mar 11 05:12:10.000 [notice] Read configuration file "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc".
Mar 11 05:12:10.000 [notice] Scheduler type KISTLite has been enabled.
Mar 11 05:12:10.000 [notice] Opening Control listener on 127.0.0.1:9051
Mar 11 05:12:10.000 [notice] Opening Control listener on 127.0.0.1:9151
Mar 11 05:12:10.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Mar 11 05:12:10.000 [notice] Parsing GEOIP IPv4 file C:\Tor Browser\Browser\TorBrowser\Data\Tor\geoip.
Mar 11 05:12:10.000 [notice] Parsing GEOIP IPv6 file C:\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6.
Mar 11 05:12:11.000 [notice] Bootstrapped 0%: Starting
Mar 11 05:12:12.000 [notice] Starting with guard context "bridges"
Mar 11 05:12:12.000 [notice] new bridge descriptor 'TorLandMeek' (cached): $A1A1234A123AB12345A1234A1A1234A123456789~TorLandMeek at 0.0.2.0
Mar 11 05:12:12.000 [notice] Delaying directory fetches: DisableNetwork is set.
Mar 11 05:12:12.000 [notice] New control connection opened from 127.0.0.1.
Mar 11 05:12:13.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Mar 11 05:12:13.000 [notice] Tor 0.3.2.10 opening log file.
Mar 11 05:12:13.000 [notice] New control connection opened from 127.0.0.1.
Mar 11 05:12:13.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Mar 11 05:12:13.000 [notice] Tor 0.3.2.10 opening log file.
Mar 11 05:12:13.000 [notice] Opening Socks listener on 127.0.0.1:9150
Mar 11 05:12:13.000 [notice] Tor 0.3.2.10 opening log file.
Mar 11 05:12:14.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Mar 11 05:12:14.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Mar 11 05:12:17.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Mar 11 05:12:20.000 [notice] new bridge descriptor 'TorLandMeek' (fresh): $A1A1234A123AB12345A1234A1A1234A123456789~TorLandMeek at 0.0.2.0
Mar 11 05:12:25.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Mar 11 05:12:25.000 [notice] Bootstrapped 100%: Done
Mar 11 05:12:37.000 [notice] New control connection opened from 127.0.0.1.

I'm looking for making Tor (when started from command line) work as smooth as it is when started from Tor Browser.

[cypherpunks]

Can you take a look at the processes that are spawned with each case?

[omareg94]

Replying to cypherpunks:

Can you take a look at the processes that are spawned with each case?

In case of starting Tor from command line:

▪ cmd.exe
┗━━━━▪ conhost.exe
     ▪ tor.exe

In case of starting Tor from Tor Browser:

▪ firefox.exe
┗━━━━▪ tor.exe
     ┣━━━▪ terminateprocess-buffer.exe
     ┃   ┗━━▪ conhost.exe
     ┃      ▪ meek-client-torbrowser.exe
     ┃      ┗━━━▪ firefox.exe
     ┃          ▪ meek-client.exe
     ┗━━━▪ firefox.exe

---

It seems that Tor (started from command line) is missing a lot of processes. But why?! I am using the working directory cd "C:\Tor Browser\Browser\".
Also I have noticed that in the log snippet of starting Tor from command line: There is No "Read configuration file ..\torrc-defaults" as in that of starting Tor from Tor Browser.

[cypherpunks]

You're missing something from the torrc-defaults I guess

[omareg94]

Replying to cypherpunks:

You're missing something from the torrc-defaults I guess

It's exactly the same as a freshly installed one:

# torrc-defaults for Tor Browser
#
# DO NOT EDIT THIS FILE
#
# This file is distributed with Tor Browser and SHOULD NOT be modified (it
# may be overwritten during the next Tor Browser update). To customize your
# Tor configuration, shut down Tor Browser and edit the torrc file.
#
# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
CookieAuthentication 1
## fteproxy configuration
ClientTransportPlugin fte exec TorBrowser\Tor\PluggableTransports\fteproxy --managed

## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy

## meek configuration
ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer TorBrowser\Tor\PluggableTransports\meek-client-torbrowser -- TorBrowser\Tor\PluggableTransports\meek-client

It worked well when I copied the options from torrc-defaults to torrc. Also I've tried to install a fresh installation on a separate folder, the same issue is happening (not reading torrc-defaults file).
It's weird why it can't access the torrc-defaults. I'm looking to figure out.

[cypherpunks]

"C:\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" | more

/thread

[cypherpunks]

By the way as far as I know the meek that you're seeing there has become more and more coupled to the Tor Browser, and for those who want to use meek the way to go would be to use meek_lite which is an implementation provided in obfs4proxy of meek (I think OnionShare uses that?). You can make your own torrc file and put it somewhere and follow the instructions given here for setting it up: ​https://lists.torproject.org/pipermail/tor-talk/2017-December/043850.html

Note that it's a different implementation so the network fingerprint will surely not match that of the standard meek if I'm not mistaken.

[arma]

Correct, I think the mistake here is that the hand-crafted command line didn't tell Tor to use that torrc-defaults file, so it doesn't use it.

So I suggest closing as not-a-bug.

The statements about meek above are true too.

[omareg94]

Replying to arma:

Correct, I think the mistake here is that the hand-crafted command line didn't tell Tor to use that torrc-defaults file, so it doesn't use it.

Replying to cypherpunks:

"C:\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" | more

I thought Tor by default should have included the torrc-defaults without the command line option. So I thought it was a bug not being included.

I think it's mentioned in the ​manual that it loads by default (without adding the --defaults-torrc option):

--defaults-torrc FILE
... (Default: @CONFDIR@/torrc-defaults.)

Please correct me if I'm wrong because I'm not sure what Default: @CONFDIR@/torrc-defaults here really means.

---

Replying to cypherpunks:

By the way as far as I know the meek that you're seeing there has become more and more coupled to the Tor Browser, and for those who want to use meek the way to go would be to use meek_lite ...

Yes the original meek used in my included log is exactly the same one (I thought it was something not widely used so I manipulated it in the included log to protect my privacy).
● I don't get this, why something widely used like this can't be blocked by ISP?
● Also is it a security vulnerability to give many users the SAME MEEK?
● Also what's the difference between meek & meek_lite and why to use it?
The only idea I have about meeks is that it's an ​implementation of Domain Fronting (​source). It will really help if you could suggest something to read explaining this in order to figure out what's really a meek and why to use meek_lite not meek.

Note that it's a different implementation so the network fingerprint will surely not match that of the standard meek if I'm not mistaken.

● Also, I don't understand the importance of this and what's the problem of the standard meek.

[cypherpunks]

Replying to omareg94:

Replying to cypherpunks:

By the way as far as I know the meek that you're seeing there has become more and more coupled to the Tor Browser, and for those who want to use meek the way to go would be to use meek_lite ...

Yes the original meek used in my included log is exactly the same one (I thought it was something not widely used so I manipulated it in the included log to protect my privacy).

They use the same front, same url. It's only the implementation that is different.

● I don't get this, why something widely used like this can't be blocked by ISP?

If they want to block it then they have to block all of cloudfront, making a lot of collateral damage that isn't a choice for some censors.

● Also is it a security vulnerability to give many users the SAME MEEK?

It isn't by design.

● Also what's the difference between meek & meek_lite and why to use it?

meek_lite is a different implementation of the meek client. You should use it if you don't want to run the whole Tor Browser just to get the standard meek implementation going.

The only idea I have about meeks is that it's an ​implementation of Domain Fronting (​source). It will really help if you could suggest something to read explaining this in order to figure out what's really a meek and why to use meek_lite not meek.

I thought this had all the necessary info ​​https://lists.torproject.org/pipermail/tor-talk/2017-December/043850.html :)