Changes between Version 104 and Version 105 of doc/FAQUnanswered


Ignore:
Timestamp:
Apr 23, 2010, 4:48:50 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FAQUnanswered

    v104 v105  
    11This is a list of questions people wish were answered in the [:../TorFAQ]; please add some more.  Better yet answer one and move it to [:../TorFAQ].  Finally you can vote for a question to be answered by incrementing the number after the question in parens.
    22
    3 '''Please do not report bugs here; instead, send email to {{{tor-bugs@freehaven.net}}}.'''  Soon, we'll designate one of the proposed bug servers as official, and you'll be able to post bugs there too.
     3'''Please do not report bugs here; instead, use the [http://bugs.noreply.org/flyspray/index.php?tasks=all&project=4 bug tracker].'''  Soon, we'll designate one of the proposed bug servers as official, and you'll be able to post bugs there too.
     4
     5Also, this is '''not the place''' for random ''it doesn't work'' or ''how do I do foo'' questions.  Support questions are really better asked and answered on the
     6[http://archives.seul.org/or/talk/ or-talk mailinglist].  Also, always a good read: [http://www.catb.org/~esr/faqs/smart-questions.html How To Ask Questions The Smart Way].
    47
    58= Unanswered FAQ Questions =
    6 After uninstalling everything then reinstalling on debian (using apt-get of course) nothing loads in a browser or anything, eventually a 503 will come up.  Tor is running and privoxy is running, both correctly configured(I think).  If this is a configuration problem, where can I find more information about configuration in debian?
    79
    8 '''Is there a list of default exit ports? Can requests be made to add new default exit ports? If so, to whom? Example: Port 587 [with SSL/TLS] is used by some email providers to allow smtp use by those whose ISPs are blocking smtp port 25.'''
     10'''What does *this* message mean?'''
    911
    10 '''Tor works fine for POP3 email. But, Whistle-blowers and others who need anonymous political free speech must have reliable SSL smtp email services. How can Tor be used by them when *all* smtp ports, eg, ports 25, 465, 587, etc are now blocked by Tor exit servers? Blocking port 25 helps to defeat spammers, but the smtp SSL/TLS ports are not generally not used by them. Is there any solution with Tor to help the free speech folk and others who need to use secure, reliable smtp services?'''
     12'''What version of libevent should I be using?'''
    1113
    12 Can Tor be used in a network that has NO DEFAULT ROUTE?  The only access method from this network is to use a traditional proxy.  Is there a way to chain proxies so that TOR requests are sent outbound via the standard proxy? (votes: 1)
     14the latest.  at least 1.1
    1315
    14 Can I help? (votes: 2)
     16'''How to use Tor in squid? For using Tor on a network using Squid as proxy, for example...
    1517
    16 I've got a bug, now what? (votes: 2)
     18'''How to use Tor with PF (Packet Filter, found in OpenBSD, NetBSD, DragonFlyBSD and FreeBSD)?
    1719
    18 So I'm totally anonymous if I use Tor? (votes: 1)
     20'''How does Tor work with tabbed browsing, say with Firefox? Do these requests all follow the same circuit through the Tor network? Can an eavesdropper link a user across all sites opened simultaneously in tabs?'''
    1921
    20 What attacks remain against onion routing? (votes: 1)
     22They will most likely all use the same circuit.  http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChangePaths
    2123
    22 What projects are comparable? (votes: 1)
     24'''When using the Tor/Privoxy configuration, is there an easy way to switch Privoxy between using Tor and using the standard connection (to allow for secure browsing, but also allowing a more direct connection when needed to keep large file transfers from bogging down in Tor)?'''
    2325
    24 How does Tor relate to the Freedom Project? (votes: 1)
     26It is possible to do this - however, it involves manually editing the config files for Privoxy, as well as possessing administrative/sudo access for your machine.  Also, once Privoxy is toggled to use a direct connection instead of Tor, your IP will be visible, and Privoxy does n ot provide as much security alone as it does with Tor.
    2527
    26 Is there any way to forward an ident response via TOR so that the ident doesn't come back as whatever the end server wants, but your normal response? (votes: 1)
     28If you wish to do this, you will need to make a copy of your Privoxy config file, and comment out the line that causes Privoxy to use the Tor service.  Once you have done this, to switch over, just stop Privoxy, swap the config files, and restart it. You can also automate the process with a very simple shell script - an OSX version including sample config files and a shell script can be found [http://idlecircuits.com/privoxyswitcher.zip here], and the script can be used as an example for other *nix systems.
    2729
    28 How can I uninstall tor? (votes: 1)
     30'''Tor works fine for POP3 email. But, Whistle-blowers and others who need anonymous
     31political free speech must have reliable SSL smtp email services. How can Tor be used
     32by them when *all* smtp ports, eg, ports 25, 465, 587, etc are now blocked by Tor exit
     33servers? Blocking port 25 helps to defeat spammers, but the smtp SSL/TLS ports are not
     34generally not used by them. Is there any solution with Tor to help the free speech folk
     35and others who need to use secure, reliable smtp services? (votes: 2)'''
    2936
    30 I have legal questions about running Tor. Is there anybody I can contact? (votes: 1)
    3137
    32 If I set up Tor to only act as a router node (reject *:* in torrc) can I still be a contact point for hidden services?
     38'''How would one route his email through Tor? My email client (Microsoft Entourage for Mac OS X) has support for SOCKS and TUNNEL proxies, but setting my mail proxy for SOCKS 127.0.0.1 port 9050 or 8118 both produces errors when trying to proxy to SSL SMTP servers via port 25. What am I missing here? Also, setting this proxy doesn't seem to affect incoming POP3 SSL mail, but only affects outgoing mail, albeit without success. A little guidance on how to configure POP3 email clients to use Tor would be much appreciated!'''
    3339
     40An attempt to answer the smtp email questions above: The Tor exit servers are likely blocking smtp port 25 in an attempt to stop spammers. Some Tor exit servers *sporadically* allow TLS/SSL smtp over ports 587, 995, etc., but at the present time there is no consistent, reliable policy or service.  (Also your remote email provider must support the use of alternate smtp ports such as those above.) You could use the remailer network but there can be reliability problems with them. Of greater importance is the fact that the remailer network does NOT accept large messages, e.g., scanned documents which can easily be many MB each. If you are a whistleblower or other person who needs to send large documents quickly and anonymously, you have a real problem. At this moment, Tor is not the answer.
     41
     42
     43'''Can Tor be used in a network that has NO DEFAULT ROUTE?  The only access method from this network is to use a traditional proxy.  Is there a way to chain proxies so that TOR requests are sent outbound via the standard proxy? (votes: 1)'''
     44
     45
     46
     47'''Can I help? (votes: 2)'''
     48
     49http://tor.eff.org/volunteer.html
     50
     51'''I've got a bug, now what? (votes: 2)'''
     52
     53'''How does Tor relate to the Freedom Project? (votes: 1)'''
     54
     55'''Is there any way to forward an ident response via TOR so that the ident doesn't come back as whatever the end server wants, but your normal response? (votes: 1)'''
     56
     57no.
     58
     59'''How can I uninstall tor? (votes: 1)'''
     60
     61'''I have legal questions about running Tor. Is there anybody I can contact? (votes: 1)'''
     62
     63'''If I set up Tor to only act as a router node (reject *:* in torrc) can I still be a contact point for hidden services?'''
     64
     65yes.
     66
     67'''Can anonymity be broken if all Tor servers in the chain are compromised/malicious and so are keeping logs to trace the chain?'''
     68
     69
     70---- /!\ '''Edit conflict - other version:''' ----
     71'''Can anonymity be broken if all Tor servers in the chain are compromised/malicious and so are keeping logs to trace the chain?'''
     72
     73
     74---- /!\ '''Edit conflict - your version:''' ----
     75
     76---- /!\ '''End of edit conflict''' ----
    3477= Answers that won't go on the FAQ =
    3578
    36 '''tor-resolve doesnt seem to work, i get this: 'connection_ap_handshake_process_socks(): Resolve requests to hidden services not allowed. Failing.' from the copy of tor running locally. Please help!'''
     79== Cannot resolve Foo.onion/Resolve requests to hidden services not allowed ==
     80
     81tor-resolve doesnt seem to work, i get this:
     82{{{connection_ap_handshake_process_socks():  Resolve requests to hidden services not allowed. Failing.}}}
     83from the copy of tor running locally. Please help!
    3784
    3885(from original questioner: thank you.  I got the mistaken idea that this would work because it is suggested in the 'how to torrify an application' article on this wiki.  It makes more sense now.  Someone who understands better might want to upate that document)
    3986
    40 This question is answered; see 'How Do I Access Tor Hidden Servers.'  You get this message when you try to use tor-resolve to resolve the address of a hidden service.  But hidden services are '''hidden''' -- they don't *have* an IP address you can use.  Instead, you need to pass the hostnames to Tor directly.
     87This question is answered; see 'How Do I Access Tor Hidden Servers.'  You get this message when you try to use tor-resolve to resolve the address of a hidden service.  But hidden services are ''hidden'' - they don't *have* an IP address you can use.  Instead, you need to pass the hostnames to Tor directly.
    4188
    42 '''My system clock is behind 3 days and I don't have permission to change it.  Therefore all the certificates are invalid.  Is there a runtime option to skew the time?'''
     89== Clock Skew ==
     90My system clock is behind 3 days and I don't have permission to change it.
     91Therefore all the certificates are invalid.
     92Is there a runtime option to skew the time?
    4393
    44 This question is not a problem as of 0.0.9pre6.
     94This should not a problem as of 0.0.9pre6.
    4595
    46 '''All of a sudden, Tor will no longer let me connect to my distant smtp server. The smtp
    47 port used is 587 and the connection is SSL. Why is this now happening? '''
     96== Does not connect to port xyz ==
     97All of a sudden, Tor will no longer let me connect to my distant smtp server.
     98The smtp port used is 587 and the connection is SSL. Why is this now happening?
    4899
    49 587 isn't in the default exit policy. The tor node known as bollox had an accept everything policy so your port 587 requests would have always gone through that. As bollox is no longer around there are no exit nodes that allow port 587. If you control this smtp server, try changing it's port number to something over 1024.
     100587 isn't in the default exit policy. The tor node known as bollox had an
     101accept everything policy so your port 587 requests would have always gone through that.
     102As bollox is no longer around there are no exit nodes that allow port 587. If you
     103control this smtp server, try changing it's port number to something over 1024.
     104
     105== Debian and how to use the package management system ==
     106
     107Also would recomend posting default config files for debian online since apt will not reinstall them if they are removed (/etc/init.d/tor and /etc/torrc for example)
     108
     109'''Answer''': RTFM.  dpkg differentiatea between two states of package removal.
     110There's ''remove'', which will just remove the normal files a package comes with,
     111and there's ''purge'', which will remove configuration files also.  Changes to your
     112configuration (like you removing them) are kept over a remove/install cycle.  If
     113you want them to installed anyway, you should install with
     114{{dpkg --force-confmiss --install tor...deb}}
     115or just purge tor (which will delete /var/lib/tor with its keys if you are a server!), and then install it again.
     116
     117== . ==
     118After uninstalling everything then reinstalling on debian (using apt-get of course) nothing loads in a browser or anything, eventually a 503 will come up.  Tor is running and privoxy is running, both correctly configured(I think).  If this is a configuration problem, where can I find more information about configuration in debian?
     119
     120'''Answer''': Duh.  Have you checked out {{{/etc/tor}}}?  What about {{{/var/log/tor}}} and {{{/usr/share/doc/tor}}}?  Why do you think it would be any different than on other OSs?
     121
     122== Privoxy config ==
     123
     124Similar to above, on brand new install of sarge with tor and privoxy browser, gaim, etc will spend a long time trying to connect eventually failing with 503, if tor is not running a 503 is instant.
     125
     126'''Answer''': Privoxy by default does not allow CONNECT to ports other than 443.  Fix your privoxy config.
     127
     128{{{weasel@galaxy:/etc/privoxy$ grep limit.con default.action | grep -v '^#'
     129+limit-connect{1-} \
     130}}}
     131
     132(If someone writes a proper question, this might actually go into the FAQ)