Changes between Version 4 and Version 5 of doc/FAQUnanswered

Apr 23, 2010, 4:48:47 AM (10 years ago)



  • doc/FAQUnanswered

    v4 v5  
    88= Unanswered FAQ Questions =
    10 '''Why does Firefox/Privoxy/Tor return Privoxy 404 pages so frequently -- almost every time -- when properly configured, even on sites like  How to mitigate?''' (Votes: 2)
    12 Maybe it's just my Mac but I find that Tor has a habit of dying and staying dead which leaves privoxy and firefox non-functional. The work around I've found is that you can open Terminal directly and just start Tor by typing "Tor". I also find that if I start getting a lot of 403's or 504's then I can just kill the Tor instance running in Terminal and re-start it. More often than not, that fixes the problem.
     10'''If an attacker has access to past logs of ISP and any given visted site, does the prng of the tor client allow the attacker to guess which circuit it used next?'''
     12Tor uses cryptographically strong random numbers provided by OpenSSL when choosing nodes to use in a circuit. How OpenSSL implements this is operating system specific. If there's a weakness in Tor's method of choosing nodes, it probably isn't in the random number generator.
     14*** Hmm, if the prng is deterministic, and you can narrow one result of calling it by knowing what host was chosen, can you, knowing the algorithm, however good it is, thereby narrow the result of the next call to it?  This question might be a bit ignorant; for example the prng might use other data on the client computer instead of following an algorithm to return the next item.
     16*** Thanks for your comments, BTW, as a lot of us are wondering the answers to these FAQU.
     18'''Is there a signal i can send the tor client to tell it to switch circuits immediately?'''
     20You can connect to Tor's control port and send "authenticateCRLFsignal newnymCRLF" where CRLF is a carriage return line feed pair.
     22'''Why does Firefox/Privoxy/Tor return Privoxy 404 pages so frequently -- almost every time -- when properly configured, even on sites like  How to mitigate?  The tor process is running fine.'''
     23(Votes: 2)
     25The first problem is that Privoxy doesn't retry in case of
     26DNS errors. It shows the 404 no such domain message right away.
     27The second problem is that some browser cache Privoxy's error
     28messages and Firefox is one of them.
     30The Privoxy patch described at
     32let's Privoxy retry in case of connection problems
     33and makes sure, the browser doesn't reuse a cached
     34error message.
     36'''For that matter, why is DNS the main failure mode?  Who is timing out and why?  Can Tor (1) change the timeout, (2) deprecate bad servers, or (3) cache DNS locally so it doesn't have to make a long, slow, failure-prone DNS lookup every time?'''
     38You should be sending hostnames to Tor over SOCKS4a or SOCKS5. In that case, the Tor exit node will resolve the hostname before making a connection for you. Unless the exit node is misconfigured, there shouldn't be a problem with DNS resolves timing out.
     40*** Actually, for me this happens most of the time.  I am sending through Privoxy, and tried both sockses.  So why would I be hitting so many exit nodes that FREQUENTLY time out on DNS?  Firefox 1.5, most recent stable Tor.
    1442'''Is the reason that gmail rarely works: gmail, tor, privoxy, firefox, your own bandwidth/latency, tor's bw/latency, or some combination?  Is it fixable?'''
     44*** For Gmail for me, it's even worse; I have to try 5 or 6 times before I get a page.
    1646'''Why is the argument against more than 3 hops that both-ends attacks are the enemy?  Wouldn't it be better to have more than 3 if the enemy cannot mount a both-ends attack?'''
    1848'''How can I be sure that sending DNS through tor doesn't get spoofed sites?'''
     50Use a method for authenticating the site you want to connect to, such as ensuring an SSL certificate is associated with the domain name and signed by a trusted authority, or verifying an SSH fingerprint out-of-band. Hidden services on Tor are not subject to this problem because their .onion names are self-authenticating as hashes of their public keys.
    2052'''How does tor relate to ipv6 and how should typical applications handle ipv6 if they use tor (or tor via Privoxy)?'''
    197229Also, the same page now mentions a technique of using Tor to connect to the tracker only, as opposed to the peers, by including the line --tracker-proxy on the command line. However, I see no documentation of this option in the btdownloadcurses client and I find it a bit suspicious that the format of this option uses a hyphen rather than an underscore as all the other command line options that are listed as being compatible with btdownloadcurses use underscores to separate options with two words such as --check_hashes <arg> or --report_hash_failures <arg>. Is that a typo or an undocumented option that just happens to deviate from the naming convetion of all the other options?
    199 '''How do you start Tor and Privoxy in OS X (Panther) if you did not install the startup script? (needs to be added to installation instructions)'''
     231'''How do you start and stop Tor and Privoxy in OS X (Panther) if you did not install the startup script? (needs to be added to installation instructions)'''
    201233'''How do you configure the proxy if you are using Tor and Privoxy in OS X (Panther) with a router's firewall and the built-in OS X firewall, e.g. when using Wi-fi to connect to wireless router?  (needs to be added to installation instructions)'''
     235'''What to do (troubleshooting) if browsing slows to a crawl with Tor and Privoxy running in OS X?'''