Changes between Version 87 and Version 88 of doc/FAQUnanswered


Ignore:
Timestamp:
Apr 23, 2010, 4:48:49 AM (10 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FAQUnanswered

    v87 v88  
    11This is a list of questions people wish were answered in the [:../TorFAQ]; please add some more.  Better yet answer one and move it to [:../TorFAQ].  Finally you can vote for a question to be answered by incrementing the number after the question in parens.
    22
    3 '''Please do not report bugs here; instead, send email to {{{tor-bugs@freehaven.net}}}.'''  Soon, we'll designate one of the proposed bug servers as official, and you'll be able to post bugs there too.
     3'''Please do not report bugs here; instead, use the [http://bugs.noreply.org/flyspray/index.php?tasks=all&project=4 bug tracker].'''  Soon, we'll designate one of the proposed bug servers as official, and you'll be able to post bugs there too.
     4
     5Also, this is '''not the place''' for random ''it doesn't work'' or ''how do I do foo'' questions.  Support questions are really better asked and answered on the
     6[http://archives.seul.org/or/talk/ or-talk mailinglist].  Also, always a good read: [http://www.catb.org/~esr/faqs/smart-questions.html How To Ask Questions The Smart Way].
    47
    58= Unanswered FAQ Questions =
     9
     10'''Why does Firefox/Privoxy/Tor return Privoxy 404 pages so frequently -- almost every time -- when properly configured, even on sites like google.com?  How to mitigate?  The tor process is running fine.'''
     11(Votes: 2)
     12
     13'''For that matter, why is DNS the main failure mode?  Who is timing out and why?  Can Tor (1) change the timeout, (2) deprecate bad servers, or (3) cache DNS locally so it doesn't have to make a long, slow, failure-prone DNS lookup every time?'''
     14
     15'''Is the reason that gmail rarely works: gmail, tor, privoxy, firefox, your own bandwidth/latency, tor's bw/latency, or some combination?  Is it fixable?'''
     16
     17'''Why is the argument against more than 3 hops that both-ends attacks are the enemy?  Wouldn't it be better to have more than 3 if the enemy cannot mount a both-ends attack?'''
     18
     19'''How can I be sure that sending DNS through tor doesn't get spoofed sites?'''
     20
     21'''How does tor relate to ipv6 and how should typical applications handle ipv6 if they use tor (or tor via Privoxy)?'''
     22
     23
     24'''What version of libevent should I be using?'''
     25
     26the latest.  at least 1.1
     27
     28'''How to use Tor in squid? For using Tor on a network using Squid as proxy, for example...'''
     29
     30'''How to use Tor with PF (Packet Filter, found in OpenBSD, NetBSD, DragonFlyBSD and FreeBSD)?'''
     31
     32
     33
     34'''How does Tor work with tabbed browsing, say with Firefox?  Do these requests all follow the same circuit through the Tor network? Can an eavesdropper link a user across all sites opened simultaneously in tabs?'''
     35
     36ver 1.5 Works fine for me, I use No-Script Plugin to help be even safer. Anyone else have a problem with Firefox. Weither the request follow the same curcuit is out of my realm. My surfing experience is good to just fine. ProBastion
     37
     38They will most likely all use the same circuit.  http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChangePaths
     39
     40'''When using the Tor/Privoxy configuration, is there an easy way to switch Privoxy between using Tor and using the standard connection (to allow for secure browsing, but also allowing a more direct connection when needed to keep large file transfers from bogging down in Tor)?'''
     41
     42It is possible to do this - however, it involves manually editing the config files for Privoxy, as well as possessing administrative/sudo access for your machine.  Also, once Privoxy is toggled to use a direct connection instead of Tor, your IP will be visible, and Privoxy does n ot provide as much security alone as it does with Tor.
     43
     44If you wish to do this, you will need to make a copy of your Privoxy config file, and comment out the line that causes Privoxy to use the Tor service.  Once you have done this, to switch over, just stop Privoxy, swap the config files, and restart it. You can also automate the process with a very simple shell script - an OSX version including sample config files and a shell script can be found [http://idlecircuits.com/privoxyswitcher.zip here], and the script can be used as an example for other *nix systems.
     45
     46'''Tor works fine for POP3 email. But, Whistle-blowers and others who need anonymous
     47political free speech must have reliable SSL smtp email services. How can Tor be used
     48by them when *all* smtp ports, eg, ports 25, 465, 587, etc are now blocked by Tor exit
     49servers? Blocking port 25 helps to defeat spammers, but the smtp SSL/TLS ports are not
     50generally not used by them. Is there any solution with Tor to help the free speech folk
     51and others who need to use secure, reliable smtp services? (votes: 6)'''
     52
     53
     54'''How would one route his email through Tor? My email client (Microsoft Entourage for Mac OS X) has support for SOCKS and TUNNEL proxies, but setting my mail proxy for SOCKS 127.0.0.1 port 9050 or 8118 both produces errors when trying to proxy to SSL SMTP servers via port 25. What am I missing here? Also, setting this proxy doesn't seem to affect incoming POP3 SSL mail, but only affects outgoing mail, albeit without success. A little guidance on how to configure POP3 email clients to use Tor would be much appreciated!'''
     55
     56An attempt to answer the smtp email questions above: The Tor exit servers are likely blocking smtp port 25 in an attempt to stop spammers. Some Tor exit servers *sporadically* allow TLS/SSL smtp over ports 587, 995, etc., but at the present time there is no consistent, reliable policy or service.  (Also your remote email provider must support the use of alternate smtp ports such as those above.) You could use the remailer network but there can be reliability problems with them. Of greater importance is the fact that the remailer network does NOT accept large messages, e.g., scanned documents which can easily be many MB each. If you are a whistleblower or other person who needs to send large documents quickly and anonymously, you have a real problem. At this moment, Tor is not the answer.
     57
     58
     59'''Can Tor be used in a network that has NO DEFAULT ROUTE?  The only access method from this network is to use a traditional proxy.  Is there a way to chain proxies so that TOR requests are sent outbound via the standard proxy? (votes: 1)'''
     60
     61
     62
     63'''Can I help? (votes: 2)'''
     64
     65http://tor.eff.org/volunteer.html
     66
     67'''I've got a bug, now what? (votes: 2)'''
     68
     69'''How does Tor relate to the Freedom Project? (votes: 1)'''
     70
     71'''Is there any way to forward an ident response via TOR so that the ident doesn't come back as whatever the end server wants, but your normal response? (votes: 1)'''
     72
     73no.
     74
     75'''How can I uninstall tor? (votes: 1)'''
     76
     77
     78
     79
     80'''I have legal questions about running Tor. Is there anybody I can contact? ( votes: 1)'''
     81
     82Added 2.1.06- The Developers do not provide Legal advice. period! Over at the Tor Legal FAQ there is a written section by EFF lawyers. It aims to give you an overview of some of the legal issues that arise from the Tor project. Read the Disclaimer. The FAQ does provide a dialougue on the legalality & posssible scenarios of operating a Tor Server. They also provide you with contact information to a EFF Lawyer. The Tor FAQ also provides a links to an Abuse FAQ, & Tor Technical FAQ Wiki.  See this address for more information along these lines. http://tor.eff.org/faq.html
     83
     84
     85'''If I set up Tor to only act as a router node (reject *:* in torrc) can I still be a contact point for hidden services?'''
     86
     87yes.
     88
     89'''Can anonymity be broken if all Tor servers in the chain are compromised/malicious and so are keeping logs to trace the chain?'''
     90
     91
     92'''What system resources does a TOR server use?  The FAQ already dicusses memory a bit.  What about CPU?  Encryption is CPU-intensive.  Specific question I'd like answered: I'll be setting up a TOR node bandwidth-limited to about 256kbps (half my upstream bandwidth).  Will an old 300MHz G3 Mac easily handle this, or will a faster processor be needed? How 'bout a P90?  Presumably, TOR's disk usage and I/O is minimal.''' (Votes: 1)
     93
     94
     95== Cannot resolve Foo.onion/Resolve requests to hidden services not allowed ==
     96
     97tor-resolve doesnt seem to work, i get this:
     98{{{connection_ap_handshake_process_socks():  Resolve requests to hidden services not allowed. Failing.}}}
     99from the copy of tor running locally. Please help!
     100
     101(from original questioner: thank you.  I got the mistaken idea that this would work because it is suggested in the 'how to torrify an application' article on this wiki.  It makes more sense now.  Someone who understands better might want to upate that document)
     102
     103This question is answered; see 'How Do I Access Tor Hidden Servers.'  You get this message when you try to use tor-resolve to resolve the address of a hidden service.  But hidden services are ''hidden'' - they don't *have* an IP address you can use.  Instead, you need to pass the hostnames to Tor directly.
     104
     105== Clock Skew ==
     106My system clock is behind 3 days and I don't have permission to change it.
     107Therefore all the certificates are invalid.
     108Is there a runtime option to skew the time?
     109
     110This should not a problem as of 0.0.9pre6.
     111
     112== Does not connect to port xyz ==
     113All of a sudden, Tor will no longer let me connect to my distant smtp server.
     114The smtp port used is 587 and the connection is SSL. Why is this now happening?
     115
     116587 isn't in the default exit policy. The tor node known as bollox had an
     117accept everything policy so your port 587 requests would have always gone through that.
     118As bollox is no longer around there are no exit nodes that allow port 587. If you
     119control this smtp server, try changing it's port number to something over 1024.
     120
     121== Debian and how to use the package management system ==
     122
     123Also would recomend posting default config files for debian online since apt will not reinstall them if they are removed (/etc/init.d/tor and /etc/torrc for example)
     124
     125'''Answer''': RTFM.  dpkg differentiatea between two states of package removal.
     126There's ''remove'', which will just remove the normal files a package comes with,
     127and there's ''purge'', which will remove configuration files also.  Changes to your
     128configuration (like you removing them) are kept over a remove/install cycle.  If
     129you want them to installed anyway, you should install with
     130{{dpkg --force-confmiss --install tor...deb}}
     131or just purge tor (which will delete /var/lib/tor with its keys if you are a server!), and then install it again.
     132
     133== . ==
    6134After uninstalling everything then reinstalling on debian (using apt-get of course) nothing loads in a browser or anything, eventually a 503 will come up.  Tor is running and privoxy is running, both correctly configured(I think).  If this is a configuration problem, where can I find more information about configuration in debian?
    7135
     136'''Answer''': Duh.  Have you checked out {{{/etc/tor}}}?  What about {{{/var/log/tor}}} and {{{/usr/share/doc/tor}}}?  Why do you think it would be any different than on other OSs?
     137
     138== Privoxy config ==
     139
    8140Similar to above, on brand new install of sarge with tor and privoxy browser, gaim, etc will spend a long time trying to connect eventually failing with 503, if tor is not running a 503 is instant.
    9141
    10 by original poster of above two: Can't say for sure about the first one, seeing as I had to reinstall, but I double checked my logs and my hardware clock was making linux set my system clock incorrectly
    11 
    12 '''Is there a list of default exit ports? Can requests be made to add new default exit ports? If so, to whom? Example: Port 587 [with SSL/TLS] is used by some email providers to allow smtp use by those whose ISPs are blocking smtp port 25.'''
    13 
    14 '''Tor works fine for POP3 email. But, Whistle-blowers and others who need anonymous political free speech must have reliable SSL smtp email services. How can Tor be used by them when *all* smtp ports, eg, ports 25, 465, 587, etc are now blocked by Tor exit servers? Blocking port 25 helps to defeat spammers, but the smtp SSL/TLS ports are not generally not used by them. Is there any solution with Tor to help the free speech folk and others who need to use secure, reliable smtp services?'''
    15 
    16 Can Tor be used in a network that has NO DEFAULT ROUTE?  The only access method from this network is to use a traditional proxy.  Is there a way to chain proxies so that TOR requests are sent outbound via the standard proxy? (votes: 1)
    17 
    18 Can I help? (votes: 2)
    19 
    20 I've got a bug, now what? (votes: 2)
    21 
    22 So I'm totally anonymous if I use Tor? (votes: 1)
    23 
    24 What attacks remain against onion routing? (votes: 1)
    25 
    26 What projects are comparable? (votes: 1)
    27 
    28 How does Tor relate to the Freedom Project? (votes: 1)
    29 
    30 Is there any way to forward an ident response via TOR so that the ident doesn't come back as whatever the end server wants, but your normal response? (votes: 1)
    31 
    32 How can I uninstall tor? (votes: 1)
    33 
    34 I have legal questions about running Tor. Is there anybody I can contact? (votes: 1)
    35 
    36 If I set up Tor to only act as a router node (reject *:* in torrc) can I still be a contact point for hidden services?
    37 
    38 = Answers that won't go on the FAQ =
    39 
    40 '''tor-resolve doesnt seem to work, i get this: 'connection_ap_handshake_process_socks(): Resolve requests to hidden services not allowed. Failing.' from the copy of tor running locally. Please help!'''
    41 
    42 (from original questioner: thank you.  I got the mistaken idea that this would work because it is suggested in the 'how to torrify an application' article on this wiki.  It makes more sense now.  Someone who understands better might want to upate that document)
    43 
    44 This question is answered; see 'How Do I Access Tor Hidden Servers.'  You get this message when you try to use tor-resolve to resolve the address of a hidden service.  But hidden services are '''hidden''' -- they don't *have* an IP address you can use.  Instead, you need to pass the hostnames to Tor directly.
    45 
    46 '''My system clock is behind 3 days and I don't have permission to change it.  Therefore all the certificates are invalid.  Is there a runtime option to skew the time?'''
    47 
    48 This question is not a problem as of 0.0.9pre6.
    49 
    50 '''All of a sudden, Tor will no longer let me connect to my distant smtp server. The smtp
    51 port used is 587 and the connection is SSL. Why is this now happening? '''
    52 
    53 587 isn't in the default exit policy. The tor node known as bollox had an accept everything policy so your port 587 requests would have always gone through that. As bollox is no longer around there are no exit nodes that allow port 587. If you control this smtp server, try changing it's port number to something over 1024.
     142'''Answer''': Privoxy by default does not allow CONNECT to ports other than 443.  Fix your privoxy config.
     143
     144{{{weasel@galaxy:/etc/privoxy$ grep limit.con default.action | grep -v '^#'
     145+limit-connect{1-} \
     146}}}
     147
     148(If someone writes a proper question, this might actually go into the FAQ)
     149
     150== How To Configure One's Web Browser So Tor Is Only Used For Some Sites But Not Others ==
     151'''Question''': Can I configure Tor so it will only use the onion routing network for some sites but not others?
     152
     153'''Answer''': No, Tor itself is all or nothing, a request either goes through it or it does not.
     154
     155Privoxy is also all or nothing in the sense that if a request has made it to Privoxy then either Privoxy is set up to go through Tor or it's not, there does not appear to be a way to program Privoxy so it will use Tor for some requests but not others.
     156
     157There is a script for OS X, available [http://idlecircuits.com/privoxyswitcher.zip here], that will make it such that Privoxy never uses Tor but this is an 'all or nothing' mechanism. The script will either start Privoxy such that all requests go through Tor or no requests go through Tor.
     158
     159There is one mechanism that is at least useful for web browsers, it's called a pac file. It was invented by Netscape, the original documentation is available [http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html here], but it is now supported by all major browsers. One can use a pac file to program the browser to use the Privoxy proxy for certain requests but not others. For example, the following pac file will cause all requests to Google or to the special Privoxy configuration addresses to be sent to Privoxy (and hence Tor) but will allow other other requests to go out without Privoxy/Tor being used:
     160
     161{{{
     162function FindProxyForURL(url, host) {
     163        if (shExpMatch(host,"*google.*") ||
     164            shExpMatch(host,"config.privoxy.org") ||
     165            shExpMatch(host,"p.p"))
     166                return "PROXY 127.0.0.1:8118";
     167        return "DIRECT";
     168}
     169}}}
     170
     171To configure Firefox to use a pac file under OS X go to Firefox->preferences->General->Connection Settings...->Automatic proxy configuration URL:. Enter in a URL (you can use file:// to point to a local file) that points to your pac file and click reload.
     172
     173It's probably not a good idea to use pac files with Safari on OS X as its pac file support seems to be more than a little buggy.
     174
     175The pac file solution is far from ideal. It won't apply to non-web access and it runs into problems such as the bad pac file support in Safari. It also is not secure. A malicious website can trivially bypass this mechanism by placing pictures on its website from domains that it controls but are unlikely to be on a 'black list'. Therefore this mechanism is only useful with Websites that are not in and of themselves malicious but rather, due to their nature, can collect substantial amounts of personal information that one would rather not release. A search engine is a classic example. If and when privacy is a critical concern then the only proper course of action is to get rid of the pac file and instead configure all connections to go through privoxy/tor.
     176
     177
     178
     179'''I've been banned as an contributor at Slashdot! I run a Win 2003 server, with a decent pipe. They said that if I blocked them they would let me contribute again. I did an edit on my torrc file by adding a line:
     180
     181reject *:66.35.250.150 (which is Slashdot.com by using an online DNS 'dig' page
     182
     183I add the above right after my default exit. Which was just this:
     184#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
     185ExitPolicy accept *:119 # accept nntp as well as default exit policy
     186#ExitPolicy reject *:* # middleman only -- no exits allowed
     187reject *:66.35.250.15
     188
     189Is this the way to do this, and just block Slashdot? Any help would be helpful, I've googled, did the tor.eff site, etc. But I'm not real UNIX centric (though thats changing) so just wanted to run it by some community persons. '''
     190
     191
     192'''What is the significance of the changes in the Bittorrent Torify HOWTO?'''
     193
     194I noticed I can't connect with btdownloadcurses through proxychains any more. Looking for answers, I went back to the Torify HOWTO and noticed that it had been altered. Where it used to explain about using proxychains to run bittorrent through TOR, which I used successfully for over a year, it now says that Bittorrent "uses a mechanism similar to TOR." That was certainly news to me. How is the generic Bittorrent client technically similar to TOR in any way? I have always heard that the generic Bittorrent client offers almost no anonimity at all. Now I'm reading that Bittorrent and TOR are practically the same thing and it would be redundant to use them together. Seems a bit curious.
     195
     196As a sub-question, let me just ask directly: Is it true that Bittorrent through TOR via proxychains no longer works?
     197
     198Also, the same page now mentions a technique of using Tor to connect to the tracker only, as opposed to the peers, by including the line --tracker-proxy 127.0.0.1:8118: on the command line. However, I see no documentation of this option in the btdownloadcurses client and I find it a bit suspicious that the format of this option uses a hyphen rather than an underscore as all the other command line options that are listed as being compatible with btdownloadcurses use underscores to separate options with two words such as --check_hashes <arg> or --report_hash_failures <arg>. Is that a typo or an undocumented option that just happens to deviate from the naming convetion of all the other options?
     199
     200'''How do you start and stop Tor and Privoxy in OS X (Panther) if you did not install the startup script? (needs to be added to installation instructions)'''
     201
     202'''How do you configure the proxy if you are using Tor and Privoxy in OS X (Panther) with a router's firewall and the built-in OS X firewall, e.g. when using Wi-fi to connect to wireless router?  (needs to be added to installation instructions)'''
     203
     204'''What to do (troubleshooting) if browsing slows to a crawl with Tor and Privoxy running in OS X?'''
     205----
     206CategoryHomepage