Changes between Version 88 and Version 89 of doc/FAQUnanswered


Ignore:
Timestamp:
Apr 23, 2010, 4:48:49 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FAQUnanswered

    v88 v89  
    88= Unanswered FAQ Questions =
    99
    10 '''Why does Firefox/Privoxy/Tor return Privoxy 404 pages so frequently -- almost every time -- when properly configured, even on sites like google.com?  How to mitigate?  The tor process is running fine.'''
    11 (Votes: 2)
    12 
    13 '''For that matter, why is DNS the main failure mode?  Who is timing out and why?  Can Tor (1) change the timeout, (2) deprecate bad servers, or (3) cache DNS locally so it doesn't have to make a long, slow, failure-prone DNS lookup every time?'''
    14 
    15 '''Is the reason that gmail rarely works: gmail, tor, privoxy, firefox, your own bandwidth/latency, tor's bw/latency, or some combination?  Is it fixable?'''
    16 
    17 '''Why is the argument against more than 3 hops that both-ends attacks are the enemy?  Wouldn't it be better to have more than 3 if the enemy cannot mount a both-ends attack?'''
    18 
    19 '''How can I be sure that sending DNS through tor doesn't get spoofed sites?'''
    20 
    21 '''How does tor relate to ipv6 and how should typical applications handle ipv6 if they use tor (or tor via Privoxy)?'''
    22 
     10'''What does *this* message mean?'''
    2311
    2412'''What version of libevent should I be using?'''
    2513
    26 the latest.  at least 1.1
    27 
    28 '''How to use Tor in squid? For using Tor on a network using Squid as proxy, for example...'''
    29 
    30 '''How to use Tor with PF (Packet Filter, found in OpenBSD, NetBSD, DragonFlyBSD and FreeBSD)?'''
    31 
    32 
    33 
    34 '''How does Tor work with tabbed browsing, say with Firefox?  Do these requests all follow the same circuit through the Tor network? Can an eavesdropper link a user across all sites opened simultaneously in tabs?'''
    35 
    36 ver 1.5 Works fine for me, I use No-Script Plugin to help be even safer. Anyone else have a problem with Firefox. Weither the request follow the same curcuit is out of my realm. My surfing experience is good to just fine. ProBastion
    37 
    38 They will most likely all use the same circuit.  http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChangePaths
     14'''How does Tor work with tabbed browsing, say with Firefox? Do these requests all follow the same circuit through the Tor network? Can an eavesdropper link a user across all sites opened simultaneously in tabs?'''
    3915
    4016'''When using the Tor/Privoxy configuration, is there an easy way to switch Privoxy between using Tor and using the standard connection (to allow for secure browsing, but also allowing a more direct connection when needed to keep large file transfers from bogging down in Tor)?'''
     
    4925servers? Blocking port 25 helps to defeat spammers, but the smtp SSL/TLS ports are not
    5026generally not used by them. Is there any solution with Tor to help the free speech folk
    51 and others who need to use secure, reliable smtp services? (votes: 6)'''
     27and others who need to use secure, reliable smtp services? (votes: 2)'''
    5228
    5329
     
    5935'''Can Tor be used in a network that has NO DEFAULT ROUTE?  The only access method from this network is to use a traditional proxy.  Is there a way to chain proxies so that TOR requests are sent outbound via the standard proxy? (votes: 1)'''
    6036
    61 
    62 
    6337'''Can I help? (votes: 2)'''
    6438
    65 http://tor.eff.org/volunteer.html
     39'''I've got a bug, now what? (votes: 2)'''
    6640
    67 '''I've got a bug, now what? (votes: 2)'''
     41'''So I'm totally anonymous if I use Tor? (votes: 1)'''
     42
     43'''What attacks remain against onion routing? (votes: 1)'''
     44
     45'''What projects are comparable? (votes: 1)'''
     46
     47JAP (the Java Anonymizing Proxy) is similar, with a few notable differences:
     48* Being still under development, only one mix cascade allows access from behind a firewall
     49* Doesn't run as service under win32
     50Their URL is http://anon.inf.tu-dresden.de/index_en.html , read through it and extend this entry.
    6851
    6952'''How does Tor relate to the Freedom Project? (votes: 1)'''
     
    7154'''Is there any way to forward an ident response via TOR so that the ident doesn't come back as whatever the end server wants, but your normal response? (votes: 1)'''
    7255
    73 no.
    74 
    7556'''How can I uninstall tor? (votes: 1)'''
    7657
    77 
    78 
    79 
    80 '''I have legal questions about running Tor. Is there anybody I can contact? ( votes: 1)'''
    81 
    82 Added 2.1.06- The Developers do not provide Legal advice. period! Over at the Tor Legal FAQ there is a written section by EFF lawyers. It aims to give you an overview of some of the legal issues that arise from the Tor project. Read the Disclaimer. The FAQ does provide a dialougue on the legalality & posssible scenarios of operating a Tor Server. They also provide you with contact information to a EFF Lawyer. The Tor FAQ also provides a links to an Abuse FAQ, & Tor Technical FAQ Wiki.  See this address for more information along these lines. http://tor.eff.org/faq.html
    83 
     58'''I have legal questions about running Tor. Is there anybody I can contact? (votes: 1)'''
    8459
    8560'''If I set up Tor to only act as a router node (reject *:* in torrc) can I still be a contact point for hidden services?'''
    8661
    87 yes.
    88 
    89 '''Can anonymity be broken if all Tor servers in the chain are compromised/malicious and so are keeping logs to trace the chain?'''
    90 
    91 
    92 '''What system resources does a TOR server use?  The FAQ already dicusses memory a bit.  What about CPU?  Encryption is CPU-intensive.  Specific question I'd like answered: I'll be setting up a TOR node bandwidth-limited to about 256kbps (half my upstream bandwidth).  Will an old 300MHz G3 Mac easily handle this, or will a faster processor be needed? How 'bout a P90?  Presumably, TOR's disk usage and I/O is minimal.''' (Votes: 1)
    93 
     62= Answers that won't go on the FAQ =
    9463
    9564== Cannot resolve Foo.onion/Resolve requests to hidden services not allowed ==
     
    147116
    148117(If someone writes a proper question, this might actually go into the FAQ)
    149 
    150 == How To Configure One's Web Browser So Tor Is Only Used For Some Sites But Not Others ==
    151 '''Question''': Can I configure Tor so it will only use the onion routing network for some sites but not others?
    152 
    153 '''Answer''': No, Tor itself is all or nothing, a request either goes through it or it does not.
    154 
    155 Privoxy is also all or nothing in the sense that if a request has made it to Privoxy then either Privoxy is set up to go through Tor or it's not, there does not appear to be a way to program Privoxy so it will use Tor for some requests but not others.
    156 
    157 There is a script for OS X, available [http://idlecircuits.com/privoxyswitcher.zip here], that will make it such that Privoxy never uses Tor but this is an 'all or nothing' mechanism. The script will either start Privoxy such that all requests go through Tor or no requests go through Tor.
    158 
    159 There is one mechanism that is at least useful for web browsers, it's called a pac file. It was invented by Netscape, the original documentation is available [http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html here], but it is now supported by all major browsers. One can use a pac file to program the browser to use the Privoxy proxy for certain requests but not others. For example, the following pac file will cause all requests to Google or to the special Privoxy configuration addresses to be sent to Privoxy (and hence Tor) but will allow other other requests to go out without Privoxy/Tor being used:
    160 
    161 {{{
    162 function FindProxyForURL(url, host) {
    163         if (shExpMatch(host,"*google.*") ||
    164             shExpMatch(host,"config.privoxy.org") ||
    165             shExpMatch(host,"p.p"))
    166                 return "PROXY 127.0.0.1:8118";
    167         return "DIRECT";
    168 }
    169 }}}
    170 
    171 To configure Firefox to use a pac file under OS X go to Firefox->preferences->General->Connection Settings...->Automatic proxy configuration URL:. Enter in a URL (you can use file:// to point to a local file) that points to your pac file and click reload.
    172 
    173 It's probably not a good idea to use pac files with Safari on OS X as its pac file support seems to be more than a little buggy.
    174 
    175 The pac file solution is far from ideal. It won't apply to non-web access and it runs into problems such as the bad pac file support in Safari. It also is not secure. A malicious website can trivially bypass this mechanism by placing pictures on its website from domains that it controls but are unlikely to be on a 'black list'. Therefore this mechanism is only useful with Websites that are not in and of themselves malicious but rather, due to their nature, can collect substantial amounts of personal information that one would rather not release. A search engine is a classic example. If and when privacy is a critical concern then the only proper course of action is to get rid of the pac file and instead configure all connections to go through privoxy/tor.
    176 
    177 
    178 
    179 '''I've been banned as an contributor at Slashdot! I run a Win 2003 server, with a decent pipe. They said that if I blocked them they would let me contribute again. I did an edit on my torrc file by adding a line:
    180 
    181 reject *:66.35.250.150 (which is Slashdot.com by using an online DNS 'dig' page
    182 
    183 I add the above right after my default exit. Which was just this:
    184 #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
    185 ExitPolicy accept *:119 # accept nntp as well as default exit policy
    186 #ExitPolicy reject *:* # middleman only -- no exits allowed
    187 reject *:66.35.250.15
    188 
    189 Is this the way to do this, and just block Slashdot? Any help would be helpful, I've googled, did the tor.eff site, etc. But I'm not real UNIX centric (though thats changing) so just wanted to run it by some community persons. '''
    190 
    191 
    192 '''What is the significance of the changes in the Bittorrent Torify HOWTO?'''
    193 
    194 I noticed I can't connect with btdownloadcurses through proxychains any more. Looking for answers, I went back to the Torify HOWTO and noticed that it had been altered. Where it used to explain about using proxychains to run bittorrent through TOR, which I used successfully for over a year, it now says that Bittorrent "uses a mechanism similar to TOR." That was certainly news to me. How is the generic Bittorrent client technically similar to TOR in any way? I have always heard that the generic Bittorrent client offers almost no anonimity at all. Now I'm reading that Bittorrent and TOR are practically the same thing and it would be redundant to use them together. Seems a bit curious.
    195 
    196 As a sub-question, let me just ask directly: Is it true that Bittorrent through TOR via proxychains no longer works?
    197 
    198 Also, the same page now mentions a technique of using Tor to connect to the tracker only, as opposed to the peers, by including the line --tracker-proxy 127.0.0.1:8118: on the command line. However, I see no documentation of this option in the btdownloadcurses client and I find it a bit suspicious that the format of this option uses a hyphen rather than an underscore as all the other command line options that are listed as being compatible with btdownloadcurses use underscores to separate options with two words such as --check_hashes <arg> or --report_hash_failures <arg>. Is that a typo or an undocumented option that just happens to deviate from the naming convetion of all the other options?
    199 
    200 '''How do you start and stop Tor and Privoxy in OS X (Panther) if you did not install the startup script? (needs to be added to installation instructions)'''
    201 
    202 '''How do you configure the proxy if you are using Tor and Privoxy in OS X (Panther) with a router's firewall and the built-in OS X firewall, e.g. when using Wi-fi to connect to wireless router?  (needs to be added to installation instructions)'''
    203 
    204 '''What to do (troubleshooting) if browsing slows to a crawl with Tor and Privoxy running in OS X?'''
    205 ----
    206 CategoryHomepage