Hello,
On the newer versions of tor browser, I have noticed that the “does this computer’s internet connection go through a firewall that only allows certain ports?” was removed. I think this should be put back in the tor browser configuration options for users who are trying from behind firewalls that only allow certain ports.
Thanks.
On Wed, Jul 04, 2018 at 12:44:29AM -0700, Keifer Bly wrote:
On the newer versions of tor browser, I have noticed that the “does this computer’s internet connection go through a firewall that only allows certain ports?” was removed. I think this should be put back in the tor browser configuration options for users who are trying from behind firewalls that only allow certain ports.
The option is still there. Attached to this email, you'll find a screenshot of it that I just took from the most recent version of Tor Browser.
Yes, but for me the option only appears when the tor browser is already successfully connected and I can click on the “tor network settings”. It does not appear in the “configure” option when first starting tor browser. And for that matter the configure option only seems to appear the first time tor browser is run and impossible to access anytime after on newest tor browser.
In short the “tor network settings” option seems impossible to access as it only appears when the tor browser is successfully running which is problematic for users attempting to configure blocked ports or bridges right off the bat. From: Jonathan Marquardt Sent: Wednesday, July 4, 2018 2:53 AM To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Tor port restriction option was removed
On Wed, Jul 04, 2018 at 12:44:29AM -0700, Keifer Bly wrote:
On the newer versions of tor browser, I have noticed that the “does this computer’s internet connection go through a firewall that only allows certain ports?” was removed. I think this should be put back in the tor browser configuration options for users who are trying from behind firewalls that only allow certain ports.
The option is still there. Attached to this email, you'll find a screenshot of it that I just took from the most recent version of Tor Browser.
On Wed, Jul 04, 2018 at 03:52:10AM -0700, Keifer Bly wrote:
Yes, but for me the option only appears when the tor browser is already successfully connected and I can click on the “tor network settings”. It does not appear in the “configure” option when first starting tor browser. And for that matter the configure option only seems to appear the first time tor browser is run and impossible to access anytime after on newest tor browser.
In short the “tor network settings” option seems impossible to access as it only appears when the tor browser is successfully running which is problematic for users attempting to configure blocked ports or bridges right off the bat.
That's not true. You can access these settings by clicking the "Cancel" button when Tor is establishing the connection. Although, I admit, a seperate button that says "Configure" there could really be benefitial to avoid confusion.
➢ I admit, a separate button that says “Configure” there could really be beneficial to void confusion. I agree, I think that future tor browser s having a dedicated “configure” button is a good idea for this reason.
And, upon clicking the “configure “ button at start up, this is what I get (see the screenshot).
As you can see the options “tor is censored in my country” and “I use a proxy to connect to the internet” options are there, but the “this computer goes through a firewall that only allows connections on certain ports” option is not there, only appearing when I click the “tor network settings” button on the tor browser tab; I would suggest putting this option back in the configure button window as this current layout may be troublesome for people trying to connect from firewalls that only allow certain ports.
From: Jonathan Marquardt Sent: Wednesday, July 4, 2018 5:01 AM To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Tor port restriction option was removed
On Wed, Jul 04, 2018 at 03:52:10AM -0700, Keifer Bly wrote:
Yes, but for me the option only appears when the tor browser is already successfully connected and I can click on the “tor network settings”. It does not appear in the “configure” option when first starting tor browser. And for that matter the configure option only seems to appear the first time tor browser is run and impossible to access anytime after on newest tor browser.
In short the “tor network settings” option seems impossible to access as it only appears when the tor browser is successfully running which is problematic for users attempting to configure blocked ports or bridges right off the bat.
That's not true. You can access these settings by clicking the "Cancel" button when Tor is establishing the connection. Although, I admit, a seperate button that says "Configure" there could really be benefitial to avoid confusion.
On Wed, Jul 04, 2018 at 05:46:48AM -0700, Keifer Bly wrote:
I admit, a separate button that says “Configure” there could really be beneficial to void confusion. I agree, I think that future tor browser s having a dedicated “configure” button is a good idea for this reason.
And, upon clicking the “configure “ button at start up, this is what I get (see the screenshot).
As you can see the options “tor is censored in my country” and “I use a proxy to connect to the internet” options are there, but the “this computer goes through a firewall that only allows connections on certain ports” option is not there, only appearing when I click the “tor network settings” button on the tor browser tab; I would suggest putting this option back in the configure button window as this current layout may be troublesome for people trying to connect from firewalls that only allow certain ports.
Oh, you're right! That's weird! Was this done on purpose or is it a bug?
For me it’s been like that for the last few versions of tor browser….
From: Jonathan Marquardt Sent: Wednesday, July 4, 2018 6:24 AM To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Tor port restriction option was removed
On Wed, Jul 04, 2018 at 05:46:48AM -0700, Keifer Bly wrote:
I admit, a separate button that says “Configure” there could really be beneficial to void confusion. I agree, I think that future tor browser s having a dedicated “configure” button is a good idea for this reason.
And, upon clicking the “configure “ button at start up, this is what I get (see the screenshot).
As you can see the options “tor is censored in my country” and “I use a proxy to connect to the internet” options are there, but the “this computer goes through a firewall that only allows connections on certain ports” option is not there, only appearing when I click the “tor network settings” button on the tor browser tab; I would suggest putting this option back in the configure button window as this current layout may be troublesome for people trying to connect from firewalls that only allow certain ports.
Oh, you're right! That's weird! Was this done on purpose or is it a bug?
Jonathan Marquardt:
On Wed, Jul 04, 2018 at 05:46:48AM -0700, Keifer Bly wrote:
I admit, a separate button that says “Configure” there could really be beneficial to void confusion. I agree, I think that future tor browser s having a dedicated “configure” button is a good idea for this reason.
And, upon clicking the “configure “ button at start up, this is what I get (see the screenshot).
As you can see the options “tor is censored in my country” and “I use a proxy to connect to the internet” options are there, but the “this computer goes through a firewall that only allows connections on certain ports” option is not there, only appearing when I click the “tor network settings” button on the tor browser tab; I would suggest putting this option back in the configure button window as this current layout may be troublesome for people trying to connect from firewalls that only allow certain ports.
Oh, you're right! That's weird! Was this done on purpose or is it a bug?
There are some considerations on
https://trac.torproject.org/projects/tor/ticket/24452
why this is currently the case.
Georg
Ok I see the ticket. However if not a window, I think the option should be available in done form for people who do need it.
On Wed, Jul 4, 2018 at 10:06 AM Georg Koppen gk@torproject.org wrote:
Jonathan Marquardt:
On Wed, Jul 04, 2018 at 05:46:48AM -0700, Keifer Bly wrote:
I admit, a separate button that says “Configure” there could really be beneficial to void confusion. I agree, I think that future tor browser
s
having a dedicated “configure” button is a good idea for this reason.
And, upon clicking the “configure “ button at start up, this is what I
get
(see the screenshot).
As you can see the options “tor is censored in my country” and “I use a proxy to connect to the internet” options are there, but the “this
computer
goes through a firewall that only allows connections on certain ports” option is not there, only appearing when I click the “tor network
settings”
button on the tor browser tab; I would suggest putting this option back
in
the configure button window as this current layout may be troublesome
for
people trying to connect from firewalls that only allow certain ports.
Oh, you're right! That's weird! Was this done on purpose or is it a bug?
There are some considerations on
https://trac.torproject.org/projects/tor/ticket/24452
why this is currently the case.
Georg
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Wed, Jul 04, 2018 at 03:24:08PM +0200, Jonathan Marquardt wrote:
Oh, you're right! That's weird! Was this done on purpose or is it a bug?
It was an intentional simplification of the interface. You can read the reasoning here:
https://trac.torproject.org/projects/tor/ticket/11405#comment:7
Our helpdesk (back when we had one) was interacting with many users who were doing the wrong thing with the old interface.
The reasoning in short is that if 443 is one of your available ports then your Tor will bootstrap pretty quickly anyway, and if 443 and 9001 aren't available you're probably going to need some bridge or proxy or something in order to bootstrap.
--Roger
So tor will automatically use port 80 or 443 if Those are the only ones open?
Sent from my iPhone
On Jul 4, 2018, at 8:31 PM, Roger Dingledine arma@mit.edu wrote:
On Wed, Jul 04, 2018 at 03:24:08PM +0200, Jonathan Marquardt wrote: Oh, you're right! That's weird! Was this done on purpose or is it a bug?
It was an intentional simplification of the interface. You can read the reasoning here:
https://trac.torproject.org/projects/tor/ticket/11405#comment:7
Our helpdesk (back when we had one) was interacting with many users who were doing the wrong thing with the old interface.
The reasoning in short is that if 443 is one of your available ports then your Tor will bootstrap pretty quickly anyway, and if 443 and 9001 aren't available you're probably going to need some bridge or proxy or something in order to bootstrap.
--Roger
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Wed, Jul 04, 2018 at 11:20:31PM -0700, Keifer Bly wrote:
So tor will automatically use port 80 or 443 if Those are the only ones open?
Tor will choose Guard relays at random until one of them works(*).
It looks like around 844 Guard relays are listening on port 443 right now, out of the 1858 available Guard relays.
% grep -B1 Guard cached-consensus |grep "^r "|grep " 443 "|wc -l 844 % grep -B1 Guard cached-consensus |grep "^r "|wc -l 1858
So if 443 works for you, it won't be many tries until you try a relay that works for you.
And once you reach a Guard that works, it will become one of your guards that you keep using, so you'll only do the "flail around trying to find one" step when you need to replace your guard.
Are you concerned that we have the wrong design for general users, or are you having a specific problem?
--Roger
(*) Actually, before Tor starts attempting to reach Guards, it first needs to bootstrap the consensus document from either the directory authorities or the fallback directory servers -- but they have a pretty similar distribution of ports they listen on.
No problems here, and if tor handles blocked ports and port blocking firewalls without issue then it's not something to worry about. But it might not hurt to have a text box explaining this for those who are concerned about what ports they are using.
On Thu, Jul 5, 2018 at 12:14 AM Roger Dingledine arma@mit.edu wrote:
On Wed, Jul 04, 2018 at 11:20:31PM -0700, Keifer Bly wrote:
So tor will automatically use port 80 or 443 if Those are the only ones
open?
Tor will choose Guard relays at random until one of them works(*).
It looks like around 844 Guard relays are listening on port 443 right now, out of the 1858 available Guard relays.
% grep -B1 Guard cached-consensus |grep "^r "|grep " 443 "|wc -l 844 % grep -B1 Guard cached-consensus |grep "^r "|wc -l 1858
So if 443 works for you, it won't be many tries until you try a relay that works for you.
And once you reach a Guard that works, it will become one of your guards that you keep using, so you'll only do the "flail around trying to find one" step when you need to replace your guard.
Are you concerned that we have the wrong design for general users, or are you having a specific problem?
--Roger
(*) Actually, before Tor starts attempting to reach Guards, it first needs to bootstrap the consensus document from either the directory authorities or the fallback directory servers -- but they have a pretty similar distribution of ports they listen on.
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Roger Dingledine:
It looks like around 844 Guard relays are listening on port 443 right now, out of the 1858 available Guard relays.
guard probability for all guards having ORPort on 80 or 443: 45.99%
guard probability per ORPort:
+---------+-------------------+ | or_port | guard_probability | +---------+-------------------+ | 443 | 44.4 | | 9001 | 39.1 | | 80 | 1.5 | | 9002 | 1.3 | | 8080 | 1.1 | | 8443 | 0.9 | +---------+-------------------+
(onionoo data as per 2018-07-05 07:00 UTC)
(*) Actually, before Tor starts attempting to reach Guards, it first needs to bootstrap the consensus document from either the directory authorities or the fallback directory servers -- but they have a pretty similar distribution of ports they listen on.
unfortunately onionoo does not have fallbackdir data, so I can't provide the same table as above for fallbacks without creating it myself first
On 5 Jul 2018, at 20:06, nusenu nusenu-lists@riseup.net wrote:
Roger Dingledine:
It looks like around 844 Guard relays are listening on port 443 right now, out of the 1858 available Guard relays.
guard probability for all guards having ORPort on 80 or 443: 45.99%
guard probability per ORPort:
+---------+-------------------+ | or_port | guard_probability | +---------+-------------------+ | 443 | 44.4 | | 9001 | 39.1 | | 80 | 1.5 | | 9002 | 1.3 | | 8080 | 1.1 | | 8443 | 0.9 | +---------+-------------------+
(onionoo data as per 2018-07-05 07:00 UTC)
(*) Actually, before Tor starts attempting to reach Guards, it first needs to bootstrap the consensus document from either the directory authorities or the fallback directory servers -- but they have a pretty similar distribution of ports they listen on.
unfortunately onionoo does not have fallbackdir data, so I can't provide the same table as above for fallbacks without creating it myself first
Here's the list of fallbacks, if you'd like to run a script on it: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc
The script that selects fallbacks also logs the ports that fallbacks are on. For the current list, we ran the script twice, and merged the lists: 75/143 = 52% of fallbacks are on IPv4 ORPort 443 49/143 = 34% of fallbacks are on IPv4 ORPort 9001 19/143 = 13% of fallbacks are on other IPv4 ORPorts 18/48 = 38% of IPv6 fallbacks are on IPv6 ORPort 443 15/48 = 31% of IPv6 fallbacks are on IPv6 ORPort 9001 15/48 = 31% of IPv6 fallbacks are on other IPv6 ORPorts https://trac.torproject.org/projects/tor/attachment/ticket/24801/fallback_di...
73/139 = 53% of fallbacks are on IPv4 ORPort 443 49/139 = 35% of fallbacks are on IPv4 ORPort 9001 17/139 = 12% of fallbacks are on other IPv4 ORPorts 18/46 = 39% of IPv6 fallbacks are on IPv6 ORPort 443 13/46 = 28% of IPv6 fallbacks are on IPv6 ORPort 9001 15/46 = 33% of IPv6 fallbacks are on other IPv6 ORPorts https://trac.torproject.org/projects/tor/attachment/ticket/24801/fallback_di...
T
-
Georg Koppen -
Jonathan Marquardt -
Keifer Bly -
nusenu -
Roger Dingledine -
teor