I was just made aware of this "advanced" torrc configuration below. Any comments on it, from a client-only/mobile device perspective? I can understand how it might deanonymize you, but it might be a trade-off that users seeking fast circumvention only may want to make.
http://xeronet.primeoptic.net/tor/torrc.php
*** Advanced Torrc Settings - Did You Edit The Config ?
This is a working example of an advanced configuration for use with the Tor Browser Bundle.
N.B. Vidalia will show the following 'warning' message if you use this Torrc file and specifically StrictNodes 1 : "You have asked to exclude certain relays from all positions in your circuits. Expect hidden services and other Tor features to be broken in unpredictable ways." If something is broken or you cannot connect, your should set StrictNodes to 0 again. If you don't want to see warning messages the you can always switch them off in Vidalia > Messages > Options.
xeronet Torrc - v1.4 - 12/12/2012 - Download ... 'Save As'.
This file can be used to replace the existing Torrc file in your Tor Browser Bundle > Data > Tor
The idea is to make Tor faster and safer for regular internet browsing and it does work !
How does it work ? Well, Tor works just great 'out-of-the-box', however, by tweaking settings and controlling how Tor connects to its own network we can improve on privacy and security.
(1) Block 'Bad' Exit Nodes using: ExcludeNodes
'Bad' Exit Nodes are flagged in red here: http://torstatus.blutmagie.de
N.B. torstatus.blutmagie.de will probably load very slowly in your web browser and might even appear to 'freeze' ! It contains a lot of 'live' data. Be patient and it will load up OK.
(2) Block 'problematic' internet countries using: ExcludeNodes
'problematic' internet countries can be found here: http://map.opennet.net
and here: https://wikipedia.org/wiki/Internet_censorship_by_country
N.B. The 'default' list of blocked Countries has been selected by including those Countries using Pervasive and Substantial blocking of Internet Tools and Political, Social, Conflict and/or Security website filtering... You have lots of Tor servers to choose from... Why should you use a Tor server in a country that heavily filters its own citizens or perhaps even worse... (Don't worry - In doing this you will not be preventing access to the Tor network from users in these Countries.)
Recommended: 'problem' internet countries Block List: Afghanistan, Algeria, Armenia, Argentina, Azerbaijan, Bangladesh, Belarus, Burma, China, Colombia, Cuba, Egypt, Eritrea, Ethiopia, Gambia, Georgia, Ghana, Guatemala, India, Indonesia, Iraq, Iran, Israel, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Malawi, Mali, Malaysia, Mauritania, Mexico, Moldova, Mongolia, Morocco, Nepal, Nigeria, North Korea, Oman, Pakistan, Palestinian Territories, Paraguay, Peru, Philippines, Qatar, Russia, Rwanda, Saudi Arabia, Somalia, South Africa, South Korea, Sudan, Sri Lanka, Syria, Taiwan, Tajikistan, Thailand, Tunisia, Turkey, Turkmenistan, UAE, Uganda, Uzbekistan, Venezuela, Vietnam, Yemen, Zimbabwe.
See: https://wikipedia.org/wiki/List_of_Internet_top-level_domains for Country Codes.
N.B. You might also consider adding / blocking your own country or location, if it is not already included in the list. This will have obvious benefits in increasing both your privacy and anonymity.
Additional: 'slow' internet countries (below 1000 kbps avg.) Avoid List: Angola, Benin, Bolivia, Botswana, Burkina Faso, Burundi, Cameroon, Central African Republic, Chad, Comoros, Republic of the Congo, Democratic Republic of the Congo, Côte d'Ivoire, Djibouti, Equatorial Guinea, Gabon, Guinea, Guinea-Bissau, Guyana, Liberia, Mozambique, Namibia, Niger, Rwanda, Sao Tome and Príncipe, Senegal, Sierra Leone, Swaziland, Tanzania, Uganda, Zambia.
See: http://www.akamai.com/stateoftheinternet/ for avg. internet speeds.
(3) Block potentially mis-configured servers using: ExcludeNodes
Mis-configured nodes might include: default or Unnamed servers etc.
(4) Select fast (high bandwidth) Entry servers using: EntryNodes
(5) Select fast (high bandwidth) Exit servers using: ExitNodes
Fast (high bandwidth) servers can be found here: http://torstatus.blutmagie.de
N.B. Servers selected for this example Torrc have been chosen because they are run by individuals or non-profit organizations with an interest or involvement in supporting internet privacy and security, freedom of speech and / or the free software movements i.e. torservers.net, globenet.org, riseup.net, privacyfoundation.ch, privacyfoundation.de, tor.noisebridge.net, fsf.org, team-cymru.org, eff.org and others.
(6) Use StrictNodes 1 to enforce the server selection.
N.B. "If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0)"
(7) Use FascistFirewall 1 to force port 80 (http) and port 443 (https) access.
N.B. "If 1, Tor will only create outgoing connections to ORs running on ports that your firewall allows (defaults to 80 and 443; see FirewallPorts). This will allow you to run Tor as a client behind a firewall with restrictive policies, but will not allow you to run as a server behind such a firewall. If you prefer more fine-grained control, use ReachableAddresses instead." If you choose to do this then make sure that your selected Nodes use port 80 and/or port 443
(8) Use UseEntryGuards 1 for increased security.
N.B. "If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1.)"
(9) Use ClientOnly 1 for the Tor Browser Bundle.
N.B. "If set to 1, Tor will under no circumstances run as a server or serve directory requests. The default is to run as a client unless ORPort is configured. (Usually, you don’t need to set this; Tor is pretty smart at figuring out whether you are reliable and high-bandwidth enough to be a useful server.) (Default: 0)"
(10) Tips: Do add Authority servers to your EntryNodes list. Do add ExitNodes as EntryNodes. Don't add EntryNodes as ExitNodes ! Do block new 'bad' Nodes in ExcludeNodes.
Do check the status of the nodes that you have selected on a regular basis. Do find and add new bridge nodes as EnrtyNodes if you require them for access. If you have problems connecting to Tor then changing FascistFirewall to 0 and/or StrictNodes to 0 will probably fix the issue.
Do read the Tor Manual: https://www.torproject.org/docs/tor-manual.html
CLIENT OPTIONS
Remember: You can view or edit your Torrc file using Notepad.exe or another text editor.
This example Torrc file will be updated when necessary, So do check back here occasionally for a new version.
Thank you and safe browsing.
On Thu, 27 Dec 2012 09:22:00 +0545 Nathan Freitas nathan@freitas.net wrote:
How does it work ? Well, Tor works just great 'out-of-the-box', however, by tweaking settings and controlling how Tor connects to its own network we can improve on privacy and security.
...based on what evidence?
(1) Block 'Bad' Exit Nodes using: ExcludeNodes
If the 'Bad' flag is assigned, then you already cannot exit from the relay. No need to block it.
Recommended: 'problem' internet countries Block List: Afghanistan, Algeria, Armenia, Argentina, Azerbaijan, Bangladesh, Belarus, Burma, China, Colombia, Cuba, Egypt, Eritrea, Ethiopia, Gambia, Georgia, Ghana, Guatemala, India, Indonesia, Iraq, Iran, Israel, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Malawi, Mali, Malaysia, Mauritania, Mexico, Moldova, Mongolia, Morocco, Nepal, Nigeria, North Korea, Oman, Pakistan, Palestinian Territories, Paraguay, Peru, Philippines, Qatar, Russia, Rwanda, Saudi Arabia, Somalia, South Africa, South Korea, Sudan, Sri Lanka, Syria, Taiwan, Tajikistan, Thailand, Tunisia, Turkey, Turkmenistan, UAE, Uganda, Uzbekistan, Venezuela, Vietnam, Yemen, Zimbabwe.
Why not just say 'block countries not full of white people'? Seriously, wtf is up with that list.
This whole list is like alchemy and trying to turn water to wine. Using the default torrc is probably far safer for 99.9% of users. I don't see how this custom torrc is going to improve anything, other than an attacker learning how unique you are in the tor network.