- tor-users - lists.torproject.org

Blog post contribution and volunteering
by Matt Zand 24 Sep '19

24 Sep '19

Hi, I like to do some volunteering by promoting Tor cause via few free blog posting. I wonder where or who should I reach out. https://blog.torproject.org/ -- Cheers, Matt Zand Cell: 202-420-9192 Work: 240-200-6131 High School Technology Services <https://myhsts.org/> DC Web Makers <https://dcwebmakers.com/> Coding Bootcamps <https://coding-bootcamps.com/>

1 0

Cannot use bridges without first establishing non-bridge connection
by ior kov 23 Nov '18

23 Nov '18

Hi, I'm not able to connect via bridges (obfs4 in particular) without first disabling bridges and connecting directly to the tor network. This is odd. Every time I turn on my laptop and start the tor browser bundle, it fails establishing a route. Setting a new bridge does not help either. But when I disable bridges and connect directly, then I can re enable the same bridges that used to fail and it will connect. Once I restart the tor browser, I can surely confirm that the connection is established via the bridge that used to fail, by looking at the active tcp connections. This is making Tails impossible to work with bridges. Since Tails requires bridges to be set at logon time, it fails creating a route unless bridges are disabled and in that case it won't let re-enabling them. What are your thoughts on this? Could this be a security threat? Is the government responsible for this? I live in Iran should you want to know.

2 1

Ctrl+Shift+L, Windows Tor Browser
by Petrusko 04 Mar '18

04 Mar '18

Hey! Got a little problem with a Tor Browser on a Win7 64bits, when you press the shotkey Ctrl+Shift+L, nothing happens... It's ok when I use the onion menu... Linux version is ok. Am i alone with this little bug ? Thx! -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5

2 2

Tor Issues
by Wanderingnet 21 Jan '18

21 Jan '18

So far I have been unable to gain a working torrc and iptables setup for either tor, or, particularly, Tor Browser Bundle. And believe me, I've read, searched and tried - alot. Funnily, many of the security advantages of using Tor are defeated by the need for heavy research and the amount of bad/disinformation out there: Tor is undone by its complications and the lack of clear solutions for heavily secured use. I would like to be able to run TBB secured with a custom torrc file and iptables policy, but this has proven challenging. Torrc settings and iptables settings for tor itself will not easily translate into TBB, which presents its own specific problems. For examples, TBB does not run as a service as tor does, so it cannot be isolated in iptables in this way. Userspace and namespace methods, where TBB could be run as a dedicated user or in a dedicated namespace, have so far been tried and failed - and I have found no specific workthroughs for this subject. Userspace or namespace isolation would still be ultimately desirable, and this is one thing I would like to see described for this specific purpose. As a result I am left trying to isolate TBB by port, which also requires that I define tor ports in torrc. Defining default ports, those that are known, causes TBB to stop working, solved by redefining different ports. Examining netstat shows that TBB continues to open the default Control Port on 9151 in addition to any newly defined ports. It is currently unclear where TBB is set to do this. Iptables policies of any complexity, providing 'torification' of a system to avoid potential leaks, so far fail with TBB. Policies adapted from those on trac.troproject cause TBB to fail on certain counts, and I am unclear as why certain settings are specified. VirtualAddrNetwork specified in torrc for TBB will produce an unknown host/port response from iptables. The various addresses I have seen specified for LAN or IANA are a mystery to me. TBB seems to be neglected almost entirely in serious discussions of Tor. And yet it is more up-to-date than debian-tor, which currently only offers Obfs3 transports, now somewhat old, in Debian packages, and Meek with some trouble: TBB contains all transports in .py files; it is portable, making it instantly operable in any Debian distro with a few simple (scripted) adjusts, and affording the protection of a 'disposable app', and faster to run than installing Tor and obfs3 on a lacking system, with the Tor Browser only installable via the Tor Launcher package and downloading into debian from the Tor project directly (leaving me unaware of how the browser might be saved for offline installation): TBB can double as a Tor Browser for debian-tor without trouble, but I would still like to be able to run or even adapt to debian-tor) its malleable and rapidly reconfigurable implementation and transports (I assume it might be possible to adapt TBB's .py transports provision to debian-tor, I just don't know how). My chosen solution is to install debian-tor from stored files, adapt transports from the TBB, and use the TBB as a proxy browser for Tor, with additional hardening (lock prefs) if possible. And to run TBB in itself. All require good iptables policies, which has proven a particular challange for TBB. Ideally, what is required is: 1. A clear explanation of how Linux solicits and maintains network connections, particularly with regard to public wifi negotiation. 2. A separation of this basic networking functionality required to maintain router access and of the Tor or TBB processes. 3. A clear explanation of all required allowances in iptables, of Tor, including by port if possible, and including of addresses like those for LAN et al. NAT table routing has proven particularly challenging. 4. A method for running TBB with custom torrc, observing the failure of default port specification (which is part of port securing in custom hashed passwords, etc.) and VirtualAddrNetwork (which I assume is due to TBB's lack of service/daemon functionality. 5. Advice for adapting the transports from TBB to tor. 6. A walkthrough for advanced isolation methods like dedicated user accounts, which have so far proven impossible to run with TBB from a separate account, and network namespaces, which appear to be a potentially powerful isolation solution but which I have not seen adapted to this purpose yet, despite being considerably lighter than complete OS virtualisation/containers. A walkthrough for applying TBB transports to debian-tor would be a bonus. As I say, all my attempts so far to produce a working custom torrc and iptables solution for TBB have not worked (though TBB itself will run with an 'open' clearnet iptables setup), all my attempts to adapt published iptables setups have not worked, and all attempts to isolate TBB particularly behind userspaces have also failed. Namespaces are not something I have yet seen tried for this purpose. A working TBB setup is of course likely more readily adaptable to debian-tor than vice-versa, with a few minor adjustments. As it is I will have to go back to using TAILS for any degree of Tor security until the problems are solved, despite the failings of TAILS in my view (rigidity, lack of programmability in scripting, GUI style, etc.) :/ Any helpful advice would be appreciated.

1 0

FONT@domain.net dangerous ? NoScript
by Petrusko 07 Sep '17

07 Sep '17

Hey! Is it really dangerous to enable FONTS in NoScript while surfing a website ? Ok it's not usually needed by the website, only to have a better look ;) Thx for your advise ;) -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5

3 4

Unable to get tor working on GCP - Advice on debugging.
by Colin Rice 25 Jan '17

25 Jan '17

Hi, I'm running tor on GCP (google cloud platform) and I have the oddest problem. I reliably can't access any websites or hidden services (i.e. google.com or my hidden service). i.e. the following fails. colin@tor-bouncer:~$ curl -x socks5://127.0.0.1:9050 google.com -m 30 curl: (7) Failed to receive SOCKS5 connect request ack Some random information which may be useful. colin@tor-bouncer:~$ tor --version Tor version 0.2.7.6 (git-605ae665009853bd). sudo ss -plnt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:5355 *:* users:(("systemd-resolve",pid=1166,fd=14)) LISTEN 0 128 *:22 *:* users:(("sshd",pid=1464,fd=3)) LISTEN 0 128 127.0.0.1:9050 *:* users:(("tor",pid=23442,fd=6)) For reference, I've attached a debug log of an attempt. Any advice on how to go about debugging this?

1 0

Advertise Tor bridge on port 80
by Maxxer 22 Jan '17

22 Jan '17

Hi. I'm currently running a Tor bridge on port 80 (for personal purposes, luckily no real needs). From what I can see in the obfs debug there's no connection other than mine, probably because the bridge is not (correctly) advertised on the Tor network (I guess). I'm running it with a hack, because I couldn't find a better way to o so. Time ago I found an answer on SO [1] which explained how to run a bridge on port 80 via iptables rules, and that's what I do and works fine. But since the Bridge is online it's a shame others cannot benefit from it. This is my configuration: RelayBandwidthRate 900 KB RelayBandwidthBurst 1 MB ExitPolicy reject *:* # no exits allowed DisableDebuggerAttachment 0 SocksPort 0 ORPort 2000 ExtORPort auto BridgeRelay 1 ServerTransportListenAddr obfs3 0.0.0.0:8099 ServerTransportPlugin obfs3 proxy public_ip:80 When started Tor reports the ORPort as reachable, but that's not the obfuscated port. I guess many people can benefit from using a Bridge on port 80. So two questions: 1) is there a non hack-ish way to run a bridge on port 80? 2) how can I advertise the bridge on port 80? Thanks [1] http://tor.stackexchange.com/a/560/6573

1 0

Tor / Varnish / Pound
by niko＠digitalenvelopes.eu 20 Aug '16

20 Aug '16

Hello everybody, I'm trying to figure out how to set up a tor hidden web service behind varnish and pound. Does anybody have some hints? So far I just get a blank page with "index of", no errors in the log file or webserver log file. Thanks! Best Regards, Niko

2 1

Exiting through a VPN
by jah 18 Aug '16

18 Aug '16

Hi, The response I had from a recent visit to check.torproject.org in Tor Browser was that the apparent IP address was not a Tor node and I was "not using Tor". According to Tor Browser, the exit node of that circuit was "Sweden (153.92.126.19)" - either [TheTor] or [ThisTor]. The source of the web request as it appeared to check.torproject.org was the address, 185.65.132.100 (se8x.mullvad.net), in Sweden. Do I have it right: this appears to be a node which sends tor exit traffic through the Mullvad VPN service? Is such a configuration acceptable; does is not cause problems for the tor network (leaving aside the confusion and alarm it may engender in TB users)? jah [TheTor]: https://atlas.torproject.org/#details/27CE487BABE6C2128FB2D1A801C7CB715B48E… [ThisTor]: https://atlas.torproject.org/#details/C369EB6BFDFB996864746944544B82C9684C4…

2 1

Guardian Project's Tor/Home Assistant piece
by Steve 21 Jul '16

21 Jul '16

Hi all, I saw Andy Greenberg’s writeup of the Home Assistant piece on Tor here: https://www.wired.com/2016/07/now-can-hide-smart-home-darknet/, and couldn’t help but feel that while the documentation for the setup is an excellent guide on setting up authenticated hidden services that there were some points being missed with the project. I’m not sure if this is the right place to talk about it, but I thought I’d post here as the last time I did something with Tor I think I could’ve handled things better, and want to try and reach out to Tor peeps before doing anything. So, my points regarding the project are (in no particular order): 1. The project is potentially less usable for quite a lot of users (e.g. iOS users, Windows Mobile users etc.) and requires an installation of Tor on both client and server, as opposed to other approaches. Not a criticism of the hard work put in, but merely a statement of practical constraints. 2. I understand the how, but I’m not quite sure of the why given point 1, compared to other approaches such as a port forward and .htaccess file (home-assistant supports a password through the api_password option, but I don’t know how robust the app is overall, a brief play a while back led me to stay with openhab for my own home). Again, not a criticism of Guardian project’s hard work, and probably more that I’m missing something. 3. While this provides encrypted transport for a home automation solution, it does nothing for shonky IoT devices themselves. I would’ve thought that the bigger threat to home data comes from devices having to share a network and engaging in overreach. I think maybe I’m misunderstanding the threat model or purpose, so this may be an extension of point 2. I think good, practical guides for hidden services are a great idea, and there are some brilliant potential applications for Tor in this respect (such as removing the need for port forwards) that go beyond Tor’s traditionally popular use cases. On to the thing I was planning on talking about. In my view, the primary issues we face with overreaching IoT devices come from malicious IoT devices engaging in overreach on the network, or having insecurities that can’t easily be addressed by users. A segregated network is a good thing, but even so, sometimes you don’t want stuff to appear to come from your home network. IoT devices tend not to use huge amounts of data (with the exception of media streamers like TVs and such). I think Tor can occupy a special place in a protective role here. I have at home a little pocket router that I built a while back that runs Tor, only allows connections through tor from the LAN side and no connectivity to the rest of the home network. However, thanks to some iptables mangling and openwrt config it does allow access from the home LAN to the IoT devices. I’m not a fan of tor routers in general (having built several, and various other tor-related things I think a lot of the things people would use them for are not things they should use tor routers for), but in this case a tor router would help: 1. Stop overreach in terms of network access (e.g. scanning home NAS servers). 2. Allow people to insure themselves against compromise (e.g. remote exploits in cheap cameras won’t affect their local network). 3. If done properly will allow people to use IoT devices without exposing any data about themselves, including their location or source address. I asked briefly on twitter if people would be interested in this and a few people contacted me to say yes. I’m thinking of releasing this in a week or two. I wanted to approach the list and ask if anyone has any problems with this, suggestions or thoughts prior to releasing, as it was just something for me at home, but appears that others may be interested - and given the discussion was founded on the hard work of others, don’t want to put anyone’s nose out of joint by releasing something I’m sure any press would see as similar, even if it has the opposite approach and purpose. Cheers, Steve

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

tor-users