[tor-talk] Bootstrapping gets stuck at 85% - logs included.
Tor worked fine until a few days ago. Then I began to have some problems. Let me explain. I use apt-get install tor and run 'tor'. The results are: May 11 21:19:08.358 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) May 11 21:19:08.362 [notice] Initialized libevent version 1.4.13-stable using method epoll. Good. May 11 21:19:08.362 [notice] Opening Socks listener on 127.0.0.1:9050 May 11 21:19:08.364 [notice] Parsing GEOIP file /usr/share/tor/geoip. May 11 21:19:09.196 [notice] OpenSSL OpenSSL 0.9.8k 25 Mar 2009 [9080bf] looks like it's older than 0.9.8l, but some vendors have backported 0.9.8l's renegotiation code to earlier versions, and some have backported the code from 0.9.8m or 0.9.8n. I'll set both SSL3_FLAGS and SSL_OP just to be safe. May 11 21:19:09.354 [notice] Bootstrapped 5%: Connecting to directory server. May 11 21:19:09.355 [notice] I learned some more directory information, but not enough to build a circuit: We have no network-status consensus. May 11 21:19:09.543 [notice] Bootstrapped 10%: Finishing handshake with directory server. May 11 21:19:10.554 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (No route to host; NOROUTE; count 1; recommendation warn) This always happens. It just gets stuck. Then I try the Tor Browser Bundle. I am using the latest version which I downloaded yesterday. Here is what the Vidalia client shows when I ./start-tor-browser: May 11 22:56:30.636 [Notice] Tor v0.2.2.35 (git-b04388f9e7546a9f). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) May 11 22:56:30.637 [Notice] Initialized libevent version 2.0.18-stable using method epoll. Good. May 11 22:56:30.637 [Notice] Opening Socks listener on 127.0.0.1:0 May 11 22:56:30.638 [Notice] Socks listener listening on port 42779. May 11 22:56:30.638 [Notice] Opening Control listener on 127.0.0.1:0 May 11 22:56:30.638 [Notice] Control listener listening on port 34216. May 11 22:56:30.639 [Notice] Parsing GEOIP file ./Data/Tor/geoip. May 11 22:56:35.928 [Notice] OpenSSL OpenSSL 1.0.1b 26 Apr 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation May 11 22:56:35.928 [Notice] We now have enough directory information to build circuits. May 11 22:56:35.928 [Notice] Bootstrapped 80%: Connecting to the Tor network. May 11 22:56:35.929 [Notice] New control connection opened. May 11 22:56:35.929 [Notice] Bootstrapped 85%: Finishing handshake with first hop. May 11 22:58:49.981 [Notice] Tor has not observed any network activity for the past 66 seconds. Disabling circuit build timeout recording. May 11 22:58:50.314 [Notice] Tor now sees network activity. Restoring circuit build timeout recording. Network was down for 66 seconds during 1 circuit attempts. May 11 22:59:56.135 [Notice] Tor has not observed any network activity for the past 67 seconds. Disabling circuit build timeout recording. May 11 22:59:57.684 [Notice] Tor now sees network activity. Restoring circuit build timeout recording. Network was down for 68 seconds during 2 circuit attempts. May 11 23:01:04.279 [Notice] Tor has not observed any network activity for the past 66 seconds. Disabling circuit build timeout recording. May 11 23:01:04.587 [Notice] Tor now sees network activity. Restoring circuit build timeout recording. Network was down for 66 seconds during 1 circuit attempts. Or I might see: May 12 07:12:33.787 [Warning] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (DONE; DONE; count 10; recommendation warn) I then use the Tor Browser Bundle with a VPN. It works quickly and effectively. Why does the original 'tor' get stuck at 10%. Why does the Browser Bundle get stuck at 85%? Why does the VPN work? Finally, the Browser Bundle gives an error at ./start-tor-browser: Qt: Session management error: None of the authentication protocols specified are supported Does this matter and, if so, what can I do about it? I am using Ubuntu 10.04. Many thanks! ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor/netfilter: packets without uid
> > echo 1 > /proc/sys/net/ipv4/tcp_rfc1337 > > not the right option; this is different, and to avoid an issue with time wait. > > the feature i'm thinking of is time-wait negotiation, which can be > tweaked to always put this state on the peer (or fail if not > available). > > last time i messed with this is was kernel build tweaks; probably too > much for most tastes ;) > > > regarding the match rules, why are you whitelisting a firefox > instances? a robust setup is everything transparently routed, except > for Tor PID, and only this PID. kernel originated traffic and all > other application originated traffic is thus routed properly without > bypass, assuming Tor itself is not vulnerable. coderman, thanks for your persisting interest in my issue. I appreciate it. Unfortunately your sysconf switches don't work for me. That's fine. I think I will simply drop non-uid 42 bytes packets from now on, without explicit logging. (I cannot afford a 72MiB syslog after a few days of computer usage) Regarding my setup, it is not that simple. Actually I have four firefox users and four dedicated tor instances for these users. Each firefox is dedicated to special requirements. I have lots of other users, each for dedicated use cases. All other users, including my main user, do not have internet access at all. This setup-up is loosely based on the setup another Tor user presented on this very list a few years ago. What I fear most is not a breach of my anonymity or the breakage of firefox due to exploitation (geez, browser suck so much these days). I fear the mix-up of application traffic which in turn breaks the anonymity of the application stream that I really want to be anonymous. E.g. I usually have all three browser opened, routing all of their traffic through the same tor instance is madness. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Basic questions from new user but...
On 5/11/2012 7:21 AM, Maxim Kammerer wrote: On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplk wrote: Isn't this approach very much a double edged sword? From the link: However, we recommend that even users who know how to use NoScript leave JavaScript enabled if possible, because a website or exit node can easily distinguish users who disable JavaScript from users who use Tor Browser bundle with its default settings (thus users who disable JavaScript are less anonymous). It may be true that changing settings makes one's profile different, but from all I've ever read, java script is responsible for more malicious browser attacks than anything. That's not so good. Javascript atacks are, however, out of the scope for anonymity research. The anonymity set reduction above, while purely theoretical and of no practical significance, is in that scope. It's a typical case of project focus shifting priorities to user's disadvantage. Moreover, if many users turn Javascript off often, it is quite possible that turning it off offers more (theoretical) anonymity due to the possibility of fingerprinting users' browser versions by browsers' respective Javascript quirks. Can someone explain to non-Tor network experts in layman's terms (25 words or< ) :D, what exactly some one / entity HAS to be able to do in order to profile that Joe has java script disabled,& then be able to tie it to MY (dynamic) IP address - at * that * moment (an address that could change anytime), or to me physically, sitting here at 123 Oak St., Bumfk, ND? It is not possible — anonymity set reduction only shifts your anonymity towards pseudonymity. I would guess that most browser users do not need true anonymity, however, and are fine with pseudonymity. Then, what are the REAL world odds that out of all the exit nodes traffic, which are constantly changing users, that someone can monitor enough nodes AND be able to tie it directly to ONE specific person, w/ a real name& physical address? Are we talking that any 12 yr old w/ the right, free software can do this, or "theoretically"? Theoretically. Thanks Maxim. You may be 100% correct. No disrespect, but these questions - esp. one about changing TBB setting(s) like js or using an addon not included in the package (assuming an addon doesn't "leak") seem like PRETTY important questions. I think one of the devs w/ expertise in that area of Tor should answer the * real world explanation & chances * how those actions would realistically allow someone / entity to positively identify a PERSON, or lead them to that person's door, so users can understand. Explanation should also probably be in FAQs. I don't know your background or if you're associated w/ Tor Project in any way - I mean no disrespect. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Basic questions from new user but...
Much appreciated! Yes, can anyone suggest email providers that will protect privacy and still work easily with Tor (? that don't require j's). > Date: Wed, 9 May 2012 22:04:58 -0500 > From: joebtfs...@gmx.com > To: tor-talk@lists.torproject.org > Subject: Re: [tor-talk] Basic questions from new user but... > > On 5/9/2012 6:56 PM, Elena Johnson wrote: > > I have a feeling other newbies might benefit. 3 questions below (if > > tor-talk is not appropriate for these questions, PLEASE let me know what > > the appropriate contact is) . > > > > I have read the FAQ's, much documentation, and searched the broader web but > > still have questions about browsing the internet with Tor (I'm using the > > whole Tor Browser Bundle): > > > > 1) Can I ANONYMOUSLY allow scripts for hotmail, gmail and yahoo mail using > > Tor browser? > >- hotmail - I can’t sign in, I get the message: > >"Windows Live ID requires JavaScript to sign in." > >If I allow the script, use https and HTML and sign in then, > > I can use NoScript to go through a series of "allowing > > scripts" from the following, > > but I still can't open the email > > https://snt130.mail.live.com > > https://secure.shared.live.com > > https://secure.wlxrs.com > > > > - gmail: Google requires scripts to create account (I WAS able to > > access HTML email > > without scripts - very very useful and good, THANKS) > > > > 2) If I allow scripts ONE TIME, does that blow my anonymity for ALL TIME or > > just during that browsing session. In other words, is the info then stored > > somewhere that can be retroactively analyzed to reveal my IP address? > > > > - > > I had this experience on the Tor site: > > - I'm going through the Tor FAQ page and try to link to: > > > > irc channel > > > > tor-talk@lists.torproject.org > > > > h...@rt.torproject.org > > > > -I'm assuming Tor is SAFE but for each of these, I get the MESSAGE: > > > > "Load external content? > > > > An external application is needed to handle: > > > > mailto:h...@rt.torproject.org (etc.) > > > > NOTE: External applications are NOT Tor safe by default and can > > unmask you! > > > > If this file is untrusted, you should either save it to view > > while offline or in a VM, > > > > or consider using a transparent Tor proxy like Tails LiveCD or > > torsocks." > > > > - I'm guessing that YES! i can trust that I can use whatever > > "external application" will allow me to access these Tor support > > services, BUT I'M NOT ABSOLUTELY SURE. This leads to my third question: > > > > 3) Can I ANONYMOUSLY load "external content" using an "external > > application"? Does the answer depend on THE SITE I am browsing, the > > particulars of the "external application" needed, and the specific > > "external content"? > > > > Welcome! > I'm not the foremost expert on Tor & external apps. Others can chime in > or correct my suggestions. You ARE using the Tor browser bundle - TBB - > aren't you? > 1) If you really want privacy / anonymity, maybe Live Mail, Gmail > shouldn't be your choice - at least when using Tor. The companies > behind them are noted for a lot of privacy invasions. A lot of mail > providers seem to require js, but maybe others can suggest some (or > methods) that don't require it. I'm quite sure some providers don't > require js. > > 2) AFAIK just for that session. But, if it's for an email acct that you > tried to create anonymously thru Tor - IF - say Gmail, tied you to a > real IP address & provider, then you don't have much anonymity for that > acct from then on. That's assuming anyone, including Gmail cares to > pursue it. I'm assuming it warning you about accessing > h...@rt.torproject.org means using your mail client. In their default > state, email clients CAN leak info about you. > > Which external content (type) & which application is it trying to use? > It does make a difference. Yes, some can leak certain data. Some apps > can be "torrified," to lesser or greater extents. Instructions used to > be on the Tor documentation site for diff apps, but may have been > removed. May also be wiki articles. > > 3) See ans. # 2. It's an "it all depends" question that comes up > often. It's not so much the site (unless they use advanced tracking > techniques & you have js enabled, etc.), as the external app being > used. In general, heed the warning about loading external content, if > true anonymity is desired. The application could matter because it > dictates the type of application needed. Part of it depends on what > you're trying to conceal from whom.NSA? You may be screwed. You'll > have to research IF the apps needed (& specific o
Re: [tor-talk] Basic questions from new user but...
https://help.riseup.net/en/email --SiNA On 05/12/2012 03:16 PM, Elena Johnson wrote: > > Much appreciated! > > Yes, can anyone suggest email providers that will protect privacy and still > work easily with Tor (? that don't require j's). > >> Date: Wed, 9 May 2012 22:04:58 -0500 >> From: joebtfs...@gmx.com >> To: tor-talk@lists.torproject.org >> Subject: Re: [tor-talk] Basic questions from new user but... >> >> On 5/9/2012 6:56 PM, Elena Johnson wrote: >>> I have a feeling other newbies might benefit. 3 questions below (if >>> tor-talk is not appropriate for these questions, PLEASE let me know what >>> the appropriate contact is) . >>> >>> I have read the FAQ's, much documentation, and searched the broader web but >>> still have questions about browsing the internet with Tor (I'm using the >>> whole Tor Browser Bundle): >>> >>> 1) Can I ANONYMOUSLY allow scripts for hotmail, gmail and yahoo mail using >>> Tor browser? >>>- hotmail - I can’t sign in, I get the message: >>>"Windows Live ID requires JavaScript to sign in." >>>If I allow the script, use https and HTML and sign in then, >>> I can use NoScript to go through a series of "allowing >>> scripts" from the following, >>> but I still can't open the email >>> https://snt130.mail.live.com >>> https://secure.shared.live.com >>> https://secure.wlxrs.com >>> >>> - gmail: Google requires scripts to create account (I WAS able to >>> access HTML email >>> without scripts - very very useful and good, THANKS) >>> >>> 2) If I allow scripts ONE TIME, does that blow my anonymity for ALL TIME or >>> just during that browsing session. In other words, is the info then stored >>> somewhere that can be retroactively analyzed to reveal my IP address? >>> >>> - >>> I had this experience on the Tor site: >>> - I'm going through the Tor FAQ page and try to link to: >>> >>> irc channel >>> >>> tor-talk@lists.torproject.org >>> >>> h...@rt.torproject.org >>> >>> -I'm assuming Tor is SAFE but for each of these, I get the MESSAGE: >>> >>> "Load external content? >>> >>> An external application is needed to handle: >>> >>> mailto:h...@rt.torproject.org (etc.) >>> >>> NOTE: External applications are NOT Tor safe by default and can >>> unmask you! >>> >>> If this file is untrusted, you should either save it to view >>> while offline or in a VM, >>> >>> or consider using a transparent Tor proxy like Tails LiveCD or >>> torsocks." >>> >>> - I'm guessing that YES! i can trust that I can use whatever >>> "external application" will allow me to access these Tor support >>> services, BUT I'M NOT ABSOLUTELY SURE. This leads to my third question: >>> >>> 3) Can I ANONYMOUSLY load "external content" using an "external >>> application"? Does the answer depend on THE SITE I am browsing, the >>> particulars of the "external application" needed, and the specific >>> "external content"? >>> >> >> Welcome! >> I'm not the foremost expert on Tor & external apps. Others can chime in >> or correct my suggestions. You ARE using the Tor browser bundle - TBB - >> aren't you? >> 1) If you really want privacy / anonymity, maybe Live Mail, Gmail >> shouldn't be your choice - at least when using Tor. The companies >> behind them are noted for a lot of privacy invasions. A lot of mail >> providers seem to require js, but maybe others can suggest some (or >> methods) that don't require it. I'm quite sure some providers don't >> require js. >> >> 2) AFAIK just for that session. But, if it's for an email acct that you >> tried to create anonymously thru Tor - IF - say Gmail, tied you to a >> real IP address & provider, then you don't have much anonymity for that >> acct from then on. That's assuming anyone, including Gmail cares to >> pursue it. I'm assuming it warning you about accessing >> h...@rt.torproject.org means using your mail client. In their default >> state, email clients CAN leak info about you. >> >> Which external content (type) & which application is it trying to use? >> It does make a difference. Yes, some can leak certain data. Some apps >> can be "torrified," to lesser or greater extents. Instructions used to >> be on the Tor documentation site for diff apps, but may have been >> removed. May also be wiki articles. >> >> 3) See ans. # 2. It's an "it all depends" question that comes up >> often. It's not so much the site (unless they use advanced tracking >> techniques & you have js enabled, etc.), as the external app being >> used. In general, heed the warning about loading external content, if >> true anonymity is desired. The application could matter because it >> dictates the type of application needed. Part of it depends on w
Re: [tor-talk] Basic questions from new user but...
1) "TBB is modified so that JavaScript shouldn't hurt anonymity." OK so I can safely allow JavaScript with my emails and be anonymous. Confusing because NoScript says: "Allow scripts globally (dangerous)." 2) "The TorBrowserBundle (TBB) should allow scripting by default" Confusing because when I log into Tor using TBB the NoScript icon has a red slash through it. If I go to any site, e.g. Kmart.com or mozilla a window opens up at bottom and says: Scripts currently forbiddenOptions... Allow https://mozilla.org So I have the option to allow it but by default it is not allowed. Hope these questions can help other low-tech users. When I'm on TBB, the NoScript icon has a red slash through it. > Date: Thu, 10 May 2012 19:13:05 +0200 > From: bastik@googlemail.com > To: tor-talk@lists.torproject.org > Subject: Re: [tor-talk] Basic questions from new user but... > > Elena Johnson, 10.05.2012 01:56: > > 1) Can I ANONYMOUSLY allow scripts for hotmail, gmail and yahoo mail using > > Tor browser? > > The TorBrowserBundle (TBB) should allow scripting by default. It uses an > modified (aka patched) Firefox, which is re-branded to Tor Browser, and > ships with NoScript, which is set to allow JavaScript globally. > > This has been done to avoid the problems you mentioned. TBB is modified > so that JavaScript shouldn't hurt anonymity. > > Regards, > bastik_tor > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
