[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] r25120: {website} break off some questions into a new tbb faq section (website/trunk/docs/en)
Author: arma
Date: 2011-09-27 07:24:45 +0000 (Tue, 27 Sep 2011)
New Revision: 25120
Modified:
website/trunk/docs/en/faq.wml
Log:
break off some questions into a new tbb faq section
Modified: website/trunk/docs/en/faq.wml
===================================================================
--- website/trunk/docs/en/faq.wml 2011-09-27 04:54:21 UTC (rev 25119)
+++ website/trunk/docs/en/faq.wml 2011-09-27 07:24:45 UTC (rev 25120)
@@ -48,26 +48,26 @@
<li><a href="#LiveCD">Is there a LiveCD or other bundle that includes Tor?</a></li>
</ul>
- <p>Running Tor:</p>
+ <p>Tor Browser Bundle:</p>
<ul>
+ <li><a href="#GoogleCaptcha">Google makes me solve a Captcha or tells
+ me I have spyware installed.</a></li>
+ <li><a href="#GmailWarning">Gmail warns me that my account may have
+ been compromised.</a></li>
+ </ul>
+
+ <p>Advanced Tor usage:</p>
+ <ul>
<li><a href="#torrc">I'm supposed to "edit my torrc". What does
that mean?</a></li>
<li><a href="#Logs">How do I set up logging, or see Tor's
logs?</a></li>
- </ul>
-
- <p>Running a Tor client:</p>
- <ul>
<li><a href="#DoesntWork">I installed Tor and Polipo but it's not
working.</a></li>
<li><a href="#VidaliaPassword">Tor/Vidalia prompts for a password at
start.</a></li>
<li><a href="#ChooseEntryExit">Can I control which nodes (or country)
are used for entry/exit?</a></li>
- <li><a href="#GoogleCaptcha">Google makes me solve a Captcha or tells
- me I have spyware installed.</a></li>
- <li><a href="#GmailWarning">Gmail warns me that my account may have
- been compromised.</a></li>
<li><a href="#FirewallPorts">My firewall only allows a few outgoing
ports.</a></li>
</ul>
@@ -727,6 +727,90 @@
<hr>
+<a id="GoogleCaptcha"></a>
+<h3><a class="anchor" href="#GoogleCaptcha">Google makes me solve a Captcha or tells me I have spyware installed.</a></h3>
+
+<p>
+This is a known and intermittent problem; it does not mean that Google
+considers Tor to be spyware.
+</p>
+
+<p>
+When you use Tor, you are sending queries through exit relays that are also
+shared by thousands of other users. Tor users typically see this message
+when many Tor users are querying Google in a short period of time. Google
+interprets the high volume of traffic from a single IP address (the exit
+relay you happened to pick) as somebody trying to "crawl" their website,
+so it slows down traffic from that IP address for a short time.
+</p>
+<p>
+An alternate explanation is that Google tries to detect certain
+kinds of spyware or viruses that send distinctive queries to Google
+Search. It notes the IP addresses from which those queries are received
+(not realizing that they are Tor exit relays), and tries to warn any
+connections coming from those IP addresses that recent queries indicate
+an infection.
+</p>
+
+<p>
+To our knowledge, Google is not doing anything intentionally specifically
+to deter or block Tor use. The error message about an infected machine
+should clear up again after a short time.
+</p>
+
+<p>
+Torbutton 1.2.5 (released in mid 2010) detects Google captchas and can
+automatically redirect you to a more Tor-friendly search engine such as
+Ixquick or Bing.
+</p>
+
+<hr />
+
+<a id="GmailWarning"></a>
+<h3><a class="anchor" href="#GmailWarning">Gmail warns me that my account may have been compromised.</a></h3>
+
+<p>
+Sometimes, after you've used Gmail over Tor, Google presents a
+pop-up notification that your account may have been compromised.
+The notification window lists a series of IP addresses and locations
+throughout the world recently used to access your account.
+</p>
+
+<p>
+In general this is a false alarm: Google saw a bunch of logins from
+different places, as a result of running the service via Tor, and decided
+it was a good idea to confirm the account was being accessed by it's
+rightful owner.
+</p>
+
+<p>
+Even though this may be a biproduct of using the service via tor,
+that doesn't mean you can entirely ignore the warning. It is
+<i>probably</i> a false positive, but it might not be since it is
+possible for someone to hijack your Google cookie.
+</p>
+
+<p>
+Cookie hijacking is possible by either physical access to your computer
+or by watching your network traffic. In theory only physical access
+should compromise your system because Gmail and similar services
+should only send the cookie over an SSL link. In practice, alas, it's <a
+href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">
+way more complex than that</a>.
+</p>
+
+<p>
+And if somebody <i>did</i> steal your google cookie, they might end
+up logging in from unusual places (though of course they also might
+not). So the summary is that since you're using Tor, this security
+measure that Google uses isn't so useful for you, because it's full of
+false positives. You'll have to use other approaches, like seeing if
+anything looks weird on the account, or looking at the timestamps for
+recent logins and wondering if you actually logged in at those times.
+</p>
+
+<hr>
+
<a id="torrc"></a>
<h3><a class="anchor" href="#torrc">I'm supposed to "edit my torrc". What does that mean?</a></h3>
@@ -1045,90 +1129,6 @@
<hr>
-<a id="GoogleCaptcha"></a>
-<h3><a class="anchor" href="#GoogleCaptcha">Google makes me solve a Captcha or tells me I have spyware installed.</a></h3>
-
-<p>
-This is a known and intermittent problem; it does not mean that Google
-considers Tor to be spyware.
-</p>
-
-<p>
-When you use Tor, you are sending queries through exit relays that are also
-shared by thousands of other users. Tor users typically see this message
-when many Tor users are querying Google in a short period of time. Google
-interprets the high volume of traffic from a single IP address (the exit
-relay you happened to pick) as somebody trying to "crawl" their website,
-so it slows down traffic from that IP address for a short time.
-</p>
-<p>
-An alternate explanation is that Google tries to detect certain
-kinds of spyware or viruses that send distinctive queries to Google
-Search. It notes the IP addresses from which those queries are received
-(not realizing that they are Tor exit relays), and tries to warn any
-connections coming from those IP addresses that recent queries indicate
-an infection.
-</p>
-
-<p>
-To our knowledge, Google is not doing anything intentionally specifically
-to deter or block Tor use. The error message about an infected machine
-should clear up again after a short time.
-</p>
-
-<p>
-Torbutton 1.2.5 (released in mid 2010) detects Google captchas and can
-automatically redirect you to a more Tor-friendly search engine such as
-Ixquick or Bing.
-</p>
-
-<hr />
-
-<a id="GmailWarning"></a>
-<h3><a class="anchor" href="#GmailWarning">Gmail warns me that my account may have been compromised.</a></h3>
-
-<p>
-Sometimes, after you've used Gmail over Tor, Google presents a
-pop-up notification that your account may have been compromised.
-The notification window lists a series of IP addresses and locations
-throughout the world recently used to access your account.
-</p>
-
-<p>
-In general this is a false alarm: Google saw a bunch of logins from
-different places, as a result of running the service via Tor, and decided
-it was a good idea to confirm the account was being accessed by it's
-rightful owner.
-</p>
-
-<p>
-Even though this may be a biproduct of using the service via tor,
-that doesn't mean you can entirely ignore the warning. It is
-<i>probably</i> a false positive, but it might not be since it is
-possible for someone to hijack your Google cookie.
-</p>
-
-<p>
-Cookie hijacking is possible by either physical access to your computer
-or by watching your network traffic. In theory only physical access
-should compromise your system because Gmail and similar services
-should only send the cookie over an SSL link. In practice, alas, it's <a
-href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">
-way more complex than that</a>.
-</p>
-
-<p>
-And if somebody <i>did</i> steal your google cookie, they might end
-up logging in from unusual places (though of course they also might
-not). So the summary is that since you're using Tor, this security
-measure that Google uses isn't so useful for you, because it's full of
-false positives. You'll have to use other approaches, like seeing if
-anything looks weird on the account, or looking at the timestamps for
-recent logins and wondering if you actually logged in at those times.
-</p>
-
-<hr>
-
<a id="FirewallPorts"></a>
<h3><a class="anchor" href="#FirewallPorts">My firewall only allows a few outgoing ports.</a></h3>
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits