[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Are 'StrictNodes 1' actually strict?
Thanks for the reply, Roger.
I have noticed the issue with Cloudflare before.
That said, I have used the StrictNodes / ExitNodes combination many times
recently and it has worked.
So if I wanted to use a specific exitnode, how would my torrc look?
On Thu, January 30, 2020 9:45 am, Roger Dingledine wrote:
> On Wed, Jan 29, 2020 at 02:45:01PM -0000, mimble9@xxxxxxxxxxxxx wrote:
>> I have StrictNodes 1 and ExitNodes hands in my torrc.
>> However, when using TBB, I discovered that I was often using other exit
>> nodes. Clicking "New Circuit for this site" then placed hands back as
>> the exit node.
>> Any ideas why? Just the one exit node in the torrc.
>> This suggests to me that StrictNodes are not 100% strict.
> Check out the man page, where it says "StrictNodes does not apply to
> ExcludeExitNodes, ExitNodes, MiddleNodes, or MapAddress."
> So you shouldn't be setting StrictNodes for this case. Maybe you are
> using a super old guide found somewhere on the internet? :) More info from
> when we made the change back in 2011:
> That said, ExitNodes should work. My guess is that you're visiting a
> Cloudflare site, which is giving your Tor Browser an alt-svc header,
> which sends the browser to load the site via one of Cloudflare's onion
> addresses. And since onion services don't have the concept of "exiting",
> then your Tor feels no need to end that circuit with your specified
> *That* said, there are some bugs with how Tor Browser visualizes your
> circuit when alt-svc is in use: https://bugs.torproject.org/27590
> and it looks like the browser might be inconsistent about whether it
> actually uses the alt-svc destinations, which could explain your getting
> your exit relay every so often: https://bugs.torproject.org/27502
> Best plan would be to pick a really simple non-CDN'ed single-address
> domain, like freehaven.net, and try to recreate your issue there.
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or
> change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to