[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] alt-svc supported by TBB

On 2018-09-18 14:33, Dave Warren wrote:
On 2018-09-18 13:33, nusenu wrote:

Dave Warren:
Can anyone confirm if the current release of TBB supports alt-svc?

I'm testing the Cloudflare alt-svc .onion beta project and I do see
the alt-svc header, but I'm trying to determine whether TBB is
actually using it or not. It seems like not, given that the website
can see a tor exit IP in the Cloudflare headers (I wouldn't expect
this since subsequent requests should be delivered over a .onion

TorBrowser is supposed to support alt-svc since version 8 but
we have had mixed results when testing it

Using the test page at https://perfectoid.space/test.php I get either red or yellow exclusively, no amount of refreshing and/or changing circuits seems to get green which confirms my own testing on a site I operate that is participating in the beta.

I've been monkeying around a bit, and I can sometimes get this to work, but very infrequently. It feels like if I open a tunnel to each of their .onion addresses first then it increases the odds although I'm not sure if this makes sense since a new hostname (the test site vs their .onion addresses) should result in a new tunnel anyway.

And maybe this is just a limitation of the test site (although I don't think so), but it seems that Cloudflare fails to notice many IPv6 exits, whereas IPv4 exits usually get the country "T1" (meaning Cloudflare knows this is a Tor exit and adds the Alt-Svc header).

Unfortunately the reliability doesn't seem to be here enough to try and achieve Cloudflare's stated goals, but hopefully this is just an early attempt and not the end of the road. On the flip side, maybe it is working a little more than it appears since I'm not seeing CAPTCHAs when using TBB 8, but I am from a second machine running TBB 7.

One final note: Are there any other Cloudflare users on the Free or Pro plans? If so, could you go check if Onion Routing was enabled for you? Their blog says it is enabled by default, but it is disabled on two of my three sites -- Maybe this is due to being part of the beta though, I did manually enable it on that third site and maybe that precluded it from being enabled on my other two?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to