[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Are 'StrictNodes 1' actually strict?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Are 'StrictNodes 1' actually strict?
From: mimble9@xxxxxxxxxxxxx
Date: Fri, 31 Jan 2020 23:54:40 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 02 Feb 2020 17:55:23 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=danwin1210.me; s=mail; t=1580514892; bh=7ew2lv5H1n4YvYy/j7QNMUrlQYX/dyjvoAbGbUoqvsc=; h=In-Reply-To:References:Date:Subject:From:To:From; b=WD0IiiQRh73cCI9J5d2UPjsXa08Po0OUu1Kc282YiHaYorKiCcIjVvG99i8RYsioY +40S1OPgKoX94tHkbHTzZL22Y5qUTDJwCxwRS02lmDEjStzYyheQ0I21BfoTPM+Rro UeRLIDYWCotdj5N9VsHH6jOgEf4mvqOs5bxXztsYzkaUKorP6qrE74jsEajzvhpqtn NzWJhXRE5zzRzIiG/20nhs3lvm4NIFspRHZlc2uCiEV+yaPLMUqr7WfmnNOVGRBSHa Gb6YM+W8jAcYpV/coRqj0z4Mhl+D1KdNq1Mu8CFi8gEunk8IBE4HYo4V4hNflC9S5S qsQPzCYjqobxxLKEWQZrIC4tKW5TYTBFy73yMc/h2HM6BDYNqDyRywkxgJpxg7Umy/ Bm2K+JdlCBJ1RqFlm64URLysgyPbWv+0/i83zJ/VXCG06pkuF6Lf0IuCZV171z/qi5 rgAF+6T66SwOfHz5+/YmGI4y9RT9h+BNdrfPbwtxRpZFXa7BZMKEtW6FPjBHNFCMCs S5Ve4ZcBy5wBOQcRl19XcfRJwnUsDPJ/7cpbXIb9aQgr8UwDfb6xaHibeM6kTFj7tn Lf+DfqQYMz/j4s7LHgUbnuC9lmqNphLgBBsY0S1PewMCpjlq0XaZvTKQpQwfGS6isu N4XyBfkRZDzGYpBAXiTHztKs=
In-reply-to: <20200130094512.GB2719@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <38e8ac3949ae2a719b945538e531eb8a.squirrel@danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion> <20200130094512.GB2719@moria.seul.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Thanks for the reply, Roger.

I have noticed the issue with Cloudflare before.

That said, I have used the StrictNodes / ExitNodes combination many times
recently and it has worked.

For example:

StrictNodes 1
ExitNodes {ro}

or:

StrictNodes 1
ExitNodes example_one
ExitNodes example_two


So if I wanted to use a specific exitnode, how would my torrc look?

Thanks again.

On Thu, January 30, 2020 9:45 am, Roger Dingledine wrote:
> On Wed, Jan 29, 2020 at 02:45:01PM -0000, mimble9@xxxxxxxxxxxxx wrote:
>
>> I have StrictNodes 1 and ExitNodes hands in my torrc.
>>
>>
>> However, when using TBB, I discovered that I was often using other exit
>>  nodes. Clicking "New Circuit for this site" then placed hands back as
>> the exit node.
>>
>> Any ideas why? Just the one exit node in the torrc.
>>
>>
>> This suggests to me that StrictNodes are not 100% strict.
>>
>
> Check out the man page, where it says "StrictNodes does not apply to
> ExcludeExitNodes, ExitNodes, MiddleNodes, or MapAddress."
>
>
> So you shouldn't be setting StrictNodes for this case. Maybe you are
> using a super old guide found somewhere on the internet? :) More info from
> when we made the change back in 2011:
> https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=tor-0.4.2.5#n17
> 216
>
>
> That said, ExitNodes should work. My guess is that you're visiting a
> Cloudflare site, which is giving your Tor Browser an alt-svc header,
> which sends the browser to load the site via one of Cloudflare's onion
> addresses. And since onion services don't have the concept of "exiting",
> then your Tor feels no need to end that circuit with your specified
> ExitNode.
>
>
> *That* said, there are some bugs with how Tor Browser visualizes your
> circuit when alt-svc is in use: https://bugs.torproject.org/27590
> and it looks like the browser might be inconsistent about whether it
> actually uses the alt-svc destinations, which could explain your getting
> your exit relay every so often: https://bugs.torproject.org/27502
>
>
> Best plan would be to pick a really simple non-CDN'ed single-address
> domain, like freehaven.net, and try to recreate your issue there.
>
> --Roger
>
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or
> change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Are 'StrictNodes 1' actually strict?
  - From: Roger Dingledine

Prev by Author: [tor-talk] Tor and sources.list
Next by Author: Re: [tor-talk] Are 'StrictNodes 1' actually strict?
Next by thread: Re: [tor-talk] Are 'StrictNodes 1' actually strict?
Index(es):
- Author
- Thread