linux_dr: try google.com/ncr
linux_dr: or better https://www.google.com/ since it doesn't have region autoswitching yet
possibly offtopic: will https everywhere be coming to chrome?
StrangeCharm: https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof Ctrl+F intercept
_4get, quite different functionality: kb is dom-based, so results in quite a lot of leakage
StrangeCharm: not that, he explains the reason why it cannot be yet done the other way
_4get aah, i see. so noscript, https everywhere and so on will have to be firefox only for a while, it seems
StrangeCharm: even more disappointing is that HTTPS enforcement was implemented as a built-in feature half a year ago http://blog.chromium.org/2010/01/security-in-depth-new-security-features.html
however this STS enforcement list in Chrome is not exposed neither directly to user nor to extensions API
they do have recommendation for such a feature in the draft, but only in a form of "advanced feature" http://lists.w3.org/Archives/Public/www-archive/2009Dec/att-0048/draft-hodges-strict-transport-sec-06.plain.html#ua-impl-advice
Hello everyone. I'm tracing circuit_send_next_onion_skin method in circuitbuild.c. And i'm trying to understand this if statement; "if (circ->cpath->state == CPATH_STATE_CLOSED)" . As far as i understood this if block is run only by OPs. Could you verify that please?
hi, the link on the front page links to a non-existing exe: https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.1.20-0.2.5.exe
also a question, i recall seeing a page that mentioned a setting where i could make my tor select relays only from a certain country?
mib_yvy4ft: http://www.torproject.org/tor-manual-dev.html.en EntryNodes ExitNodes StrictNodes
_4get: thanks, ill be reading that
_4get: strictnodes and country codes in config not yet supported says the log ;/
mib_yvy4ft: using stable or unstable tor?
perhaps it's supported in unstable
also, you can manually add that functionality, there's a file with tor called geoip
which has a list of ip number to countries
how do i check which version i run?
so you can either make some code to convert them
0.2.1.22 it says
on the tor page there's the option to download stable ro unstable
ok it's just out of date :P
latest stable is 0.2.1.26
lastest unstable is 0.2.2.13-alpha
start page links to .25 which also is a dead link..
DLed the unstable one now
anyways, removed the country stuff and running with only excluding slowserver
hmm i cant get tor/polipo to work over lan ;(
anybody know how i can check where in my chain it fails from my workstation browser all the way thru google.com so i can see where i get stopped at? atm i made polipo listen on 0.0.0.0 and allow ips pretty much all lan ips i have including 192.168.0.0/24 ect and still doesnt work
or: [Tor Bug Tracker & Wiki] #1564 was updated: #1564: Reported dirreq-v3-stats are 0.00% - http://trac.torproject.org/projects/tor/ticket/1564#comment:2
or: Comment(by mikeperry):
or: At a glance, I think the patch looks ok. though I still think this
or: probably should be computed offline using consensus docs.. The main reason[...]
or: [Tor Bug Tracker & Wiki] #1515 was updated: #1515: Torbutton shold enable firefox's "Private Browsing Mode" - http://trac.torproject.org/projects/tor/ticket/1515#comment:2
or: Changes (by elehack):
or: * cc: michael@& (added)
Is there any way to run a Tor deamon as a only relay? Not also client.
I see ClientOnly 0|1 options on Tor manual but it seems there isn't any option for RelayOnly etc.
ilter: Use SocksPort 0 in torrc, then nobody can use this relay as client.
rudi_s: Actually i'm tracing source codes and i put some logs to trace it well.
rudi_s: But unfortunately i'm confused on a point ..
rudi_s: In circuitbuild.c source code there is a method; "circuit_send_next_onion_skin". I couldn't get how it works.
ilter: Sorry, but I don't have any knowledge of Tor's source code.
rudi_s: Ok no problem, thank you for your concern.
Does anybody know any servers I can use to protect my outgoing traffic?
ilter: If you set SocksPort to 0, that should be enough to run not-as-a-client.
(And TransPort, and DNSPort. But those default to 0)
Did you have a more specific question about circuit_send_next_onion() skin then just "how it works" ?
Hello nickm. Yes i have ..
or: [Tor Bug Tracker & Wiki] #1571 filed by user: #1571: broken exit node - http://trac.torproject.org/projects/tor/ticket/1571
or: Some exit node is stealing failed DNS requests and redirecting to
or: guide.opendns.com. I don't know which one or how to find out, I suggest
or: [I know this is probably the wrong place to report this. I won't report[...]
In this method there is an if statement; if (circ->cpath->state == CPATH_STATE_CLOSED). Does it means that this statement is run only by OPs and Guard nodes?
so, it's only run on origin_circuit_t. There are two types that mean "circuit" in tor: origin_circuit_t, and or_circuit_t.
I'm tracing circuitbuild.c, and i'm trying to understand which methods are run by only Guard nodes?
Both are effectively subtypes of circuit_t.
origin_circuit_t is any circuit that we are originating ourselves.
*any* Tor can originate circuits, including OPs, guards, relays, exits, etc
[servers will typically originate circuits only to self-test]
or_circuit_t is a circuit that we are relaying for somebody else. Only servers have those.
But what about circ->cpath->state == CPATH_STATE_CLOSED)?
circ->cpath is a linked list of the hops in the circuit.
so circ->cpath is the first hop.
so circ->cpath->state is the state of the first hop
remember, Tor builds circuits one hop at a time, so...
... "if (circ->cpath->state == CPATH_STATE_CLOSED)" means "if the first hop of this circuit we are building isn't open yet".
So if there isn't first hop that means it which run this if statement is first node, ha
I don't understand.
(That statement was so ungrammatical I can't tell what you're asking.)
I mean; if circ->cpath->state is CPATH_STATE_CLOSED that means it's the first node. Am i wrong?
What "it"? Do you mean, "this Tor process" ?
Sorry for my english.
(no need to apologize; you speak English better than I speak any non-English language.)
so the answer is still "no".
If you enter circuit_send_next_onion_skin *AT ALL*, you have an origin_circuit_t.
*So which methods are run by only Guard nodes?
If you have an origin_circuit_t, then it is a circuit that you are creating yourself.
I think there are not many functions, if any, that only Guard nodes run.
"yourself" means for my client?
If a Tor process has an origin_circuit_t, that circuit is a circuit that is being built by that Tor process, and NOT a circuit that the Tor process is relaying for some other Tor.
What about circuit_extend method? If we assume that the certain number of nodes is 3 for a circuit, this method is run by only Guard and middle. Is it right?
Sure, with the caveat that it is possible for any server, including exits, to be used as a relay.
Yes that time the node which has a exit flag is used as a middle or a guard.
actually, I think circuit_extend is middle only.
If you're the first node, you don't get an EXTEND cell, you get a CREATE cell.
To be more specific, an EXTEND cell means "send this CREATE cell to the next hop"
so everybody gets a CREATE (or a CREATE_FAST) cell, but ...
But OPs send EXTEND cell to guards?
ah, never mind. Everybody but the last hop does indeed get an EXTEND cell
So only nodes which is a guard or a middle position in a circuit can run this method, ha?
I mean is it right by "ha"?
Oh. In that case, 'yes'.
Can we say that if cell_t->command is EXTEND in given parameters of circuit_extend method, that time this Tor process is used as a Guard node?
It could be a middle node.
The first node gets a CREATE cell to start the circuit.
Then it gets an EXTEND cell, and passes a CREATE cell to the second node.
Then it gets an unrecognized relay cell, which it passes to the second node. The second node decrypts it, recognizes that it has gotten an EXTEND cell, and passes a CREATE cell to the third node.