Added 3 FAQ entires and missing bridge fingerprints.
Matt Pagan

Matt Pagan commited on 2014-01-29 06:13:10
Zeige 1 geänderte Dateien mit 80 Einfügungen und 19 Löschungen.

... ...
@@ -36,6 +36,8 @@ proxies?</a></li>
36 36
     <li><a href="#IsItWorking">How can I tell if Tor is working, and that my 
37 37
     connections really are anonymized?</a></li>
38 38
     <li><a href="#FTP">How do I use my browser for ftp with Tor?</a></li>
39
+    <li><a href="#NoDataScrubbing">Does Tor remove personal information 
40
+    from the data my application sends?</a></li>
39 41
     <li><a href="#Metrics">How many people use Tor? How many relays or
40 42
     exit nodes are there?</a></li>
41 43
     <li><a href="#SSLcertfingerprint">What are your SSL certificate
... ...
@@ -246,6 +248,10 @@ packets,
246 248
     length.</a></li>
247 249
     <li><a href="#SplitEachConnection">You should split each connection over 
248 250
     many paths.</a></li>
251
+    <li><a href="#MigrateApplicationStreamsAcrossCircuits">You should migrate 
252
+    application streams across circuits.</a></li>
253
+    <li><a href="#LetTheNetworkPickThePath">You should let the network pick 
254
+    the path, not the client.</a></li>
249 255
     <li><a href="#UnallocatedNetBlocks">Your default exit policy should block 
250 256
     unallocated net blocks too.</a></li>
251 257
     <li><a href="#BlockWebsites">Exit policies should be able to block 
... ...
@@ -928,6 +934,22 @@ executive
928 934
     configure it to point to Tor as a "socks4a" proxy on "localhost" port 
929 935
     "9050". 
930 936
     </p>
937
+
938
+    <hr>
939
+    
940
+    <a id="NoDataScrubbing"></a>
941
+    <h3><a class="anchor" href="#NoDataScrubbing">Does Tor remove personal 
942
+    information from the data my application sends?</a></h3>
943
+
944
+    <p>No, it doesn't. You need to use a separate program that understands 
945
+    your application and protocol and knows how to clean or "scrub" the data 
946
+    it sends. The Tor Browser Bundle tries to keep application-level data, 
947
+    like the user-agent string, uniform for all users. The Tor Browser can't 
948
+    do anything about text that you type into forms, though. <a 
949
+    href="https://www.torproject.org/download/download-easy.html.en#warning">Be 
950
+    careful and be smart.</a>
951
+    </p>
952
+
931 953
     <hr>
932 954
 
933 955
     <a id="Metrics"></a>
... ...
@@ -1091,13 +1113,9 @@ better vendor.
1091 1113
     Tar is a common archive utility for Unix and Linux systems. If your
1092 1114
     system has a mouse, you can usually open them by double clicking. 
1093 1115
     Otherwise open a command prompt and execute 
1094
-    <pre>
1095
-    tar xzf &lt;FILENAME&gt;.tar.gz
1096
-    </pre>
1116
+    <pre>tar xzf &lt;FILENAME&gt;.tar.gz</pre>
1097 1117
     or
1098
-    <pre>
1099
-    tar xJf &lt;FILENAME&gt;.tar.xz
1100
-    </pre>
1118
+    <pre>tar xJf &lt;FILENAME&gt;.tar.xz</pre>
1101 1119
     <p>
1102 1120
     as documented in tar's man page. 
1103 1121
     </p>
... ...
@@ -1152,9 +1170,7 @@ I'm using Ubuntu and I can't start Tor Browser.</a></h3>
1152 1170
 Ubuntu prevents its users from executing shell scripts by clicking them, 
1153 1171
 even when the file permissions are set correctly. For now you need to 
1154 1172
 start the Tor Browser from the command line by running </p>
1155
-<pre>
1156
-./start-tor-browser
1157
-</pre>
1173
+<pre>./start-tor-browser</pre>
1158 1174
 <p>
1159 1175
 from inside the Tor Browser directory.
1160 1176
 </p>
... ...
@@ -1169,14 +1185,10 @@ fields, including the address bar, are blacked out and can not be used.
1169 1185
 This is not so great, and we hope to include a fix in a coming release. 
1170 1186
 In the mean time, this issue can be worked around by editing the 
1171 1187
 start-tor-browser script and adding the following line below line 1:</p>
1172
-<pre>
1173
-export GTK_IM_MODULE=xim
1174
-</pre>
1188
+<pre>export GTK_IM_MODULE=xim</pre>
1175 1189
 <p>This issue is related to the version of IBUS that ships with Ubuntu. 
1176 1190
 Some users have also reported success by executing this command</p>
1177
-<pre>
1178
-ibus exit
1179
-</pre>
1191
+<pre>ibus exit</pre>
1180 1192
 <p>To follow the progress of this issue, see this <a 
1181 1193
 href="https://trac.torproject.org/projects/tor/ticket/9353">bug ticket.</a>
1182 1194
 </p>
... ...
@@ -1434,8 +1446,7 @@ of those names is "hl". If you set "hl" to "en" then Google will return
1434 1446
 search results in English regardless of what Google server you have been 
1435 1447
 sent to. On a query this looks like: 
1436 1448
 </p>
1437
-<pre>https://encrypted.google.com/search?q=online%20anonymity&hl=en
1438
-</pre>
1449
+<pre>https://encrypted.google.com/search?q=online%20anonymity&hl=en</pre>
1439 1450
 <p>
1440 1451
 Another method is to simply use your country code for accessing Google. 
1441 1452
 This can be google.be, google.de, google.us and so on. 
... ...
@@ -1695,8 +1706,8 @@ Bridge obfs3 83.212.101.2:42782 2ADFE7AA8D272C520D1FBFBF4E413F3A1B26313D
1695 1706
 Bridge obfs3 83.212.101.2:443 2ADFE7AA8D272C520D1FBFBF4E413F3A1B26313D
1696 1707
 Bridge obfs3 169.229.59.74:31493 AF9F66B7B04F8FF6F32D455F05135250A16543C9
1697 1708
 Bridge obfs3 169.229.59.75:46328 AF9F66B7B04F8FF6F32D455F05135250A16543C9
1698
-Bridge obfs3 209.141.36.236:45496
1699
-Bridge obfs3 208.79.90.242:35658
1709
+Bridge obfs3 209.141.36.236:45496 58D91C3A631F910F32E18A55441D5A0463BA66E2
1710
+Bridge obfs3 208.79.90.242:35658 BA61757846841D64A83EA2514C766CB92F1FB41F
1700 1711
 Bridge obfs3 109.105.109.163:38980 9D7259A696F7DAB073043B28114112A46D36CFFD
1701 1712
 Bridge obfs3 109.105.109.163:47779 844B1F53FFD548C998F8D3B01B7E19FA07C3396E
1702 1713
 Bridge obfs2 83.212.100.216:47870 1F01A7BB60F49FC96E0850A6BAD6D076DFEFAF80
... ...
@@ -4465,6 +4476,56 @@ could possibly see.
4465 4476
 
4466 4477
     <hr>
4467 4478
 
4479
+    <a id="MigrateApplicationStreamsAcrossCircuits"></a>
4480
+    <h3><a class="anchor" href="#MigrateApplicationStreamsAcrossCircuits">You 
4481
+    should migrate application streams across circuits.</a></h3>
4482
+    <p>This would be great for two reasons. First, if a circuit breaks, we 
4483
+    would be able to shift its active streams onto a new circuit, so they 
4484
+    don't have to break. Second, it is conceivable that we could get 
4485
+    increased security against certain attacks by migrating streams 
4486
+    periodically, since leaving a stream on a given circuit for many hours 
4487
+    might make it more vulnerable to certain adversaries.</p>
4488
+
4489
+    <p>There are two problems though. First, Tor would need a much more 
4490
+    bulky protocol. Right now each end of the Tor circuit just sends the 
4491
+    cells, and lets TCP provide the in-order guaranteed delivery. If we 
4492
+    can move streams across circuits, though, we would need to add queues 
4493
+    at each end of the circuit, add sequence numbers so we can send and 
4494
+    receive acknowledgements for cells, and so forth. These changes would 
4495
+    increase the complexity of the Tor protocol considerably. Which leads 
4496
+    to the second problem: if the exit node goes away, there's nothing we 
4497
+    can do to save the TCP connection. Circuits are typically three hops 
4498
+    long, so in about a third of the cases we just lose.</p>
4499
+
4500
+    <p>Thus our current answer is that since we can only improve things by 
4501
+    at best 2/3, it's not worth the added code and complexity. If somebody 
4502
+    writes a protocol specification for it and it turns out to be pretty 
4503
+    simple, we'd love to add it.</p>
4504
+
4505
+    <p>But there are still some approaches we can take to improve the 
4506
+    reliability of streams. The main approach we have now is to specify 
4507
+    that streams using certain application ports prefer circuits to be 
4508
+    made up of stable nodes. These ports are specified in the "LongLivedPorts" 
4509
+    <a href="#torrc">torrc</a> option, and they default to
4510
+    <pre>21,22,706,1863,5050,5190,5222,5223,6667,6697,8300</pre>. The 
4511
+    definition of "stable" is an open research question, since we can only 
4512
+    guess future stability based on past performance. Right now we judge 
4513
+    that a node is stable if it advertises that it has been up for more 
4514
+    than a day. Down the road we plan to refine this so it takes into 
4515
+    account the average stability of the other nodes in the Tor network.</p>
4516
+
4517
+    <hr>
4518
+
4519
+    <a id="LetTheNetworkPickThePath"></a>
4520
+    <h3><a class="anchor" href="#LetTheNetworkPickThePath">You should 
4521
+    let the network pick the path, not the client</a></h3>
4522
+
4523
+    <p>No. You cannot trust the network to pick the path for relays could 
4524
+    collude and route you through their colluding friends. This would give 
4525
+    an adversary the ability to watch all of your traffic end to end.</p>
4526
+
4527
+    <hr>
4528
+
4468 4529
     <a id="UnallocatedNetBlocks"></a>
4469 4530
     <h3><a class="anchor" href="#UnallocatedNetBlocks">Your default exit 
4470 4531
     policy should block unallocated net blocks too.</a></h3>
4471 4532