Browse code

add back the faq entries that got dropped in the move. also add back a correction.

Roger Dingledine authored on 11/10/2010 07:37:19
Showing 1 changed files
... ...
@@ -46,7 +46,16 @@
46 46
     
47 47
     <p>Running a Tor client:</p>
48 48
     <ul>
49
-    <li><a href="#ChooseEntryExit">Can I control which nodes (or country) are used for entry/exit?</a></li>
49
+    <li><a href="#DoesntWork">I installed Tor and Polipo but it's not
50
+    working.</a></li>
51
+    <li><a href="#VidaliaPassword">Tor/Vidalia prompts for a password at
52
+    start.</a></li>
53
+    <li><a href="#ChooseEntryExit">Can I control which nodes (or country)
54
+    are used for entry/exit?</a></li>
55
+    <li><a href="#GoogleCaptcha">Google makes me solve a Captcha or tells
56
+    me I have spyware installed.</a></li>
57
+    <li><a href="#GmailWarning">Gmail warns me that my account may have
58
+    been compromised.</a></li>
50 59
     </ul>
51 60
     
52 61
     <p>Running a Tor relay:</p>
... ...
@@ -712,7 +721,154 @@
712 721
     <p>
713 722
     Please contact us if you know any others.
714 723
     </p>
715
-    
724
+
725
+<hr>
726
+
727
+<a id="DoesntWork"></a>
728
+<h3><a class="anchor" href="#DoesntWork">I installed Tor and Polipo but
729
+it's not working.</a></h3>
730
+
731
+<p>
732
+Once you've installed the Tor bundle, there are two questions to ask:
733
+first, is your Tor able to establish a circuit? Second, is your
734
+Firefox correctly configured to send its traffic through Tor?
735
+</p>
736
+
737
+<p>If Tor can establish a circuit, the onion icon in
738
+Vidalia will turn green. You can also check in the Vidalia
739
+Control Panel to make sure it says "Connected to the Tor
740
+network!" under Status. For those not using Vidalia, check your <a
741
+href="<wiki>TorFAQ#HowdoIsetuploggingorseeTorslogs">Tor logs</a> for
742
+a line saying that Tor "has successfully opened a circuit. Looks like
743
+client functionality is working."
744
+</p>
745
+
746
+<p>
747
+If Tor can't establish a circuit, here are some hints:
748
+</p>
749
+
750
+<ol>
751
+<li>Are you sure Tor is running? If you're using Vidalia, you may have
752
+to click on the onion and select "Start" to launch Tor.</li>
753
+<li>Check your system clock. If it's more than a few hours off, Tor will
754
+refuse to build circuits. For XP users, synchronize your clock under
755
+the clock -&gt; Internet time tab. In addition, correct the day and date
756
+under the 'Date &amp; Time' Tab.</li>
757
+<li>Is your Internet connection <a
758
+href="<wiki>TorFAQ#Myfirewallonlyallowsafewoutgoingports.">firewalled</a>,
759
+or do you normally need to use a <a
760
+href="<wiki>TorFAQ#MyInternetconnectionrequiresanHTTPorSOCKSproxy.">proxy</a>?
761
+</li>
762
+<li>Are you running programs like Norton Internet Security or SELinux that
763
+block certain connections, even though you don't realize they do? They
764
+could be preventing Tor from making network connections.</li>
765
+<li>Are you in China, or behind a restrictive corporate network firewall
766
+that blocks the public Tor relays? If so, you should learn about <a
767
+href="<page bridges>">Tor bridges</a>.</li>
768
+<li>Check your <a href="<wiki>TorFAQ#HowdoIsetuploggingorseeTorslogs">Tor
769
+logs</a>. Do they give you any hints about what's going wrong?</li>
770
+</ol>
771
+
772
+<p>
773
+Step two is to confirm that Firefox is correctly configured to send its
774
+traffic through Tor. Try the <a href="https://check.torproject.org/">Tor
775
+Check</a> site and see whether it thinks you are using Tor. See <a
776
+href="<wiki>TorFAQ#HowcanItellifTorisworkingandthatmyconnectionsreallyareanonymizedArethereexternalserversthatwilltestmyconnection">the
777
+Tor Check FAQ entry</a> for details.
778
+<p>
779
+
780
+<p>
781
+If it thinks you're not using Tor, here are some hints:
782
+</p>
783
+
784
+<ol>
785
+<li>Did you install the Torbutton extension for Firefox? The installation
786
+bundles include it, but sometimes people forget to install it. Make sure
787
+it says "Tor enabled" at the bottom right of your Firefox window. (For
788
+expert users, make sure your http proxy is set to localhost port
789
+8118.)</li>
790
+<li>Do you have incompatible Firefox extensions like FoxyProxy
791
+installed? If so, uninstall them. (Note that using FoxyProxy is NOT
792
+a sufficient substitute for Torbutton. There are many known attacks
793
+against a browser setup that does not include Torbutton. Read more
794
+in the <a href="<page torbutton/faq>">Torbutton FAQ</a> and the <a
795
+href="https://www.torproject.org/torbutton/design/">Torbutton design</a>
796
+specification.)</li>
797
+<li>If your browser says "The proxy server is refusing connections.",
798
+check that Polipo (the http proxy that passes traffic between Firefox
799
+and Tor) is running. On Windows, look in the task manager and check for
800
+a polipo.exe. On OS X, open the utilities folder in your applications
801
+folder, and open Terminal.app. Then run "ps aux|grep polipo".</li>
802
+<li>If you're upgrading from OS X, some of the earlier OS X installers
803
+were broken in really unfortunate ways. You may find that <a href="<page
804
+docs/tor-doc-osx>#uninstall">uninstalling everything</a> and then
805
+installing a fresh bundle helps. Alas, the current uninstall instructions
806
+may not apply anymore to your old bundle. Sorry.</li>
807
+<li>If you're on Linux, make sure Privoxy isn't running, since it will
808
+conflict with the port that our Polipo configuration file picks.</li>
809
+<li>If you installed Polipo yourself (not from a bundle), did you edit the
810
+config file as described? Did you restart Polipo after this change?</li>
811
+<li>For Red Hat Linux and related systems, do you have SELinux enabled? If
812
+so, it might be preventing Polipo from talking to Tor. We also run across
813
+BSD users periodically who have local firewall rules that prevent some
814
+connections to localhost.</li>
815
+</ol>
816
+
817
+<hr />
818
+
819
+<a id="VidaliaPassword"></a>
820
+<h3><a class="anchor" href="#VidaliaPassword">Tor/Vidalia prompts for
821
+a password at start.</a></h3>
822
+
823
+<p>
824
+Vidalia interacts with the Tor software via Tor's "control port". The
825
+control port lets Vidalia receive status updates from Tor, request a new
826
+identity, configure Tor's settings, etc. Each time Vidalia starts Tor,
827
+Vidalia sets a random password for Tor's control port to prevent other
828
+applications from also connecting to the control port and potentially
829
+compromising your anonymity.
830
+</p>
831
+
832
+<p>
833
+Usually this process of generating and setting a random control password
834
+happens in the background. There are three common situations, though,
835
+where Vidalia may prompt you for a password:
836
+</p>
837
+
838
+<ol>
839
+<li>You're already running Vidalia and Tor. For example, this situation
840
+can happen if you installed the Vidalia bundle and now you're trying to
841
+run the Tor Browser Bundle. In that case, you'll need to close the old
842
+Vidalia and Tor before you can run this one.
843
+</li>
844
+<li>Vidalia crashed, but left Tor running with the last known random
845
+password. After you restart Vidalia, it generates a new random password,
846
+but Vidalia can't talk to Tor, because the random passwords are different.
847
+<br />
848
+If the dialog that prompts you for a control password has a Reset button,
849
+you can click the button and Vidalia will restart Tor with a new random
850
+control password.
851
+<br />
852
+If you do not see a Reset button, or if Vidalia is unable to restart
853
+Tor for you, you can still fix the problem manually. Simply go into your
854
+process or task manager, and terminate the Tor process. Then use Vidalia
855
+to restart Tor and all will work again.
856
+</li>
857
+<li>You had previously set Tor to run as a Windows NT service. When Tor
858
+is set to
859
+run as a service, it starts up when the system boots. If you configured
860
+Tor to start as a service through Vidalia, a random password was set
861
+and saved in Tor. When you reboot, Tor starts up and uses the random
862
+password it saved. You login and start up Vidalia. Vidalia attempts to
863
+talk to the already running Tor. Vidalia generates a random password,
864
+but it is different than the saved password in the Tor service.
865
+<br />
866
+You need to reconfigure Tor to not be a service. See the FAQ entry on
867
+<a href="<wiki>TorFAQ#HowdoIrunmyTorrelayasanNTservice">running Tor as a Windows NT service</a>
868
+for more information on how to remove the Tor service.
869
+</li>
870
+</ol>
871
+
716 872
     <hr>
717 873
     
718 874
     <a id="ChooseEntryExit"></a>
... ...
@@ -771,7 +927,92 @@
771 927
     </p>
772 928
     
773 929
     <hr>
774
-    
930
+
931
+<a id="GoogleCaptcha"></a>
932
+<h3><a class="anchor" href="#GoogleCaptcha">Google makes me solve a
933
+Captcha or tells me I have spyware installed.</a></h3>
934
+
935
+<p>
936
+This is a known and intermittent problem; it does not mean that Google
937
+considers Tor to be spyware.
938
+</p>
939
+
940
+<p>
941
+When you use Tor, you are sending queries through exit relays that are also
942
+shared by thousands of other users. Tor users typically see this message
943
+when many Tor users are querying Google in a short period of time. Google
944
+interprets the high volume of traffic from a single IP address (the exit
945
+relay you happened to pick) as somebody trying to "crawl" their website,
946
+so it slows down traffic from that IP address for a short time.
947
+</p>
948
+<p>
949
+An alternate explanation is that Google tries to detect certain
950
+kinds of spyware or viruses that send distinctive queries to Google
951
+Search. It notes the IP addresses from which those queries are received
952
+(not realizing that they are Tor exit relays), and tries to warn any
953
+connections coming from those IP addresses that recent queries indicate
954
+an infection.
955
+</p>
956
+
957
+<p>
958
+To our knowledge, Google is not doing anything intentionally specifically
959
+to deter or block Tor use. The error message about an infected machine
960
+should clear up again after a short time.
961
+</p>
962
+
963
+<p>
964
+Torbutton 1.2.5 (released in mid 2010) detects Google captchas and can
965
+automatically redirect you to a more Tor-friendly search engine such as
966
+Ixquick or Bing.
967
+</p>
968
+
969
+<hr />
970
+
971
+<a id="GmailWarning"></a>
972
+<h3><a class="anchor" href="#GmailWarning">Gmail warns me that my account
973
+may have been compromised.</a></h3>
974
+
975
+<p>
976
+Sometimes, after you've used Gmail over Tor, Google presents a
977
+pop-up notification that your account may have been compromised. The
978
+notification window lists a series of IP addresses and locations throughout
979
+the world recently used to access your account.
980
+</p>
981
+
982
+<p>
983
+In general this is a false alarm: Google saw a bunch of logins from
984
+different places  and wanted to let
985
+you know. If you use Tor to access a Google service, then it will appear
986
+like you're coming from lots of different places. Nothing to worry about
987
+in particular.
988
+</p>
989
+
990
+<p>
991
+But that doesn't mean you can entirely ignore the warning. It's
992
+<i>probably</i> a false positive, but it might not be. It is possible
993
+that somebody could at some point steal your Google cookie, which would
994
+allow them to log in to the Google service as you. They might steal it
995
+by breaking into your computer, or by watching your network traffic at
996
+Starbucks or sniffing your wireless at home (when you're not using Tor),
997
+or by watching traffic going over the Tor network. In theory none of
998
+this should be possible because Gmail and similar services should only
999
+send the cookie over an SSL link. In practice, alas, it's <a
1000
+href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">way
1001
+more complex than that</a>.
1002
+</p>
1003
+
1004
+<p>
1005
+And if somebody <i>did</i> steal your google cookie, they might end
1006
+up logging in from unusual places (though of course they also might
1007
+not). So the summary is that since you're using Tor, this security
1008
+measure that Google uses isn't so useful for you, because it's full of
1009
+false positives. You'll have to use other approaches, like seeing if
1010
+anything looks weird on the account, or looking at the timestamps for
1011
+recent logins and wondering if you actually logged in at those times.
1012
+</p>
1013
+
1014
+<hr />
1015
+
775 1016
     <a id="RelayFlexible"></a>
776 1017
     <h3><a class="anchor" href="#RelayFlexible">How stable does my relay
777 1018
     need to be?</a></h3>
... ...
@@ -880,7 +1121,7 @@
880 1121
     publically or not.
881 1122
     </p>
882 1123
     
883
-    <p>Right now, there are roughly zero places in the world that filter
1124
+    <p>Right now, there are a small number of places in the world that filter
884 1125
     connections to the Tor network. So getting a lot of bridges running
885 1126
     right now is mostly a backup measure, a) in case the Tor network does
886 1127
     get blocked somewhere, and b) for people who want an extra layer of