Roger Dingledine commited on 2010-10-11 07:37:19
Zeige 1 geänderte Dateien mit 243 Einfügungen und 2 Löschungen.
... | ... |
@@ -46,7 +46,16 @@ |
46 | 46 |
|
47 | 47 |
<p>Running a Tor client:</p> |
48 | 48 |
<ul> |
49 |
- <li><a href="#ChooseEntryExit">Can I control which nodes (or country) are used for entry/exit?</a></li> |
|
49 |
+ <li><a href="#DoesntWork">I installed Tor and Polipo but it's not |
|
50 |
+ working.</a></li> |
|
51 |
+ <li><a href="#VidaliaPassword">Tor/Vidalia prompts for a password at |
|
52 |
+ start.</a></li> |
|
53 |
+ <li><a href="#ChooseEntryExit">Can I control which nodes (or country) |
|
54 |
+ are used for entry/exit?</a></li> |
|
55 |
+ <li><a href="#GoogleCaptcha">Google makes me solve a Captcha or tells |
|
56 |
+ me I have spyware installed.</a></li> |
|
57 |
+ <li><a href="#GmailWarning">Gmail warns me that my account may have |
|
58 |
+ been compromised.</a></li> |
|
50 | 59 |
</ul> |
51 | 60 |
|
52 | 61 |
<p>Running a Tor relay:</p> |
... | ... |
@@ -715,6 +724,153 @@ |
715 | 724 |
|
716 | 725 |
<hr> |
717 | 726 |
|
727 |
+<a id="DoesntWork"></a> |
|
728 |
+<h3><a class="anchor" href="#DoesntWork">I installed Tor and Polipo but |
|
729 |
+it's not working.</a></h3> |
|
730 |
+ |
|
731 |
+<p> |
|
732 |
+Once you've installed the Tor bundle, there are two questions to ask: |
|
733 |
+first, is your Tor able to establish a circuit? Second, is your |
|
734 |
+Firefox correctly configured to send its traffic through Tor? |
|
735 |
+</p> |
|
736 |
+ |
|
737 |
+<p>If Tor can establish a circuit, the onion icon in |
|
738 |
+Vidalia will turn green. You can also check in the Vidalia |
|
739 |
+Control Panel to make sure it says "Connected to the Tor |
|
740 |
+network!" under Status. For those not using Vidalia, check your <a |
|
741 |
+href="<wiki>TorFAQ#HowdoIsetuploggingorseeTorslogs">Tor logs</a> for |
|
742 |
+a line saying that Tor "has successfully opened a circuit. Looks like |
|
743 |
+client functionality is working." |
|
744 |
+</p> |
|
745 |
+ |
|
746 |
+<p> |
|
747 |
+If Tor can't establish a circuit, here are some hints: |
|
748 |
+</p> |
|
749 |
+ |
|
750 |
+<ol> |
|
751 |
+<li>Are you sure Tor is running? If you're using Vidalia, you may have |
|
752 |
+to click on the onion and select "Start" to launch Tor.</li> |
|
753 |
+<li>Check your system clock. If it's more than a few hours off, Tor will |
|
754 |
+refuse to build circuits. For XP users, synchronize your clock under |
|
755 |
+the clock -> Internet time tab. In addition, correct the day and date |
|
756 |
+under the 'Date & Time' Tab.</li> |
|
757 |
+<li>Is your Internet connection <a |
|
758 |
+href="<wiki>TorFAQ#Myfirewallonlyallowsafewoutgoingports.">firewalled</a>, |
|
759 |
+or do you normally need to use a <a |
|
760 |
+href="<wiki>TorFAQ#MyInternetconnectionrequiresanHTTPorSOCKSproxy.">proxy</a>? |
|
761 |
+</li> |
|
762 |
+<li>Are you running programs like Norton Internet Security or SELinux that |
|
763 |
+block certain connections, even though you don't realize they do? They |
|
764 |
+could be preventing Tor from making network connections.</li> |
|
765 |
+<li>Are you in China, or behind a restrictive corporate network firewall |
|
766 |
+that blocks the public Tor relays? If so, you should learn about <a |
|
767 |
+href="<page bridges>">Tor bridges</a>.</li> |
|
768 |
+<li>Check your <a href="<wiki>TorFAQ#HowdoIsetuploggingorseeTorslogs">Tor |
|
769 |
+logs</a>. Do they give you any hints about what's going wrong?</li> |
|
770 |
+</ol> |
|
771 |
+ |
|
772 |
+<p> |
|
773 |
+Step two is to confirm that Firefox is correctly configured to send its |
|
774 |
+traffic through Tor. Try the <a href="https://check.torproject.org/">Tor |
|
775 |
+Check</a> site and see whether it thinks you are using Tor. See <a |
|
776 |
+href="<wiki>TorFAQ#HowcanItellifTorisworkingandthatmyconnectionsreallyareanonymizedArethereexternalserversthatwilltestmyconnection">the |
|
777 |
+Tor Check FAQ entry</a> for details. |
|
778 |
+<p> |
|
779 |
+ |
|
780 |
+<p> |
|
781 |
+If it thinks you're not using Tor, here are some hints: |
|
782 |
+</p> |
|
783 |
+ |
|
784 |
+<ol> |
|
785 |
+<li>Did you install the Torbutton extension for Firefox? The installation |
|
786 |
+bundles include it, but sometimes people forget to install it. Make sure |
|
787 |
+it says "Tor enabled" at the bottom right of your Firefox window. (For |
|
788 |
+expert users, make sure your http proxy is set to localhost port |
|
789 |
+8118.)</li> |
|
790 |
+<li>Do you have incompatible Firefox extensions like FoxyProxy |
|
791 |
+installed? If so, uninstall them. (Note that using FoxyProxy is NOT |
|
792 |
+a sufficient substitute for Torbutton. There are many known attacks |
|
793 |
+against a browser setup that does not include Torbutton. Read more |
|
794 |
+in the <a href="<page torbutton/faq>">Torbutton FAQ</a> and the <a |
|
795 |
+href="https://www.torproject.org/torbutton/design/">Torbutton design</a> |
|
796 |
+specification.)</li> |
|
797 |
+<li>If your browser says "The proxy server is refusing connections.", |
|
798 |
+check that Polipo (the http proxy that passes traffic between Firefox |
|
799 |
+and Tor) is running. On Windows, look in the task manager and check for |
|
800 |
+a polipo.exe. On OS X, open the utilities folder in your applications |
|
801 |
+folder, and open Terminal.app. Then run "ps aux|grep polipo".</li> |
|
802 |
+<li>If you're upgrading from OS X, some of the earlier OS X installers |
|
803 |
+were broken in really unfortunate ways. You may find that <a href="<page |
|
804 |
+docs/tor-doc-osx>#uninstall">uninstalling everything</a> and then |
|
805 |
+installing a fresh bundle helps. Alas, the current uninstall instructions |
|
806 |
+may not apply anymore to your old bundle. Sorry.</li> |
|
807 |
+<li>If you're on Linux, make sure Privoxy isn't running, since it will |
|
808 |
+conflict with the port that our Polipo configuration file picks.</li> |
|
809 |
+<li>If you installed Polipo yourself (not from a bundle), did you edit the |
|
810 |
+config file as described? Did you restart Polipo after this change?</li> |
|
811 |
+<li>For Red Hat Linux and related systems, do you have SELinux enabled? If |
|
812 |
+so, it might be preventing Polipo from talking to Tor. We also run across |
|
813 |
+BSD users periodically who have local firewall rules that prevent some |
|
814 |
+connections to localhost.</li> |
|
815 |
+</ol> |
|
816 |
+ |
|
817 |
+<hr /> |
|
818 |
+ |
|
819 |
+<a id="VidaliaPassword"></a> |
|
820 |
+<h3><a class="anchor" href="#VidaliaPassword">Tor/Vidalia prompts for |
|
821 |
+a password at start.</a></h3> |
|
822 |
+ |
|
823 |
+<p> |
|
824 |
+Vidalia interacts with the Tor software via Tor's "control port". The |
|
825 |
+control port lets Vidalia receive status updates from Tor, request a new |
|
826 |
+identity, configure Tor's settings, etc. Each time Vidalia starts Tor, |
|
827 |
+Vidalia sets a random password for Tor's control port to prevent other |
|
828 |
+applications from also connecting to the control port and potentially |
|
829 |
+compromising your anonymity. |
|
830 |
+</p> |
|
831 |
+ |
|
832 |
+<p> |
|
833 |
+Usually this process of generating and setting a random control password |
|
834 |
+happens in the background. There are three common situations, though, |
|
835 |
+where Vidalia may prompt you for a password: |
|
836 |
+</p> |
|
837 |
+ |
|
838 |
+<ol> |
|
839 |
+<li>You're already running Vidalia and Tor. For example, this situation |
|
840 |
+can happen if you installed the Vidalia bundle and now you're trying to |
|
841 |
+run the Tor Browser Bundle. In that case, you'll need to close the old |
|
842 |
+Vidalia and Tor before you can run this one. |
|
843 |
+</li> |
|
844 |
+<li>Vidalia crashed, but left Tor running with the last known random |
|
845 |
+password. After you restart Vidalia, it generates a new random password, |
|
846 |
+but Vidalia can't talk to Tor, because the random passwords are different. |
|
847 |
+<br /> |
|
848 |
+If the dialog that prompts you for a control password has a Reset button, |
|
849 |
+you can click the button and Vidalia will restart Tor with a new random |
|
850 |
+control password. |
|
851 |
+<br /> |
|
852 |
+If you do not see a Reset button, or if Vidalia is unable to restart |
|
853 |
+Tor for you, you can still fix the problem manually. Simply go into your |
|
854 |
+process or task manager, and terminate the Tor process. Then use Vidalia |
|
855 |
+to restart Tor and all will work again. |
|
856 |
+</li> |
|
857 |
+<li>You had previously set Tor to run as a Windows NT service. When Tor |
|
858 |
+is set to |
|
859 |
+run as a service, it starts up when the system boots. If you configured |
|
860 |
+Tor to start as a service through Vidalia, a random password was set |
|
861 |
+and saved in Tor. When you reboot, Tor starts up and uses the random |
|
862 |
+password it saved. You login and start up Vidalia. Vidalia attempts to |
|
863 |
+talk to the already running Tor. Vidalia generates a random password, |
|
864 |
+but it is different than the saved password in the Tor service. |
|
865 |
+<br /> |
|
866 |
+You need to reconfigure Tor to not be a service. See the FAQ entry on |
|
867 |
+<a href="<wiki>TorFAQ#HowdoIrunmyTorrelayasanNTservice">running Tor as a Windows NT service</a> |
|
868 |
+for more information on how to remove the Tor service. |
|
869 |
+</li> |
|
870 |
+</ol> |
|
871 |
+ |
|
872 |
+ <hr> |
|
873 |
+ |
|
718 | 874 |
<a id="ChooseEntryExit"></a> |
719 | 875 |
<h3><a class="anchor" href="#ChooseEntryExit">Can I control which nodes (or country) are used for entry/exit?</a></h3> |
720 | 876 |
|
... | ... |
@@ -772,6 +928,91 @@ |
772 | 928 |
|
773 | 929 |
<hr> |
774 | 930 |
|
931 |
+<a id="GoogleCaptcha"></a> |
|
932 |
+<h3><a class="anchor" href="#GoogleCaptcha">Google makes me solve a |
|
933 |
+Captcha or tells me I have spyware installed.</a></h3> |
|
934 |
+ |
|
935 |
+<p> |
|
936 |
+This is a known and intermittent problem; it does not mean that Google |
|
937 |
+considers Tor to be spyware. |
|
938 |
+</p> |
|
939 |
+ |
|
940 |
+<p> |
|
941 |
+When you use Tor, you are sending queries through exit relays that are also |
|
942 |
+shared by thousands of other users. Tor users typically see this message |
|
943 |
+when many Tor users are querying Google in a short period of time. Google |
|
944 |
+interprets the high volume of traffic from a single IP address (the exit |
|
945 |
+relay you happened to pick) as somebody trying to "crawl" their website, |
|
946 |
+so it slows down traffic from that IP address for a short time. |
|
947 |
+</p> |
|
948 |
+<p> |
|
949 |
+An alternate explanation is that Google tries to detect certain |
|
950 |
+kinds of spyware or viruses that send distinctive queries to Google |
|
951 |
+Search. It notes the IP addresses from which those queries are received |
|
952 |
+(not realizing that they are Tor exit relays), and tries to warn any |
|
953 |
+connections coming from those IP addresses that recent queries indicate |
|
954 |
+an infection. |
|
955 |
+</p> |
|
956 |
+ |
|
957 |
+<p> |
|
958 |
+To our knowledge, Google is not doing anything intentionally specifically |
|
959 |
+to deter or block Tor use. The error message about an infected machine |
|
960 |
+should clear up again after a short time. |
|
961 |
+</p> |
|
962 |
+ |
|
963 |
+<p> |
|
964 |
+Torbutton 1.2.5 (released in mid 2010) detects Google captchas and can |
|
965 |
+automatically redirect you to a more Tor-friendly search engine such as |
|
966 |
+Ixquick or Bing. |
|
967 |
+</p> |
|
968 |
+ |
|
969 |
+<hr /> |
|
970 |
+ |
|
971 |
+<a id="GmailWarning"></a> |
|
972 |
+<h3><a class="anchor" href="#GmailWarning">Gmail warns me that my account |
|
973 |
+may have been compromised.</a></h3> |
|
974 |
+ |
|
975 |
+<p> |
|
976 |
+Sometimes, after you've used Gmail over Tor, Google presents a |
|
977 |
+pop-up notification that your account may have been compromised. The |
|
978 |
+notification window lists a series of IP addresses and locations throughout |
|
979 |
+the world recently used to access your account. |
|
980 |
+</p> |
|
981 |
+ |
|
982 |
+<p> |
|
983 |
+In general this is a false alarm: Google saw a bunch of logins from |
|
984 |
+different places and wanted to let |
|
985 |
+you know. If you use Tor to access a Google service, then it will appear |
|
986 |
+like you're coming from lots of different places. Nothing to worry about |
|
987 |
+in particular. |
|
988 |
+</p> |
|
989 |
+ |
|
990 |
+<p> |
|
991 |
+But that doesn't mean you can entirely ignore the warning. It's |
|
992 |
+<i>probably</i> a false positive, but it might not be. It is possible |
|
993 |
+that somebody could at some point steal your Google cookie, which would |
|
994 |
+allow them to log in to the Google service as you. They might steal it |
|
995 |
+by breaking into your computer, or by watching your network traffic at |
|
996 |
+Starbucks or sniffing your wireless at home (when you're not using Tor), |
|
997 |
+or by watching traffic going over the Tor network. In theory none of |
|
998 |
+this should be possible because Gmail and similar services should only |
|
999 |
+send the cookie over an SSL link. In practice, alas, it's <a |
|
1000 |
+href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking">way |
|
1001 |
+more complex than that</a>. |
|
1002 |
+</p> |
|
1003 |
+ |
|
1004 |
+<p> |
|
1005 |
+And if somebody <i>did</i> steal your google cookie, they might end |
|
1006 |
+up logging in from unusual places (though of course they also might |
|
1007 |
+not). So the summary is that since you're using Tor, this security |
|
1008 |
+measure that Google uses isn't so useful for you, because it's full of |
|
1009 |
+false positives. You'll have to use other approaches, like seeing if |
|
1010 |
+anything looks weird on the account, or looking at the timestamps for |
|
1011 |
+recent logins and wondering if you actually logged in at those times. |
|
1012 |
+</p> |
|
1013 |
+ |
|
1014 |
+<hr /> |
|
1015 |
+ |
|
775 | 1016 |
<a id="RelayFlexible"></a> |
776 | 1017 |
<h3><a class="anchor" href="#RelayFlexible">How stable does my relay |
777 | 1018 |
need to be?</a></h3> |
... | ... |
@@ -880,7 +1121,7 @@ |
880 | 1121 |
publically or not. |
881 | 1122 |
</p> |
882 | 1123 |
|
883 |
- <p>Right now, there are roughly zero places in the world that filter |
|
1124 |
+ <p>Right now, there are a small number of places in the world that filter |
|
884 | 1125 |
connections to the Tor network. So getting a lot of bridges running |
885 | 1126 |
right now is mostly a backup measure, a) in case the Tor network does |
886 | 1127 |
get blocked somewhere, and b) for people who want an extra layer of |
887 | 1128 |