|
Title: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 11, 2013, 07:24:09 PM xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'. xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle.
It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose. See: https://www.torproject.org/download/download-easy.html On my xeronet proxy websites I publish a custom torrc configuration which aims to make Tor faster, safer and more secure for regular Tor users. (I've recently lost my web hosting account with the full config. explanations. New website coming soon!) I'm working on the latest release, as an update is long overdue, however I've decided to publish this version here for some feedback. This version helps to prevent FiveEyes spying by avoiding Tor servers located in USA, UK, Australia, Canada and New Zealand. It also helps to avoid censorship by filtering countries that have been found to be using mass censorship of the internet. The configuration does this by including only the fastest, most stable and secure Tor servers. UPDATED: 18th March 2015 - Added new fast nodes and revised Exclude nodes. New censorship resistant config. (see latest post below) Revised country code restriction recommendations: https://bitcointalk.org/index.php?topic=331077.msg10803165#msg10803165 (https://bitcointalk.org/index.php?topic=331077.msg10803165#msg10803165) TBB Firefox advised about:config options: https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048 (https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048) The Tor Browser Bundle 3.5 upwards has no Vidalia and uses some new Torrc settings: DirReqStatistics , DataDirectory and GeoIPFile locations are now written to the torrc on first run. New torrc-defaults file should remain unedited i.e. Quote # If non-zero, try to write to disk less frequently than we would otherwise. AvoidDiskWrites 1 # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). Log notice stdout # Bind to this address to listen to connections from SOCKS-speaking # applications. SocksListenAddress 127.0.0.1 SocksPort 9150 ControlPort 9151 CookieAuthentication 1 See below posts for info. This is the preferred / recommended config. for most users. Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder). Code: ClientOnly 1 N.B. config. may pause connection if imported before the first run. Just Exit and restart if this happens. UseEntryGuards (no longer required - as bundle default). StrictNodes (is auto removed from the conf. if 0 - see below). FascistFirewall 1 (is recommended for the xeronet Torrc if you can reach the Tor network without using a proxy, as the focus is now on the fastest and safest settings for browsing i.e. using only ports 80 and 443 and corresponding entry and exit servers). A detailed explanation of the selected settings was published on my old website which is now offline due to the web host closing down. ExcludeNodes are selected from: http://torstatus.blutmagie.de/ 'bad nodes' and country blocks from: https://wikipedia.org/wiki/Internet_censorship Many other factors have also been considered with the aim of making Tor faster including excluding relays in countries with slow internet backbone connections etc. Entry and Exit nodes have been selected based on numerous factors. These are the 'best', fastest and most secure Tor servers available for browsing via ports 80 and 443. They have again been selected from http://torstatus.blutmagie.de/ The nodes are run by the following Privacy focused organizations, who can be trusted with your data, perhaps over and above other miscellaneous Tor nodes. http://privacyfoundation.ch/ - Swiss Privacy Foundation https://riseup.net/en - riseup.net https://www.ccc.de/en/?language=en - Chaos Computer Club (CCC) https://www.torservers.net/ - torservers.net Partners ... https://www.accessnow.org/ - Access https://www.koumbit.org/ - Koumbit https://effi.org/ - Electronic Frontier Finland https://nos-oignons.net/ - Nos oignons https://calyxinstitute.org/ - The Calyx Institute https://www.dfri.se/dfri/?lang=en - DRFI: "Föreningen för Digitala Fri- och Rättigheter" - DFRI is a nonprofit organisation working for digital rights. https://www.hartvoorinternetvrijheid.nl/eng.html - Hart voor Internetvrijheid (Heart for Internet freedom). http://www.enn.lu/ - Frënn vun der Ënn A.S.B.L. http://icetor.is/ - Icetor - Freedom from the frozen north. and others ... Remember that Tor will still select random servers and middle nodes etc. This example config. just helps to enuse the fastest circuits. If you don't like a setting in this example config. then please change it yourself. Here are the important options from the Tor manual: Use StrictNodes 1 to enforce the server selection. Currently set to 0 'default'. "If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfil a .exit request, upload directory information, or download directory information. (Default: 0)" You can set StrictNodes to 1 to make browsing faster and completely avoid 'FiveEyes' and internet censored countries, but it will 'break' hidden services if they are located in one of those blocked countries. ~ Ever wondered how the security services locate Tor 'hidden services' ... hummm. Use FascistFirewall 1 to force port 80 (http) and port 443 (https) access. "If 1, Tor will only create outgoing connections to ORs running on ports that your firewall allows (defaults to 80 and 443; see FirewallPorts). This will allow you to run Tor as a client behind a firewall with restrictive policies, but will not allow you to run as a server behind such a firewall. If you prefer more fine-grained control, use ReachableAddresses instead." When using this option do make sure that your selected Nodes use port 80 and/or port 443 Also, if your firewall does allow other ports (or you want to connect other applications to Tor) then we do recommend changing FascistFirewall back to 0, as this will automatically 'unlock' additional fast entry nodes already included in the xeronet Torrc list. Use UseEntryGuards 1 for increased security. "If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1 anyway)" Use ClientOnly 1 for the Tor Browser Bundle. "If set to 1, Tor will under no circumstances run as a server or serve directory requests. The default is to run as a client unless ORPort is configured. (Usually, you don’t need to set this; Tor is pretty smart at figuring out whether you are reliable and high-bandwidth enough to be a useful server.) (Default: 0)" Using additional LongLivedPorts 80, 443, 9001 and 9030. "A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that a node will go down before the stream is finished. Note that the list is also honoured for circuits (both client and service side) involving hidden services whose virtual port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300)" These additions are somewhat experimental, however the overall configuration does seem to work better when including these port settings; especially in relation to the StrictNodes option above where the configuration was found to be much faster overall than when enforcing StrictNodes 1. Thus, we have reverted to using the 'default' StrictNodes 0. xeronet Torrc - v4.0.4 - 'Anti-FiveEyes' Requires the latest Tor Browser Bundle for correct operation. N.B. Save as 'torrc' only and not 'torrc.txt' or just copy / paste into your existing torrc file. Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder). The Tor software must not be running when you install our configuration. Start Tor. Done. Enjoy super fast Tor ! xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle. It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose. P.S. I'm looking to set-up some fast Tor servers in censorship resistant countries. If you like this custom Tor configuration please consider a donation until I'm able to set-up a full concept / donations page or crowdfunding project. Thanks! "Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc. Always Read the Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 12, 2013, 09:27:51 PM Someone contacted me regarding the PirateBrowser see: http://piratebrowser.com/
"PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The torrc additions are as follows: Code: # Configured for speed As they state on their website the Pirate Browser's focus is on censorship circumvention as opposed to better overall anonymity provided by the default Tor browser bundle. For those that want even faster Tor and that don't mind potentially lowering anonymity - we can combine settings from both Tor configs. ExcludeSingleHopRelays "This option controls whether circuits built by Tor will include relays with the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set to 0, these relays will be included. Note that these relays might be at higher risk of being seized or observed, so they are not normally included. Also note that relatively few clients turn off this option, so using these relays might make your client stand out. (Default: 1)" EnforceDistinctSubnets "If 1, Tor will not put two servers whose IP addresses are "too close" on the same circuit. Currently, two addresses are "too close" if they lie in the same /16 range. (Default: 1)" AllowSingleHopCircuits "When this option is set, the attached Tor controller can use relays that have the AllowSingleHopExits option turned on to build one-hop Tor connections. (Default: 0)" NumEntryGuards NUM "If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. (Default: 3)" EDIT: Example torrc config. removed due to being outdated in the latest Tor Browser Bundle 3.5 release - see OP. "Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc. Always Read the Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS 8) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: AndrewWilliams on November 13, 2013, 07:03:28 AM How does this compare to JonDoBrowser?
https://anonymous-proxy-servers.net/ I know JonDoBrowser deals with the problem of "fingerprinting" browsers. See http://ip-check.info/?lang=en for an example of Browser fingerprinting. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: meeh on November 13, 2013, 01:32:38 PM How does this compare to JonDoBrowser? https://anonymous-proxy-servers.net/ I know JonDoBrowser deals with the problem of "fingerprinting" browsers. See http://ip-check.info/?lang=en for an example of Browser fingerprinting. https://anonymous-proxy-servers.net/ seems to be a company that earns money on making you anonymous. Tor is ... also a company, but does not take any money for delivering you the anonymity. I've not looked far into the link you provided, but from what I've seen you shouldn't get surprised if they use Tor as a underlying technology. Tor is also heavily community supported with both patches, documentation, translation and academical research. Conclusion: I rather choose BitcoinFX's Tor solution here than a commercial product from any company. Much because Tor is as said above open source and community supported, so people like me who like to know what's beeing runned on the computer can read it. Not at least then you can check for "NSA checkpoints" ;P ... I'm not applying that this company have anything to do with them, I just say that a company can get orders from their government to do shit (like deliver traffic history) against their users without their knowledge. At the Tor project, they have zero knowledge of your traffic content. It can't happen because of the network design. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 13, 2013, 02:54:37 PM How does this compare to JonDoBrowser? https://anonymous-proxy-servers.net/ I know JonDoBrowser deals with the problem of "fingerprinting" browsers. See http://ip-check.info/?lang=en for an example of Browser fingerprinting. I've had not tired JonDoBrowser or JonDoFox for over a year or so now. So, I downloaded the latest release for comparison. JonDo (formerly JAP) is a 2-hop mixing service. Default Tor (and the 1st config. for Tor that I posted) is a 3-hop proxy. There is a very good reason why you must use 3 hop proxies for true anonymity i.e. A doesn't know who C is. B knows A and C, but doesn't know you or your destination. The free mixes (hops) available with JAP are (currently) as follows: Germany > Internet (original "Dresden (JAP)" Germany > Czech Republic or United Kingdom Germany > United States or Austria Germany > France or United States Luxemburg or Bulgaria > France or United States Canada or Germany > United States or United Kingdom United States or Germany > USA Therefore, it is practically impossible to avoid the 'FiveEyes' countires hosting JonDo nodes. When I have used JonDo (free) servers in the past for browsing I found it to be slower than Tor. Today it was actually quite fast. However, the mixes have available slots ranging from 400 to 1000 and most were around 2/3 full on average, when most of the US was offline. The more users at anyone time, obviously the slower the JonDo free service becomes. I'd imagine that the paid version avoids this slowdown issue. Although, the less users that are in the mix, the less anonymous you become. Also, when you purchase a commercial product you somewhat relinquish your anonymity, especially with a subscription product such as a VPN. This is something which is quite surprisingly overlooked by most people. Tor is free and open source. Browser 'fingerprinting' is not really an issue with either Tor or JonDo privacy / anonymity solutions. Tor provides much better anonymity and flexibility over JonDo imho, both out-of-the-box and/or when using my xeronet Torrc config. Both Tor and JonDo provide better anonymity and privacy over regular internet browsing without a proxy. A lot of research and knowledge of both the Tor network and online privacy / anonymity / censorship circumvention has gone into this config. For example, some fast Tor servers have intentionally been omitted from the config. so that they are more likely to be randomly selected as Middle Nodes. For regular internet browsing this config. is perhaps the best example of the off-set found between speed and anonymity when using Tor. Some from the Tor project have argued that my xeronet Torrc config. might carry an increased 'fingerprint' in terms of network analysis. I in fact consider it to have less of a fingerprint than the default Tor config. and I've started doing metrics to demonstrate this. Using EntryGuards has obvious advantages. One of the main issues with Tor is that most Tor network traffic is easily recognisable on ports 9001 and 9030, setting FascistFirewall 1 is a good way to overcome this for regular browsing, as your first hop will only be on ports 80 (http) and 443 (https). If your not intending to access any Tor hidden services, then setting StrictNodes 1 can also make browsing somewhat faster. To me it makes a lot of sense to tell Tor which servers are the fastest Entry and Exit nodes and also which servers / locations to avoid for numerous reasons. Some Tor servers are malicious and/or badly misconfigured. My config. avoids those nodes as well. If you don't like anything in my Torrc then you are of course free to edit it, add remove bridge nodes, entry nodes, exit nodes etc. etc. That's the idea really. In fact, it makes more sense for everyone to use a slight variation of the config. and to occasionally mix-it-up. Remember: "Tor can't help you if you use it wrong!" 8) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 13, 2013, 05:01:29 PM EDIT: Example torrc config. removed due to being outdated in the latest Tor Browser Bundle 3.5 release - see OP. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: AndrewWilliams on November 13, 2013, 07:13:05 PM You do not have to pay for JonDoBrowser.
Yes it's based on Tor. I am still pretty concerned about browser fingerprinting. There's no use to Tor if your browser can be ID'ed as unique... If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it. Here's the link to the test: https://panopticlick.eff.org/ I will gladly use a Tor based browser that addresses the issue of browser fingerprinting. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: dserrano5 on November 13, 2013, 07:31:48 PM See http://ip-check.info/?lang=en for an example of Browser fingerprinting. Wow that @font-face CSS stuff is pretty nasty, no JS required for them to enumerate your fonts :/. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 13, 2013, 07:47:56 PM You do not have to pay for JonDoBrowser. Yes it's based on Tor. I am still pretty concerned about browser fingerprinting. There's no use to Tor if your browser can be ID'ed as unique... If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it. Here's the link to the test: https://panopticlick.eff.org/ I will gladly use a Tor based browser that addresses the issue of browser fingerprinting. I stated that JonDoBrowser has a free and paid version. JonDoBrowser is not based on Tor, it only has the option to use Tor servers instead of the JonDo servers aka JAP. JonDoBrowser does not include Tor by default and nor does it use any Tor servers by default. My browser ? The xeronet Torrc config. file for the Tor Browser Bundle is to demonstrate the use of custom circuits and routing. So, you can use whatever browser, settings or plugins you want with Tor and the config. You could use the JonDoBrowser, install Tor and edit the default conf. with the xeronet Torrc settings and select to use the Tor network in the JonDoBrowser, if you feel that browser is better at hiding the '21 unique identifying pieces of info.' that the EFF projects checks. I'll run some tests as well. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: AndrewWilliams on November 13, 2013, 07:56:51 PM I stated that JonDoBrowser has a free and paid version. JonDoBrowser is not based on Tor, it only has the option to use Tor servers instead of the JonDo servers aka JAP. JonDoBrowser does not include Tor by default and nor does it use any Tor servers by default. My browser ? The xeronet Torrc config. file for the Tor Browser Bundle is to demonstrate the use of custom circuits and routing. So, you can use whatever browser, settings or plugins you want with Tor and the config. You could use the JonDoBrowser, install Tor and edit the default conf. with the xeronet Torrc settings and select to use the Tor network in the JonDoBrowser, if you feel that browser is better at hiding the '21 unique identifying pieces of info.' that the EFF projects checks. I'll run some tests as well. Thanks for addressing my concerns. I've been researching this for a long time, and I know at the end of the day if the browser is not built to resist fingerprint tracking, it's no use. You can have 30 Tor servers and it still would be an Achilles heel. I will try that out this weekend. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 13, 2013, 08:36:36 PM Thanks for addressing my concerns. I've been researching this for a long time, and I know at the end of the day if the browser is not built to resist fingerprint tracking, it's no use. You can have 30 Tor servers and it still would be an Achilles heel. I will try that out this weekend. You are correct with regards to browser fingerprint tracking being difficult to avoid. Also See: https://wiki.mozilla.org/Fingerprinting Some of the identfiers are actually potentially increased when using anonymity software itself. Interesting article: http://www.idcloak.com/learning-center/noscript-chrome-noscript-firefox-browser-fingerprint-protection/a583.html Making your browser seem more generic can be advantageous. Continually spoofing your browser agent is also an option. See: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ See: https://addons.mozilla.org/en-US/firefox/addon/user-agent-overrider/ See: https://wikipedia.org/wiki/User_agent Use of the updated Tor Browser Bundle Portable is still going to be the easiest option for most. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: AndrewWilliams on November 13, 2013, 08:51:48 PM Info appreciated, thank you.
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on November 13, 2013, 09:22:04 PM Info appreciated, thank you. Sure. You are welcome. Infact, I've just done some testing with both browsers and also tried switching user agents. NoScript and the TorButton addon defaults in the Tor Browser Bundle (as FirefoxESR Portable) scored: "Currently, we estimate that your browser has a fingerprint that conveys 17.53 bits of identifying information." JonDoBrowser out-of-the-box (Firefox 24) scored: "Currently, we estimate that your browser has a fingerprint that conveys 13.95 bits of identifying information." Switching user agents seems to give a generic score of 21.77 bits of identifying information. EDIT: The latest Tor Browser Bundle release with Firefox 24 ESR has the lowest score, if you disable JavaScript - see below posts. The main issue with the Tor Bundle Browser identifiers relate to it being based on FirefoxESR. See: https://www.mozilla.org/en-US/firefox/organizations/faq/ I'm guessing I'll be able to find a browser configuration and plugins combination that will give a lower score than both of these browser configurations, although most of the remaining identifiers actually only relate to screen size, choice of language-pack and to which browser is the most popular at any given time. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 03, 2014, 06:16:18 PM xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'. xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle.
It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose. See: https://www.torproject.org/download/download-easy.html UPDATED: 18th March. 2015 - Added new fast nodes and revised Exclude nodes. New censorship resistant config. (see latest post below) Revised country code restriction recommendations: https://bitcointalk.org/index.php?topic=331077.msg10803165#msg10803165 TBB Firefox advised about:config options: https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048 N.B. This is the same config. as the OP. The Tor Browser Bundle 3.5 upwards has no Vidalia and uses some new Torrc settings: DirReqStatistics , DataDirectory and GeoIPFile locations are now written to the torrc on first run. New torrc-defaults file should remain unedited i.e. Quote # If non-zero, try to write to disk less frequently than we would otherwise. AvoidDiskWrites 1 # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). Log notice stdout # Bind to this address to listen to connections from SOCKS-speaking # applications. SocksListenAddress 127.0.0.1 SocksPort 9150 ControlPort 9151 CookieAuthentication 1 See below posts for info. This is the preferred / recommended config. for most users. Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder). Code: ClientOnly 1 N.B. config. may pause connection if imported before the first run. Just Exit and restart if this happens. UseEntryGuards (no longer required - as bundle default). StrictNodes (is auto removed from the conf. if 0 - see below). FascistFirewall 1 (is recommended for the xeronet Torrc if you can reach the Tor network without using a proxy, as the focus is now on the fastest and safest settings for browsing i.e. using only ports 80 and 443 and corresponding entry and exit servers). A detailed explanation of the selected settings used to be published on my old website which is now offline due to the web host closing down. ExcludeNodes are selected from: http://torstatus.blutmagie.de/ 'bad nodes' and country blocks from: https://wikipedia.org/wiki/Internet_censorship Many other factors have also been considered with the aim of making Tor faster including excluding relays in countries with slow internet backbone connections etc. Entry and Exit nodes have been selected based on numerous factors. These are the 'best', fastest and most secure Tor servers available for browsing via ports 80 and 443. They have again been selected from http://torstatus.blutmagie.de/ The nodes are run by the following Privacy focused organizations, who can be trusted with your data, perhaps over and above other miscellaneous Tor nodes. http://privacyfoundation.ch/ - Swiss Privacy Foundation https://riseup.net/en - riseup.net https://www.ccc.de/en/?language=en - Chaos Computer Club (CCC) https://www.torservers.net/ - torservers.net Partners ... https://www.accessnow.org/ - Access https://www.koumbit.org/ - Koumbit https://effi.org/ - Electronic Frontier Finland https://nos-oignons.net/ - Nos oignons https://calyxinstitute.org/ - The Calyx Institute https://www.dfri.se/dfri/?lang=en - DRFI: "Föreningen för Digitala Fri- och Rättigheter" - DFRI is a nonprofit organisation working for digital rights. https://www.hartvoorinternetvrijheid.nl/eng.html - Hart voor Internetvrijheid (Heart for Internet freedom). http://www.enn.lu/ - Frënn vun der Ënn A.S.B.L. http://icetor.is/ - Icetor - Freedom from the frozen north. and others ... Remember that Tor will still select random servers and middle nodes etc. This example config. just helps to enuse the fastest circuits. If you don't like a setting in this example config. then please change it yourself. Here are the important options from the Tor manual: Use StrictNodes 1 to enforce the server selection. Currently set to 0 'default'. "If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfil a .exit request, upload directory information, or download directory information. (Default: 0)" You can set StrictNodes to 1 to make browsing faster and completely avoid 'FiveEyes' and internet censored countries, but it will 'break' hidden services if they are located in one of those blocked countries. ~ Ever wondered how the security services locate Tor 'hidden services' ... hummm. Use FascistFirewall 1 to force port 80 (http) and port 443 (https) access. "If 1, Tor will only create outgoing connections to ORs running on ports that your firewall allows (defaults to 80 and 443; see FirewallPorts). This will allow you to run Tor as a client behind a firewall with restrictive policies, but will not allow you to run as a server behind such a firewall. If you prefer more fine-grained control, use ReachableAddresses instead." When using this option do make sure that your selected Nodes use port 80 and/or port 443 Also, if your firewall does allow other ports (or you want to connect other applications to Tor) then we do recommend changing FascistFirewall back to 0, as this will automatically 'unlock' additional fast entry nodes already included in the xeronet Torrc list. Use UseEntryGuards 1 for increased security. "If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1 anyway)" Use ClientOnly 1 for the Tor Browser Bundle. "If set to 1, Tor will under no circumstances run as a server or serve directory requests. The default is to run as a client unless ORPort is configured. (Usually, you don’t need to set this; Tor is pretty smart at figuring out whether you are reliable and high-bandwidth enough to be a useful server.) (Default: 0)" Using additional LongLivedPorts 80, 443, 9001 and 9030. "A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that a node will go down before the stream is finished. Note that the list is also honoured for circuits (both client and service side) involving hidden services whose virtual port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300)" These additions are somewhat experimental, however the overall configuration does seem to work better when including these port settings; especially in relation to the StrictNodes option above where the configuration was found to be much faster overall than when enforcing StrictNodes 1. Thus, we have reverted to using the 'default' StrictNodes 0. xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'. Requires the latest Tor Browser Bundle for correct operation. N.B. Save as 'torrc' only and not 'torrc.txt' or just copy / paste into your existing torrc file. Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder). The Tor software must not be running when you install our configuration. Start Tor. Done. Enjoy super fast Tor ! xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle. It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose. P.S. I'm looking to set-up some fast Tor servers in censorship resistant countries. If you like this custom Tor configuration please consider a donation until I'm able to set-up a full concept / donations page or crowdfunding project. Thanks! "Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc. Always Read the Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 09, 2014, 03:49:09 PM Javascript is enabled by 'default' in the Tor Browser Bundle - which has serious privacy implications.
The reasons given by the Tor project can be found here: https://www.torproject.org/docs/faq#TBBJavaScriptEnabled Howto Disable JavaScript When your Tor Browser is running goto the URL bar and type: about:config and hit enter. This will display a warning page: "This might void your warranty!" click on: "I'll be careful, I promise!" In the Search box type: javascript Around the third option down will be displayed as: ' javascript.enabled ' with its Value = true 2nd mouse button > Toggle > False to change this value as user set and restart the Tor Browser Bundle. https://check.torproject.org/?lang=en_US - will now show " JavaScript is disabled. " Your privacy when browsing is now massively increased - although the 'correct' functionality of some websites will be affected. ... With Javascript disabled https://panopticlick.eff.org/ will present you with one of the lowest scores possible, for example ~ Currently, we estimate that your browser has a fingerprint that conveys 11.79 bits of identifying information. (or lower). ... This score can be reduced further by spoofing your browser agent (See: links in above posts) to say IE 10 or 11 (which actually depends on which browsers are currently the most popular) and also by disabling all cookies, which is for the paranoid and will break the fuctionality of most websites entirely. ... On balance I would advise most users to install Adblock Edge With the addition of EasyPrivacy list (prevents tracking) and Fanboy's Annoyance List - if you don't use social media. See: https://easylist.adblockplus.org/ Whilst some Tor Browser users might not want to install Adblock Edge Enjoy ! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 17, 2014, 08:59:02 PM Through a PRISM, Darkly - Everything we know about NSA spying - https://www.youtube.com/watch?v=BMwPe2KqYn4
"From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA spying programs are shrouded in secrecy and rubber-stamped by secret opinions from a court that meets in a faraday cage. The Electronic Frontier Foundation's Kurt Opsahl explains the known facts about how the programs operate and the laws and regulations the U.S. government asserts allows the NSA to spy on you. The Electronic Frontier Foundation, a non-profit civil society organization, has been litigating against the NSA spying program for the better part of a decade. EFF has collected and reviewed dozens of documents, from the original NY Times stories in 2005 and the first AT&T whistleblower in 2006, through the latest documents released in the Guardian or obtained through EFF's Freedom of Information (government transparency) litigation. EFF attorney Kurt Opsahl's lecture will describe how the NSA spying program works, the underlying technologies, the targeting procedures (how they decide who to focus on), the minimization procedures (how they decide which information to discard), and help you makes sense of the many code names and acronyms in the news. He will also discuss the legal and policy ramifications that have become part of the public debate following the recent disclosures, and what you can do about it. After summarizing the programs, technologies, and legal/policy framework in the lecture, the audience can ask questions." Speaker: Kurt Opsahl EventID: 5255 Event: 30th Chaos Communication Congress [30c3] by the Chaos Computer Club [CCC] Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany Language: english The Tor Network [30c3] - https://www.youtube.com/watch?v=CJNxbpbHA-I We're living in interesting times "Roger Dingledine and Jacob Appelbaum will discuss contemporary Tor Network issues related to censorship, security, privacy and anonymity online. The last several years have included major cryptographic upgrades in the Tor network, interesting academic papers in attacking the Tor network, major high profile users breaking news about the network itself, discussions about funding, FBI/NSA exploitation of Tor Browser users, botnet related load on the Tor network and other important topics. This talk will clarify many important topics for the Tor community and for the world at large." Speaker: Jacob arma EventID: 5423 Event: 30th Chaos Communication Congress [30c3] by the Chaos Computer Club [CCC] Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany Language: english ... If you run a Bitcoin node and you don't run a Tor relay - why not ? You can use Peerblock http://www.peerblock.com/ (or Peer Guardian - Linux) with I-Blocklist https://www.iblocklist.com/lists.php to protect your Bitcoin and Tor relay's from 'Bad' actors whilst helping other 'good' Tor users. Block the 'bad guys' : https://www.iblocklist.com/lists.php Allow The Onion Router: https://www.iblocklist.com/lists.php?category=organizations Now go and set-up a Tor relay ! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 17, 2014, 09:33:26 PM xeronet Torrc - v4.0.4c (a) - censorship resistant version. Includes some 'Five-Eyes' Exit Servers - UPDATED 18th March 2015
This config. is different from the main release and aims to reduce censorship of 'blocked' non-illegal content in various countries. As per. the pirate browser (see above post) we edit the config. to further limit the usage of exit nodes in the following 'censored' countries i.e. {dk},{ie},{gb},{be},{it},{cn},{ir},{fi},{no} - whilst still ensuring a selection of the fastest and most stable Tor nodes as both entry and exit relays. This example config. makes use of additional fast US {us} and Canadian {ca} Tor Exit servers hosted by the privacy focused organisations listed in the OP. Again, these {us} and {ca} servers are selected only as Exit nodes in this configuration - to continue with our 'Anti-FiveEyes' theme. Code: ClientOnly 1 Using StrictNodes 1 is strongly advised when using this version of the config. to prevent Entry connections in 'FiveEyes' countries. Please see above posts for information relating to hidden_services etc. N.B. USA and Canadian Tor Exit Relays in this example config. are operated by the following privacy focused organisations: torservers.net - https://www.torservers.net/ NoiseTor - http://noisetor.net/ Riseup - https://riseup.net/ guilhem .org https://guilhem.org/ ExitNodes additions {us} and {ca} as included in the above config: Code: dorrisdeebrown,96.47.226.20,impastato,96.47.226.21,shifidi,96.47.226.22,mendes,96.44.189.100,kingara,96.44.189.101,ivpn,96.44.189.102,madiba,209.222.8.196,pipit,199.254.238.44,noiseexit01a,173.254.216.66,noiseexit01b,173.254.216.67,noiseexit01c,173.254.216.68,noiseexit01d,173.254.216.69,CalyxInstitute14,162.247.72.201,CalyxInstitute13,162.247.72.200,CalyxInstitute12,162.247.72.199,CalyxInstitute11,162.247.72.27,CalyxInstitute09,162.247.72.217,CalyxInstitute08,162.247.72.216,CalyxInstitute06,162.247.73.206,CalyxInstitute05,162.247.73.74,CalyxInstitute04,162.247.73.204,CalyxInstitute03,162.247.72.213,CalyxInstitute02,162.247.72.212,CalyxInstitute01,162.247.72.7,Koumbitor,199.58.83.10 Anyone reading this who has previously used Tor and found it to be 'slow' should really try this config. :) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on February 05, 2014, 06:32:59 PM xeronet Torrc - v3.5c - censorship resistant version - Strict - without 'Five-Eyes' Exit Servers -
The main example Torrc is now sufficiently 'censorship resistant' and this release is currently no longer required. Please use the main example Torrc from the OP or the example above. N.B. Try adding; Code: StrictNodes 1 to this example config. for strong censorship resistance and if you are not intending to browse any Tor hidden_services. (See above posts). Add Bridge Nodes to entry nodes if you require them to access the Tor network. See: https://bridges.torproject.org/ This config. works very well for accessing legal, although restricted .torrent / download websites. Code:
Remember to disable Javascript in the browser. See above posts. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on February 05, 2014, 08:39:49 PM xeronet Torrc - v3.6.3f - 'fastest' version - Includes 'Five-Eyes' Exit and Entry Servers - New: UPDATED 18th March. 2015
Code: ClientOnly 1 N.B. Again, 'Five-Eyes' Exit and Entry Servers i.e. {us},{ca},{au},{nz},{gb},{ie} - Tor Relays in this example config are allowed. However, all nodes are operated by privacy focused organizations or individuals and/or are Tor Authority servers. EDIT: {gb},(ie} have been added to ExcludeExitNodes to help prevent some censorship. Added the following Five-Eyes Countries (Geo located) Entry Servers: Code: dorrisdeebrown,impastato,shifidi,mendes,kingara,ivpn,madiba,pipit,noiseexit01a,noiseexit01b,noiseexit01c,noiseexit01d,CalyxInstitute14,CalyxInstitute13,CalyxInstitute12,CalyxInstitute11,CalyxInstitute09,CalyxInstitute08,CalyxInstitute06,CalyxInstitute05,CalyxInstitute04,CalyxInstitute03,CalyxInstitute02,CalyxInstitute01,Koumbitor and NEW USA hosted Mozilla Tor Servers (Non-Exit) Code: Mozilla01,Mozilla02,Mozilla03,Mozilla04,Mozilla05,Mozilla06,Mozilla09,Mozilla10,Mozilla11,Mozilla12,Mozilla13,Mozilla14 ... Roger D. (a lead Tor dev.) often reports being asked when giving presentations to the 'security' services regarding Tor: How can we make Tor faster ? Well this is one way. This config. is an example of the fastest and perhaps most diverse way to use Tor for Internet Browsing. The selected nodes also have high bandwidth / up time and are (mostly) using the latest Tor client for their relays / exit nodes. Lots of Tor servers have the potential to be added in this list - the simple fact is that these really are the 'core' of the Tor network anyway. In fact, most Tor circuits will include one or more of the listed nodes if you use Tor out-of-the-box. Some Tor servers just make for better Middle nodes ! :) If you compare the Tor Network to a transport or road network, these config's are perhaps not dissimilar from sticking to the main super Highways or Motorways / A roads when driving. Arguably, these routes are likely to have the most surveillance - in terms of anonymity they are also the busiest routes with the most traffic. Example: If you watch a couple of people walk into a tunnel and they change clothes in the middle and you also watch them exit the tunnel - its fairly easy to identify them still. If you watch 1000 people do the very same thing, its a lot more difficult to work out whats going on. The selected Tor servers can also cope with such traffic volumes. ... A recent study showed that using only 1 entry guard perhaps provides better long-term privacy / anonymity for the user - the original Tor 'default' was 3. Perhaps 8 Entry Guards is unnecessary, however if we can explicitly trust our entry guards then a higher number is better for connectivity. 8 was a number tried and tested by Satoshi as the min. number of nodes necessary to ensure good p2p connectivity in Bitcoin. I've found this to work well with Tor also. Again, these configs are an offset between speed, anonymity, privacy and security. ... So, here are some other very fast / stable / long-standing nodes (good for browsing - port 80 and 443) that you might add to diversify your own Torrc ... Entry Nodes (USA): Code: FSF https://www.fsf.org/ - Free Software Foundation Entry Nodes (USA): Code: torEFF https://www.eff.org/ - Electronic Frontier Foundation Entry Nodes (USA): Code: NYCBUG0,NYCBUG1 http://nycbug.org/ - New York City *BSD Users Group Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 23, 2014, 07:00:19 PM All
Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week. If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM. Thanks! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: predic on March 23, 2014, 08:32:27 PM mamma mia, you have to learn about methods of work of secret service.
They infiltrate human rights organizations and privacy organizations, your strategy is wrong from the beginning. and those who work for secret service surely have money to employ very fast servers. ordinary users who are not working for the gov, they employ slow servers. some of ordinary users can be snitches but many are not, they employ server from their pocket, they don't get funding from the gov or from riches who work for the gov. solution is in employing thousands of small servers, not choosing the fastest ones. therefore tor network need more users who will donate bandwidth and servers. by the way, there are 9 eyes, not only 5. so, 5 eyes + Denmark, Norway, France, Netherlands. additional material for reading (How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations): https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/ what they do at internet, they do the same in reality. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 23, 2014, 10:16:56 PM mamma mia, you have to learn about methods of work of secret service. They infiltrate human rights organizations and privacy organizations, your strategy is wrong from the beginning. and those who work for secret service surely have money to employ very fast servers. ordinary users who are not working for the gov, they employ slow servers. some of ordinary users can be snitches but many are not, they employ server from their pocket, they don't get funding from the gov or from riches who work for the gov. solution is in employing thousands of small servers, not choosing the fastest ones. therefore tor network need more users who will donate bandwidth and servers. by the way, there are 9 eyes, not only 5. so, 5 eyes + Denmark, Norway, France, Netherlands. additional material for reading (How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations): https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/ what they do at internet, they do the same in reality. Whilst the title of this thread is perhaps sensational this topic is really about demonstrating how Tor can be used in different ways. The configs that I have posted do make Tor faster for regular internet browsing and are also geared towards improving privacy, anonymity and security for the user, whoever they may be. Remember that this config also attempts to avoid known 'bad' Tor nodes as well. These configs also take into consideration which Tor servers are the most useful when building fast circuits. The Tor network is actually not very big. The ideal situation is for more Tor users to be running Tor relays ! Join the Tor Network ! - https://www.torproject.org/getinvolved/relays When using these configs the Tor software will still randomly select servers as the middle node and can also still make connections to all existing Tor servers (when not enforcing StrictNodes 1) These configs simply let the Tor client know what the preferred servers are to attempt to build circuits with. As I've stated if you don't like an existing setting or you want to try to avoid building certain circuits then you can edit the config to that effect. My aim is to empower Tor users to get the most out of Tor for their intended purpose. All countries, internet service providers, internet backbone providers are pretty much 'spying' on their citizens or customers and logging internet traffic and/or blocking various websites etc. Almost all Tor circuits will cross most major internet Tier pipelines at some point during your browsing session and being on the busiest routes can actually be beneficial to a users privacy. Five-Eyes countries: https://wikipedia.org/wiki/Five_Eyes ECHELON: https://wikipedia.org/wiki/ECHELON Internet Backbone: https://wikipedia.org/wiki/Internet_backbone Internet Censorship: https://wikipedia.org/wiki/Internet_censorship You do make a valid point with regards to perhaps building a config that tries to avoid the major Tor nodes and main routes. It would ofc be much slower by comparison. ... I in fact run a Tor Relay from my 'home' ISP on a static IP and have done so for a good number of years now. Lastly, what happens on the internet is not always a reality or real life. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 24, 2014, 03:31:45 PM I decided to make a full review of the recommended ExcludeNodes and to help provide a clearer explanation as to whats going on and what we are all up against with regards to our Right to Privacy on the internet.
The original lists were expanded from the Open Net Initiative - See: https://opennet.net/ and also the aforementioned wiki on Internet Censorship. The situation in regards to a few countries internet policies and practices has changed in recent years. So, recommended ExcludeNodes as per. https://wikipedia.org/wiki/Internet_censorship_by_country - Reporters Without Borders: "Enemies of the Internet"... - Node restrictions are included in the 'default' example Tor config. from the OP. Bahrain Belarus Burma (Myanmar) China including Taiwan and Macau - as ExcludeNodes | Hong Kong - as ExcludeExitNodes - Updated 22nd Apr. 2014 Cuba Iran North Korea Saudi Arabia Syria Turkmenistan Uzbekistan Vietnam Code: {bh},{by},{mm},{cn},{mo},{tw},{cu},{ir},{kp},{sa},{sy},{tm},{uz},{vn}"Countries Under Surveillance"... - Node restrictions are included in the 'default' example Tor config. from the OP. Egypt Eritrea India Kazakhstan Malaysia Russia and Ukraine South Korea Sri Lanka Thailand Tunisia Turkey United Arab Emirates Code: {eg},{er},{in},{kz},{my},{ru},{ua},{kr},{lk},{th},{tn},{tr},{ae}Five-Eyes https://wikipedia.org/wiki/Five_Eyes and ECHELON https://en.wikipedia.org/wiki/ECHELON Five-Eyes (Level 1) - Node restrictions are included in the 'default' example Tor config. from the OP. Australia Canada New Zealand United Kingdom United States Code: {au},{ca},{nz},{gb},{us}Nine-Eyes (Level 2) - optional - N.B. massively restricts the number of available Tor servers. Denmark France Netherlands Norway Code: {dk},{fr},{nl},{no}Fourteen-Eyes (Level 3) - optional - N.B. massively restricts the number of available Tor servers. Germany Belgium Italy Spain Sweden Code: {de},{be},{it},{es},{se}Additional (known) Intercept Stations (excluding already listed) - optional - N.B. massively restricts the number of available Tor servers. Cyprus Japan Brazil Kenya Code: {cy},{jp},{br},{ke}The 'Pirate Browser' (known) .torrent website blocking - Node restrictions are included in the 'default' example Tor config. from the OP. {dk},{ie},{gb},{be},{it},{cn},{ir},{fi},{no} Additional to above lists: Ireland Finland Code: {ie},{fi}As everyone can imagine blocking all existing Tor nodes in these countries reduces the available number of Tor nodes to build circuits with to a very low number. It is also relatively easy for an adversary to continue to observe traffic between Tor servers even when using these kind of country blocks. However, avoiding certain countries will be beneficial for some Tor users. One of the best options for privacy when using Tor is to set a block in ExcludeNodes for your own country and/or location if it is not already included in your ExcludeNodes list. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 24, 2014, 05:06:00 PM The following list includes countries which undertake extensive, pervasive, substantial and selective censorship or filtering of internet content.
Censorship within these countries is often related to pornographic material (which might be considered to be legal in other countries), gambling and/or alcohol related websites might also be illegal or prohibited in these countries. Censorship can also include the restriction and/or filtering of social media websites, news sites and other content deemed to be politically inappropriate or objectionable within a regime. Example: The purpose of this 'block' list is not to prevent Tor users in these countries from accessing the Tor network and it is presented to be beneficial for all Tor users in resisting censorsip. For example, someone running a temporary Tor Exit node in a Middle Eastern country (trying to use Tor to access the free and open internet and help their fellow citizens), does not really want a Tor user in a Western country trying to access banned content from their ISP. The user probably won't get to the requested 'blocked' content anyway and the Exit node operator could get into trouble with their ISP or local authorities. Tor has some measures in place to prevent these types of scenarios, but again these lists are probably useful for the majority of Tor users. "Censorship is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, politically incorrect or inconvenient as determined by a government, media outlet or other controlling body." See: https://wikipedia.org/wiki/Internet_censorship_by_country and https://wikipedia.org/wiki/Censorship_by_country Recommended Internet Censorship prevention list for ExcludeExitNodes - See: https://www.torproject.org/docs/tor-manual.html.en ExcludeExitNodes node,node,… "A list of identity fingerprints, nicknames, country codes and address patterns of nodes to never use when picking an exit node---that is, a node that delivers traffic for you outside the Tor network. Note that any node listed in ExcludeNodes is automatically considered to be part of this list too. See also the caveats on the "ExitNodes" option below." This list can be used in ExcludeNodes, however allowing these nodes as Entry and Middle nodes in the Tor network provides a much more diverse possibility of circuits, whilst still helping to protect all Tor users against censorship. N.B. That this list is designed to be used in addition to the "Enemies of the Internet" and "Countries Under Surveillance" lists and duplicate listings have been omitted. This list does not block Tor users in these countries, but instead actually helps in preventing internet censorship for Tor users both inside and outside of these countries. Tor Browser Bundle users adding these lists also helps to protect any Tor Relay operators within these countries. Afghanistan Albania Algeria Angola Armenia Azerbaijan Bangladesh Benin Bhutan Bosnia-Herzegovina Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Central African Republic Chad Colombia Comoros Congo, Democratic Republic of the Congo, Republic of the Cyprus Djibouti Ethiopia Equatorial Guinea Gabon Gambia Georgia Ghana Guinea Guinea Bissau Honduras Indonesia Iraq Israel Ivory Coast Jordan Kuwait Kyrgyzstan Laos Lebanon Liberia Libya Macedonia Madagascar Malawi Maldives Mali Mauritania Mauritius Mayotte Mongolia Montenegro Morocco Mozambique Niger Nigeria Oman Pakistan Palestinian territories (West Bank and Gaza Strip) Rwanda Qatar Senegal Sierra Leone Singapore Somalia Sudan Suriname Swaziland Tajikistan Tanzania Togo Uganda Venezuela Yemen Zimbabwe Code: {af},{al},{dz},{ao},{am},{az},{bd},{bj},{bt},{ba},{bn},{bg},{bf},{bi},{kh},{cm},{cf},{td},{co},{km},{cd},{cg},{cy},{dj},{et},{gq},{ga},{gm},{ge},{gh},{gn},{gw},{hn},{id},{iq},{il},{ci},{jo},{kw},{kg},{la},{lb},{lr},{ly},{mk},{mg},{mw},{mv},{ml},{mr},{mu},{yt},{mn},{me},{ma},{mz},{ne},{ng},{om},{pk},{ps},{rw},{qa},{sn},{sl},{sg},{so},{sd},{sr},{sz},{tj},{tz},{tg},{ug},{ve},{ye},{zw}N.B. That this list is designed to be used in addition to the "Enemies of the Internet" and "Countries Under Surveillance" lists and duplicate listings have therefore been omitted. Again, this list does not block Tor users in these countries, but instead actually helps in preventing internet censorship for Tor users both inside and outside of these countries. Tor Browser Bundle users adding these lists also helps to protect any Tor Relay operators within these countries. Previously recommended configs will be updated when these settings have been tested with existing settings. Bitcoin conf. to follow. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: newtypeseed on March 26, 2014, 08:00:24 AM All four example Tor configs. have been updated. Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week. If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM. Thanks! we can together to make something better Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 27, 2014, 09:14:19 PM All four example Tor configs. have been updated. Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week. If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM. Thanks! we can together to make something better Yes indeed! That's the spirit. If you want to make any recommendations please do so. All four variation example configs on the first page of this thread have been updated to include some of the revised lists from the above research. Everyone can still edit the configs for their own requirements and hopefully have a faster, safer Tor Browsing experience. I'm still testing some configs for Bitcoin and Darkcoin etc. One of the main additions is obviously to add the coins port(s) to LongLivedPorts in the torrc config. Luckily most Tor Exit relays (even those using a reduced exit policy) still open ports 8332-8333 for Bitcoin and even 9999 for Darkcoin. See: https://blog.torproject.org/running-exit-node and https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on April 22, 2014, 01:31:44 PM All of the example Torrc configs. for the Tor Browser Bundle have been updated.
Countries deemed to have 'high' or 'extreme' levels of human rights abuse issues have now been added to our ExcludeNodes . Source: https://maplecroft.com/themes/hr/ - Maplecroft Global Analytics - Human Rights Risk Atlas 2014 See: http://maplecroft.com/portfolio/new-analysis/2013/12/04/70-increase-countries-identified-extreme-risk-human-rights-2008-bhuman-rights-risk-atlas-2014b/ Countries being classed as 'Authoritarian Regimes' and/or countries with existing trade and/or arms Embargoes have also been restricted in our ExcludeNodes . See: https://wikipedia.org/wiki/Authoritarianism and https://wikipedia.org/wiki/Embargo was last UPDATED: 22nd Apr. 2014 and is still current. Again, using these lists does not block Tor users in these countries, but instead can actually help in preventing internet censorship for Tor users both inside and outside of these countries. Tor Browser Bundle users using these lists also helps to protect any Tor Relay operators located within these countries. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: Spendulus on April 23, 2014, 12:23:25 AM You do not have to pay for JonDoBrowser. Just delete some of the system fonts?Yes it's based on Tor. I am still pretty concerned about browser fingerprinting. There's no use to Tor if your browser can be ID'ed as unique... If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it. er that addresses the issue of browser fingerprinting. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on April 23, 2014, 12:40:20 AM Just delete some of the system fonts? Certainly an option. Although quite impractical perhaps. The best solution is to fully disable Java Script in Firefox (TBB). See: https://bitcointalk.org/index.php?topic=331077.msg4410668#msg4410668 I just ran a new test at https://panopticlick.eff.org/ using the latest Tor Browser Bundle with Java Script fully disabled and the ID score was below 10. Java Script is required for the following identifiers; Browser Plugin Details, Time Zone, Screen Size and Color Depth, System Fonts and the Limited supercookie test. With Java Script completely disabled all of these tests will show 'no javascript', which will be the same for all visited websites i.e. a massive privacy boost! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: Schleicher on April 23, 2014, 04:08:13 PM It would also help if we could change the User Agent string to the most common one.
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 07, 2014, 01:38:45 PM It would also help if we could change the User Agent string to the most common one. Good suggestion to be put to the folks at the Tor Project. There are some existing addons for Firefox to change User Agent string, although not currently to the most common ones. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 07, 2014, 01:44:38 PM It seems that GeoIP in TBB 3.6 is mis-configured to be located in a sytem folder in windows 7, for example. "[WARN] Failed to open GEOIP file C:\Users\USERNAME\AppData\Roaming\tor\geoip6. We've been configured to use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are. The following torrc setting is ignored: GeoIPFile C:\Users\USERNAME\Desktop\Tor Browser\Data\Tor\geoip Check "Copy Tor Log to Clipboard" for additional errors when starting TBB. Configs. I've posted still work if you exclude GeoIP country settings for ExcludeNodes and ExcludeExitNodes. Can't really post updated configs. until its 'fixed'. Sent several bug reports. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: Spendulus on May 08, 2014, 12:10:51 AM Thank you for this thread, it is quite informative.
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: SailAway on May 09, 2014, 10:36:25 PM It seems that GeoIP in TBB 3.6 is mis-configured to be located in a sytem folder in windows 7, for example. "[WARN] Failed to open GEOIP file C:\Users\USERNAME\AppData\Roaming\tor\geoip6. We've been configured to use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are. The following torrc setting is ignored: GeoIPFile C:\Users\USERNAME\Desktop\Tor Browser\Data\Tor\geoip GeoIP works just fine for regular IP(v4) addresses. The warning refers to another missing/misplaced GeoIP6 file only for IPv6. For now, you can just download that file directly into the appropriate folder from https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/src/config/geoip6 The correct torrc directive to set the GeoIPv6 file location is GeoIPv6File, not GeoIPFile. Appreciate and eagerly await an update of your recommended settings! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 11, 2014, 04:47:47 PM Thank you for this thread, it is quite informative. You're welcome. Good to know that it is useful. It seems that GeoIP in TBB 3.6 is mis-configured to be located in a sytem folder in windows 7, for example. "[WARN] Failed to open GEOIP file C:\Users\USERNAME\AppData\Roaming\tor\geoip6. We've been configured to use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are. The following torrc setting is ignored: GeoIPFile C:\Users\USERNAME\Desktop\Tor Browser\Data\Tor\geoip GeoIP works just fine for regular IP(v4) addresses. The warning refers to another missing/misplaced GeoIP6 file only for IPv6. For now, you can just download that file directly into the appropriate folder from https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/src/config/geoip6 The correct torrc directive to set the GeoIPv6 file location is GeoIPv6File, not GeoIPFile. Appreciate and eagerly await an update of your recommended settings! Indeed. This issue (and a few others) seem to of been fixed by the Tor project developers in the v3.6.1 release of the TBB. Updates to follow. Thanks! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 11, 2014, 10:29:52 PM An example torrc config. for Darkcoin / Bitcoin published on one of my websites. UPDATED 18th March 2015
https://wikipedia.org/wiki/Legality_of_bitcoin_by_country (https://wikipedia.org/wiki/Legality_of_bitcoin_by_country) Also add Iceland and Estonia to ExcludeNodes ? Code: {ee},{is}This is also a suitable config. for Bitcoin with the addition of port number 8333 added to LongLivedPorts . Code: ClientOnly 1 We do not need to specify any Entry or Exit nodes directly (as in our example browsing configs. in the OP) as not doing so provides improved overall server and port availability. Unnamed and default servers are also better allowed for this reason. ... See: https://www.torproject.org/docs/tor-manual.html If you would prefer increased speed, although with reduced anonymity you can include: Code: AllowSingleHopCircuits 1 in your torrc. "AllowSingleHopCircuits 0|1 When this option is set, the attached Tor controller can use relays that have the AllowSingleHopExits option turned on to build one-hop Tor connections. (Default: 0)" ... I'd recommend all Bitcoin users, Tor users and crypto-currency / privacy enthusiasts to please support ' Reset the Net ' by June 5th, 2014 See: https://www.resetthenet.org Forum topic: https://bitcointalk.org/index.php?topic=573931.0 Watch: http://youtu.be/qKk8MHFLNNE Follow: https://twitter.com/resetthenet - @resetthenet #ResetTheNet Thunderclap.it: https://www.thunderclap.it/projects/10619-reset-the-net/ ... Configs. on the 1st page are working great with TBB v3.6.1 upwards. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 12, 2014, 09:23:35 PM All four 'xeronet' example TBB config's have been revised and updated.
1. Original - xeronet Torrc - v3.6.3 - 'Anti-FiveEyes' - https://bitcointalk.org/index.php?topic=331077.msg3551345#msg3551345 2. xeronet Torrc - v3.6.3c (a) - combined censorship resistant version - includes some US and CA Exit servers - probably faster than the above torrc. See: https://bitcointalk.org/index.php?topic=331077.msg4570984#msg4570984 3. xeronet Torrc - v3.6.3f - 'fastest' version - includes 'Five-Eyes' Exit and Entry Servers. See: https://bitcointalk.org/index.php?topic=331077.msg4959371#msg4959371 4. Bitcoin (crypto currency example torrc) with the addition of port number 8333 added to LongLivedPorts etc. and including avoid nodes with safer P2P connectivity. See: https://bitcointalk.org/index.php?topic=331077.msg6677546#msg6677546 - If your downloading a fresh Tor Browser Bundle v3.6.3 which is strongly advised for a recent bug fix then you must bootstrap fully to the Tor network at least once before importing (copying) any one of the example config's into your torrc. Otherwise you will probably experience connectivity issues. So, use the blank 'default' torrc once until your see the Firefox TBB window and then shutdown to add / test the conf (torrc). Various updates have been made to the example config's including: - the removal of retired (previously recommended) servers. - the addition of some new fast servers from highly 'privacy focused' organizations. - updates to the avoid list of known 'bad' exit nodes. - added UseNTorHandshake 1 (see above post) and the Tor manual ofc. - removed Western Sahara - {eh} from the avoid countries list as it is not currently assigned in GeoIP and Tor can't read it. - https://calyxinstitute.org seems to have moved its server's / IP's back to the US from NL (except for their Tor mail server IP, guess that is harder to move!?) ... Again, these are all just example configs to help empower all Tor users. Everyone should learn to edittheconfig ! ... Additional tips for safe browsing: Install Adblock Edge (now recommended over Adblock plus) and disable JavaScript !!! See howto: https://bitcointalk.org/index.php?topic=331077.msg4410668#msg4410668 Cheers! - Next updates to include optional avoid lists for Tor servers known to be run by educational establishments and/or institutions known to be collecting Tor 'metrics' or doing 'research'. Such factors are perhaps not ideal for ensuring individual privacy online. For example, it can be noted that the PlanetLab - See: https://wikipedia.org/wiki/PlanetLab has recently started running a bunch of Tor servers, along side their 'transparent' proxies in multiple .edu facilities in various countries around the erm... globe. :D - http://torstatus.blutmagie.de/ Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 13, 2014, 09:48:00 AM Optional avoid servers list for ExcludeNodes :
PlanetLab Tor servers: https://www.planet-lab.org/ tingPLacil2,212.199.61.205 - IL tingPLkoszalin2,62.108.171.76 - PL tingPLmonash1,130.194.252.8 - AU tingPLrnp1,200.129.132.18 - BR tingPLupc2,147.83.30.167 - ES Code: tingPLacil2,212.199.61.205,tingPLkoszalin2,62.108.171.76,tingPLmonash1,130.194.252.8,tingPLrnp1,200.129.132.18,tingPLupc2,147.83.30.167 US PlanetLab Tor servers: tingBPw,tingBPz,128.8.126.92 - US tingPLcmu3,128.2.211.115 - US tingPLdu2,130.253.21.123 - US tingPLharvardleft,140.247.60.123 - US tingPLnyit2,108.58.13.206 - US tingPLtamu3,165.91.55.10 - US tingPLucsb3,128.111.52.63 - US tingPLwisc3,198.133.224.147 - US Code: tingBPw,tingBPz,128.8.126.92,tingPLcmu3,128.2.211.115,tingPLdu2,130.253.21.123,tingPLharvardleft,140.247.60.123,tingPLnyit2,108.58.13.206,tingPLtamu3,165.91.55.10,tingPLucsb3,128.111.52.63,tingPLwisc3,198.133.224.147 All of the above are currently Tor Entry servers (non-Exit). They have all been running for 55 days approx. (at the time of writing this post), so were started / installed at the same time. They are all utilizing almost 0 bandwidth availability. They are all running Tor 0.2.4.22 (as are many Tor servers) - which is known to have a security vulnerability. Thanks! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 13, 2014, 11:03:23 AM Optional avoid servers list for ExcludeNodes :
Tor servers run by educational institutions and academic establishments : .edu domains: USA : aftbit,18.228.0.188 alexryantorrelay,131.215.172.23 balerion,128.12.226.56 beezwaks,128.175.170.150 berrycup,18.82.3.196 BlackIce,128.173.14.108 BostonUCompSci,204.8.156.142 caslab,130.132.177.126 casttor,130.184.75.118 celeborn,128.12.226.82 cmutornode,128.2.142.104 csailmitexit,128.52.128.105 csailmitnoexit,128.52.160.20 EecsUmichExit,EecsUmichExit1,141.212.108.13 epitaphtwo,128.12.177.59 Firebird79,212.41.3.148 GEO,128.117.43.92 GEO2b,192.43.244.42 hwds,18.82.3.136 ibben,128.12.226.56 ibibUNC0,204.85.191.30 Jalapiano,146.151.127.200 KUITTC2,129.237.123.57 moria1,128.31.0.34 - N.B. Long standing Tor Authority Server - hosted by MIT. moriatoo,128.31.0.34 NewCourier,128.210.3.225 omfglolwtfbbq1337,138.110.45.38 Onions,18.238.2.85 pook0oow,195.154.5.123 raspberrytea,18.82.3.205 sipbtor,18.187.1.68 strangefoot2,131.215.30.92 sunriseInOuterSpace,129.64.8.147 tanet,18.125.1.222 UFPOatWSU00,134.121.67.106 UFPOatWSU01,134.121.67.105 umntor,146.57.249.104 UncleEnzo,18.238.1.85 ungoliant,128.12.226.82 128.237.157.114 UtahState0,UtahState1,129.123.7.39 UtahState2,UtahState3,129.123.7.8 UtahStateExit,UtahStateExit2,129.123.7.6 UWashingtonCSE,128.208.2.233 VERITAS,18.181.5.37 vtcsec,128.173.55.11 vtluug,128.173.89.245 WesCSTor,129.133.8.31 Whirlpool,64.254.175.3 yjmTorServT,139.78.141.247 zzzrouteruiuc,130.126.142.171 Code: aftbit,18.228.0.188,alexryantorrelay,131.215.172.23,balerion,128.12.226.56,beezwaks,128.175.170.150,berrycup,18.82.3.196,BlackIce,128.173.14.108,BostonUCompSci,204.8.156.142,caslab,130.132.177.126,casttor,130.184.75.118,celeborn,128.12.226.82,cmutornode,128.2.142.104,csailmitexit,128.52.128.105,csailmitnoexit,128.52.160.20,EecsUmichExit,EecsUmichExit1,141.212.108.13,epitaphtwo,128.12.177.59,Firebird79,212.41.3.148,GEO,128.117.43.92,GEO2b,192.43.244.42,hwds,18.82.3.136,ibben,128.12.226.56,ibibUNC0,204.85.191.30,Jalapiano,146.151.127.200,KUITTC2,129.237.123.57,moria1,128.31.0.34,moriatoo,128.31.0.34,NewCourier,128.210.3.225,omfglolwtfbbq1337,138.110.45.38,Onions,18.238.2.85,pook0oow,195.154.5.123,raspberrytea,18.82.3.205,sipbtor,18.187.1.68,strangefoot2,131.215.30.92,sunriseInOuterSpace,129.64.8.147,tanet,18.125.1.222,UFPOatWSU00,134.121.67.106,UFPOatWSU01,134.121.67.105,umntor,146.57.249.104,UncleEnzo,18.238.1.85,ungoliant,128.12.226.82,128.237.157.114,UtahState0,UtahState1,129.123.7.39,UtahState2,UtahState3,129.123.7.8,UtahStateExit,UtahStateExit2,129.123.7.6,UWashingtonCSE,128.208.2.233,VERITAS,18.181.5.37,vtcsec,128.173.55.11,vtluug,128.173.89.245,WesCSTor,129.133.8.31,Whirlpool,64.254.175.3,yjmTorServT,139.78.141.247,zzzrouteruiuc,130.126.142.171 linglom,140.109.232.105 - TW Code: linglom,140.109.232.105 .ac domains: crunch0r,128.130.204.91 - GB ephemer3,128.232.18.57 - GB motmot,137.205.124.35 - GB T0T0R0,164.15.167.7 - BE UCLCrypto,192.135.168.251 - BE Code: crunch0r,128.130.204.91,ephemer3,128.232.18.57,motmot,137.205.124.35,T0T0R0,164.15.167.7,UCLCrypto,192.135.168.251 .uni- domains in Germany - DE Avalon,132.230.150.81 cn,134.99.112.168 csUniHB,134.102.200.101 Disco,131.246.19.81 fluxe4,131.188.40.188 - N.B. Node operator runs a Tor Authority Server. lakedistrict1,134.34.125.68 shaundasschaf,131.188.24.14 theophysicsatunikn,134.34.147.22 unir,139.30.239.23 131.188.156.63 141.54.159.184 139.18.25.35 UnseenAcademicals,134.106.3.254 WohnheimE,134.96.65.17 Code: Avalon,132.230.150.81,cn,134.99.112.168,csUniHB,134.102.200.101,Disco,131.246.19.81,fluxe4,131.188.40.188,lakedistrict1,134.34.125.68,shaundasschaf,131.188.24.14,theophysicsatunikn,134.34.147.22,unir,139.30.239.23,131.188.156.63,141.54.159.184,139.18.25.35,UnseenAcademicals,134.106.3.254,WohnheimE,134.96.65.17 Swedish University Networks: sunet .se : Kiruna,193.11.164.242 Lule,193.11.164.243 salsa,130.242.60.20 Code: Kiruna,193.11.164.242,Lule,193.11.164.243,salsa,130.242.60.20 mdfnet .se : mdfnet1,193.11.114.43 mdfnet2,193.11.114.45 mdfnet3,193.11.114.46 mdfnet4,193.11.114.47 WolfExit,193.11.129.250 Code: mdfnet1,193.11.114.43,mdfnet2,193.11.114.45,mdfnet3,193.11.114.46,mdfnet4,193.11.114.47,WolfExit,193.11.129.250 nordu .net : ndnr1,109.105.109.162 Code: ndnr1,109.105.109.162 ... Including these avoid lists in your ExcludeNodes does not prevent access to educational resources or to any Tor hidden_services (such as resource libraries, which may or may not be hosted on such networks) and simply prevents your Tor client from building circuits to these nodes. As a private individual using the Tor network - there are perhaps many reasons as to why you would not want to make any connections to educational, university and/or academic institutions. Moreover, the above Tor Relays and Exit nodes are very likely to have access by a large number of individuals i.e. lecturers, students, janitors etc. They are also very likely to be used in research projects, academic studies and for the collection of metrics etc. All of these factors are perhaps not conducive to preserving the individual privacy of regular Tor network users. Also see: http://youtu.be/CJNxbpbHA-I?t=10m37s - The Tor Network [30c3] - from 10:37 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: shogdite on August 13, 2014, 01:42:42 PM Thanks for the info, I was thinking about installing a few addons to TBB (like Adblock Edge and Cryptocat) but I've read on the Tor site that to do not recommend it. Could you clarify whether it is safe to install addons, is there anyway to check to see if they are leaking any identifying information?
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 13, 2014, 02:53:43 PM Thanks for the info, I was thinking about installing a few addons to TBB (like Adblock Edge and Cryptocat) but I've read on the Tor site that to do not recommend it. Could you clarify whether it is safe to install addons, is there anyway to check to see if they are leaking any identifying information? Most addons for TBB are unnecessary in terms of their ability to increase your privacy or anonymity Adblock Plus and Adblock Edge (with easy privacy lists) are probably useful for most users. It will certainly make browsing faster by blocking ads and tracking elements. Filter subscriptions for Adblock Plus and Adblock Edge are updated automatically when you are browsing or if you restart Firefox - if you don't disable this option. You can find settings to control automatic updates via Tools > Add-ons > Extensions > Options. It would probably be best to set automatic updates to 'off' and to manually update your lists via 'Filter Preferences...' when you deem that necessary. Adblock Plus and Adblock Edge also log 'Count filter hits', although this is only a local setting, it should probably be switched off. Interestingly enough this option is 'unticked' in a default install of Adblock Edge. I have not used Cryptocat in a while. Their was a discussion somewhere that it might be implemented as a 'default' Add-on in the TBB. If you install it then check all settings and options etc. In terms of Add-ons the Tor advisory is really in relation to Plug-ins. See: https://www.torproject.org/download/download-easy.html.en "Want Tor to really work? ... c. Don't enable or install browser plugins The Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy. The lack of plugins means that Youtube videos are blocked by default, but Youtube does provide an experimental opt-in feature (enable it here) that works for some videos. ..." Shockwave Flash and JavaScript are the worst for totally breaking your anonymity. If you enable Shockwave Flash for youtube (for example) then you might as well not be using Tor. Shockwave Flash installed on your local machine basically reveals your true IP to any Flash enabled website. ... A 'plugin' that is OK to install would be the CAcert.org Certificate Signing Authority PEM. See: https://www.cacert.org/index.php?id=3 Installing this will allow you to visit websites that use CAcert.org Certificates without seeing any 'errors'. For example, I run several web based proxy services that use this Certificate Signing Authority. One of which can be found here: [proxy closed] - whilst Glype proxies are only one-hop server proxies and Tor certainly provides much better privacy and anonymity - combining Tor and an SSL enabled web proxy for certain browsing activities can massively increase your 'security'. My site has a 4096-bit SSL cert. (the highest level of website encryption - most sites only have 2048-bit SSL maximum - just inspect a few websites SSL Certs. in your browser, the current bitcointalk.org cert. is 2048-bit with the root cert. only being 1048-bit, for example - which is actually very common) - Anyway, browsing http web pages through this site over an SSL (https) connection and over the Tor network will add 4096-bit encryption across all of your Tor circuits. That makes for very very strong anonymity, privacy and security - ofc the reduction / offset is that it's quite slow. The added benefit of doing something like this is that the websites that you visit won't know your using Tor and won't see your connection as a Tor Exit node. Also, in terms of server logging (which most web servers do automatically) my service does not know your real IP address because your using Tor, which is also really perfect. ... DEFCON.19.Moxie.Marlinspike.SSL.And.The.Future.Of.Authenticity - https://www.youtube.com/watch?v=pDmj_xe7EIQ Its a real shame that Convergence hasn't been updated to work with the latest version of Firefox. The above talk is a fascinating incite to the workings of SSL and https in general though. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: bernard75 on August 13, 2014, 03:13:11 PM Thanks for the info, I was thinking about installing a few addons to TBB (like Adblock Edge and Cryptocat) but I've read on the Tor site that to do not recommend it. Could you clarify whether it is safe to install addons, is there anyway to check to see if they are leaking any identifying information? I dont see how, other than helping to establish a unique fingerprint.Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 13, 2014, 04:19:03 PM Howto enable an Encrypted DNS when using TBB
What is DNS ? - https://wikipedia.org/wiki/Domain_Name_System DNS explained - http://www.opennicproject.org/dns-explained/ DNSCrypt : http://dnscrypt.org/ - A tool for securing communications between a client and a DNS resolver. Originally conceived and built by OpenDNS: http://www.opendns.com/about/innovations/dnscrypt/ this is perhaps the "last mile" of internet security. ... For Windows Download: http://dnscrypt.org/dnscrypt-proxy/downloads/ and https://github.com/Noxwizard/dnscrypt-winclient 1. Create a new folder named dnscrypt. 2. Extract the above .zip's : dnscrypt-proxy-win32-full-1.4.0.zip and dnscrypt-winclient-master.zip 3. Copy the contents of dnscrypt-proxy-win32 into > your dnscrypt folder i.e. the bin , includes and plugins folder(s). 4. Copy the contents of bin into dnscrypt. 5. Copy dnscrypt-winclient.exe into your dnscrypt folder from dnscrypt-winclient-master > dnscrypt-winclient-master > binaries > Release 6. Add a shortcut to dnscrypt-winclient.exe to your desktop and start it. 7. Tick box / Select your correct internet network adapter and select an appropriate DNS server from the drop down menu / tabs. N.B. plugins don't function fully just yet. 8. Done now your using an Encrypted DNS. This makes it even harder for your ISP and other potential adversaries to 'identify' your Tor browsing activities. The 'default' list of servers included in dnscrypt-resolvers.csv can mostly be referenced here: http://www.opennicproject.org/ DNSCrypt (and other OpenNIC servers) status: http://wiki.opennicproject.org/Tier2 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 13, 2014, 04:23:29 PM Thanks for the info, I was thinking about installing a few addons to TBB (like Adblock Edge and Cryptocat) but I've read on the Tor site that to do not recommend it. Could you clarify whether it is safe to install addons, is there anyway to check to see if they are leaking any identifying information? I dont see how, other than helping to establish a unique fingerprint.Indeed. Which is certainly one of the trickiest things to obfuscate properly. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 14, 2014, 11:02:54 AM Additional : Optional avoid servers list for ExcludeNodes :
Herewith, a 'block' of Tor nodes linked to an academic institution. Also see: https://bitcointalk.org/index.php?topic=331077.msg8328447#msg8328447 and https://bitcointalk.org/index.php?topic=331077.msg8327557#msg8327557 EDIT: All these nodes are now offline and no longer operate as Tor Relay servers UK nodes : mighty1,81.150.197.163 mighty2,mighty3,81.150.197.165 mighty4,mighty5,81.150.197.166 mighty6,mighty7,81.150.197.167 mighty8,mighty9,81.150.197.168 mighty10,mighty11,81.150.197.170 mighty12,mighty13,81.150.197.171 mighty14,mighty15,81.150.197.172 mighty16,mighty17,81.150.197.173 mighty18,mighty19,81.150.197.174 Code: mighty1,81.150.197.163,mighty2,mighty3,81.150.197.165,mighty4,mighty5,81.150.197.166,mighty6,mighty7,81.150.197.167,mighty8,mighty9,81.150.197.168,mighty10,mighty11,81.150.197.170,mighty12,mighty13,81.150.197.171,mighty14,mighty15,81.150.197.172,mighty16,mighty17,81.150.197.173,mighty18,mighty19,81.150.197.174 FR node : southsea0,37.187.247.150 Code: southsea0,37.187.247.150 Aside from the reasons already given in my other posts as to why the majority of Tor users might want to avoid Tor servers run by educational establishments and academic institutions... All of the above are currently Tor Entry servers (non-Exit). The main 'mighty' block of servers have all been running for 107 days approx. (at the time of writing this post), so were started / installed at the same time. They are all utilizing almost 0 bandwidth availability. They are all running Tor 0.2.4.20 (as are many Tor servers) - which is an old version of Tor now known to have a security vulnerability. Furthermore, all of these nodes have the same admin. / contact info. which can be found via http://torstatus.blutmagie.de/ The provided admin. contact is for a senior lecturer in computing, security and cryptography at a UK academic institution - yet these Tor servers have not set a list of fingerprints as advised for such a large set of Tor routers. RTM !? See: https://www.torproject.org/docs/tor-manual.html.en " NodeFamily node,node,… The Tor servers, defined by their identity fingerprints or nicknames, constitute a "family" of similar or co-administered servers, so never use any two of them in the same circuit. Defining a NodeFamily is only needed when a server doesn’t list the family itself (with MyFamily). This option can be used multiple times. In addition to nodes, you can also list IP address and ranges and country codes in {curly braces}. " and "MyFamily node,node,… Declare that this Tor server is controlled or administered by a group or organization identical or similar to that of the other servers, defined by their identity fingerprints or nicknames. When two servers both declare that they are in the same 'family', Tor clients will not use them in the same circuit. (Each server only needs to list the other servers in its family; it doesn’t need to list itself, but it won’t hurt.) Do not list any bridge relay as it would compromise its concealment. When listing a node, it’s better to list it by fingerprint than by nickname: fingerprints are more reliable." How many Tor servers should one individual or entity operate, from the perspective of privacy and security, without even setting the torrc NodeFamily or MyFamily options ? Perhaps not this many. You might also like to take a look at the administrators .me website - which you can research easily. ::) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: dadugan on August 14, 2014, 12:02:35 PM Is Tor still considered a secure way to surf anonymously?
Heard plenty of story of people getting arrested even when using it. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 14, 2014, 01:11:53 PM Is Tor still considered a secure way to surf anonymously? Heard plenty of story of people getting arrested even when using it. Tor can help to protect against traffic analysis and provides improved anonymity and privacy when browsing on the internet. No one should ever consider using Tor or the wider internet for any type of 'illegal' or malicious activity. - "Tor can't help you if you use it wrong!" Never confuse your 'Right to Privacy' with anything else. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: dadugan on August 15, 2014, 08:06:26 AM Is Tor still considered a secure way to surf anonymously? Heard plenty of story of people getting arrested even when using it. Tor can help to protect against traffic analysis and provides improved anonymity and privacy when browsing on the internet. No one should ever consider using Tor or the wider internet for any type of 'illegal' or malicious activity. - "Tor can't help you if you use it wrong!" Never confuse your 'Right to Privacy' with anything else. I considered it my right to consume and buy weed online, which doesn't harm anyone other than the tobacco industry. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: bitsmichel on August 15, 2014, 09:36:43 AM Is Tor still considered a secure way to surf anonymously? Heard plenty of story of people getting arrested even when using it. Tor can help to protect against traffic analysis and provides improved anonymity and privacy when browsing on the internet. No one should ever consider using Tor or the wider internet for any type of 'illegal' or malicious activity. - "Tor can't help you if you use it wrong!" Never confuse your 'Right to Privacy' with anything else. I considered it my right to consume and buy weed online, which doesn't harm anyone other than the tobacco industry. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 15, 2014, 11:03:30 AM Please keep this thread on topic and lets focus on trying to improve speed, privacy, anonymity and security for regular Tor users by helping everyone to better understand how Tor works and how we can best utilize Tor to protect ourselves online.
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 15, 2014, 11:50:40 AM Additional : Optional avoid servers list for ExcludeNodes :
Tor Entry Nodes run by Kaspersky Labs - See: https://wikipedia.org/wiki/Kaspersky_Lab RO (Romania): kasperskytor01 kasperskytor02 37.221.162.226 Code: kasperskytor01,kasperskytor02,37.221.162.226 N.B. These Tor Relays would appear to be kept updated and are actually fast Entry servers. However, as regular Tor users its probably preferable to avoid connections with a commercial 'research' company. They are very likely to be collecting Tor network data and metrics for their own commercial gain i.e. to help improve their products and services and to further protect their customers. Such activities are perhaps not conducive with preserving individual privacy on the internet. So, lets help Kaspersky Labs by reducing our genuine and 'good' Tor traffic to their Relays by avoiding their Tor nodes, perhaps then they will have much less data to sift through to locate the automated 'bad' robots and malicious software that also utilize the Tor network - then we will all be a bit safer on the internet! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: meeh on August 15, 2014, 07:29:01 PM TBB is soon history ;P
https://hideme.today/dev/ https://privacysolutions.no/ Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 16, 2014, 12:10:14 PM TBB is soon history ;P https://hideme.today/dev/ https://privacysolutions.no/ Interesting projects, including the Abscond project / I2P (Tor) browser. Good work meeh. I notice your including a couple of potentially useful privacy addons for Firefox and TBB. As always, everyone has to be careful that addons 'default' options do not revert or effect privacy settings already put in place by the TBB to work best with Tor. Anyway; Private Tab - https://addons.mozilla.org/en-US/firefox/addon/private-tab/ Random Agent Spoofer - https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/ Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 16, 2014, 04:40:33 PM All example torrc configs. have been updated today 16th Aug. 2014.
- added current known 'Bad Exit' nodes to ExcludeNodes and some revisions to named servers. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: meeh on August 17, 2014, 11:07:24 AM TBB is soon history ;P https://hideme.today/dev/ https://privacysolutions.no/ Interesting projects, including the Abscond project / I2P (Tor) browser. Good work meeh. I notice your including a couple of potentially useful privacy addons for Firefox and TBB. As always, everyone has to be careful that addons 'default' options do not revert or effect privacy settings already put in place by the TBB to work best with Tor. Anyway; Private Tab - https://addons.mozilla.org/en-US/firefox/addon/private-tab/ Random Agent Spoofer - https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/ Thanks for the feedback! I'm glad u liked the project :) I will sure look more into your sayings about plugins. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: kalisto on September 05, 2014, 12:28:26 PM Was searching for some tweaks on my torcc after watching https://www.youtube.com/watch?v=fTjNkbLBEqg and stumbled on this topic.
Thanks for providing the config! Saves me a full day research :) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: Honeypot on September 05, 2014, 01:27:50 PM You plug yourself, yourself, willingly into the greatest surveillance tool known in the history of man.
You expect to 'outwit' it. Using something they invented and spearhead. Good luck. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: godzülla on September 11, 2014, 06:21:19 AM First of all big thanks to coinfx for sharing his torrc with us its working very well sofar and one has not to be afraid to get his passwords stolen using it.
Secondly i want to comment on what honeypot has written. You plug yourself, yourself, willingly into the greatest surveillance tool known in the history of man. You expect to 'outwit' it. Using something they invented and spearhead. Good luck. Tor is a pretty badass anonimization concept though. What more can we do than encrypting our traffic? Even the exit node does not find out your real IP even if you do personal browsing lime checking your real life mail account with it. Of course living in politically opressed country one should leave his hands from using tor or doing something illeagal on the internet if he does not know exactly what he is doing. At last i have a question regarding orbot and utilizing the torrc on a android device. I pasted exit nodes and entry nodes into the right fields in orbot becauae pasting in the torrc as a whole ddid not work in the first place but still the circuits are built using any random hops. Has anybody experienced the same problems? Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: chewi on September 12, 2014, 07:45:30 AM BitcoinFX,
Is it possible to update torrc config for Tor 3.6.5? It is crashing with torcc for 3.6.3 :( Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: godzülla on September 16, 2014, 12:07:05 AM It is not crashing on my pc. Maybe you pasted the wrong partof the cfg.
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: Spendulus on September 16, 2014, 05:35:57 PM .... Given that he's such a compulsive liar, I don't see any reason to believe it (bolded part).In my opinion weed should be legal all across the globe. Other drugs are legal and kill way more people. They'll send 18 year olds on suicide missions which benefit only the industry, but can't smoke some greens? ??? :D Besides, even our president smoked it. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on September 19, 2014, 11:53:28 AM BitcoinFX, Is it possible to update torrc config for Tor 3.6.5? It is crashing with torcc for 3.6.3 :( Sorry to hear that you are having some issues. The config. settings from the Tor manual should be working with all versions. However, you might see some start-up issues depending on which TBB release your running. Try downloading and installing the latest version of the TBB. Run the software once to ensure connectivity with the default settings, if possible, and then try to add one of the configs. and re-start the TBB. You should first look to remove UseNTorHandshake 1 from the example config. as this is probably the most likely option to cause start-up errors. Also, try using this version instead as it doesn't contain specific node listings and just the avoid countries lists: https://bitcointalk.org/index.php?topic=331077.msg6677546#msg6677546 If you still get start-up errors then take a look at the log, as it will probably indicate what the cause is. I'll look to review all settings over this weekend hopefully, as the avoid countries list is due for an update anyway. Remember that its your Torrc and everyone should edit the config. to best suit their own requirements when using Tor. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: yabit on November 10, 2014, 03:13:44 PM Any updates for TBB 4.0.1. ?
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 09, 2015, 10:57:16 PM Any updates for TBB 4.0.1. ? The example config. can be used with updated versions of TBB. However, I will look to provide an update the example config. soon. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 09, 2015, 11:02:19 PM Additional : Optional avoid servers list for ExcludeNodes : Herewith, a 'block' of Tor nodes linked to an academic institution. Also see: https://bitcointalk.org/index.php?topic=331077.msg8328447#msg8328447 and https://bitcointalk.org/index.php?topic=331077.msg8327557#msg8327557 UK nodes : mighty1,81.150.197.163 mighty2,mighty3,81.150.197.165 mighty4,mighty5,81.150.197.166 mighty6,mighty7,81.150.197.167 mighty8,mighty9,81.150.197.168 mighty10,mighty11,81.150.197.170 mighty12,mighty13,81.150.197.171 mighty14,mighty15,81.150.197.172 mighty16,mighty17,81.150.197.173 mighty18,mighty19,81.150.197.174 Code: mighty1,81.150.197.163,mighty2,mighty3,81.150.197.165,mighty4,mighty5,81.150.197.166,mighty6,mighty7,81.150.197.167,mighty8,mighty9,81.150.197.168,mighty10,mighty11,81.150.197.170,mighty12,mighty13,81.150.197.171,mighty14,mighty15,81.150.197.172,mighty16,mighty17,81.150.197.173,mighty18,mighty19,81.150.197.174 FR node : southsea0,37.187.247.150 Code: southsea0,37.187.247.150 Aside from the reasons already given in my other posts as to why the majority of Tor users might want to avoid Tor servers run by educational establishments and academic institutions... All of the above are currently Tor Entry servers (non-Exit). The main 'mighty' block of servers have all been running for 107 days approx. (at the time of writing this post), so were started / installed at the same time. They are all utilizing almost 0 bandwidth availability. They are all running Tor 0.2.4.20 (as are many Tor servers) - which is an old version of Tor now known to have a security vulnerability. Furthermore, all of these nodes have the same admin. / contact info. which can be found via http://torstatus.blutmagie.de/ The provided admin. contact is for a senior lecturer in computing, security and cryptography at a UK academic institution - yet these Tor servers have not set a list of fingerprints as advised for such a large set of Tor routers. RTM !? See: https://www.torproject.org/docs/tor-manual.html.en " NodeFamily node,node,… The Tor servers, defined by their identity fingerprints or nicknames, constitute a "family" of similar or co-administered servers, so never use any two of them in the same circuit. Defining a NodeFamily is only needed when a server doesn’t list the family itself (with MyFamily). This option can be used multiple times. In addition to nodes, you can also list IP address and ranges and country codes in {curly braces}. " and "MyFamily node,node,… Declare that this Tor server is controlled or administered by a group or organization identical or similar to that of the other servers, defined by their identity fingerprints or nicknames. When two servers both declare that they are in the same 'family', Tor clients will not use them in the same circuit. (Each server only needs to list the other servers in its family; it doesn’t need to list itself, but it won’t hurt.) Do not list any bridge relay as it would compromise its concealment. When listing a node, it’s better to list it by fingerprint than by nickname: fingerprints are more reliable." How many Tor servers should one individual or entity operate, from the perspective of privacy and security, without even setting the torrc NodeFamily or MyFamily options ? Perhaps not this many. You might also like to take a look at the administrators .me website - which you can research easily. ::) Erm... BAZINGA ?!? - https://www.youtube.com/watch?v=oZdeRmlj8Gw - Tor: Hidden Services and Deanonymisation [31c3] "no one noticed..." :D ::) N.B. These Tor Relays no longer appear to be part of the Tor network. Thanks for that ! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 10, 2015, 01:35:41 AM State of the Onion - 31c3 Tor Talk - [31c3]
- https://www.youtube.com/watch?v=wKArmXr8o04 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: DannyB135 on February 10, 2015, 02:45:05 AM I apologize if I am in the wrong forum, but here goes anyways. I'm new to this configuration and I have tried it for my general use in everything from communication to downloading. The problem is that when I'm downloading something thru tor using this configuration, I get wonderful dl for a few minutes and then the dl abruptly stops and I need to repeat it from the beginning. The process usually repeats itself regardless of the site. Is there something in the setup configuration that I can do to eliminate this problem. This is my current torrc config:
# If non-zero, try to write to disk less frequently than we would otherwise. AvoidDiskWrites 1 # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). Log notice stdout # Bind to this address to listen to connections from SOCKS-speaking # applications. SocksPort 9150 ControlPort 9151 CookieAuthentication 1 ## fteproxy configuration ClientTransportPlugin fte exec ./TorBrowser/Tor/PluggableTransports/fteproxy.bin --managed ## obfsproxy configuration ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfsproxy.bin managed ## flash proxy configuration # # Change the second number here (9000) to the number of a port that can # receive connections from the Internet (the port for which you # configured port forwarding). ClientTransportPlugin flashproxy exec ./TorBrowser/Tor/PluggableTransports/flashproxy-client --register :0 :9000 ## meek configuration ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client ClientOnly 1 EnforceDistinctSubnets 0 EntryNodes spfTOR1e1,spfTOR1e2,spfTOR1e3,spfTOR3,spfTOR4e1,spfTOR4e2,spfTOR4e3,spfTOR5e1,spfTOR5e2,spfTOR5e3,wagtail,chaoscomputerclub18,chaoscomputerclub19,chaoscomputerclub20,chaoscomputerclub21,chaoscomputerclub27,chaoscomputerclub28,chaoscomputerclub29,chaoscomputerclub30,chaoscomputerclub31,chaoscomputerclub32,chaoscomputerclub33,chaoscomputerclub34,DFRI0,DFRI1,DFRI2,DFRI3,DFRI4,assk,assk2,chomsky,edwardsnowden0,edwardsnowden1,edwardsnowden2,edwardsnowden3,hessel0,hessel1,hessel2,hessel3,amartysen,lumumba,politkovskaja,politkovskaja2,psilotorlu,rainbowwarrior,abbie,yahyaoui,Bornholm,DDR,marcuse1,marcuse2,ekumen,Lifuka,ph3x,srvph3xat,PsychoOnion1,PsychoOnion3,atticus,blanqui,enjolras,luxemburg,thoreau,dannenberg,dizum,gabelmoo,maatuska,Tonga,tor26,loki1,loki2,loki3,orion,orilla,destiny,chulak,aurora,kalach,remoc,invincibleAI,masterchief1,masterchief2,hviv100,hviv103,hviv104,hviv1020,hviv1021,hviv1022,hviv1023,hviv1024,hviv1025,hviv1026,hviv1027,hviv1028,hviv1029,IPredator,criticalcat,communicator,PrismCamp,ReflexZincIodide,ReflexZincIodide,digineo1,digineo2,vikingbjorn,vikinghelga,vikingolaf,vikinguthar ExcludeNodes agitator,173.228.89.229,coco,nini,109.163.235.243,n0deC,46.30.42.152,46.30.42.153,46.30.42.154,HKT01,HKT02,192.254.168.26,RunningOnFumes4,192.3.134.99,MackinFas,91.221.111.7,marian,82.78.165.30,198.58.115.210,Unnamed,default,{bh},{by},{mm},{cn},{mo},{tw},{cu},{ir},{kp},{sa},{sy},{tm},{uz},{vn},{eg},{er},{in},{kz},{my},{ru},{ua},{kr},{lk},{th},{tn},{tr},{ae},{am},{cd},{cy},{ci},{ps},{gq},{gn},{gw},{id},{iq},{il},{lb},{ml},{so},{sd},{zw},{mx},{co},{ng},{td},{ly},{cf},{et},{ye},{af},{pk},{bd},{la},{ph},{id},{kh},{au},{ca},{nz},{gb},{us},{ie},{??} ExcludeExitNodes {al},{dz},{ao},{az},{bj},{bt},{ba},{bn},{bg},{bf},{bi},{kh},{cm},{km},{cg},{dj},{ga},{gm},{ge},{gh},{hk},{hn},{jo},{kw},{kg},{lr},{mk},{mg},{mw},{mv},{mr},{mu},{yt},{mn},{me},{ma},{mz},{ne},{om},{rw},{qa},{sn},{sl},{sg},{sr},{sz},{tj},{tz},{tg},{ug},{ve},{dk},{be},{it},{fi},{no} ExitNodes spfTOR1e1,77.109.141.138,spfTOR1e2,77.109.141.139,spfTOR1e3,77.109.141.140,spfTOR3,62.220.135.129,spfTOR4e1,77.109.138.42,spfTOR4e2,77.109.138.43,spfTOR4e3,77.109.138.44,spfTOR5e1,77.109.139.26,spfTOR5e2,77.109.139.27,spfTOR5e3,77.109.139.28,gpfTOR6,62.212.67.209,wagtail,77.109.139.87,chaoscomputerclub18,31.172.30.1,chaoscomputerclub19,31.172.30.2,chaoscomputerclub20,31.172.30.3,chaoscomputerclub21,31.172.30.4,chaoscomputerclub31,217.115.10.131,chaoscomputerclub32,217.115.10.132,chaoscomputerclub33,217.115.10.133,chaoscomputerclub34,217.115.10.134,DFRI0,171.25.193.20,DFRI1,171.25.193.21,DFRI2,171.25.193.131,DFRI3,171.25.193.235,DFRI4,171.25.193.78,assk,78.108.63.46,assk2,78.108.63.44,abbie,chomsky,77.247.181.162,edwardsnowden0,109.163.234.7,edwardsnowden1,109.163.234.8,edwardsnowden2,109.163.234.9,edwardsnowden3,109.163.234.10,hessel0,109.163.234.2,hessel1,109.163.234.3,hessel2,109.163.234.4,hessel3,109.163.234.5,politkovskaja,politkovskaja2,77.247.181.165,psilotorlu,212.117.180.65,rainbowwarrior,77.247.181.164,amartysen,lumumba,77.247.181.163,yahyaoui,77.247.181.164,blanqui,thoreau,46.165.221.166,enjolras,81.89.96.88,luxemburg,81.89.96.89,PsychoOnion1,89.187.142.96,PsychoOnion3,89.187.142.208,marcuse1,178.20.55.16,marcuse2,178.20.55.18,ekumen,95.142.161.63,loki1,46.149.20.202,loki2,46.149.28.96,orion,94.242.246.24,orilla,94.242.252.41,destiny,94.242.246.23,chulak,37.221.161.234,aurora,37.221.161.235,masterchief1,79.134.235.5,masterchief2,79.134.234.200,hviv103,178.162.193.213,hviv104,192.42.116.16,IPredator,194.132.32.42,criticalcat,46.182.106.190,digineo1,87.118.91.140,digineo2,81.169.153.101,vikingbjorn,193.107.85.57,vikinghelga,193.107.85.56,vikingolaf,193.107.85.61,vikinguthar,193.107.85.62 LongLivedPorts 21,22,80,443,706,1863,5050,5190,5222,5223,6523,6667,6697,8080,8300,9001,9030 NumEntryGuards 8 UseNTorHandshake 1 Thanks for any help that you can provide Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 17, 2015, 04:37:33 PM I apologize if I am in the wrong forum, but here goes anyways. I'm new to this configuration and I have tried it for my general use in everything from communication to downloading. The problem is that when I'm downloading something thru tor using this configuration, I get wonderful dl for a few minutes and then the dl abruptly stops and I need to repeat it from the beginning. The process usually repeats itself regardless of the site. Is there something in the setup configuration that I can do to eliminate this problem. This is my current torrc config: Hello DannyB135 - you seem to have enabled pluggable transport options. Setting EntryNodes whilst using pluggable transports at the same time isn't really viable. Using ExitNodes options with pluggable transport is OK though. Using pluggable transport options is likely to make you connection intermittent especially whilst downloading. Install a fresh Tor Browser Bundle an start with the default options if your able to do that. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 17, 2015, 05:18:13 PM torrc config revisions for TBB 4.0.4
Recommended ExcludeNodes country codes have been revised as follows; Level 1 " Enemies of the Internet / Freedom of the Press " https://wikipedia.org/wiki/Internet_censorship (https://wikipedia.org/wiki/Internet_censorship) https://wikipedia.org/wiki/Freedom_of_the_Press_(report) (https://wikipedia.org/wiki/Freedom_of_the_Press_(report)) https://wikipedia.org/wiki/Censorship_by_country (https://wikipedia.org/wiki/Censorship_by_country) Freedom House (FH) Freedom of the Press report: Scoring 61 to 99 i.e. Not free Reporters Without Borders (RWB) Press freedom index: Scoring 55.30 to 84.99 i.e. Very serious situation or 36.50 to 55.29 i.e. Difficult situation Substantial filtering observed or Pervasive filtering observed Code: {af},{dz},{ao},{am},{az},{bh},{by},{bj},{bn},{mm},{bf},{bi},{kh},{cm},{cf},{td},{cn},{co},{km},{cd},{ci},{cu},{dj},{eg},{gq},{er},{et},{ga},{gm},{ge},{gn},{hn},{hk},{in},{id},{ir},{iq},{jo},{kz},{kw},{kg},{la},{ly},{mo},{mg},{my},{mr},{yt},{mx},{md},{ma},{ng},{ne},{kp},{om},{pk},{ps},{qa},{ru},{rw},{sa},{sn},{sl},{sg},{so},{kr},{lk},{sd},{sz},{sy},{tw},{tj},{th},{tg},{tn},{tr},{tm},{ua},{ae},{uz},{ve},{vn},{ye},{zw}Five Eyes Countries ExcludeNodes list is now much more comprehensive and includes; Crown Dependencies, Overseas Territories, Unincorporated Organized Territories (USA) https://wikipedia.org/wiki/British_Overseas_Territories (https://wikipedia.org/wiki/British_Overseas_Territories) https://wikipedia.org/wiki/Unincorporated_territories_of_the_United_States (https://wikipedia.org/wiki/Unincorporated_territories_of_the_United_States) Cyprus is included in this list due to a known listening station at Akrotiri and Dhekelia - See: https://wikipedia.org/wiki/Akrotiri_and_Dhekelia (https://wikipedia.org/wiki/Akrotiri_and_Dhekelia) Code: {gb},{ie},{je},{gg},{im},{ai},{bm},{aq},{io},{vg},{ky},{fk},{gi},{ms},{sh},{gs},{tc},{us},{mp},{pr},{vi},{as},{ht},{fm},{gu},{gl},{ca},{au},{cc},{nf},{nz},{tk},{ck},{nu},{cy}Additional recommended ExcludeNodes country codes Freedom of the Press - score more than 49% Code: {al},{ar},{bt},{bo},{cg},{ec},{fj},{gt},{gw},{il},{ke},{lb},{ls},{lr},{mk},{mw},{mv},{np},{ni},{py},{sc},{ug},{zm}Level 2 Additional recommended ExcludeExitNodes based on Censorship by Country and Human Rights Issues by Country Code: {ag},{bb},{bz},{bw},{bg},{dm},{gh},{gd},{gy},{jm},{ki},{mu},{me},{na},{nr},{pg},{kn},{lc},{vc},{ws},{sb},{so},{sr},{tz},{to},{tt},{tv}Level 3 Pirate browser additions: Belgium, Finland, Denmark, Italy - See previous config for explanation - Useful for unblocking .torrent websites ExcludeExitNodes Code: {be},{fi},{dk},{it}EDIT: UPDATED 18th March 2015 - removed 5 duplicated country codes. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 17, 2015, 06:06:44 PM More torrc config revisions for TBB 4.0.4
The Tor Project has recently changed the way that EntryGuards works to a consensus set parameter. This is probably the best way to handle this setting and we therefore no longer need to set any NumEntryGuards NUM, although a higher number like 8 may still be applicable if we decide that we can explicitly trust our listed EntryNodes. See the Tor manual: UseEntryGuards 0|1 If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Default: 1) NumEntryGuards NUM If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. If NUM is 0, we try to learn the number from the NumEntryGuards consensus parameter, and default to 3 if the consensus parameter isn’t set. (Default: 0) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 17, 2015, 06:53:19 PM TBB Firefox about:config settings that have potentially serious privacy implications
Following on from Howto disable Javascript https://bitcointalk.org/index.php?topic=331077.msg4410668#msg4410668 Highlighting Firefox about:config settings that have potentially serious privacy implications First visit: http://ip-check.info/ (http://ip-check.info/) and start a full test 1. Referrer - Original: Websites may see from which other website you come from! Set: network.http.sendRefererHeader from 2 to 0 (or at least 1 , which is probably best for most users) makes your referrer hidden! although this could break the correct functionality of some websites - unlikely though http://kb.mozillazine.org/Network.http.sendRefererHeader 2. Tab History Set: browser.sessionhistory.max_entries from 50 to 2 3. Local Storage DOM Set: dom.storage.enabled from true to false N.B. will break the correct functionality of some websites, such as mega.co.nz (oh, did anyone notice the Eye watermark on mega.co.nz ? *nods*) http://kb.mozillazine.org/Dom.storage.enabled 4. WebGL is protected (disabled by NoScript in TTB) i.e. noscript.forbidWebGL is true Best to switch it off entirely whilst we are here: Set: webgl.disabled change false to true 5. Cache (E-Tags) - These are not listed when using TBB at http://ip-check.info/ (http://ip-check.info/) when your connected though a known Tor .exit server. However, I noticed that if you happen to be exiting from a relatively new Tor .exit server then Cache (E-Tags) will flag red unless: Set / Check: browser.cache.disk.enable is false OK Set: browser.cache.memory.enable from true to false N.B. can break the storing functionality of some websites ? (This is a privacy browser! right!) http://kb.mozillazine.org/Browser.cache.memory.enable 6. Fully Disable Browsing and Download History (This is a privacy browser! right!) Set: places.history.enabled from true to false 7. Disable Link Prefetching (This is a privacy browser! right!) Set: network.prefetch-next from true to false http://kb.mozillazine.org/Network.prefetch-next Set: network.dns.disableIPv6 from false to true http://kb.mozillazine.org/Network.dns.disableIPv6 EDIT: Updated versions of TBB now prioritize IPv6 connections over IPv4. Increasing numbers of Tor nodes (and networks) support IPv6 and/or IPv6-in-IPv4 connectivity. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on March 18, 2015, 05:37:24 PM TBB Firefox about:config settings - the fastest routes, the fattest pipes ?
TBB Firefox has pipelining enabled by 'default' to speed up browsing (which is good), however maxrequests, max-optimistic-requests and max-persistent-connections-per-server appear to have had their established 'default' optimal values restricted. This is unlikely to have any privacy implications and is probably done to reduce burst load for slower Tor servers ... (1) Set: network.http.pipelining.maxrequests 12 to 32 N.B. Upper most max. optimal value. (2) Set: network.http.pipelining.max-optimistic-requests 3 to 8 N.B. Upper most max. optimal value. (3) Set: network.http.max-persistent-connections-per-server 6 to 8 EDIT: the 'default value' 6 is probably best for TTB. N.B. Upper most max. optimal value. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on April 06, 2015, 08:41:13 PM StartOR.org - website is now online where this threads torrc config. will be available and updated in the future. Our StartCOIN Funded Tor Relay Servers Project 2.0 - is also currently live crowdfunding on StartJOIN using Bitcoin and StartCOIN See: https://www.startjoin.com/StartOR_Project StartOR Project website: http://startor.org Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on October 27, 2015, 05:03:10 PM It seems that this thread is overdue for some updates. A lot of the previous information in this thread is somewhat outdated.
Herewith, updated (example) torrc for TTB Version 5.0.3 + Notes: - Revelations have shown that, apparently, if you are a Tor user from or located in a 'Five-Eyes' country i.e. United Kingdom, United States, Canada, Australia or New Zealand - then you are probably much less likely to be under surveillance (unless you are directly targeted). Therefore, it may actually be of some benefit to your individual privacy (also considering speed and security) to allow Tor Exit and Entry servers located in those countries into your torrc. As always, it is entirely up to the individual how to configure the config. - Three letter (and four letter) institutions apparently track all connections made to the Tor Authority Directory Servers. There are a total of 9 Authority Servers in the Tor network at present and so these have also been added to our config. in ExcludeNodes . - Adblock plus is no longer an 'advised' add-on for TTB. See: https://help.riseup.net/en/better-web-browsing - uBlock Origin https://addons.mozilla.org/firefox/addon/ublock-origin/ - https://github.com/gorhill/uBlock - is a much much better alternative choice. (N.B. Privacy Badger from the EFF is a good add-on, although just using uBlock for TBB is probably for the best). - Smart Referrer add-on https://addons.mozilla.org/firefox/addon/smart-referer/ - is the only referrer add-on I tested that effectively 'fixed' - "hidden (changed when switching the website)" to Green status - with; option "Send Nothing as referrer, looking like a direct hit" - when testing at http://ip-check.info - in TBB. - Updated torrc configurations make use of the Autonomy Cube project - http://blog.brooklynartproject.com/2015/10/trevor-paglen-and-jacob-appelbaum/ at http://www.edith-russ-haus.de - so, make sure to edit the config after 3rd Jan. 2016 !?! :) - Added a whole bunch of new known 'bad' Exit nodes to Exclude Nodes via http://torstatus.blutmagie.de/ - Some 'new' (within last 30 days) known 'bad' exits seem to correlate with IP ranges in spamhaus DROP / stopforumspam.com IP lists and other well known 'bad' range lists. ~ SWIM xeronet Torrc - v5.0.3 - 'Anti-FiveEyes'. xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle. Code: ClientOnly 1 xeronet Torrc - v5.0.3c - censorship resistant version (as is the above). Includes 'Five-Eyes' Exit Servers Code: ClientOnly 1 xeronet Torrc - v5.0.3f - 'fastest' version - Includes 'Five-Eyes' Exit and Entry Servers Code: EnforceDistinctSubnets 0 Enjoy super 'fast' and 'safer' Tor ! 8) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on October 28, 2015, 03:13:29 PM See: https://bitcointalk.org/index.php?topic=331077.msg8363660#msg8363660
More 'Bad Exits' ! Relay kasperskytor04 appears to have been flagged as a Bad Exit node. At the time of posting the relay only has one Exit Policy port open, being port 53 (for DNS requests). Out of the five known / named 'kasperskytor' relays only kasperskytor04 is currently flagged as a 'Bad Exit'. However, all five servers are using this same DNS only Exit Policy. So, ExcludeNodes !?! Code: kasperskytor01,kasperskytor02,37.221.162.226 Code: kasperskytor04,37.221.171.234 Code: kasperskytor05,kasperskytor06,37.221.171.236 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on December 30, 2015, 10:15:46 PM State of the Onion - 32C3 - https://www.youtube.com/watch?v=DqBFez4v_2I Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on December 30, 2015, 11:26:50 PM Updated example config. in the works.
Herewith, an easy example config. for use with Orbot / Orfox (or even the TBB). Orbot - https://play.google.com/store/apps/details?id=org.torproject.android Orfox - https://play.google.com/store/apps/details?id=info.guardianproject.orfox Based on the Press Freedom Index for 2015: - https://wikipedia.org/wiki/Press_Freedom_Index - https://wikipedia.org/wiki/List_of_freedom_indices and current worldwide Tor Server availability by GeoIP. Enter Entrance Nodes i.e EntryNodes and/or Enter Exit Nodes i.e. ExitNodes - excluding Five-Eyes countries Code: {at},{be},{ch},{cz},{de},{dk},{ee},{es},{fi},{fr},{hu},{is},{jp},{lt},{lu},{lv},{nl},{no},{pl},{pt},{ro},{se},{si},{sk}Enter Entrance Nodes i.e EntryNodes and/or Enter Exit Nodes i.e. ExitNodes - including Five-Eyes countries Code: {at},{be},{ch},{cz},{de},{dk},{ee},{es},{fi},{fr},{hu},{is},{jp},{lt},{lu},{lv},{nl},{no},{pl},{pt},{ro},{se},{si},{sk},{ca},{gb},{us}Excluding Five-Eyes countries for Entry Nodes whilst allowing Five-Eyes countries as Exit Nodes is probably the fastest, safest and/or most censorship resistant config. for use with Orbot i.e. Node Configuration Enter Entrance Nodes Code: {at},{be},{ch},{cz},{de},{dk},{ee},{es},{fi},{fr},{hu},{is},{jp},{lt},{lu},{lv},{nl},{no},{pl},{pt},{ro},{se},{si},{sk}Enter Exclude Nodes Code: Unnamed,default Enter Exit Nodes Code: {at},{be},{ch},{cz},{de},{dk},{ee},{es},{fi},{fr},{hu},{is},{jp},{lt},{lu},{lv},{nl},{no},{pl},{pt},{ro},{se},{si},{sk},{ca},{gb},{us}Leaving Strict Nodes 'unticked' will continue to provide the best diversification for building circuits and access for .onion addresses etc., Remember that Tor will continue to build random circuits, where strictly necessary. Toggle about:config options in Orfox to provide further speed and privacy optimizations i.e. network.http.pipelining.maxrequests 12 to 32 network.http.pipelining.max-optimistic-requests 3 to 8 webgl.disabled change false to true browser.cache.memory.enable from true to false network.prefetch-next from true to false The above settings can be easily tapped (or copied) into any smart phone and can provide a noticeable increase in browsing speed with increased censorship resistance, no matter which country you are accessing the Tor network from. :) Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 05, 2016, 12:18:10 AM Herewith, xeronet (example) Torrc GeoIP config. for 2016.
GeoIP country codes have been completely revised using https://wikipedia.org/wiki/List_of_freedom_indices ; - "Freedom in the World 2015" and "2015 Freedom Index". GeoIP scoring; - "not free" has been included in ExcludeNodes - "partly free" and "difficult situation" or "very serious situation" have also been included in ExcludeNodes - "partly free" and "noticeable problems" have been included in ExcludeExitNodes - "free" and "satisfactory situation" or "good situation" have been included in EntryNodes and/or ExitNodes Country codes where then checked against GeoIP where 'missing' entries included; AI - Anguilla - British Overseas Territory AQ - Antarctica AS - American Samoa - Unincorporated Territories of the United States AW - Aruba - Kingdom of the Netherlands AX - Åland Islands - Finland BL - Saint Barthélemy - Overseas Department and Region of France BM - Bermuda - British Overseas Territory CC - Cocos (Keeling) Islands - Australia CK - Cook Islands - Realm of New Zealand CW - Curaçao - Kingdom of the Netherlands CX - Christmas Island - Australia FK - Falkland Islands - British Overseas Territory FO - Faroe Islands - Kingdom of Norway GF - French Guiana - Overseas Department and Region of France GG - Guernsey - British Crown dependency GI - Gibraltar - British Overseas Territory GL - Greenland GP - Guadeloupe - Overseas Department and Region of France GS - South Georgia and the South Sandwich Islands - British Overseas Territory GU - Guam - Unincorporated Territories of the United States HM - Heard Island and McDonald Islands - Sovereign Control of Australia IM - Isle of Man - Kingdom of Great Britain IO - British Indian Ocean Territory - British Crown dependency JE - Jersey - British Crown dependency KY - Cayman Islands - British Overseas Territory MP - Northern Mariana Islands - Unincorporated Territories of the United States MQ - Martinique - Overseas Department and Region of France NF - Norfolk Island - Commonwealth of Australia NU - Niue - Realm of New Zealand PF - French Polynesia - Overseas Department and Region of France PM - Saint Pierre and Miquelon - Overseas Department and Region of France PN - Pitcairn Islands - British Overseas Territory RE - Réunion - Overseas Department and Region of France SH - Saint Helena, Ascension and Tristan da Cunha - British Overseas Territory SX - Sint Maarten - Kingdom of the Netherlands TC - Turks and Caicos Islands - British Overseas Territory TF - French Southern and Antarctic Lands - Overseas Department and Region of France TK - Tokelau - Realm of New Zealand VA - Vatican City - Italy VG - British Virgin Islands - British Overseas Territory VI - United States Virgin Islands - Unincorporated Territories of the United States WF - Wallis and Futuna - Overseas Department and Region of France YT - Mayotte - Overseas Department and Region of France GeoIP codes were then updated by country or territory accordingly. ExitNodes for countries with laws likely to adversely effect LGBT communities have been moved to ExcludeExitNodes. To clarify, this can help to protect LGBT individuals when using Tor, as well as Tor Exit node operators within said countries ! - https://wikipedia.org/wiki/LGBT_rights_by_country_or_territory ExitNodes by internet censorship and surveillance by country have also been moved to ExcludeExitNodes. Again, to clarify, this can help to prevent internet censorship and surveillance ! - https://wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country Code: EntryNodes {ad},{ai},{aq},{as},{at},{au},{aw},{ax},{be},{bl},{bm},{bs},{ca},{cc},{ch},{ck},{cl},{cr},{cv},{cw},{cx},{cz},{de},{dk},{dm},{ee},{es},{fi},{fk},{fm},{fo},{fr},{gb},{gf},{gg},{gi},{gl},{gp},{gs},{gu},{hm},{ie},{im},{io},{is},{je},{ky},{li},{lt},{lu},{lv},{mc},{mh},{mp},{mq},{ms},{mt},{nc},{nf},{nl},{no},{nu},{nz},{pf},{pl},{pm},{pn},{pr},{pt},{pw},{re},{ro},{rs},{se},{sh},{si},{sk},{sm},{sr},{st},{sv},{sx},{tc},{tk},{us},{uy},{vg},{vi},{vu},{wf}- Welcome to the 'free' world internet ! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 05, 2016, 12:36:49 AM xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle.
xeronet Torrc - v5.0.6 - "Include Five-Eyes Entry and Exit Servers and GeoIP Country Codes for Increased Node Diversification" Code: ClientOnly 1 xeronet Torrc - v5.0.6 - "Include Five-Eyes Entry and Exit Servers without GeoIP Country Codes" Code: ClientOnly 1 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 05, 2016, 12:51:55 AM xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle.
xeronet Torrc - v5.0.6 - "Restrict Five-Eyes Entry Servers / Allow Five-Eyes Exits / GeoIP Country Codes for Node Diversification" Code: ClientOnly 1 N.B. {au},{ca},{gb},{nz},{us} Nodes removed only from EntryNodes ... Code: torlesnet,torlesnet2,Mozilla1,Mozilla2,Mozilla3,Mozilla4,Mozilla5,Mozilla6,Mozilla9,Mozilla10,Mozilla12,Mozilla13,Mozilla14,startor0gb,BrassHornExit01,BrassHornExit02,BrassHornExit03,BrassHornExit04,TorLand1,TorLand2,BeSeeingYou,SGGSUK0,SGGSUK1,SGGSUK2,SGGSUK3,SGGSUK4,SGGSUK5,SGGSUK6,SGGSUK7,SGGSUK8,SGGSUK9,SGGSNYC0,SGGSLAX0,starfish,alligatorfish,brightmill,spark,jacknbox,FordModelA,laurel,hardy,RedDragon,WhiteDragon,GreenDragon,GoldDragon,cliffhanger,cliffjumper,Ramsgate,BigBoy,EffSSLObservatory6,FSF,duckduckgo,conformal00,conformal01,conformal02,conformal03,BoingBoing N.B. GeoIP Country Codes removed from EntryNodes ... Code: {ai},{aq},{as},{au},{bm},{ca},{cc},{ck},{cx},{cy},{fk},{gb},{gg},{gi},{gl},{gs},{gu},{hm},{ie},{im},{io},{je},{ky},{mp},{ms},{nf},{nu},{nz},{pn},{pr},{sh},{tc},{tk},{us},{vg},{vi}xeronet Torrc - v5.0.6 - "Restrict Five-Eyes Entry Servers / Allow Five-Eyes Exits / without GeoIP Country Codes" Code: ClientOnly 1 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 05, 2016, 01:10:40 AM xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle.
xeronet Torrc - v5.0.6 - "Exclude Five-Eyes Entry and Exit Servers / include GeoIP Country Codes for Node Diversification" Code: ClientOnly 1 N.B. {au},{ca},{gb},{nz},{us} Nodes removed from ExitNodes ... Code: madiba,209.222.8.196,noiseexit01a,173.254.216.66,noiseexit01b,173.254.216.67,noiseexit01c,173.254.216.68,noiseexit01d,173.254.216.69,CalyxInstitute14,162.247.72.201,CalyxInstitute13,162.247.72.200,CalyxInstitute12,162.247.72.199,CalyxInstitute11,162.247.72.27,CalyxInstitute09,162.247.72.217,CalyxInstitute08,162.247.72.216,CalyxInstitute06,162.247.73.206,CalyxInstitute05,162.247.73.74,CalyxInstitute04,162.247.73.204,CalyxInstitute03,162.247.72.213,CalyxInstitute02,162.247.72.212,CalyxInstitute01,162.247.72.7,starfish,198.51.75.165,torlesnet,199.87.154.255,torlesnet2,199.87.154.251,BrassHornExit01,185.104.120.7,BrassHornExit02,185.104.120.2,BrassHornExit03,185.104.120.4,BrassHornExit04,185.104.120.3,TorLand1,37.130.227.133,TorLand2,37.130.227.134,BeSeeingYou,91.109.247.173,conformal00,conformal01,204.124.83.130,conformal02,conformal03,204.124.83.134,BoingBoing,204.11.50.131 N.B. GeoIP Country Codes removed from ExitNodes and added to ExcludeNodes - 2nd {A-Z} block ... Code: {ai},{aq},{as},{au},{bm},{ca},{cc},{ck},{cx},{cy},{fk},{gb},{gg},{gi},{gl},{gs},{gu},{hm},{ie},{im},{io},{je},{ky},{mp},{ms},{nf},{nu},{nz},{pn},{pr},{sh},{tc},{tk},{us},{vg},{vi}- {gl} included due to Thule Air Base, USA location. {cy} Cyprus included due to Akrotiri and Dhekelia, BoT location. xeronet Torrc - v5.0.6 - "Exclude Five-Eves Entry and Exit Servers / without GeoIP Country Codes" Code: ClientOnly 1 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 05, 2016, 02:16:32 AM Following https://blog.torproject.org/category/tags/cmu - "Did the FBI Pay a University to Attack Tor Users?"
- https://www.techdirt.com/articles/20151201/07281232952/tor-devs-say-theyve-learned-lessons-carnegie-mellon-attack-worries-remain-that-theyre-outgunned-outmanned.shtml It would appear that anyone using the xeronet Torrc might of afforded some resistance against said attack ... See: https://lists.torproject.org/pipermail/tor-talk/2014-February/032002.html Noting that all servers used in the attack had a Nickname set as " Unnamed ", which has always been a recommended ExcludeNodes setting within the xeronet Torrc, thus users were unlikely (or at least less likely) to have their Tor client make Entry or Middle Node connections to any of these attack relays. Quite clearly, this was an attack on the entire Tor network, although ididntedittheconfig users probably didn't fair quite as well !?! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: rokkyroad on January 06, 2016, 04:42:58 AM Great thread! Thanks for this.
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 07, 2016, 05:14:16 PM Great thread! Thanks for this. Your welcome! I hope that everyone finds the presented information both useful and informative. Tor Browser Bundle has been updated to v5.0.7 - of course the v5.0.6 example configs. will work OK with v5.0.7 - https://blog.torproject.org/blog/tor-browser-507-released - "Bug 17875: Discourage editing of torrc-defaults" To clarify, this is a separate file to the main torrc and does not apply here. Remember to tailor the example torrc to best suit how you use Tor. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: Blawpaw on January 07, 2016, 06:13:03 PM I have been using the Tor browser but I'm not so sure If my connection is really private. Is there any way for me to know that?
In any case I'll be sure to follow your tip! Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on January 07, 2016, 06:57:43 PM I have been using the Tor browser but I'm not so sure If my connection is really private. Is there any way for me to know that? In any case I'll be sure to follow your tip! Visiting https://check.torproject.org/ will confirm that your Tor connection is working properly. Hovering over the "onion" Tor Browser Button will show the current Tor circuit that your Tor Browser is using, for the current site. Visiting http://ip-check.info/ and https://www.dnsleaktest.com/ can help to confirm your privacy settings. If everything seems to be OK with the above and you have not messed with unnecessary privacy settings or installed other addons and you are using the latest version of TTB then 'your good'. Tor is basically a 'random' three hop encrypted tunnel, so you get good anonymity even for http websites. Three 'random' hops are necessary in a Tor circuit for 'anonymity', as 'default' ; Hop 1 (a) Entry - knows only you and Hop 2 (b) Middle, but does not know Hop 3 or your destination. Hop 2 (b) Middle - knows only (a) and (c) Exit, but does not know you or your destination. Hop 3 (c) Exit - knows only (b) Middle and your destination, it does not know (a) Entry or You. That's how Tor works and it does work very well indeed, if you use it right! EDIT: You could also install a network packet sniffer like WireShark - https://www.wireshark.org and watch your own connection. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on February 23, 2016, 09:22:52 PM How-to Guide: Set-up Tor on Linux (Ubuntu) and connect Bitcoin - https://bitcointalk.org/index.php?topic=1374919.0 Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: wasta on March 04, 2016, 11:55:38 PM You do not have to pay for JonDoBrowser. Yes it's based on Tor. I am still pretty concerned about browser fingerprinting. There's no use to Tor if your browser can be ID'ed as unique... If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it. Here's the link to the test: https://panopticlick.eff.org/ I will gladly use a Tor based browser that addresses the issue of browser fingerprinting. If you mean JAP an jondo, that is free, gratis! You do NOT have to pay. But very unsave, dispite all the professors, university's etc. It is NOT TOR based, but just a java proxy. If theyes are blinking you have jondo working. But the maker of a site can change yes into no and the other way around. So if is asked if you want to share your location, you never know what is under the button, If you press on NO, it is easy to make the button as such, you are going along and share your location, like you have pressed on yes, I want to share my location, while you have pushed on the "" NO"" button. JAP, the java proxy called Jondo , sucks. Dispite all the university's and all the impressive titles like doctor this, proff that, phd etc etc etc. I made a complain, because I got a arrow on my house, while I pushed no when I was asked if I wanted to share my location. Tha answer I got,was to press on no, what I did. Oh, in yhat case the side was n ot to be trusted and share and not share your location were switched or both option shared your location anyway. I said that the eyes were bilnking. That meant nothing about sharing my location. So JAP / jondo is not a safetymeasure. Stay AWAY from jondo/JAP an stick to TOR I like mine TOR all Three nodes to be from Iceland, And even then I do use pgp or gpg if I have to givemy address or something privately. My advice... Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 20, 2016, 12:38:39 AM The Trouble with Cloudflare! #DontBlockTor
- https://bitcointalk.org/index.php?topic=1450608.0 This is potentially a browser fingerprinting issue and is worse than it appears. Even with the TBB > Privacy and Security Settings... on High - the following about:config fingerprinting issues exist; clipboard.autocopy ; true (false) - http://kb.mozillazine.org/Clipboard.autocopy dom.event.clipboardevents.enabled ; true (false) - https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled "dom.event.clipboardevents.enabled lets websites get notifications if the user copies, pastes, or cuts something from a web page, and it lets them know which part of the page had been selected. The emitting of the oncopy, oncut and onpaste events are controlled by this preference." ... Cloudflare (Google) Captcha Quote; Copy this code and paste it in the empty box below This code is valid for 2 minutes ... It's not only what one copies, but also how one copies it !?! - SWIM TBB Firefox about:config settings that have potentially serious privacy implications - https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048 A new updated torrc (example) config. should be ready to be posted for next week. Further recommendations will also be posted for additional TBB Firefox about:config settings that have potentially serious privacy implications. In addition to the above the following is also fairly hideous; layout.css.visited_links_enabled ; true (false) - https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/ ... "If the remaining attacks worry you, or you can’t wait for us to ship this fix, version 3.5 and newer versions of Firefox already allow you to disable all visited styling (immediately stops this attack) by setting the layout.css.visited_links_enabled option in about:config to false. While this will plug the history leak, you’ll no longer see any visited styling anywhere." ... - http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 20, 2016, 12:51:37 AM Tor Developer I. A. Lovecruft lectures on anonymity systems at Radboud Universiteit
- https://youtu.be/xGIE7KTJiBY?t=58m40s Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 24, 2016, 03:49:44 PM Herewith, a Tor Browser Bundle about:config Null Advisory;
- https://tornull.org/tbbnull.php How to EDIT the Tor Browser Bundle about:config - http://kb.mozillazine.org/About:config network.http.sendRefererHeader ; 1 - http://kb.mozillazine.org/Network.http.sendRefererHeader browser.sessionhistory.max_entries ; 2 dom.storage.enabled ; false - http://kb.mozillazine.org/Dom.storage.enabled dom.vibrator.enabled ; false webgl.disabled ; true browser.cache.memory.enable ; false - http://kb.mozillazine.org/Browser.cache.memory.enable network.http.use-cache ; false - http://kb.mozillazine.org/Network.http.use-cache browser.cache.disk.capacity ; 0 browser.cache.offline.capacity ; 0 browser.cache.disk_cache_ssl ; false - http://kb.mozillazine.org/Browser.cache.disk_cache_ssl places.history.enabled ; false network.prefetch-next ; false - http://kb.mozillazine.org/Network.prefetch-next browser.send_pings.require_same_host ; true - http://kb.mozillazine.org/Browser.send_pings.require_same_host browser.send_pings.max_per_link ; 0 beacon.enabled ; false clipboard.autocopy ; false - http://kb.mozillazine.org/Clipboard.autocopy dom.event.clipboardevents.enabled ; false - https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled layout.css.visited_links_enabled ; false - https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/ browser.sessionhistory.max_total_viewers ; 0 - http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers How to Stop Firefox making Automatic Connections - https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections browser.newtabpage.directory.ping ; set a blank string browser.newtabpage.directory.source ; set a blank string browser.aboutHomeSnippets.updateUrl ; set a blank string browser.startup.homepage_override.mstone ; ignore browser.selfsupport.url ; set a blank string Additional (optional) : extensions.blocklist.enabled ; false experiments.enabled ; false experiments.supported ; false network.allow-experiments ; false How to fully disable Google 'Safe' Browsing and Reporting - http://kb.mozillazine.org/Browser.safebrowsing.enabled browser.safebrowsing.appRepURL ; set a blank string browser.safebrowsing.downloads.enabled ; false browser.safebrowsing.gethashURL ; set a blank string browser.safebrowsing.malware.reportURL ; set a blank string browser.safebrowsing.reportErrorURL ; set a blank string browser.safebrowsing.reportGenericURL ; set a blank string browser.safebrowsing.reportMalwareErrorURL ; set a blank string browser.safebrowsing.reportMalwareURL ; set a blank string browser.safebrowsing.reportPhishURL ; set a blank string browser.safebrowsing.reportURL ; set a blank string browser.safebrowsing.updateURL ; set a blank string services.sync.prefs.sync.browser.safebrowsing.enabled ; false services.sync.prefs.sync.browser.safebrowsing.malware.enabled ; false Pipelining Optimizations : network.http.pipelining.maxrequests ; 32 network.http.pipelining.max-optimistic-requests ; 8 Tab Optimizations : browser.tabs.animate ; false browser.panorama.animate_zoom ; false Recommended addons : Smart Referer - https://addons.mozilla.org/en-US/firefox/addon/smart-referer/ - about:addons > Preferences > Mode : "Send nothing as referer, looking like a direct hit" + Automatic Updates > Off uBlock Origin - https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - about:addons > Preferences > Show Dashboard > Tick "Prevent WebRTC from leaking local IP addresses" + Automatic Updates > Off Note : Always check addons for updates outside of your browsing session and/or use a new identity Always set the Tor Button > Privacy and Security Settings... Security Level > High - for optimal Privacy, Security and Anonymity - Special thanks to "TrueNorth" (posted here with permission) - SWIM. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 31, 2016, 09:21:20 PM xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle.
xeronet Torrc - v6.0.4 - "Exclude Five-Eyes Entry and Exit Servers" Note : Tor Relays and Exit Nodes will now be listed by their Public Keys (instead of NickName and IP), which is a much better way to list EntryNodes, ExitNodes and Exclude Nodes. A more detailed explanation of the new settings will be presented soon. Remember that these are example Torrc configurations, although heavily tested and 'optimized' for faster browsing. Code: ClientOnly 1 Note that Tor uses torrc settings effectively as recommendations and will still continue to build random circuits ... when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. Always read the Manual : https://www.torproject.org/docs/tor-manual.html.en All listed Public Keys can be verified via the Tor Atlas : https://atlas.torproject.org/ Some new servers have been included as verified for running Tor Mirrors : https://www.torproject.org/getinvolved/mirrors.html.en Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 31, 2016, 09:57:53 PM xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle.
xeronet Torrc - v6.0.4 - "Restrict Five-Eyes Entry Servers / Allow Five-Eyes Exits" Note : Tor Relays and Exit Nodes will now be listed by their Public Keys (instead of NickName and IP), which is a much better way to list EntryNodes, ExitNodes and Exclude Nodes. A more detailed explanation of the new settings will be presented soon. Remember that these are example Torrc configurations, although heavily tested and 'optimized' for faster browsing. Code: ClientOnly 1 Note that Tor uses torrc settings effectively as recommendations and will still continue to build random circuits ... when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. Always read the Manual : https://www.torproject.org/docs/tor-manual.html.en All listed Public Keys can be verified via the Tor Atlas : https://atlas.torproject.org/ Some new servers have been included as verified for running Tor Mirrors : https://www.torproject.org/getinvolved/mirrors.html.en N.B. {au},{ca},{gb},{nz},{us} are removed from ExcludeNodes. Public Keys for fast servers added to ExitNodes. EntryNodes are as "Exclude Five-Eyes Entry" servers. ExcludeExitNodes {??} . Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on August 31, 2016, 10:14:09 PM xeronet Torrc is a Client Only (example) configuration. - for the Tor Browser Bundle.
xeronet Torrc - v6.0.4 - "Include Five-Eyes Entry and Exit Servers" Note : Tor Relays and Exit Nodes will now be listed by their Public Keys (instead of NickName and IP), which is a much better way to list EntryNodes, ExitNodes and Exclude Nodes. A more detailed explanation of the new settings will be presented soon. Remember that these are example Torrc configurations, although heavily tested and 'optimized' for faster browsing. Code: ClientOnly 1 Note that Tor uses torrc settings effectively as recommendations and will still continue to build random circuits ... when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. Always read the Manual : https://www.torproject.org/docs/tor-manual.html.en All listed Public Keys can be verified via the Tor Atlas : https://atlas.torproject.org/ Some new servers have been included as verified for running Tor Mirrors : https://www.torproject.org/getinvolved/mirrors.html.en N.B. Selected {au},{ca},{gb},{nz},{us} Public Keys added to EntryNodes. Otherwise as "... Allow Five-Eyes Exits". NumEntryGuards 8 NumDirectoryGuards 4 . Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on February 02, 2017, 10:32:56 PM University / Technical Labs & Research Networks running Tor Relays or Exit Nodes ...
Hostname = .edu , .ac , .uni- ASName = SUNET , EDU , Research , Educacional , College , University , UNI Code: ExcludeNodes $A53C46F5B157DD83366D45A8E99A244934A14C46,$78C7C299DB4C4BD119A22B87B57D5AF5F3741A79,$94C4B7B8C50C86A92B6A20107539EE2678CF9A28,$7C0AA4E3B73E407E9F5FEB1912F8BE26D8AA124D,$EF27BB320827F8C809CA999E07B9B783C7ACC8F1,$BA57F79AADE2B71A18B06026C05AA58A53F6267B,$4ABD55F68300EAD7762A73D15531FB17A0C52997,$3D765C586CCA8B437B7697EA2CE6A51312530AB1,$5799CEDCA9A31BC095E9A61F882F73CCD54A9F30,$A3EC6973400E79B6377D134419D429978030BC97,$AE9C9E09478D906352376BC26CFD59E1D33728DB,$2456E98E3D8249A5325E93951D0BFA54D387E207,$3C1CD3833FD5D7803BA8E735F2E49D2B66E10CB7,$CDC1AA2E5D45F353D716CDF4FAAC57A7AE444507,$9715C81BA8C5B0C698882035F75C67D6D643DBE3,$5C8540D8D4EF0B7DA4E5486DAF2ECA42EDFEC9C0,$AE31E0FBF0D3E1B39F1DD8F55BC070D11AF524B0,$35FC730876698D22AAF86D87397EEAEF3B8EF1AA,$F2C23BE48AC39C499474B9B0D4F4FD7CE6860D85,$6F4FB8E18B713A34CA6714A6469AF222E2505883,$40E54BF4556B2361DABC04C015995CBADF8172A9,$64D8798F5344EB8E15F52361F844A7A817600CD0,$BDF33F7A5C13D7187F99A82CEC45B4D5AADCF873,$8268743F9657D45D03B1DB9AE43A1B7F9AEE6A91,$E1364BC3E5A99EA0F5C351DF513CC48CBC0A35F4,$9AD12F0E3CC871D59ACA14BB4076CDD8CB28DE57,$269C78907BC83F6F07733F78F71045287B11041B,$8DF80F30E260E21CABC2BBC94E33D1A3C9795E80,$CDBC7594DE8FDBC67FCC23F6C5B8BD59FD82D30A,$5F2F443F0D87B3F60C93305F82BF16B17F66D831,$C1C9B4DB473EDC229285E426C5B2F57F2BBDE0D6,$4C1348B26F7538A3F9B79ED336122A4AA82956E8,$B7A26945DA70D8C44F0CE7FC907884FA51EF16AA,$A71A6D4B19E921A3E9357723026628E4DDEB9B55,$723B055342FAE0AACE51CD17CE0D261EFF9A745A,$BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E,$2747CDDAAC409E9252D8307F769A5D501E2BBFC9,$380C8120BD819DF8AC22B7D7CDE65B03C90607BE,$BC95C8BF36069EFA72002350E37D85BC5E705216,$1399C98B3A8F90ABF7ACBFED9B38EE37CA294CF6,$E434078DFABFB14EF02C3A29F38549BC3134F519,$7AADBCFC89A7600C4B5173FB13C1AAA70A19226D,$E248C3A604E196137A3175D4B2E4328922178B47,$47F9F5F1611449A867167EEDF8EE4A63ABAAF5B2,$DD1BE813A55B8BCAD7044DCD067F8B6C5E07875B,$9C4DAED4759AA66D0E93EB27093BD21CFE2C2271,$C07A51611CC5111C192F0CB26501F0A231DB90F9,$BE12B6B7B019BD41D98B69A81742854D20846ED2,$7886C1A98DD8E39A74575810C400361DE455FF89,$DB689A7E6B91F031F1BDA1B8435A65C55BBA6767,$C7B1D19A59100403D69740046CBFDB8F96264C1D,$23C18C8010EAC83EC851A39B25E475AC82A8EF8A,$EE8320FCB0A1C5B27F7745015800302365088BB5,$9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645,$CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912,$D7BAB1C925A09811EE5FDA52DF1BA3AC76DB79B3,$FFA72BD683BC2FCF988356E6BEC1E490F313FB07,$12AD30E5D25AA67F519780E2111E611A455FDC89,$80AAF8D5956A43C197104CEF2550CD42D165C6FB,$B83DC1558F0D34353BB992EF93AFEAFDB226A73E,$8E454B25A25FD00C8DADEF6988834C2112B96287,$E7C855960D19CA61C552C11D41A87DE51F025656,$DC3E4AB7265CEA0CDA8C07AC63178E608E2AB0E7,$EA36DDD06BDDF6F7F41F54E6414F1683EF21361B,$CD95318064036AD6C4E4CA3971FDA12EDF980830,$D5B84A10DDAE734E9CB90ED96D8FFA2F4E705D99,$655303DAEBC479C875D2330D660B17EE8871E348,$6691AE4255ADC2C7BEE2C27CC1C9D413ADA1E8EA,$8806C3E6FA42B07113F3A1553DE70C0A30101201,$EBE718E1A49EE229071702964F8DB1F318075FF8,$20386D9A32BECBE602375E015FC70117955653F1,$FEDE31337E4E19E06B97D282F08B0A0E8B9C5526,$7C16F60CD2AEB2208ADF5B69187DDF8A61C85EAE,$EA9C34092822D89F1F65D9CD34AC482AD31F0EB7,$B342F74010CADBD8D2E47141A9CFFFDFEA0E8CBA,$2E3E941A2BDDB76D1438C10C45265AEEB926F6AC,$C5486131E3681A93137C9508D2CD0E5E60147267,$8667C6A68CDBE35FB487F9F01F3339F16FAA9AB5,$AF48904A9954D37A9892239C0C3133FC78C61A2C,$1494ECFE6459C30A56C5096F17A4708B82E1DE41,$E1A17D3B1605B8522D2BEC63F08F19130C4ED8EF,$E97F3729AF966B671E1A50CF790A4DCAD4F50E6E,$712E84403C2A0C03345C2E751ACE77476AA3FA90,$3BAD73517BA45B685D5C8E5F4C32A729459275CA,$4582DE20A1F9E942A8FA524266A01FE85383CB32,$D4553D2F8012B68DEE801879D5D6C354980E73C8,$9AFAAC7A68FC036B96A253B8A9599EE611490164,$F974EC0604717964D8441CE48A588A9E8EF0922F,$B7DFD9C03527B25F5FC5A0CD5647BE6FFADD136D,$BFB39994DEE74D23B1E69ECE702B716CE13B41CA,$F8D27B163B9247B232A2EEE68DD8B698695C28DE,$04A7DAD133E6D29E676AAFF28D405C611AB59DF5,$91FA331BB51CF777FBF76CC80340D32E6A2AD322,$157ABC8B9C76FCE978C676894C3C839086A4EC6A,$AE812CAE5E3E16261F48B620E030C26F7BF027C5,$B59615E2792623AA26D6D6BF57D65BD89D2D6887,$01A9258A46E97FF8B2CAC7910577862C14F2C524,$7C3AF46F77445A0B1E903A5AF5B730A05F127BFC,$CD9FD887A4572D46938640BA65F258851F1E418B Bad Exits / associated with Bad Exits ... Code: ExcludeNodes $848878591CAF51274E3A9B71933E9599FA39E122,$49674A87D848C216A56D3228C65D9294379D7653,$128814837EC27F20D76EBDDB2CB3AB70258F0BA8,$75FCEA0BE7A2A472669352A1F0F2E59F99C6A3AA,$DEAABB20A7167F09E0B1BE293D71C169748D917A,$5CF975A445181F803B000262765FC9EBE0F42354,$D64366987CB39F61AD21DBCF8142FA0577B92811,$548537E4D2B1ADFDF0E2AA3A9CE71902FEB4579D,$14B2C5C18D30B405AD215219A7F83FD39CFE9681,$AF8123560919F160F38A44A13418D7AC2E14CE64 - https://atlas.torproject.org/ Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: rokkyroad on February 03, 2017, 02:35:39 AM This is the go-to place for torbrowser users. Thanks again BitcoinFX!
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: ICOGuru on February 03, 2017, 03:11:51 AM THANK YOU!!!! ;D
Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 11, 2017, 11:59:10 AM This is the go-to place for torbrowser users. Thanks again BitcoinFX! Welcome! The torrc configurations posted in this thread are due for an update and/or should now be considered outdated. A good number of the posted Tor server keys have now changed, having been upgraded by the organizations hosting said respected nodes. I'm unlikely to post in this thread in the future. New updated configuration torrc examples can be found at : https://tornull.org or http://tornulst2rbxvbpd.onion/ A new GeoIP torrc example can be found here : https://tornull.org/geoip-torrc.php The xeronet torrc configurations will also be made available via tornull.org sometime soon. I'll still be contributing to the configurations via this website. Title: Re: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes Post by: BitcoinFX on May 17, 2017, 05:33:15 PM Moving forward, the xeronet Rocket torrc releases will now be updated via tornull.org
- https://tornull.org/xeronet-rocket-torrc.php |
