Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes

[BitcoinFX]

xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'. xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle.

It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose.

See: https://www.torproject.org/download/download-easy.html

On my xeronet proxy websites I publish a custom torrc configuration which aims to make Tor faster, safer and more secure for regular Tor users.

(I've recently lost my web hosting account with the full config. explanations. New website coming soon!)

I'm working on the latest release, as an update is long overdue, however I've decided to publish this version here for some feedback.

This version helps to prevent FiveEyes spying by avoiding Tor servers located in USA, UK, Australia, Canada and New Zealand.

It also helps to avoid censorship by filtering countries that have been found to be using mass censorship of the internet.

The configuration does this by including only the fastest, most stable and secure Tor servers.

UPDATED: 18th March 2015 - Added new fast nodes and revised Exclude nodes. New censorship resistant config. (see latest post below)

Revised country code restriction recommendations: https://bitcointalk.org/index.php?topic=331077.msg10803165#msg10803165

TBB Firefox advised about:config options: https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048

The Tor Browser Bundle 3.5 upwards has no Vidalia and uses some new Torrc settings:

DirReqStatistics , DataDirectory and GeoIPFile locations are now written to the torrc on first run.

New torrc-defaults file should remain unedited i.e.

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksListenAddress 127.0.0.1
SocksPort 9150
ControlPort 9151
CookieAuthentication 1

See below posts for info. This is the preferred / recommended config. for most users.

Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder).

Code:

ClientOnly 1

EnforceDistinctSubnets 0

EntryNodes AccessNow000,AccessNow001,AccessNow002,AccessNow003,AccessNow004,AccessNow005,AccessNow006,AccessNow007,AccessNow008,AccessNow009,AccessNow010,AccessNow011,AccessNow012,AccessNow013,AccessNow014,AccessNow015,AccessNow016,AccessNow017,AccessNow018,AccessNow019,spfTOR3,spfTOR1e1,spfTOR1e2,spfTOR1e3,spfTOR4e1,spfTOR4e2,spfTOR4e3,spfTOR5e1,spfTOR5e2,spfTOR5e3,orion,orilla,destiny,chulak,aurora,assk,assk2,sofia,amartysen,lumumba,ethanzuckerman,politkovskaja,politkovskaja2,edwardsnowden0,edwardsnowden1,edwardsnowden2,hessel0,hessel1,hessel2,ekumen,marcuse1,marcuse2,marylou1,marylou2,chaoscomputerclub27,chaoscomputerclub28,chaoscomputerclub29,chaoscomputerclub30,atticus,blanqui,thoreau,enjolras,luxemburg,bakunin,jaures,DFRI0,DFRI1,DFRI3,DFRI4,hviv103,hviv104,hviv105,wagtail,toreffiorg

ExcludeNodes Unnamed,default,{af},{dz},{ao},{am},{az},{bh},{by},{bj},{bn},{mm},{bf},{bi},{kh},{cm},{cf},{td},{cn},{co},{km},{cd},{ci},{cu},{dj},{eg},{gq},{er},{et},{ga},{gm},{ge},{gn},{hn},{hk},{in},{id},{ir},{iq},{jo},{kz},{kw},{kg},{la},{ly},{mo},{mg},{my},{mr},{yt},{mx},{md},{ma},{ng},{ne},{kp},{om},{pk},{ps},{qa},{ru},{rw},{sa},{sn},{sl},{sg},{so},{kr},{lk},{sd},{sz},{sy},{tw},{tj},{th},{tg},{tn},{tr},{tm},{ua},{ae},{uz},{ve},{vn},{ye},{zw},{gb},{ie},{je},{gg},{im},{ai},{bm},{aq},{io},{vg},{ky},{fk},{gi},{ms},{sh},{gs},{tc},{us},{mp},{pr},{vi},{as},{ht},{fm},{gu},{gl},{ca},{au},{cc},{nf},{nz},{tk},{ck},{nu},{cy},{al},{ar},{bt},{bo},{cg},{ec},{fj},{gt},{gw},{il},{ke},{lb},{ls},{lr},{mk},{mw},{mv},{np},{ni},{py},{sc},{ug},{zm},{??}

ExcludeExitNodes {ag},{bb},{bz},{bw},{bg},{dm},{gh},{gd},{gy},{jm},{ki},{mu},{me},{na},{nr},{pg},{kn},{lc},{vc},{ws},{sb},{so},{sr},{tz},{to},{tt},{tv},{??}

ExitNodes AccessNow000,AccessNow001,176.10.99.200,AccessNow002,AccessNow003,176.10.99.201,AccessNow004,AccessNow005,176.10.99.202,AccessNow006,AccessNow007,176.10.99.203,AccessNow008,AccessNow009,176.10.99.204,AccessNow010,AccessNow011,176.10.99.205,AccessNow012,AccessNow013,176.10.99.206,AccessNow014,AccessNow015,176.10.99.207,AccessNow016,AccessNow017,176.10.99.208,AccessNow018,AccessNow019,176.10.99.209,spfTOR3,62.220.135.129,spfTOR1e1,77.109.141.138,spfTOR1e2,77.109.141.139,spfTOR1e3,77.109.141.140,spfTOR4e1,77.109.138.42,spfTOR4e2,77.109.138.43,spfTOR4e3,77.109.138.44,spfTOR5e1,77.109.139.26,spfTOR5e2,77.109.139.27,spfTOR5e3,77.109.139.28,orion,94.242.246.24,orilla,94.242.252.41,destiny,94.242.246.23,chulak,176.126.252.11,aurora,176.126.252.12,assk,78.108.63.46,assk2,78.108.63.44,sofia,77.247.181.162,amartysen,lumumba,77.247.181.163,ethanzuckerman,77.247.181.164,politkovskaja,politkovskaja2,77.247.181.165,edwardsnowden0,109.163.234.7,edwardsnowden1,109.163.234.8,edwardsnowden2,109.163.234.9,hessel0,109.163.234.2,hessel1,109.163.234.4,hessel2,109.163.234.5,ekumen,95.142.161.63,marcuse1,178.20.55.16,marcuse2,178.20.55.18,marylou1,marylou2,89.234.157.254,chaoscomputerclub27,77.244.254.227,chaoscomputerclub28,77.244.254.228,chaoscomputerclub29,77.244.254.229,chaoscomputerclub30,77.244.254.230,atticus,46.239.117.180,blanqui,thoreau,46.165.221.166,enjolras,81.89.96.88,luxemburg,81.89.96.89,bakunin,178.16.208.56,jaures,178.16.208.57,DFRI0,171.25.193.20,DFRI1,171.25.193.77,DFRI3,171.25.193.235,DFRI4,171.25.193.78,hviv103,178.162.193.213,hviv104,192.42.116.16,hviv105,79.98.107.90,wagtail,77.109.139.87

LongLivedPorts 21, 22, 80, 443, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8080, 8300, 9001, 9030

N.B. config. may pause connection if imported before the first run. Just Exit and restart if this happens.

UseEntryGuards (no longer required - as bundle default).

StrictNodes (is auto removed from the conf. if 0 - see below).

FascistFirewall 1 (is recommended for the xeronet Torrc if you can reach the Tor network without using a proxy, as the focus is now on the fastest and safest settings for browsing i.e. using only ports 80 and 443 and corresponding entry and exit servers).

A detailed explanation of the selected settings was published on my old website which is now offline due to the web host closing down.

ExcludeNodes are selected from: http://torstatus.blutmagie.de/ 'bad nodes' and country blocks from: https://wikipedia.org/wiki/Internet_censorship

Many other factors have also been considered with the aim of making Tor faster including excluding relays in countries with slow internet backbone connections etc.

Entry and Exit nodes have been selected based on numerous factors. These are the 'best', fastest and most secure Tor servers available for browsing via ports 80 and 443. They have again been selected from http://torstatus.blutmagie.de/ The nodes are run by the following Privacy focused organizations, who can be trusted with your data, perhaps over and above other miscellaneous Tor nodes.

http://privacyfoundation.ch/ - Swiss Privacy Foundation

https://riseup.net/en - riseup.net

https://www.ccc.de/en/?language=en - Chaos Computer Club (CCC)

https://www.torservers.net/ - torservers.net Partners ...

https://www.accessnow.org/ - Access

https://www.koumbit.org/ - Koumbit

https://effi.org/ - Electronic Frontier Finland

https://nos-oignons.net/ - Nos oignons

https://calyxinstitute.org/ - The Calyx Institute

https://www.dfri.se/dfri/?lang=en - DRFI: "Föreningen för Digitala Fri- och Rättigheter" - DFRI is a nonprofit organisation working for digital rights.

https://www.hartvoorinternetvrijheid.nl/eng.html - Hart voor Internetvrijheid (Heart for Internet freedom).

http://www.enn.lu/ - Frënn vun der Ënn A.S.B.L.

http://icetor.is/ - Icetor - Freedom from the frozen north.

and others ...

Remember that Tor will still select random servers and middle nodes etc. This example config. just helps to enuse the fastest circuits. If you don't like a setting in this example config. then please change it yourself.


Here are the important options from the Tor manual:

Use StrictNodes 1 to enforce the server selection. Currently set to 0 'default'.

"If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfil a .exit request, upload directory information, or download directory information. (Default: 0)"

You can set StrictNodes to 1 to make browsing faster and completely avoid 'FiveEyes' and internet censored countries, but it will 'break' hidden services if they are located in one of those blocked countries. ~ Ever wondered how the security services locate Tor 'hidden services' ... hummm.

Use FascistFirewall 1 to force port 80 (http) and port 443 (https) access.

"If 1, Tor will only create outgoing connections to ORs running on ports that your firewall allows (defaults to 80 and 443; see FirewallPorts). This will allow you to run Tor as a client behind a firewall with restrictive policies, but will not allow you to run as a server behind such a firewall. If you prefer more fine-grained control, use ReachableAddresses instead."

When using this option do make sure that your selected Nodes use port 80 and/or port 443 Also, if your firewall does allow other ports (or you want to connect other applications to Tor) then we do recommend changing FascistFirewall back to 0, as this will automatically 'unlock' additional fast entry nodes already included in the xeronet Torrc list.

Use UseEntryGuards 1 for increased security.

"If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1 anyway)"

Use ClientOnly 1 for the Tor Browser Bundle.

"If set to 1, Tor will under no circumstances run as a server or serve directory requests. The default is to run as a client unless ORPort is configured. (Usually, you don’t need to set this; Tor is pretty smart at figuring out whether you are reliable and high-bandwidth enough to be a useful server.) (Default: 0)"

Using additional LongLivedPorts 80, 443, 9001 and 9030.

"A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that a node will go down before the stream is finished. Note that the list is also honoured for circuits (both client and service side) involving hidden services whose virtual port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300)"

These additions are somewhat experimental, however the overall configuration does seem to work better when including these port settings; especially in relation to the StrictNodes option above where the configuration was found to be much faster overall than when enforcing StrictNodes 1. Thus, we have reverted to using the 'default' StrictNodes 0.

xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'

Requires the latest Tor Browser Bundle for correct operation.

N.B. Save as 'torrc' only and not 'torrc.txt' or just copy / paste into your existing torrc file.

Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder).

The Tor software must not be running when you install our configuration. Start Tor. Done.

Enjoy super fast Tor !

xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle.

It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose.

P.S. I'm looking to set-up some fast Tor servers in censorship resistant countries. If you like this custom Tor configuration please consider a donation until I'm able to set-up a full concept / donations page or crowdfunding project.

Thanks!

"Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc.

Always Read the Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS

[1714919850]

1714919850

[1714919850]

1714919850

[BitcoinFX]

Someone contacted me regarding the PirateBrowser see: http://piratebrowser.com/

"PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens."

The torrc additions are as follows:

Code:

# Configured for speed 
ExcludeSingleHopRelays 0
EnforceDistinctSubnets 0
AllowSingleHopCircuits 1

# Exclude countries that might have blocks
ExcludeExitNodes {dk},{ie},{gb},{be},{it},{cn},{ir},{fi},{no}

As they state on their website the Pirate Browser's focus is on censorship circumvention as opposed to better overall anonymity provided by the default Tor browser bundle. For those that want even faster Tor and that don't mind potentially lowering anonymity - we can combine settings from both Tor configs.

ExcludeSingleHopRelays

"This option controls whether circuits built by Tor will include relays with the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set to 0, these relays will be included. Note that these relays might be at higher risk of being seized or observed, so they are not normally included. Also note that relatively few clients turn off this option, so using these relays might make your client stand out. (Default: 1)"

EnforceDistinctSubnets

"If 1, Tor will not put two servers whose IP addresses are "too close" on the same circuit. Currently, two addresses are "too close" if they lie in the same /16 range. (Default: 1)"

AllowSingleHopCircuits

"When this option is set, the attached Tor controller can use relays that have the AllowSingleHopExits option turned on to build one-hop Tor connections. (Default: 0)"

NumEntryGuards NUM

"If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. (Default: 3)"

EDIT: Example torrc config. removed due to being outdated in the latest Tor Browser Bundle 3.5 release - see OP.

"Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc.

Always Read the Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS

 

[AndrewWilliams]

How does this compare to JonDoBrowser?

https://anonymous-proxy-servers.net/

I know JonDoBrowser deals with the problem of "fingerprinting" browsers.

See http://ip-check.info/?lang=en for an example of Browser fingerprinting.

[meeh]

How does this compare to JonDoBrowser?

https://anonymous-proxy-servers.net/

I know JonDoBrowser deals with the problem of "fingerprinting" browsers.

See http://ip-check.info/?lang=en for an example of Browser fingerprinting.

https://anonymous-proxy-servers.net/ seems to be a company that earns money on making you anonymous. Tor is ... also a company, but does not take any money for delivering you the anonymity. I've not looked far into the link you provided, but from what I've seen you shouldn't get surprised if they use Tor as a underlying technology. Tor is also heavily community supported with both patches, documentation, translation and academical research.

Conclusion: I rather choose BitcoinFX's Tor solution here than a commercial product from any company. Much because Tor is as said above open source and community supported, so people like me who like to know what's beeing runned on the computer can read it. Not at least then you can check for "NSA checkpoints" ;P ... I'm not applying that this company have anything to do with them, I just say that a company can get orders from their government to do shit (like deliver traffic history) against their users without their knowledge. At the Tor project, they have zero knowledge of your traffic content. It can't happen because of the network design.

[BitcoinFX]

How does this compare to JonDoBrowser?

https://anonymous-proxy-servers.net/

I know JonDoBrowser deals with the problem of "fingerprinting" browsers.

See http://ip-check.info/?lang=en for an example of Browser fingerprinting.

I've had not tired JonDoBrowser or JonDoFox for over a year or so now. So, I downloaded the latest release for comparison.

JonDo (formerly JAP) is a 2-hop mixing service. Default Tor (and the 1st config. for Tor that I posted) is a 3-hop proxy.

There is a very good reason why you must use 3 hop proxies for true anonymity i.e. A doesn't know who C is. B knows A and C, but doesn't know you or your destination.

The free mixes (hops) available with JAP are (currently) as follows:

Germany > Internet (original "Dresden (JAP)"

Germany > Czech Republic or United Kingdom

Germany > United States or Austria

Germany > France or United States

Luxemburg or Bulgaria > France or United States

Canada or Germany > United States or United Kingdom

United States or Germany > USA

Therefore, it is practically impossible to avoid the 'FiveEyes' countires hosting JonDo nodes. When I have used JonDo (free) servers in the past for browsing I found it to be slower than Tor. Today it was actually quite fast. However, the mixes have available slots ranging from 400 to 1000 and most were around 2/3 full on average, when most of the US was offline. The more users at anyone time, obviously the slower the JonDo free service becomes. I'd imagine that the paid version avoids this slowdown issue. Although, the less users that are in the mix, the less anonymous you become.

Also, when you purchase a commercial product you somewhat relinquish your anonymity, especially with a subscription product such as a VPN. This is something which is quite surprisingly overlooked by most people. Tor is free and open source.

Browser 'fingerprinting' is not really an issue with either Tor or JonDo privacy / anonymity solutions. Tor provides much better anonymity and flexibility over JonDo imho, both out-of-the-box and/or when using my xeronet Torrc config. Both Tor and JonDo provide better anonymity and privacy over regular internet browsing without a proxy.

A lot of research and knowledge of both the Tor network and online privacy / anonymity / censorship circumvention has gone into this config. For example, some fast Tor servers have intentionally been omitted from the config. so that they are more likely to be randomly selected as Middle Nodes. For regular internet browsing this config. is perhaps the best example of the off-set found between speed and anonymity when using Tor.

Some from the Tor project have argued that my xeronet Torrc config. might carry an increased 'fingerprint' in terms of network analysis. I in fact consider it to have less of a fingerprint than the default Tor config. and I've started doing metrics to demonstrate this. Using EntryGuards has obvious advantages.

One of the main issues with Tor is that most Tor network traffic is easily recognisable on ports 9001 and 9030, setting FascistFirewall 1 is a good way to overcome this for regular browsing, as your first hop will only be on ports 80 (http) and 443 (https). If your not intending to access any Tor hidden services, then setting StrictNodes 1 can also make browsing somewhat faster.

To me it makes a lot of sense to tell Tor which servers are the fastest Entry and Exit nodes and also which servers / locations to avoid for numerous reasons. Some Tor servers are malicious and/or badly misconfigured. My config. avoids those nodes as well.

If you don't like anything in my Torrc then you are of course free to edit it, add remove bridge nodes, entry nodes, exit nodes etc. etc. That's the idea really. In fact, it makes more sense for everyone to use a slight variation of the config. and to occasionally mix-it-up.

Remember: "Tor can't help you if you use it wrong!"  

[BitcoinFX]

EDIT: Example torrc config. removed due to being outdated in the latest Tor Browser Bundle 3.5 release - see OP.

[AndrewWilliams]

You do not have to pay for JonDoBrowser.


Yes it's based on Tor.



I am still pretty concerned about browser fingerprinting.

There's no use to Tor if your browser can be ID'ed as unique...


If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it.

Here's the link to the test: https://panopticlick.eff.org/





I will gladly use a Tor based browser that addresses the issue of browser fingerprinting.

[dserrano5]

See http://ip-check.info/?lang=en for an example of Browser fingerprinting.

Wow that @font-face CSS stuff is pretty nasty, no JS required for them to enumerate your fonts :/.

[BitcoinFX]

You do not have to pay for JonDoBrowser.


Yes it's based on Tor.



I am still pretty concerned about browser fingerprinting.

There's no use to Tor if your browser can be ID'ed as unique...


If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it.

Here's the link to the test: https://panopticlick.eff.org/





I will gladly use a Tor based browser that addresses the issue of browser fingerprinting.

I stated that JonDoBrowser has a free and paid version.

JonDoBrowser is not based on Tor, it only has the option to use Tor servers instead of the JonDo servers aka JAP. JonDoBrowser does not include Tor by default and nor does it use any Tor servers by default.

My browser ? The xeronet Torrc config. file for the Tor Browser Bundle is to demonstrate the use of custom circuits and routing. So, you can use whatever browser, settings or plugins you want with Tor and the config. You could use the JonDoBrowser, install Tor and edit the default conf. with the xeronet Torrc settings and select to use the Tor network in the JonDoBrowser, if you feel that browser is better at hiding the '21 unique identifying pieces of info.' that the EFF projects checks. I'll run some tests as well.

[AndrewWilliams]

I stated that JonDoBrowser has a free and paid version.

JonDoBrowser is not based on Tor, it only has the option to use Tor servers instead of the JonDo servers aka JAP. JonDoBrowser does not include Tor by default and nor does it use any Tor servers by default.

My browser ? The xeronet Torrc config. file for the Tor Browser Bundle is to demonstrate the use of custom circuits and routing. So, you can use whatever browser, settings or plugins you want with Tor and the config. You could use the JonDoBrowser, install Tor and edit the default conf. with the xeronet Torrc settings and select to use the Tor network in the JonDoBrowser, if you feel that browser is better at hiding the '21 unique identifying pieces of info.' that the EFF projects checks. I'll run some tests as well.

Thanks for addressing my concerns.

I've been researching this for a long time, and I know at the end of the day if the browser is not built to resist fingerprint tracking, it's no use.

You can have 30 Tor servers and it still would be an Achilles heel.

I will try that out this weekend.

[BitcoinFX]

Thanks for addressing my concerns.

I've been researching this for a long time, and I know at the end of the day if the browser is not built to resist fingerprint tracking, it's no use.

You can have 30 Tor servers and it still would be an Achilles heel.

I will try that out this weekend.

You are correct with regards to browser fingerprint tracking being difficult to avoid. Also See: https://wiki.mozilla.org/Fingerprinting

Some of the identfiers are actually potentially increased when using anonymity software itself.

Interesting article: http://www.idcloak.com/learning-center/noscript-chrome-noscript-firefox-browser-fingerprint-protection/a583.html

Making your browser seem more generic can be advantageous. Continually spoofing your browser agent is also an option.

See: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

See: https://addons.mozilla.org/en-US/firefox/addon/user-agent-overrider/

See: https://wikipedia.org/wiki/User_agent

Use of the updated Tor Browser Bundle Portable is still going to be the easiest option for most.

[AndrewWilliams]

Info appreciated, thank you.

[BitcoinFX]

Info appreciated, thank you.

Sure. You are welcome.

Infact, I've just done some testing with both browsers and also tried switching user agents.

NoScript and the TorButton addon defaults in the Tor Browser Bundle (as FirefoxESR Portable) scored:

"Currently, we estimate that your browser has a fingerprint that conveys 17.53 bits of identifying information."

JonDoBrowser out-of-the-box (Firefox 24) scored:

"Currently, we estimate that your browser has a fingerprint that conveys 13.95 bits of identifying information."

Switching user agents seems to give a generic score of 21.77 bits of identifying information.

For the traffic analysis reasons regarding JonDo 2 hop proxies that I described in my above post. It would seem that the best combination for privacy, anonymity and security would infact be the JonDoBrowser routed through Tor (not JAP) using my xeronet Tor config. or one similar.

EDIT: The latest Tor Browser Bundle release with Firefox 24 ESR has the lowest score, if you disable JavaScript - see below posts.

The main issue with the Tor Bundle Browser identifiers relate to it being based on FirefoxESR.

See: https://www.mozilla.org/en-US/firefox/organizations/faq/

I'm guessing I'll be able to find a browser configuration and plugins combination that will give a lower score than both of these browser configurations, although most of the remaining identifiers actually only relate to screen size, choice of language-pack and to which browser is the most popular at any given time.

[BitcoinFX]

xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'. xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle.

It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose.

See: https://www.torproject.org/download/download-easy.html

UPDATED: 18th March. 2015 - Added new fast nodes and revised Exclude nodes. New censorship resistant config. (see latest post below)

Revised country code restriction recommendations: https://bitcointalk.org/index.php?topic=331077.msg10803165#msg10803165

TBB Firefox advised about:config options: https://bitcointalk.org/index.php?topic=331077.msg10804048#msg10804048

N.B. This is the same config. as the OP.

The Tor Browser Bundle 3.5 upwards has no Vidalia and uses some new Torrc settings:

DirReqStatistics , DataDirectory and GeoIPFile locations are now written to the torrc on first run.

New torrc-defaults file should remain unedited i.e.

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksListenAddress 127.0.0.1
SocksPort 9150
ControlPort 9151
CookieAuthentication 1

See below posts for info. This is the preferred / recommended config. for most users.

Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder).

Code:

ClientOnly 1

EnforceDistinctSubnets 0

EntryNodes AccessNow000,AccessNow001,AccessNow002,AccessNow003,AccessNow004,AccessNow005,AccessNow006,AccessNow007,AccessNow008,AccessNow009,AccessNow010,AccessNow011,AccessNow012,AccessNow013,AccessNow014,AccessNow015,AccessNow016,AccessNow017,AccessNow018,AccessNow019,spfTOR3,spfTOR1e1,spfTOR1e2,spfTOR1e3,spfTOR4e1,spfTOR4e2,spfTOR4e3,spfTOR5e1,spfTOR5e2,spfTOR5e3,orion,orilla,destiny,chulak,aurora,assk,assk2,sofia,amartysen,lumumba,ethanzuckerman,politkovskaja,politkovskaja2,edwardsnowden0,edwardsnowden1,edwardsnowden2,hessel0,hessel1,hessel2,ekumen,marcuse1,marcuse2,marylou1,marylou2,chaoscomputerclub27,chaoscomputerclub28,chaoscomputerclub29,chaoscomputerclub30,atticus,blanqui,thoreau,enjolras,luxemburg,bakunin,jaures,DFRI0,DFRI1,DFRI3,DFRI4,hviv103,hviv104,hviv105,wagtail,toreffiorg

ExcludeNodes Unnamed,default,{af},{dz},{ao},{am},{az},{bh},{by},{bj},{bn},{mm},{bf},{bi},{kh},{cm},{cf},{td},{cn},{co},{km},{cd},{ci},{cu},{dj},{eg},{gq},{er},{et},{ga},{gm},{ge},{gn},{hn},{hk},{in},{id},{ir},{iq},{jo},{kz},{kw},{kg},{la},{ly},{mo},{mg},{my},{mr},{yt},{mx},{md},{ma},{ng},{ne},{kp},{om},{pk},{ps},{qa},{ru},{rw},{sa},{sn},{sl},{sg},{so},{kr},{lk},{sd},{sz},{sy},{tw},{tj},{th},{tg},{tn},{tr},{tm},{ua},{ae},{uz},{ve},{vn},{ye},{zw},{gb},{ie},{je},{gg},{im},{ai},{bm},{aq},{io},{vg},{ky},{fk},{gi},{ms},{sh},{gs},{tc},{us},{mp},{pr},{vi},{as},{ht},{fm},{gu},{gl},{ca},{au},{cc},{nf},{nz},{tk},{ck},{nu},{cy},{al},{ar},{bt},{bo},{cg},{ec},{fj},{gt},{gw},{il},{ke},{lb},{ls},{lr},{mk},{mw},{mv},{np},{ni},{py},{sc},{ug},{zm},{??}

ExcludeExitNodes {ag},{bb},{bz},{bw},{bg},{dm},{gh},{gd},{gy},{jm},{ki},{mu},{me},{na},{nr},{pg},{kn},{lc},{vc},{ws},{sb},{so},{sr},{tz},{to},{tt},{tv},{??}

ExitNodes AccessNow000,AccessNow001,176.10.99.200,AccessNow002,AccessNow003,176.10.99.201,AccessNow004,AccessNow005,176.10.99.202,AccessNow006,AccessNow007,176.10.99.203,AccessNow008,AccessNow009,176.10.99.204,AccessNow010,AccessNow011,176.10.99.205,AccessNow012,AccessNow013,176.10.99.206,AccessNow014,AccessNow015,176.10.99.207,AccessNow016,AccessNow017,176.10.99.208,AccessNow018,AccessNow019,176.10.99.209,spfTOR3,62.220.135.129,spfTOR1e1,77.109.141.138,spfTOR1e2,77.109.141.139,spfTOR1e3,77.109.141.140,spfTOR4e1,77.109.138.42,spfTOR4e2,77.109.138.43,spfTOR4e3,77.109.138.44,spfTOR5e1,77.109.139.26,spfTOR5e2,77.109.139.27,spfTOR5e3,77.109.139.28,orion,94.242.246.24,orilla,94.242.252.41,destiny,94.242.246.23,chulak,176.126.252.11,aurora,176.126.252.12,assk,78.108.63.46,assk2,78.108.63.44,sofia,77.247.181.162,amartysen,lumumba,77.247.181.163,ethanzuckerman,77.247.181.164,politkovskaja,politkovskaja2,77.247.181.165,edwardsnowden0,109.163.234.7,edwardsnowden1,109.163.234.8,edwardsnowden2,109.163.234.9,hessel0,109.163.234.2,hessel1,109.163.234.4,hessel2,109.163.234.5,ekumen,95.142.161.63,marcuse1,178.20.55.16,marcuse2,178.20.55.18,marylou1,marylou2,89.234.157.254,chaoscomputerclub27,77.244.254.227,chaoscomputerclub28,77.244.254.228,chaoscomputerclub29,77.244.254.229,chaoscomputerclub30,77.244.254.230,atticus,46.239.117.180,blanqui,thoreau,46.165.221.166,enjolras,81.89.96.88,luxemburg,81.89.96.89,bakunin,178.16.208.56,jaures,178.16.208.57,DFRI0,171.25.193.20,DFRI1,171.25.193.77,DFRI3,171.25.193.235,DFRI4,171.25.193.78,hviv103,178.162.193.213,hviv104,192.42.116.16,hviv105,79.98.107.90,wagtail,77.109.139.87

LongLivedPorts 21, 22, 80, 443, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8080, 8300, 9001, 9030

N.B. config. may pause connection if imported before the first run. Just Exit and restart if this happens.

UseEntryGuards (no longer required - as bundle default).

StrictNodes (is auto removed from the conf. if 0 - see below).

FascistFirewall 1 (is recommended for the xeronet Torrc if you can reach the Tor network without using a proxy, as the focus is now on the fastest and safest settings for browsing i.e. using only ports 80 and 443 and corresponding entry and exit servers).

A detailed explanation of the selected settings used to be published on my old website which is now offline due to the web host closing down.

ExcludeNodes are selected from: http://torstatus.blutmagie.de/ 'bad nodes' and country blocks from: https://wikipedia.org/wiki/Internet_censorship

Many other factors have also been considered with the aim of making Tor faster including excluding relays in countries with slow internet backbone connections etc.

Entry and Exit nodes have been selected based on numerous factors. These are the 'best', fastest and most secure Tor servers available for browsing via ports 80 and 443. They have again been selected from http://torstatus.blutmagie.de/ The nodes are run by the following Privacy focused organizations, who can be trusted with your data, perhaps over and above other miscellaneous Tor nodes.

http://privacyfoundation.ch/ - Swiss Privacy Foundation

https://riseup.net/en - riseup.net

https://www.ccc.de/en/?language=en - Chaos Computer Club (CCC)

https://www.torservers.net/ - torservers.net Partners ...

https://www.accessnow.org/ - Access

https://www.koumbit.org/ - Koumbit

https://effi.org/ - Electronic Frontier Finland

https://nos-oignons.net/ - Nos oignons

https://calyxinstitute.org/ - The Calyx Institute

https://www.dfri.se/dfri/?lang=en - DRFI: "Föreningen för Digitala Fri- och Rättigheter" - DFRI is a nonprofit organisation working for digital rights.

https://www.hartvoorinternetvrijheid.nl/eng.html - Hart voor Internetvrijheid (Heart for Internet freedom).

http://www.enn.lu/ - Frënn vun der Ënn A.S.B.L.

http://icetor.is/ - Icetor - Freedom from the frozen north.

and others ...

Remember that Tor will still select random servers and middle nodes etc. This example config. just helps to enuse the fastest circuits. If you don't like a setting in this example config. then please change it yourself.


Here are the important options from the Tor manual:

Use StrictNodes 1 to enforce the server selection. Currently set to 0 'default'.

"If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfil a .exit request, upload directory information, or download directory information. (Default: 0)"

You can set StrictNodes to 1 to make browsing faster and completely avoid 'FiveEyes' and internet censored countries, but it will 'break' hidden services if they are located in one of those blocked countries. ~ Ever wondered how the security services locate Tor 'hidden services' ... hummm.

Use FascistFirewall 1 to force port 80 (http) and port 443 (https) access.

"If 1, Tor will only create outgoing connections to ORs running on ports that your firewall allows (defaults to 80 and 443; see FirewallPorts). This will allow you to run Tor as a client behind a firewall with restrictive policies, but will not allow you to run as a server behind such a firewall. If you prefer more fine-grained control, use ReachableAddresses instead."

When using this option do make sure that your selected Nodes use port 80 and/or port 443 Also, if your firewall does allow other ports (or you want to connect other applications to Tor) then we do recommend changing FascistFirewall back to 0, as this will automatically 'unlock' additional fast entry nodes already included in the xeronet Torrc list.

Use UseEntryGuards 1 for increased security.

"If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1 anyway)"

Use ClientOnly 1 for the Tor Browser Bundle.

"If set to 1, Tor will under no circumstances run as a server or serve directory requests. The default is to run as a client unless ORPort is configured. (Usually, you don’t need to set this; Tor is pretty smart at figuring out whether you are reliable and high-bandwidth enough to be a useful server.) (Default: 0)"

Using additional LongLivedPorts 80, 443, 9001 and 9030.

"A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that a node will go down before the stream is finished. Note that the list is also honoured for circuits (both client and service side) involving hidden services whose virtual port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300)"

These additions are somewhat experimental, however the overall configuration does seem to work better when including these port settings; especially in relation to the StrictNodes option above where the configuration was found to be much faster overall than when enforcing StrictNodes 1. Thus, we have reverted to using the 'default' StrictNodes 0.

xeronet Torrc - v4.0.4 - 'Anti-FiveEyes'.

Requires the latest Tor Browser Bundle for correct operation.

N.B. Save as 'torrc' only and not 'torrc.txt' or just copy / paste into your existing torrc file.

Replace the existing torrc file in your Tor Browser Bundle > Data > Tor (folder).

The Tor software must not be running when you install our configuration. Start Tor. Done.

Enjoy super fast Tor !

xeronet Torrc is a Client Only configuration. - for the Tor Browser Bundle.

It will not work for Tor Relays, Bridge Nodes or Exit Nodes and nor is it designed to be used for that purpose.

P.S. I'm looking to set-up some fast Tor servers in censorship resistant countries. If you like this custom Tor configuration please consider a donation until I'm able to set-up a full concept / donations page or crowdfunding project.

Thanks!

"Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc.

Always Read the Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS

[BitcoinFX]

Javascript is enabled by 'default' in the Tor Browser Bundle - which has serious privacy implications.

The reasons given by the Tor project can be found here: https://www.torproject.org/docs/faq#TBBJavaScriptEnabled

Howto Disable JavaScript

When your Tor Browser is running goto the URL bar and type:   about:config   and hit enter.

This will display a warning page: "This might void your warranty!" click on: "I'll be careful, I promise!"

In the Search box type: javascript

Around the third option down will be displayed as: ' javascript.enabled ' with its Value = true

2nd mouse button > Toggle > False  to change this value as user set and restart the Tor Browser Bundle.

https://check.torproject.org/?lang=en_US - will now show " JavaScript is disabled. "

Your privacy when browsing is now massively increased - although the 'correct' functionality of some websites will be affected.

...

With Javascript disabled https://panopticlick.eff.org/ will present you with one of the lowest scores possible, for example

~  Currently, we estimate that your browser has a fingerprint that conveys 11.79 bits of identifying information. (or lower).

...

This score can be reduced further by spoofing your browser agent (See: links in above posts) to say IE 10 or 11 (which actually depends on which browsers are currently the most popular) and also by disabling all cookies, which is for the paranoid and will break the fuctionality of most websites entirely.

...

On balance I would advise most users to install Adblock Edge plus with the Tor Browser Bundle to increase privacy and prevent tracking elements.

See: https://adblockplus.org/en/firefox See: https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/

With the addition of EasyPrivacy list (prevents tracking) and Fanboy's Annoyance List - if you don't use social media.

See: https://easylist.adblockplus.org/

Whilst some Tor Browser users might not want to install Adblock Edge plus - preventing tracking elements and ads in the browser actually helps to make browsing via Tor much faster - basically this greatly reduces the amount of data sent and received over the network.

Enjoy !

[BitcoinFX]

Through a PRISM, Darkly - Everything we know about NSA spying - https://www.youtube.com/watch?v=BMwPe2KqYn4

"From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA spying programs are shrouded in secrecy and rubber-stamped by secret opinions from a court that meets in a faraday cage. The Electronic Frontier Foundation's Kurt Opsahl explains the known facts about how the programs operate and the laws and regulations the U.S. government asserts allows the NSA to spy on you.
The Electronic Frontier Foundation, a non-profit civil society organization, has been litigating against the NSA spying program for the better part of a decade. EFF has collected and reviewed dozens of documents, from the original NY Times stories in 2005 and the first AT&T whistleblower in 2006, through the latest documents released in the Guardian or obtained through EFF's Freedom of Information (government transparency) litigation. EFF attorney Kurt Opsahl's lecture will describe how the NSA spying program works, the underlying technologies, the targeting procedures (how they decide who to focus on), the minimization procedures (how they decide which information to discard), and help you makes sense of the many code names and acronyms in the news. He will also discuss the legal and policy ramifications that have become part of the public debate following the recent disclosures, and what you can do about it. After summarizing the programs, technologies, and legal/policy framework in the lecture, the audience can ask questions."

Speaker: Kurt Opsahl
EventID: 5255
Event: 30th Chaos Communication Congress [30c3] by the Chaos Computer Club [CCC]
Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany
Language: english


The Tor Network [30c3] - https://www.youtube.com/watch?v=CJNxbpbHA-I

We're living in interesting times

"Roger Dingledine and Jacob Appelbaum will discuss contemporary Tor Network issues related to censorship, security, privacy and anonymity online.
The last several years have included major cryptographic upgrades in the Tor network, interesting academic papers in attacking the Tor network, major high profile users breaking news about the network itself, discussions about funding, FBI/NSA exploitation of Tor Browser users, botnet related load on the Tor network and other important topics. This talk will clarify many important topics for the Tor community and for the world at large."

Speaker: Jacob arma
EventID: 5423
Event: 30th Chaos Communication Congress [30c3] by the Chaos Computer Club [CCC]
Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany
Language: english

...

If you run a Bitcoin node and you don't run a Tor relay - why not ?

You can use Peerblock http://www.peerblock.com/ (or Peer Guardian - Linux) with I-Blocklist https://www.iblocklist.com/lists.php to protect your Bitcoin and Tor relay's from 'Bad' actors whilst helping other 'good' Tor users.

Block the 'bad guys' : https://www.iblocklist.com/lists.php

Allow The Onion Router: https://www.iblocklist.com/lists.php?category=organizations

Now go and set-up a Tor relay !

[BitcoinFX]

xeronet Torrc - v4.0.4c (a) - censorship resistant version. Includes some 'Five-Eyes' Exit Servers - UPDATED 18th March 2015

This config. is different from the main release and aims to reduce censorship of 'blocked' non-illegal content in various countries.

As per. the pirate browser (see above post) we edit the config. to further limit the usage of exit nodes in the following 'censored' countries i.e. {dk},{ie},{gb},{be},{it},{cn},{ir},{fi},{no} - whilst still ensuring a selection of the fastest and most stable Tor nodes as both entry and exit relays.

This example config. makes use of additional fast US {us} and Canadian {ca} Tor Exit servers hosted by the privacy focused organisations listed in the OP.

Again, these {us} and {ca} servers are selected only as Exit nodes in this configuration - to continue with our 'Anti-FiveEyes' theme.

Code:

ClientOnly 1

EnforceDistinctSubnets 0

EntryNodes AccessNow000,AccessNow001,AccessNow002,AccessNow003,AccessNow004,AccessNow005,AccessNow006,AccessNow007,AccessNow008,AccessNow009,AccessNow010,AccessNow011,AccessNow012,AccessNow013,AccessNow014,AccessNow015,AccessNow016,AccessNow017,AccessNow018,AccessNow019,spfTOR3,spfTOR1e1,spfTOR1e2,spfTOR1e3,spfTOR4e1,spfTOR4e2,spfTOR4e3,spfTOR5e1,spfTOR5e2,spfTOR5e3,orion,orilla,destiny,chulak,aurora,assk,assk2,sofia,amartysen,lumumba,ethanzuckerman,politkovskaja,politkovskaja2,edwardsnowden0,edwardsnowden1,edwardsnowden2,hessel0,hessel1,hessel2,ekumen,marcuse1,marcuse2,marylou1,marylou2,chaoscomputerclub27,chaoscomputerclub28,chaoscomputerclub29,chaoscomputerclub30,atticus,blanqui,thoreau,enjolras,luxemburg,bakunin,jaures,DFRI0,DFRI1,DFRI3,DFRI4,hviv103,hviv104,hviv105,wagtail,toreffiorg

ExcludeNodes Unnamed,default,{af},{dz},{ao},{am},{az},{bh},{by},{bj},{bn},{mm},{bf},{bi},{kh},{cm},{cf},{td},{cn},{co},{km},{cd},{ci},{cu},{dj},{eg},{gq},{er},{et},{ga},{gm},{ge},{gn},{hn},{hk},{in},{id},{ir},{iq},{jo},{kz},{kw},{kg},{la},{ly},{mo},{mg},{my},{mr},{yt},{mx},{md},{ma},{ng},{ne},{kp},{om},{pk},{ps},{qa},{ru},{rw},{sa},{sn},{sl},{sg},{so},{kr},{lk},{sd},{sz},{sy},{tw},{tj},{th},{tg},{tn},{tr},{tm},{ua},{ae},{uz},{ve},{vn},{ye},{zw},{gb},{ie},{je},{gg},{im},{ai},{bm},{aq},{io},{vg},{ky},{fk},{gi},{ms},{sh},{gs},{tc},{mp},{pr},{vi},{as},{ht},{fm},{gu},{gl},{au},{cc},{nf},{nz},{tk},{ck},{nu},{cy},{al},{ar},{bt},{bo},{cg},{ec},{fj},{gt},{gw},{il},{ke},{lb},{ls},{lr},{mk},{mw},{mv},{np},{ni},{py},{sc},{ug},{zm},{??}

ExcludeExitNodes {ag},{bb},{bz},{bw},{bg},{dm},{gh},{gd},{gy},{jm},{ki},{mu},{me},{na},{nr},{pg},{kn},{lc},{vc},{ws},{sb},{so},{sr},{tz},{to},{tt},{tv},{??}

ExitNodes AccessNow000,AccessNow001,176.10.99.200,AccessNow002,AccessNow003,176.10.99.201,AccessNow004,AccessNow005,176.10.99.202,AccessNow006,AccessNow007,176.10.99.203,AccessNow008,AccessNow009,176.10.99.204,AccessNow010,AccessNow011,176.10.99.205,AccessNow012,AccessNow013,176.10.99.206,AccessNow014,AccessNow015,176.10.99.207,AccessNow016,AccessNow017,176.10.99.208,AccessNow018,AccessNow019,176.10.99.209,spfTOR3,62.220.135.129,spfTOR1e1,77.109.141.138,spfTOR1e2,77.109.141.139,spfTOR1e3,77.109.141.140,spfTOR4e1,77.109.138.42,spfTOR4e2,77.109.138.43,spfTOR4e3,77.109.138.44,spfTOR5e1,77.109.139.26,spfTOR5e2,77.109.139.27,spfTOR5e3,77.109.139.28,orion,94.242.246.24,orilla,94.242.252.41,destiny,94.242.246.23,chulak,176.126.252.11,aurora,176.126.252.12,assk,78.108.63.46,assk2,78.108.63.44,sofia,77.247.181.162,amartysen,lumumba,77.247.181.163,ethanzuckerman,77.247.181.164,politkovskaja,politkovskaja2,77.247.181.165,edwardsnowden0,109.163.234.7,edwardsnowden1,109.163.234.8,edwardsnowden2,109.163.234.9,hessel0,109.163.234.2,hessel1,109.163.234.4,hessel2,109.163.234.5,ekumen,95.142.161.63,marcuse1,178.20.55.16,marcuse2,178.20.55.18,marylou1,marylou2,89.234.157.254,chaoscomputerclub27,77.244.254.227,chaoscomputerclub28,77.244.254.228,chaoscomputerclub29,77.244.254.229,chaoscomputerclub30,77.244.254.230,atticus,46.239.117.180,blanqui,thoreau,46.165.221.166,enjolras,81.89.96.88,luxemburg,81.89.96.89,bakunin,178.16.208.56,jaures,178.16.208.57,DFRI0,171.25.193.20,DFRI1,171.25.193.77,DFRI3,171.25.193.235,DFRI4,171.25.193.78,hviv103,178.162.193.213,hviv104,192.42.116.16,hviv105,79.98.107.90,wagtail,77.109.139.87,dorrisdeebrown,96.47.226.20,impastato,96.47.226.21,shifidi,96.47.226.22,mendes,96.44.189.100,kingara,96.44.189.101,ivpn,96.44.189.102,madiba,209.222.8.196,pipit,199.254.238.44,noiseexit01a,173.254.216.66,noiseexit01b,173.254.216.67,noiseexit01c,173.254.216.68,noiseexit01d,173.254.216.69,CalyxInstitute14,162.247.72.201,CalyxInstitute13,162.247.72.200,CalyxInstitute12,162.247.72.199,CalyxInstitute11,162.247.72.27,CalyxInstitute09,162.247.72.217,CalyxInstitute08,162.247.72.216,CalyxInstitute06,162.247.73.206,CalyxInstitute05,162.247.73.74,CalyxInstitute04,162.247.73.204,CalyxInstitute03,162.247.72.213,CalyxInstitute02,162.247.72.212,CalyxInstitute01,162.247.72.7,Koumbitor,199.58.83.10

LongLivedPorts 21, 22, 80, 443, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8080, 8300, 9001, 9030

Using StrictNodes 1 is strongly advised when using this version of the config. to prevent Entry connections in 'FiveEyes' countries. Please see above posts for information relating to hidden_services etc.

N.B. USA and Canadian Tor Exit Relays in this example config. are operated by the following privacy focused organisations:

torservers.net - https://www.torservers.net/

NoiseTor - http://noisetor.net/

Riseup - https://riseup.net/

guilhem .org https://guilhem.org/

ExitNodes additions {us} and {ca} as included in the above config:

Code:

dorrisdeebrown,96.47.226.20,impastato,96.47.226.21,shifidi,96.47.226.22,mendes,96.44.189.100,kingara,96.44.189.101,ivpn,96.44.189.102,madiba,209.222.8.196,pipit,199.254.238.44,noiseexit01a,173.254.216.66,noiseexit01b,173.254.216.67,noiseexit01c,173.254.216.68,noiseexit01d,173.254.216.69,CalyxInstitute14,162.247.72.201,CalyxInstitute13,162.247.72.200,CalyxInstitute12,162.247.72.199,CalyxInstitute11,162.247.72.27,CalyxInstitute09,162.247.72.217,CalyxInstitute08,162.247.72.216,CalyxInstitute06,162.247.73.206,CalyxInstitute05,162.247.73.74,CalyxInstitute04,162.247.73.204,CalyxInstitute03,162.247.72.213,CalyxInstitute02,162.247.72.212,CalyxInstitute01,162.247.72.7,Koumbitor,199.58.83.10

 
Anyone reading this who has previously used Tor and found it to be 'slow' should really try this config.  

[BitcoinFX]

xeronet Torrc - v3.5c - censorship resistant version - Strict - without 'Five-Eyes' Exit Servers - New: UPDATED 29th Mar. 2014

The main example Torrc is now sufficiently 'censorship resistant' and this release is currently no longer required.

Please use the main example Torrc from the OP or the example above.

N.B. Try adding;

Code:

StrictNodes 1

to this example config. for strong censorship resistance and if you are not intending to browse any Tor hidden_services. (See above posts).

Add Bridge Nodes to entry nodes if you require them to access the Tor network. See: https://bridges.torproject.org/

This config. works very well for accessing legal, although restricted .torrent / download websites.

Code:

The main example Torrc is now sufficiently 'censorship resistant' and this release is currently no longer required. Please use the main example Torrc from the OP or the example above.

Remember to disable Javascript in the browser. See above posts.

[BitcoinFX]

xeronet Torrc - v3.6.3f - 'fastest' version - Includes 'Five-Eyes' Exit and Entry Servers - New: UPDATED 18th March. 2015

Code:

ClientOnly 1

EnforceDistinctSubnets 0

EntryNodes AccessNow000,AccessNow001,AccessNow002,AccessNow003,AccessNow004,AccessNow005,AccessNow006,AccessNow007,AccessNow008,AccessNow009,AccessNow010,AccessNow011,AccessNow012,AccessNow013,AccessNow014,AccessNow015,AccessNow016,AccessNow017,AccessNow018,AccessNow019,spfTOR3,spfTOR1e1,spfTOR1e2,spfTOR1e3,spfTOR4e1,spfTOR4e2,spfTOR4e3,spfTOR5e1,spfTOR5e2,spfTOR5e3,orion,orilla,destiny,chulak,aurora,assk,assk2,sofia,amartysen,lumumba,ethanzuckerman,politkovskaja,politkovskaja2,edwardsnowden0,edwardsnowden1,edwardsnowden2,hessel0,hessel1,hessel2,ekumen,marcuse1,marcuse2,marylou1,marylou2,chaoscomputerclub27,chaoscomputerclub28,chaoscomputerclub29,chaoscomputerclub30,atticus,blanqui,thoreau,enjolras,luxemburg,bakunin,jaures,DFRI0,DFRI1,DFRI3,DFRI4,hviv103,hviv104,hviv105,wagtail,toreffiorg,dorrisdeebrown,impastato,shifidi,mendes,kingara,ivpn,madiba,pipit,noiseexit01a,noiseexit01b,noiseexit01c,noiseexit01d,CalyxInstitute14,CalyxInstitute13,CalyxInstitute12,CalyxInstitute11,CalyxInstitute09,CalyxInstitute08,CalyxInstitute06,CalyxInstitute05,CalyxInstitute04,CalyxInstitute03,CalyxInstitute02,CalyxInstitute01,Koumbitor,Mozilla01,Mozilla02,Mozilla03,Mozilla04,Mozilla05,Mozilla06,Mozilla09,Mozilla10,Mozilla11,Mozilla12,Mozilla13,Mozilla14

ExcludeNodes Unnamed,default,{af},{dz},{ao},{am},{az},{bh},{by},{bj},{bn},{mm},{bf},{bi},{kh},{cm},{cf},{td},{cn},{co},{km},{cd},{ci},{cu},{dj},{eg},{gq},{er},{et},{ga},{gm},{ge},{gn},{hn},{hk},{in},{id},{ir},{iq},{jo},{kz},{kw},{kg},{la},{ly},{mo},{mg},{my},{mr},{yt},{mx},{md},{ma},{ng},{ne},{kp},{om},{pk},{ps},{qa},{ru},{rw},{sa},{sn},{sl},{sg},{so},{kr},{lk},{sd},{sz},{sy},{tw},{tj},{th},{tg},{tn},{tr},{tm},{ua},{ae},{uz},{ve},{vn},{ye},{zw},{al},{ar},{bt},{bo},{cg},{ec},{fj},{gt},{gw},{ht},{il},{ke},{lb},{ls},{lr},{mk},{mw},{mv},{np},{ni},{py},{sc},{ug},{zm},{??}

ExcludeExitNodes {ag},{bb},{bz},{bw},{bg},{dm},{gh},{gd},{gy},{jm},{ki},{mu},{me},{na},{nr},{pg},{kn},{lc},{vc},{ws},{sb},{so},{sr},{tz},{to},{tt},{tv},{be},{fi},{dk},{it},{gb},{ie},{??}

ExitNodes AccessNow000,AccessNow001,176.10.99.200,AccessNow002,AccessNow003,176.10.99.201,AccessNow004,AccessNow005,176.10.99.202,AccessNow006,AccessNow007,176.10.99.203,AccessNow008,AccessNow009,176.10.99.204,AccessNow010,AccessNow011,176.10.99.205,AccessNow012,AccessNow013,176.10.99.206,AccessNow014,AccessNow015,176.10.99.207,AccessNow016,AccessNow017,176.10.99.208,AccessNow018,AccessNow019,176.10.99.209,spfTOR3,62.220.135.129,spfTOR1e1,77.109.141.138,spfTOR1e2,77.109.141.139,spfTOR1e3,77.109.141.140,spfTOR4e1,77.109.138.42,spfTOR4e2,77.109.138.43,spfTOR4e3,77.109.138.44,spfTOR5e1,77.109.139.26,spfTOR5e2,77.109.139.27,spfTOR5e3,77.109.139.28,orion,94.242.246.24,orilla,94.242.252.41,destiny,94.242.246.23,chulak,176.126.252.11,aurora,176.126.252.12,assk,78.108.63.46,assk2,78.108.63.44,sofia,77.247.181.162,amartysen,lumumba,77.247.181.163,ethanzuckerman,77.247.181.164,politkovskaja,politkovskaja2,77.247.181.165,edwardsnowden0,109.163.234.7,edwardsnowden1,109.163.234.8,edwardsnowden2,109.163.234.9,hessel0,109.163.234.2,hessel1,109.163.234.4,hessel2,109.163.234.5,ekumen,95.142.161.63,marcuse1,178.20.55.16,marcuse2,178.20.55.18,marylou1,marylou2,89.234.157.254,chaoscomputerclub27,77.244.254.227,chaoscomputerclub28,77.244.254.228,chaoscomputerclub29,77.244.254.229,chaoscomputerclub30,77.244.254.230,atticus,46.239.117.180,blanqui,thoreau,46.165.221.166,enjolras,81.89.96.88,luxemburg,81.89.96.89,bakunin,178.16.208.56,jaures,178.16.208.57,DFRI0,171.25.193.20,DFRI1,171.25.193.77,DFRI3,171.25.193.235,DFRI4,171.25.193.78,hviv103,178.162.193.213,hviv104,192.42.116.16,hviv105,79.98.107.90,wagtail,77.109.139.87,dorrisdeebrown,96.47.226.20,impastato,96.47.226.21,shifidi,96.47.226.22,mendes,96.44.189.100,kingara,96.44.189.101,ivpn,96.44.189.102,madiba,209.222.8.196,pipit,199.254.238.44,noiseexit01a,173.254.216.66,noiseexit01b,173.254.216.67,noiseexit01c,173.254.216.68,noiseexit01d,173.254.216.69,CalyxInstitute14,162.247.72.201,CalyxInstitute13,162.247.72.200,CalyxInstitute12,162.247.72.199,CalyxInstitute11,162.247.72.27,CalyxInstitute09,162.247.72.217,CalyxInstitute08,162.247.72.216,CalyxInstitute06,162.247.73.206,CalyxInstitute05,162.247.73.74,CalyxInstitute04,162.247.73.204,CalyxInstitute03,162.247.72.213,CalyxInstitute02,162.247.72.212,CalyxInstitute01,162.247.72.7,Koumbitor,199.58.83.10

LongLivedPorts 21, 22, 80, 443, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300, 9001, 9030

N.B. Again, 'Five-Eyes' Exit and Entry Servers i.e. {us},{ca},{au},{nz},{gb},{ie} - Tor Relays in this example config are allowed. However, all nodes are operated by privacy focused organizations or individuals and/or are Tor Authority servers.

EDIT: {gb},(ie} have been added to ExcludeExitNodes to help prevent some censorship.

Added the following Five-Eyes Countries (Geo located) Entry Servers:

Code:

dorrisdeebrown,impastato,shifidi,mendes,kingara,ivpn,madiba,pipit,noiseexit01a,noiseexit01b,noiseexit01c,noiseexit01d,CalyxInstitute14,CalyxInstitute13,CalyxInstitute12,CalyxInstitute11,CalyxInstitute09,CalyxInstitute08,CalyxInstitute06,CalyxInstitute05,CalyxInstitute04,CalyxInstitute03,CalyxInstitute02,CalyxInstitute01,Koumbitor

and NEW USA hosted Mozilla Tor Servers (Non-Exit)

Code:

Mozilla01,Mozilla02,Mozilla03,Mozilla04,Mozilla05,Mozilla06,Mozilla09,Mozilla10,Mozilla11,Mozilla12,Mozilla13,Mozilla14

...

Roger D. (a lead Tor dev.) often reports being asked when giving presentations to the 'security' services regarding Tor: How can we make Tor faster ? Well this is one way.

This config. is an example of the fastest and perhaps most diverse way to use Tor for Internet Browsing. The selected nodes also have high bandwidth / up time and are (mostly) using the latest Tor client for their relays / exit nodes.

Lots of Tor servers have the potential to be added in this list - the simple fact is that these really are the 'core' of the Tor network anyway.

In fact, most Tor circuits will include one or more of the listed nodes if you use Tor out-of-the-box.

Some Tor servers just make for better Middle nodes !  

If you compare the Tor Network to a transport or road network, these config's are perhaps not dissimilar from sticking to the main super Highways or Motorways / A roads when driving. Arguably, these routes are likely to have the most surveillance - in terms of anonymity they are also the busiest routes with the most traffic.

Example: If you watch a couple of people walk into a tunnel and they change clothes in the middle and you also watch them exit the tunnel - its fairly easy to identify them still. If you watch 1000 people do the very same thing, its a lot more difficult to work out whats going on.

The selected Tor servers can also cope with such traffic volumes.

...

A recent study showed that using only 1 entry guard perhaps provides better long-term privacy / anonymity for the user - the original Tor 'default' was 3. Perhaps 8 Entry Guards is unnecessary, however if we can explicitly trust our entry guards then a higher number is better for connectivity. 8 was a number tried and tested by Satoshi as the min. number of nodes necessary to ensure good p2p connectivity in Bitcoin. I've found this to work well with Tor also. Again, these configs are an offset between speed, anonymity, privacy and security.

...

So, here are some other very fast / stable / long-standing nodes (good for browsing - port 80 and 443) that you might add to diversify your own Torrc ...

Entry Nodes (USA):

Code:

FSF

https://www.fsf.org/ - Free Software Foundation


Entry Nodes (USA):

Code:

torEFF

https://www.eff.org/ - Electronic Frontier Foundation


Entry Nodes (USA):

Code:

NYCBUG0,NYCBUG1

http://nycbug.org/ - New York City *BSD Users Group

 

[BitcoinFX]

All four three example Tor configs. have been updated.

Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week.

If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM.

Thanks!