2

I recognize that the first part of this question resembles others here, but those answers DO NOT appear to work! If you wish to combine this with Can I exit from a specific country or node?, fine.

I use "Onion Circuits" to observe the results of my work; and I log in as "admin", with persistence enabled [if relevant].

The torrc file at /etc/tor/torrc is "Read Only"; so editing it with "gedit" or "LibreOffice Writer" does not work.

I have used the following commands to append the code that they generate to the end of my torrc file [which does appear there].

echo ExcludeSingleHopRelays 1 | sudo tee -a /etc/tor/torrc
echo AllowSingleHopCircuits 0 | sudo tee -a /etc/tor/torrc
echo ExitNodes "{us}" | sudo tee -a /etc/tor/torrc
echo ExcludeExitNodes "{AA},{AB},{AC},{AD},{AE},{AF},{AG},{AH},{AI},{AJ},{AK},{AL},{AM},{AN},{AO},{AP},{AQ},{AR},{AS},{AT},{AU},{AV},{AW},{AX},{AY},{AZ},{BA},{BB},{BC},{BD},{BE},{BF},{BG},{BH},{BI},{BJ},{BK},{BL},{BM},{BN},{BO},{BP},{BQ},{BR},{BS},{BT},{BU},{BV},{BW},{BX},{BY},{BZ},{CA},{CB},{CC},{CD},{CE},{CF},{CG},{CH},{CI},{CJ},{CK},{CL},{CM},{CN},{CO},{CP},{CQ},{CR},{CS},{CT},{CU},{CV},{CW},{CX},{CY},{CZ},{DA},{DB},{DC},{DD},{DE},{DF},{DG},{DH},{DI},{DJ},{DK},{DL},{DM},{DN},{DO},{DP},{DQ},{DR},{DS},{DT},{DU},{DV},{DW},{DX},{DY},{DZ},{EA},{EB},{EC},{ED},{EE},{EF},{EG},{EH},{EI},{EJ},{EK},{EL},{EM},{EN},{EO},{EP},{EQ},{ER},{ES},{ET},{EU},{EV},{EW},{EX},{EY},{EZ},{FA},{FB},{FC},{FD},{FE},{FF},{FG},{FH},{FI},{FJ},{FK},{FL},{FM},{FN},{FO},{FP},{FQ},{FR},{FS},{FT},{FU},{FV},{FW},{FX},{FY},{FZ},{GA},{GB},{GC},{GD},{GE},{GF},{GG},{GH},{GI},{GJ},{GK},{GL},{GM},{GN},{GO},{GP},{GQ},{GR},{GS},{GT},{GU},{GV},{GW},{GX},{GY},{GZ},{HA},{HB},{HC},{HD},{HE},{HF},{HG},{HH},{HI},{HJ},{HK},{HL},{HM},{HN},{HO},{HP},{HQ},{HR},{HS},{HT},{HU},{HV},{HW},{HX},{HY},{HZ},{IA},{IB},{IC},{ID},{IE},{IF},{IG},{IH},{II},{IJ},{IK},{IL},{IM},{IN},{IO},{IP},{IQ},{IR},{IS},{IT},{IU},{IV},{IW},{IX},{IY},{IZ},{JA},{JB},{JC},{JD},{JE},{JF},{JG},{JH},{JI},{JJ},{JK},{JL},{JM},{JN},{JO},{JP},{JQ},{JR},{JS},{JT},{JU},{JV},{JW},{JX},{JY},{JZ},{KA},{KB},{KC},{KD},{KE},{KF},{KG},{KH},{KI},{KJ},{KK},{KL},{KM},{KN},{KO},{KP},{KQ},{KR},{KS},{KT},{KU},{KV},{KW},{KX},{KY},{KZ},{LA},{LB},{LC},{LD},{LE},{LF},{LG},{LH},{LI},{LJ},{LK},{LL},{LM},{LN},{LO},{LP},{LQ},{LR},{LS},{LT},{LU},{LV},{LW},{LX},{LY},{LZ},{MA},{MB},{MC},{MD},{ME},{MF},{MG},{MH},{MI},{MJ},{MK},{ML},{MM},{MN},{MO},{MP},{MQ},{MR},{MS},{MT},{MU},{MV},{MW},{MX},{MY},{MZ},{NA},{NB},{NC},{ND},{NE},{NF},{NG},{NH},{NI},{NJ},{NK},{NL},{NM},{NN},{NO},{NP},{NQ},{NR},{NS},{NT},{NU},{NV},{NW},{NX},{NY},{NZ},{OA},{OB},{OC},{OD},{OE},{OF},{OG},{OH},{OI},{OJ},{OK},{OL},{OM},{ON},{OO},{OP},{OQ},{OR},{OS},{OT},{OU},{OV},{OW},{OX},{OY},{OZ},{PA},{PB},{PC},{PD},{PE},{PF},{PG},{PH},{PI},{PJ},{PK},{PL},{PM},{PN},{PO},{PP},{PQ},{PR},{PS},{PT},{PU},{PV},{PW},{PX},{PY},{PZ},{QA},{QB},{QC},{QD},{QE},{QF},{QG},{QH},{QI},{QJ},{QK},{QL},{QM},{QN},{QO},{QP},{QQ},{QR},{QS},{QT},{QU},{QV},{QW},{QX},{QY},{QZ},{RA},{RB},{RC},{RD},{RE},{RF},{RG},{RH},{RI},{RJ},{RK},{RL},{RM},{RN},{RO},{RP},{RQ},{RR},{RS},{RT},{RU},{RV},{RW},{RX},{RY},{RZ},{SA},{SB},{SC},{SD},{SE},{SF},{SG},{SH},{SI},{SJ},{SK},{SL},{SM},{SN},{SO},{SP},{SQ},{SR},{SS},{ST},{SU},{SV},{SW},{SX},{SY},{SZ},{TA},{TB},{TC},{TD},{TE},{TF},{TG},{TH},{TI},{TJ},{TK},{TL},{TM},{TN},{TO},{TP},{TQ},{TR},{TS},{TT},{TU},{TV},{TW},{TX},{TY},{TZ},{UA},{UB},{UC},{UD},{UE},{UF},{UG},{UH},{UI},{UJ},{UK},{UL},{UM},{UN},{UO},{UP},{UQ},{UR},{UT},{UU},{UV},{UW},{UX},{UY},{UZ},{VA},{VB},{VC},{VD},{VE},{VF},{VG},{VH},{VI},{VJ},{VK},{VL},{VM},{VN},{VO},{VP},{VQ},{VR},{VS},{VT},{VU},{VV},{VW},{VX},{VY},{VZ},{WA},{WB},{WC},{WD},{WE},{WF},{WG},{WH},{WI},{WJ},{WK},{WL},{WM},{WN},{WO},{WP},{WQ},{WR},{WS},{WT},{WU},{WV},{WW},{WX},{WY},{WZ},{XA},{XB},{XC},{XD},{XE},{XF},{XG},{XH},{XI},{XJ},{XK},{XL},{XM},{XN},{XO},{XP},{XQ},{XR},{XS},{XT},{XU},{XV},{XW},{XX},{XY},{XZ},{YA},{YB},{YC},{YD},{YE},{YF},{YG},{YH},{YI},{YJ},{YK},{YL},{YM},{YN},{YO},{YP},{YQ},{YR},{YS},{YT},{YU},{YV},{YW},{YX},{YY},{YZ},{ZA},{ZB},{ZC},{ZD},{ZE},{ZF},{ZG},{ZH},{ZI},{ZJ},{ZK},{ZL},{ZM},{ZN},{ZO},{ZP},{ZQ},{ZR},{ZS},{ZT},{ZU},{ZV},{ZW},{ZX},{ZY},{ZZ},{??}" | sudo tee -a /etc/tor/torrc
echo StrictNodes 1 | sudo tee -a /etc/tor/torrc

As you will presumably notice, I Exclude ALL other possible two-letter codes {= 676 -- including ??, and leave out the one country that I wish to exit from {US}}. {That's only about twice as many as those in actual use [= 249], if the "User-assigned and Reserved" [+ 81] are included too [= 330]. It's that way because: it's much clearer that all are listed, and thus easier for anyone else to modify to suit their needs; it's also slightly future-proofed as codes come and go; it prevents an adversary from using those against Tor by claiming to be one of those "unused" codes.}

Then I enter systemctl restart tor which causes Tor to recognize the newly modified torrc, and to remove the circuits generated prior to the restart.

Thereafter, Tor will invariably build two US-exit circuits, as desired; BUT it will ALSO invariably build the next two exits in Europe. Then as I watch circuit usage, Tor doesn't seem to use those European circuits unless I access hidden services. Tor will then continue to build primarily US circuits, but seems to nearly-always keep at least a couple European ones open.

So it may be that Tor in fact is NOT using those circuits for the rest of my traffic.

When I first read what may be the relevant portion of the [manual, included below], {And I had read and noted [Roger Dingledine's comment]:

2 "(Re Sam's comment above, StrictNodes no longer applies to the ExitNodes config option. It only applies to excluding nodes.)" – Roger Dingledine Feb 8 '15 at 10:22}

I presumed that StrictNodes 1 would apply to ExcludeExitNodes as well as to ExcludeNodes. However, it now seems to me that Tor is behaving as if StrictNodes 1 DOES NOT APPLY to ExcludeExitNodes!

If that is currently the case, PLEASE switch it back! Users will retain much more anonymity, if they have to exit from a specific country, if Tor allows their circuits to merely exit in that specific country {by using ExcludeExitNodes} instead of forcing users who need to exit in a specific country to exclude ALL nodes outside that country {by using ExcludeNodes}. Or else choose to be tied to a specific exit by using .exit, which might limit anonymity more, and would also break https {I was told that by sigaint support, and that's a no-go for me}.

StrictNodes 0|1

If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0)

And when I reread again:

ExcludeExitNodes node,node,…

A list of identity fingerprints, country codes, and address patterns of nodes to never use when picking an exit node---that is, a node that delivers traffic for you outside the Tor network. Note that any node listed in ExcludeNodes is automatically considered to be part of this list too. See the ExcludeNodes option for more information on how to specify nodes. See also the caveats on the "ExitNodes" option below.

and:

ExitNodes node,node,…

A list of identity fingerprints, country codes, and address patterns of nodes to use as exit node---that is, a node that delivers traffic for you outside the Tor network. See the ExcludeNodes option for more information on how to specify nodes.

Note that if you list too few nodes here, or if you exclude too many exit nodes with ExcludeExitNodes, you can degrade functionality. For example, if none of the exits you list allows traffic on port 80 or 443, you won’t be able to browse the web.

Note also that not every circuit is used to deliver traffic outside of the Tor network. It is normal to see non-exit circuits (such as those used to connect to hidden services, those that do directory fetches, those used for relay reachability self-tests, and so on) that end at a non-exit node. To keep a node from being used entirely, see ExcludeNodes and StrictNodes.

The ExcludeNodes option overrides this option: any node listed in both ExitNodes and ExcludeNodes is treated as excluded.

The .exit address notation, if enabled via AllowDotExit, overrides this option.

It still seems to me that the behavior that I am seeing by Tor is NOT that which is described in the manual.

However if Tor actually ONLY uses the countries listed in "Onion Circuits" {which should have been excluded by ExcludeExitNodes} to build otherwise "NECESSARY" circuits, I would prefer hearing that from someone who knows that to be the case. And it would maybe be less painful to other noobs if the manual was updated accordingly so as to be very specific regarding ExcludeExitNodes.

Or maybe I've found a bug that should be reported??

P.S. There were six links above, but Stack Exchange does not allow noobs to write competently here. They state: "You need at least 10 reputation to post more than 2 links." I removed the last four.

agd
  • 51
  • 2
  • 6

2 Answers2

1

Heh, I see where you're going wrong.

  1. ExcludeSingleHopRelay 1 and AllowSingleHopCircuits 0 are default and explicitly specifying them is redundant, I assume you've copied and pasted those options from someone who also doesn't know what they're doing.

  2. Your white and blacklist approach is weird (and misconveived, a blacklist is redundant with a whitelist). To dispell your notion that "it prevents an adversary from using those against Tor by claiming to be one of those "unused" codes", I'd point out that GeoIP is normally known by what is reported in whois records. whois is a plaintext protocol, there is no cryptographic validation that the record you receive is the same as the record that was sent and there is also little validation that what is contained in the record that was sent is accurate. It would be trivial for any adversary to fool this system through any number of means, IP addresses are not at all related to geographic location, this isn't how the internet works.

  3. You state "Tor doesn't seem to use those European circuits unless I access hidden services." This is because onion service circuits, any many other circuits do not "exit" to the Tor network, therefor ExitNodes and ExcludeExitNodes do not apply, since they are not communicating application traffic out of the Tor network.

I was able on a fresh copy of Tails 2.6 to, as root, edit the torrc and append ExitNodes {us} and StrictNodes 1 then use the service tor reload command and upon the generation of a series of circuits confirm that the exit chosen was always associated with the US in Tails' local GeoIP database.

Working as intended.

cacahuatl
  • 10,946
  • 2
  • 14
  • 38
  • I'm new to Debian & Linux as well, & maybe am not correctly in as root? – agd Dec 07 '16 at 04:16
  • root@amnesia:/home/amnesia# service tor reload Job for tor.service failed. See 'systemctl status tor.service' and 'journalctl -xn' for details. root@amnesia:/home/amnesia# systemctl status tor.service -l ● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; disabled) Active: inactive (dead) Dec 07 04:09:24 amnesia systemd[1]: Unit tor.service cannot be reloaded because it is inactive. Built circuits VERSUS used? Builds 1 hops too, regardless. APPEARS to not work. – agd Dec 07 '16 at 04:44
  • Re1: Yes, saw "default" in manual, but it STILL builds them.
    Re2: Tried both sides when neither APPEARED to work. (As with 1.) Didn't think it was much more than trivial.
    Re3: I understand non-exits; NOT "Built" AND UNUSED.
    Now using Tails 2.7.1. I can still edit ONLY as described by @Jens Kubiezel in question 8823, using echo.
    The service tor reload command generates the above errors, but the 'journal -xn' is huge.     – agd Dec 07 '16 at 05:27
  • What about service tor@default reload and systemctl status tor@default? Also editing torrc with LibreOffice is likely to corrupt the file, either launch gedit from the root terminal or use a command line editor like nano. – cacahuatl Dec 07 '16 at 05:52
  • I thought that service tor@default reload worked [rebooted tor] the FIRST TIME I used it! But not now! And I thought it built only US circuits [but much more slowly than when I use systemctl restart tor]; UNTIL I used hidden services, and then it built all again.

    Now, it doesn't reboot tor; and if I reboot using systemctl restart tor; it still builds EU circuits.

    Apparently the systemctl status tor@default just lists what the preceding command does? The dump is mid-sized, and looks mostly similar to the one I get when executing it after using systemctl restart tor.

     – agd Dec 10 '16 at 04:19
  • I hadn't been launching gedit from the root terminal; so now I can edit the torrc directly [which helps]. However, doing that fills the terminal multiple times with ...WARNING... and ...failed..., but it allows saving a modified torrc for that Tails session - and nano looks :( . – agd Dec 10 '16 at 04:21
  • I already explained, it will build non-US circuits. – cacahuatl Dec 10 '16 at 18:33
  • Tails 2.9.1 now. After more-careful observation, it appears that service tor@default reload works; BUT just doesn't clear previously built circuits, as systemctl restart tor does. Also, using service tor@default reload seems to more reliably build only US circuits thereafter (versus using systemctl restart tor). – agd Dec 18 '16 at 22:44
  • Your answer states "upon the generation of a series of circuits". A)Are you just letting Tor generate them? B)Using "New Tor Circuit for this Site"? C)Using "New Identity"? Your answer continues "confirm that the exit chosen was always associated with the US". D)How are you confirming that? E)Repeatedly using Atlas? F)Some other tool? G)Is the "Tails' local GeoIP database" you refer to the /usr/share/tor/geoip? – agd Dec 18 '16 at 22:46
  • Both the circuits that it builds and NEWNYM to force circuit generation. Tails has a tool builtin called Onion Circuits, which is the onion icon on the top right bar. It shows the GeoIP country of relays in the circuit and any streams associated with them. – cacahuatl Dec 19 '16 at 02:41
  • If I enter NEWNYM [or newnym] into my terminals, I get: bash: newnym: command not found. (Perhaps I noticed that NEWNYM is an earlier version of the tools I mention?? [under the onion icon, left of Tor Browser's address bar].) I've been using Onion Circuits, but didn't know that you meant the countries listed there. And I've also been watching those streams [my only "seem" above; et seq.].

    Despite/Because the box into which we enter comments says "~": It's crystal clear to me that YOU have been a GREAT help to me. All of your time is very much APPRECIATED!

     – agd Dec 19 '16 at 23:52
  • Please excuse my orneriness at not yet fully "accepting" your answer which I find to be so distasteful (presumably no fault of yours) paraphrasing: [Tor builds circuits which it has no intention of using (as exits).]. IMHO Tor SHOULDN'T DO THAT! It makes Tor look either buggy or corrupted. IMHO Tor should ONLY build circuits which are contrary to the way that users have specifically configured their torrc file when it BECOMES necessary to USE such a circuit. I recognize that that could create a bit more latency to access {hidden} services. – agd Dec 19 '16 at 23:54
  • No, it's not buggy. You're restricting exits, it's not exiting so it's not restricted. You will never exit from a non-"US" node (except where GeoIP is wrong). It does plenty of things like updating the consensus, publishing onion descriptors, fetching onion descriptors, talking to introduction points, talking to rendezvous points, etc without ever exiting traffic. It doesn't look buggy at all. I'm not going to discuss this further, if you have issues and think you can improve Tor, write a patch or create a ticket https://trac.torproject.org/ – cacahuatl Dec 20 '16 at 01:01
  • Apparently (from the preceding comment, plus the manual's definition of StrictNodes, plus Roger Dingledine's comment [all above]), the correct interpretation of the manual's definition of StrictNodes is that it applies EXCLUSIVELY to ExcludeNodes, and **IN FACT "DOES NOT APPLY"** to ExcludeExitNodes {as surmised above}. Also, Roger Dingledine's comment above would have been clearer (especially to noobs like me); if it ended with ExcludeNodes instead of "excluding nodes", and even clearer if instead of "ExitNodes", it said "ExitNodes nor ExcludeExitNodes". – agd Dec 22 '16 at 18:07
  • Thus those in charge have apparently decided that it is more important to NOT ALLOW users (clueless noobs especially, perhaps) to break the functionality of Tor, as cited in the manual & in the preceding comment; which is fine by me, it's just that it was all less than perfectly clear to me. Also, I may have failed to FULLY understand the difference between the third (or last) node listed in an Onion Circuit and a node which actually exits the Tor network. – agd Dec 22 '16 at 18:08
  • My real failure to understand was due to the fact that: StrictNodes does NOT apply to ExcludeExitNodes! I thought that my commands should have "broken" Tor's functionality (hidden services, etc). Full functionality remains of infinitely-less importance to me than a one-country exit (a MUST). Of course it's better "unbroken". I am thankful for the suggestion (& link) to report further on this, particularly when it's from someone with such a high reputation here. I've requested updates to the manual. – agd Dec 22 '16 at 18:10
0

One more thing to add to a previous answer from @canonizingironize: a GeoIP location is not 100% accurate. Even more - you can and should update it by hand sometimes.

Alexey Vesnin
  • 6,173
  • 3
  • 14
  • 34
  • GeoIP inaccuracy is covered in my answer and I disagree, an adversary who can influence the content of a page you load could easily fingerprint your chosen countries, and then discover which release of the GeoIP database you are using and from that distinguish you from the set of other Tor users, you should be using the standard database. Customizing or updating it only further reduces anonymity. – cacahuatl Nov 23 '16 at 08:32