Jump to: navigation, search

Tor

This page contains changes which are not marked for translation.

Version Number[edit]

To find out what Tor version you are running, run the following command inside Whonix-Gateway.

anon-info

Should show something like this.

0.2.8.6-1~d80.jessie+1

Permissions on directory /var/run/tor are too permissive Error[edit]

To find out if you are affected by the Permissions on directory /var/run/tor are too permissive Error[1], run the following command inside Whonix-Gateway. (In Qubes, in sys-whonix.)

sudo cat /var/run/tor/log | grep -i permissive

If you are affected, it would show something like the following.

Aug 03 17:36:33.000 [warn] Permissions on directory /var/run/tor are too permissive.

The only workaround (needs to be manually re-done after every reboot) for now.

sudo chmod --recursive 700 /var/run/tor

Log Analysis[edit]

Introduction[edit]

Analysis of Tor's log can be useful in case of connectivity issues.

Open Tor Log[edit]

  • /var/log/tor/log - persistent Tor log
  • /var/run/tor/log - Tor log since last boot

Open /var/run/tor/log in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run.

kdesudo kwrite /var/run/tor/log

If you are using a terminal-only Whonix, run.

sudo nano /var/run/tor/log

[2]

Watch Tor Log[edit]

You can also watch Tor's log as it's being written.

sudo tail -f /var/run/tor/log

This is especially useful in combination with another terminal tab and reloading Tor.

sudo service tor@default reload

Or restarting Tor.

sudo service tor@default restart

Non-Issues[edit]

message / question answer
Am I compromised? Does Tor's log report leaks? Tor's output is conceptually not a tool to find out about serious issues such as compromise or leaks.
[WARN] Socks version 71 not recognized. (Tor is not an http proxy.)

This is caused by whonixcheck (by function check_tor_socks_port_reachability). It checks if a Tor SocksPort is reachable by trying to fetch it using curl. [3] It will not report anything if it worked, but would complain if it failed.

[NOTICE] You configured a non-loopback address '10.152.152.10:9179' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted. [1 duplicate hidden] (Or other port number or DnsPort or TransPort.) This is not of concern. Tor really listens on that IP/port. It is Whonix-Gateway's network interface, that is only available to Whonix-Workstations, because it is an internal network with Whonix-Workstation and because Whonix-Gateway is firewalled (see /usr/bin/whonix_firewall or in Whonix source code).
[NOTICE] New control connection opened. [2 duplicates hidden] (Or more duplicates.) This is not of concern. This is caused by whonixcheck's Tor Bootstrap Status Test, which uses Tor's ControlPort or CPFP.

See Also[edit]

Advanced Topics[edit]

Entry Guards[edit]

Introduction[edit]

What are Tor Entry Guards? If this is an unfamiliar term, please press on Expand on the right.

Current practical, low-latency, anonymity designs like Tor fail when the attacker can see both ends of the communication channel. For example, suppose the attacker controls or watches the Tor relay a user chooses to enter the network, and also controls or watches the website visited. In this case, the research community is unaware of any practical, low-latency design that can reliably prevent the attacker from correlating volume and timing information on both ends.

Mitigating this threat requires consideration of the Tor network topology. Suppose the attacker controls, or can observe, C relays from a pool of N total relays. If a user selects a new entry and exit relay each time the Tor network is used, the attacker can correlate all traffic sent with a probability of (c/n)2. For most users, profiling is as hazardous as being traced all the time. Simply put, users want to repeat activities without the attacker noticing, but being noticed once by the attacker is as detrimental as being noticed more frequently. Mathematically speaking, choosing many random entry and exit points to the network prevents the user from escaping profiling by this kind of attacker with end-to-end capabilities.

The solution to this problem is "entry guards". Each Tor client selects a few relays at random to use as entry points, and only uses those relays for the first hop. If those relays are not controlled or observed, the attacker can't use end-to-end techniques and the user is secure. If those relays are observed or controlled by the attacker, then they see a larger fraction of the user's traffic — but still the user is no more profiled than before. Thus, entry guards increase the user's chance of avoiding profiling (on the order of (n-c)/n), compared to the former case.

You can read more at An Analysis of the Degradation of Anonymous Protocols, Defending Anonymous Communication Against Passive Logging Attacks, and especially Locating Hidden Servers.

Restricting entry nodes may also help to defend against attackers who want to run a few Tor nodes and easily enumerate all of the Tor user IP addresses. [4] However, this feature won't become really useful until Tor moves to a "directory guard" design as well.

Source and License, see footnote: [5]

Persistent Tor entry guards are beneficial for security and used by Tor, Whonix, Tor Browser Bundle (TBB) and other software. However, in some situations it is safer to not use the usual guard relay.

The guard relays picked by the Tor client can lead to fingerprinting of Tor use across different physical locations and access points. In some corner cases like the example described below, this may cause a user to be deanonymized. The risk of this attack is less severe now that upstream (The Tor Project) has moved from using three guard relays to a single one.

Consider the following scenario. A user runs Tor from their home address, but soon attends a prominent event or protest in a nearby city. At that location, the user decides to anonymously blog about what transpired. The fact that the Tor client is using the same entry guard normally correlated with the user's home address is problematic. Network adversaries have a high certainty that the "anonymous" posts from the city location are related to the same person who connected to that specific guard relay from their home. The relative uncommonness of Tor usage exacerbates the problem of potential deanonymization.

This adversary technique is similar to tracking users via MAC addresses. Therefore, for users facing this threat in their personal circumstances, MAC address randomization is also recommended.

Forum discussion:
https://forums.whonix.org/t/persistent-tor-entry-guard-relays-can-make-you-trackable-across-different-physical-locations/2090

[6]

Alternating Bridges[edit]

If you are using bridges already, use different bridges for different locations. Or if you are not a bridge user, you could consider to sometimes use alternate bridges in different locations and entry guards in your main location or so.

On your Whonix-Gateway.

1. Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

2. Configure Tor to use bridges. Refer to the Bridges documentation.

3. Enable Tor using whonixsetup / whonix-setup-wizard at your new location.

4. Before you leave this location, disable Tor and add a different bridge address if going to a different place. To go back to your usual guard nodes at home, remove the torrc bridge settings before you enable the network or rollback to a vm snapshot you created there.

Fresh Tor Entry Guards by regenerating Tor State File[edit]

Usually something to avoid unless you know what you are doing (see Introduction). This is a method you could use if you just once wanted to change your Tor entry guards, such as before you permanently relocate to a new location.

On your Whonix-Gateway.

1. Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

2. Delete Tor's state file.

sudo rm /var/lib/tor/state

3. Enable Tor using whonixsetup / whonix-setup-wizard at your new location.

Always Non-Persistent Entry Guards[edit]

You could consider to always use non-persistent entry guards. In most cases, this is something to avoid because persistent entry guards is a security feature as explained in the introduction. A much more secure, but more time expensive approach would be Alternating Bridges.

If you would like to see more information anyway, please press on expand on the right.

On your Whonix-Gateway.

1. Adjust whonixcheck settings (applies until Whonix 12):

Open /etc/whonix.d/50_user.conf in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run.

kdesudo kwrite /etc/whonix.d/50_user.conf

If you are using a terminal-only Whonix, run.

sudo nano /etc/whonix.d/50_user.conf

Add.

whonixcheck_skip_functions+=" check_tor_pid "

Save.

2. Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

3. Modify Tor settings.

Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /etc/tor/torrc

Add.

DataDirectory /var/run/tor

Save.

4. Enable Tor using whonixsetup / whonix-setup-wizard at your new location.

5. Before you leave this location, disable Tor and repeat the above steps if going to a different place. To go back to your usual guard nodes at home, remove the torrc setting before you enable the network or rollback to a vm snapshot you created there.

Notes[edit]

  • The proposed Tails solutions towards AdvGoalTracking have disadvantages[7][8] and are not options for Whonix because we don't connect directly to a user's internet LAN anyway, so trying to remember a network based on its SSID will not work. Unlike wireless access points, wired networks (physical or virtual) lack SSIDs and cannot be "remembered" that way.
  • Even if it were possible, it is best to avoid letting adversaries influence guard changes in any way. Spoofing MAC addresses or SSIDs would trigger use of the other entry guard recorded for another "location profile". Also global networks have generic characteristics that cannot be differentiated from the point of view of a connecting device leading to the same guards being used on different networks.

Blacklist Certain Hidden Services from Connecting[edit]

Experimental

Open /etc/tor/torrc.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> /etc/tor/torrc

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo nano /etc/tor/torrc

Example. Add to /etc/tor/torrc. Replace bbbbbb6qtmqg65g6.onion with the actual hidden service you want to blacklist.

MapAddress bbbbbb6qtmqg65g6.onion 127.0.0.1

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Additional SocksPorts[edit]

Adding additional Tor SocksPorts to /etc/tor/torrc is kinda non-intuitive. [9]

Quote Tor man page.

By default, an option on the command line overrides an option found in the configuration file, and an option in a configuration file overrides one in the defaults file.

This rule is simple for options that take a single value, but it can become complicated for options that are allowed to occur more than once: if you specify four SOCKSPorts in your configuration file, and one more SOCKSPort on the command line, the option on the command line will replace __all__ of the SOCKSPorts in the configuration file. If this is not what you want, prefix the option name with a plus sign, and it will be appended to the previous set of options instead.

Quote Nick Mathewson [10]:

So to make sure that the SocksPort in the torrc does what you want, write it as +SocksPort.

After adding custom ports, you would also have to edit Whonix's firewall. But you are lucky, you don't need to do that. Various custom ports for such use cases have already been added.

Those are documented here:
Stream_Isolation#How_to_mitigate_identity_correlation

UDP[edit]

Reload Tor[edit]

Reload Tor.

After editing /etc/tor/torrc, Tor must be reloaded for changes take effect.

Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /etc/tor/torrc and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Reload Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Restart Tor[edit]

Restart Tor.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Restart Tor

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> Settings -> Restart Tor

If you are using a terminal-only Whonix-Gateway, press on Expand on the right.

Complete the following steps.

Restart Tor.

sudo service tor@default Restart

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

The output should be similar to the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Disable Tor[edit]

Disable Tor using the whonix-setup-wizard (safest option).

Start the whonix-setup-wizard.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Whonix Setup

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu -> Applications -> System -> Whonix Setup Wizard

If you are using a terminal-only Whonix-Gateway, complete the following steps.

sudo whonixsetup

Choose the Disable Tor option. Press next.

Footnotes / References[edit]

  1. https://trac.torproject.org/projects/tor/ticket/19824
  2. /var/run/tor/log is a Whonix Tor configuration specific file. An alternative to /var/log/tor/log. The former only contains Tor's output since last boot of Whonix-Gateway. The latter is a permanent log that persists across reboots. The former has a small usability advantage. It is shorter. Should therefore contain more relevant information.
  3. UWT_DEV_PASSTHROUGH=1 curl 10.152.152.10:9100
  4. Even though the attacker can't discover the user's destinations in the network, they still might target a list of known Tor users.
  5. Source:
    torproject.org What are Entry Guards? (w)
    license (w):
    Content on this site is Copyright The Tor Project, Inc.. Reproduction of content is permitted under a Creative Commons Attribution 3.0 United States License (w). All use under such license must be accompanied by a clear and prominent attribution that identifies The Tor Project, Inc. as the owner and originator of such content. The Tor Project Inc. reserves the right to change licenses and permissions at any time in its sole discretion.
  6. As concluded in ticket research non-persistent Tor directory guards, these are covered by the following instructions.
  7. https://tails.boum.org/blueprint/persistent_Tor_state/
  8. https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-june-17th-2015#A_persistent_Tor_state_for_Tails
  9. https://trac.torproject.org/projects/tor/ticket/15261
  10. https://trac.torproject.org/projects/tor/ticket/15261#comment:1
  11. https://trac.torproject.org/projects/tor/ticket/7830

Random News:

There are five different options for subscribing to Whonix source code changes.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)