Configure which countries Tor will (not) use?

6May2013
Greetings.
I use Tor with MFFp (Mozilla Firefox portable - John T. Haller version).
I merged the xB Browser into the MFFp directory structure
which allows me to (always) use the most current MFF with Tor.
Neither xB nor Tor keep MFF current in their bundles.

Anyway, the above works but I have no GUI access to the Tor configuration.
I would like to configure Tor to NOT use USA Tor servers.
How could I do that?

You should find your torrc file and edit it manually. For Tor Browser Bundle it should be here: \Tor\Browser\Data\Tor\torrc.
So open it in notepad and add these lines:

ExitNodes {de,ca}

StrictNodes 1

This will limit ExitNodes to only those from Germany and Canada.

Or you can try ExcludeExitNodes:

ExcludeExitNodes {us}

to disable only USA. Some more examples here.

Make sure you are editing correct file, and don't forget to restart Tor after each changing. There is also -f command line option to tell Tor directly which config file to use:

-f C:\Your\Full\Path\torrc

Update: Two letter ISO country codes

7May2013

Hallo ... and many thanks!

So far I am not achieving what I would like ...
I am not sure why (not) ...

I have tried both approaches.
My MFFp/xB did not have a torrc. file!
I have tried putting torrc. in
...\MFF\Data\Tor
&
...\MFF\App\Tor\data
to no avail.
I use»
http://www.ip2location.com/
http://ip-geo-location.com/
to show/tell me from where it appears MFFp/xB is operating.
Sooner or later Tor switches to a USA Tor server.

There is also -f command line option to tell Tor directly which config file to use:

-f C:\Your\Full\Path\torrc

"TOR Hacker"How would I use this command line feature when using the xB Brower? -
which launches Tor & then launches MFFp ...

In the meantime I'll keep moving the torrc. file around and maybe find the/a place where it works ...

8May2013

Well, I seem to be making (hacking out) some progress ...
I downloaded the Tor/Vidalia bundle and extracted the torrc & geoip files from it.
After a day & half of searching and trial&error (with only/all errors),
I found» torrc dir which told where Tor would look for / read torrc - when Tor is launched standalone.
Then I started searching for how to configure a browser to use Tor and found» Browser SOCKS.
I tried to configure MFFp per that method, and indeed that does seem to do the trick!
This might be useful to MFF users ...

As far as I can tell ...
1)

ExcludeExitNodes {us}

does not work. (See my description in preceding post ...)
2)

ExitNodes {de,ca}

is NOT the proper format! (See the Tor DOSbox error message ...)

ExitNodes {de},{ca}

IS the proper format!

So I guess I no longer need to launch the xB Browser to have MFFp browse with Tor!
New questions are»
Browser command line options launch and either use the Tor proxy or run normally?
Is there no way to EDIT (at will) your own (previously made) posts here?

I don't know (yet) if ExitNodes with StrictNodes will keep Tor from using USA Tor servers,
so the main question of this/my thread might still be unresolved ...

Hello!

You can try specifying Exit Nodes directly by their names/fingerprints.

1) Open "Network Map" in Vidalia,


2) find some Exit nodes from the country you need, and

3) list their names in torrc. Here is an example of my Tor Browser\Data\Tor\torrc:

AvoidDiskWrites 1

DataDirectory .\Data\Tor

GeoIPFile .\Data\Tor\geoip

Log notice stdout

SocksListenAddress 127.0.0.1

ExitNodes 0x0FreeAccess, blueberryTOR, propsy, torexit, torgwipv4cz, torheit01

StrictExitNodes 1

So now all my traffic travels throuh one of these guys: 0x0FreeAccess, blueberryTOR, propsy, torexit, torgwipv4cz, torheit01. All of them have European IP.

8May2013

Hallo ...

I'm aware of the names/fingerprints option but ...
... don't see why I should bother with that when I can use (for example)»

ExitNodes {at},{be},{bg},{bm},{by},{ch},{cz},{dk},{fi},{fr},{gr},{hr},{hu},{is},{it},{li},{lt},{lu},{nl},{no},{pl},{pt},{ro},{sl},{sk}

StrictNodes 1

I've been browsing now (with MFFp) for a few hours & (so far) have not once been transferred to the USA
Is there some reason fingerprints would be better than country codes? ...
... during my day & a half of trial&error, I decided to try to test torrc configurations in the Vidalia bundle,
but the damn thing would not ever/even establish a Tor connection;
the MFFp in Vidalia is way out of date anyway ...

For what it is worth, it seems http://www.ip2location.com/ sometimes says/indicates an IPcountry that
does not agree with the IPcountry ANY other similar sites that I use indicate ...

StrictNodes 1
StrictExitNodes 1

I don't know is there any difference, bit in my config file it says "StrictExitNodes", not just "StrictNodes". And I always have IP-address of a country I want, it never falls back to USA.

9May2013
Hallo ...
Well on this page»
https://www.torproject.org/docs/tor-manual.html.en
I find only StrictNodes ... no StrictExitNodes at all ...

I also noticed the following

ExcludeNodes node,node,…
A list of identity fingerprints, nicknames, country codes and address patterns of nodes
to avoid when building a circuit ...

By default, this option is treated as a preference
that Tor is allowed to override in order to keep working.
For example, if you try to connect to a hidden service,
but you have excluded all of the hidden service’s introduction points,
Tor will connect to one of them anyway.
If you do not want this behavior, set the StrictNodes option (documented below).

which I guess explains why

ExcludeExitNodes {us}

does not keep Tor from transferring me to a USA Torserver ...

Anyone know what the following means?»

May 09 07:56:45.392 [warn] ControlPort is open,
but no authentication method has been configured.
This means that any program on your computer can reconfigure your Tor. That's bad!
You should upgrade your Tor controller as soon as possible.

What (if anything) to do about it?
It only appears when certain "commands" are in the torrc. file ...

Anyone know what the following means?»
[warn] ControlPort is open,
but no authentication method has been configured.
This means that any program on your computer can reconfigure your Tor. That's bad!
You should upgrade your Tor controller as soon as possible.

"AEN007"

You either
1) edited your /etc/tor/torrc and added a ControlPort line without also adding a HashedControlPassword or CookieAuthentication line,
or
2) went to the Advanced settings window in Vidalia and changed the 'Authentication' choice to 'None'.

The problem here is that you've opened up your Tor to be configured by any local application that can connect to it. The way to fix it is to either configure your Vidalia to use authentication with Tor (rather than no authentication), or to leave Vidalia off and just run Tor by itself.

Browser command line options launch and either use the Tor proxy or run normally?

"AEN007"
There is an Add-on to Firefox called MM3 Proxy Switch for quickly turning on/off different proxies. But in general it is considered a VERY BAD IDEA to use same browser for both Tor and non-Tor browsing. It can store cookies, HTML5 Local Storage, Shared objects and so and so on, it can appear with unique (or rare) combination of UserAgent, Screen resolution, Accept headers and installed Plugins. Browser remembers unique "visited" links, sends unique E-Tag's and can do whole lot of other things to de-anon you. So you'd better embed Firefox Portable 2nd Profile to your TBB as well as you did this to FirefoxPortable itself.

Is there no way to EDIT (at will) your own (previously made) posts here?

"AEN007"
Red on white "EDIT" button in the top right of your message.

10May2013
Hallo ...

Red on white "EDIT" button in the top right of your message.

"Danja"There is no Red on white "EDIT" button anywhere in this thread when I login ...
There is (only) the ! and the QUOTE button
Whether I use Opera or Gecko ... Maybe there is some control panel setting to change?

14May2013
Hallo ...

You either
1) edited your /etc/tor/torrc and added a ControlPort line
without also adding a HashedControlPassword or CookieAuthentication line,
or ...
The problem here is ...
The way to fix it is to either ... or to leave Vidalia off and just run Tor by itself.

"TOR Hacker"Well, like I "said",
I extracted the torrc. file from the Vidalia bundle and
then simply added the 2 code lines I previously posted ...
I do run Tor by itself (with the -f command line option to tell Tor directly which config file to use).
That message is from the Tor DOSbox when
I run Tor alone with the torrc. from Vidalia with those 2 code lines I added ...

So, it is (still) not clear to me what (if anything) to do about that message ...

So, it is (still) not clear to me what (if anything) to do about that message ...

"AEN007"

So you don't have ControlPort anywhere in your torrc file? What happens when you change Authentication in Vidalia?

29May2013
allô ... merci (encore) pour votre réponse ...

So you don't have ControlPort anywhere in your torrc file?

"TOR Hacker"Well, like I "said",
I extracted the torrc. file from the Vidalia bundle and
then simply added the 2 code lines I previously posted ...
so I did not edit my torrc AND add a ControlPort line; however,
the torrc file I extracted from the Vidalia bundle has a ControlPort line»

# If non-zero, try to write to disk less frequently than we would otherwise.

AvoidDiskWrites 1

# Store working data, state, keys, and caches here.

DataDirectory .\Data

GeoIPFile .\Data\geoip

# Where to send logging messages.  Format is minSeverity[-maxSeverity]

# (stderr|stdout|syslog|file FILENAME).

Log notice stdout

# Bind to this address to listen to connections from SOCKS-speaking

# applications.

SocksListenAddress 127.0.0.1

SocksPort 9150

ControlPort 9151

I would presume your & every (current) torrc file is the same (or similar) ...
which would mean your & every Tor connection would/should have this issue ...???
unless using this torrc file through Vidalia somehow provides the/a "fix"?
(like I "said", I do not use Vidalia ... for one reason because of the (way) out of date Mozilla Firefox)
How would I go about

adding a HashedControlPassword or CookieAuthentication line

?

Also, does anyone know how often (in general) Tor switches servers/countries?
What about customizing that item? via the torrc file? or some other method?

EDIT:
30May2013
Hallo ...
Today - for some unknown reason (maybe because I now have the minimum # of required posts?) -
I have an EDIT button - only on this (my most recent post) ...

1) Anyway, further to what I posted above ...
The Tor DOSbox does NOT give that message when I use the Vidalia torrc file
(with the ControlPort line in it!) without the 2 lines of code I added ...
(which is (also) something I already "said" previously/above ...)
so it is not having ControlPort in the torrc file that brings about that message ...

The message appears after I add those 2 lines of code ... Why???

2) How would I go about

adding a HashedControlPassword or CookieAuthentication line

?

3) Also, does anyone know how often (in general) Tor switches servers/countries?
What about customizing that item? via the torrc file? or some other method?

2)
Run
tor --hash-password mysecretpassword
where "mysecretpassword" is the password you want to use.

It will output something like this
16:872860B76453A77D60CA2BB8C1A7042072093276A3D701A D684053EC4C

Copy the entire line and add it to your torrc file, and also set CookieAuthentication to 1:

HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701A D684053EC4C 

CookieAuthentication 1 

Restart tor.



3) how often (in general) Tor switches servers/countries?

By default Tor switches exit nodes every 10 minutes.
But it is not guaranteed that new exit node will be from another country than prevous one.

7July2013
Regarding this problem»

I decided to try to test torrc configurations in the Vidalia bundle,
but the damn thing would not ever/even establish a Tor connection;
the MFFp in Vidalia is way out of date anyway ...

"AEN007"It seems Tor behaves anomalously in that Tor does NOT trigger
my firewall to give an out-bound request pop-up/notice ...
So my firewall was blocking Tor's access but not notifying me that Tor (in the Vidalia bundle)
was requesting internet access as an "unconfigured/unfamiliar" app/exe ...

22July2013
I am curious what anyone makes of the following two (2) screenshots


One says the IP "country" for 158.255.213.160 is Austria ... the other says USA?

According to http://whatismyipaddress.com/ip/158.255.213.160

IP: 158.255.213.160
Hostname: tor.kultur1337.se
ISP: EDIS GmbH
Organization: EDIS Infrastructure in the USA
Services: Confirmed proxy server
Recently reported forum spam source. (36)

EDIS GmbH has main office in

Widmannstettergasse 3
8053 Graz
Styria, Austria

but also has some data-centers in USA. This IP is from USA, but belongs to Austrian company.

... in general it is considered a VERY BAD IDEA to use same browser for both Tor and non-Tor browsing. It can store cookies, HTML5 Local Storage, Shared objects and so and so on, ... and can do whole lot of other things to de-anon you.

"Danja"So, I have 1 MFFportable "install" that I use exclusively with Tor. (MMFp4Tor)
I have a 2nd MFFp "install" that I use exclusively without Tor.

I am wondering if it is better to use the MMFp4Tor "install" with cache disabled?
i.e., set "Override automatic cache management" to "ON" & set "Limit cache to" zero (0)?