[tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
zen at freedbms.net
Mon Mar 24 00:50:55 UTC 2014
On 3/20/14, Lunar <lunar at torproject.org> wrote:
> Zenaan Harkness:
>> From here:
>> we see addition of
>> command line option to effect start-tor-browser.
>> My questions all assume using TBB.
> TOR_SKIP_LAUNCH was designed for Whonix and Tails use cases. For both
> the tor daemon is started independently of the Tor Browser. For the
> former on a different host and for the latter under a different system
My proposed "VPN" scenario is similar to the Whonix concept.
>> Q1) When is it sensible to use the above TOR_SKIP_LAUNCH=1 option?
>> For example:
>> - when connecting to local always-on relay?
>> - when connecting to local sometimes-on relay?
>> - when connecting to ones own 'cloud' relay via VPN?
>> - when connecting to ones own physical host relay via VPN?
>> - when connecting to a friend's home host relay via VPN?
> None of the above. What is the problem of running tor locally?
High-latency, low-bandwidth dialup and satellite connections for some
of the people I advocate tor to (and libre software in general of
This FAQ entry:
says in part "if you're looking for a trusted entry into the Tor
network, setting up a private Tor server as a bridge is a great
The "private bridge" or rather, "trusted entry" in our case is the
first (so far) tor relay I installed, which is installed at a site
with a low-latency, reasonable-bandwidth ADSL2 connection.
As the website suggests here:
exit relays are most needed. So that's what I set up.
I am assuming that this exit relay is also useful as a "trusted entry
to tor" bridge for those who are not practically able to run their own
private/public bridge/relay (high latency links etc, see above).
Is my assumption correct?
If not, is there a better way? Eg would it make sense to run two
instances of tor at the current exit relay host (one as a "trusted
entry"), rather than just the exit relay?
So I'm not sure any of those 5 questions above make sense. But that's
the context in my mind "trusted entry to tor" at the least for those
with problematic, high-latency and/ or low-bandwidth and/ or censored
(not sure that's the case yet in Australia, but could be?) internet
I am using the term "VPN" since for my joining-tor advocacy, at least
for a few people, I have set up limited ssh logins on our first exit
relay I refer to, which I am assuming is also a useful tor entry point
for problematic internet links. So it is I guess a "limited" VPN which
I am referring to in my questions, which exists for the purposes of
allowing certain users (with problematic links) to connect to the exit
relay which I am assuming is useful as a "trusted entry bridge".
Hope I'm making sense here...
A question I'm not able to answer: is it beneficial to have this VPN
for some of the users, or should I just tell them "customize your
connection and add the name of the relay to the last step - to bypass
your filtering ISP or to use our 'trusted relay'"?
Or is it better that they use the IP address and tor port of the relay
as their "bridge" config, or something else?
I really would like to understand the pros and cons of these
alternatives, and have been studying tp.o in vain to try and find out.
When you say "running tor locally", are you referring only to a "local
always-on relay" - eg one connected to ADSL permanently? Or do you
also include in that term, 'running TBB locally on the spot which
creates its own local tor instance'? As in, are you also including in
the term "running tor locally" a "local sometimes-on relay (or
For example, a person has a high-latency low-bandwidth dialup
connection and so cannot run a relay and cannot run it all the time -
they need to make and receive phone calls sometimes, or they only have
one portable computer which they cannot leave on site at all times.
Does a temporary local "tor" satisfy the concept "running tor
I apologise in advance, I am quite a newbie to tor and anonymous
networks and am really struggling with some of the terms and concepts
used. Yes I may well be missing something obvious.
My next question: Does running a "local always-on relay" provide
by simply running it, but completely ignoring it thereafter (as in,
just run TBB with default network config, pretending your own relay
does not exist)?
I've been assuming not, but after your questions back to me, now I'm
beginning to wonder how confused I might really be here... If it is
not recommended to run a relay and connect with TBB to somewhere else
(whatever the 'default' happens to be), then this should certainly be
stated somewhere - and frankly, TBB ought have options in its config
dialog (it this is what is recommended) for "I'm running a tor relay
on my LAN, which I am also connected to right now, and intend to use
it - here's the SOCKS IP and port" as well as "I'm VPN-ing to a relay
I'm running elsewhere and intend to use that, here's my properly
forwarded localhost SOCKS port for my remote tor relay instance".
If 'run a relay but ignore it' is intended by the project, that is not
intuitive from the torproject.org website and documentation that I've
read so far.
I don't understand the anonymity implications for the differences in
these various scenarios which I am trying to comprehend.
And I haven't been able to answer these questions in a fair bit of
reading so far.
And whilst I don't understand, then I am unable to advocate (in good
conscience) in any way other than to say "yeah, TBB should provide
some reasonable anonymity improvements - just download from tp.o and
run". Without understanding, of course I cannot optimize privacy for
those I advocate to.
>> Q2) When connecting to a trusted friend's relay via VPN, [...]
> Why would you want to do that instead of using a (private) bridge?
High-latency, low-bandwidth, only sometimes-on internet connections.
Also, I am struggling to find a proper definition of 'private bridge'
and what that exactly means and how it actually works.
I searched tp.o for a glossary, and only found git showing a terms
list for translators (no definitions). Perhaps the FAQ could be
updated after my mis-understandings are clarified?
For example, I am currently unable to answer the question: What sort
of connections does a private bridge have in and out?
Is it only connections from those who know the name or ip of the
private bridge? Or does it also act as a relay sometimes? BTW, I have
read this (in full, at least twice, as with much of tp.o):
and yet still cannot answer these questions.
I have yet to properly read the Tor design docs, but I was hoping tp.o
would provide enough information for a thorough understanding for a
(advanced?) relay operator. Perhaps up to now no one has faced the
scenarios I am facing - in which case, this will be a great
opportunity for some new docs. I am willing to summarize things once I
realise where I have been not understanding.
that FAQ entry regarding "does running a relay give better anonymity"
concludes with "It is an open research question whether the benefits
outweigh the risks. A lot of that depends on the attacks you are most
worried about. For most users, we think it's a smart move."
This wording ought be a little tighter - as in "for most users"
implies there are "at least some users" for whom running a relay is
not a smart idea - who are those users, even who might they possibly
It might be obvious to others who those "other" tor users might be,
but it's not obvious to me, and I think it would be good to clarify
this point, if possible. If it is not possible to describe such a
"hypothetical user who could benefit from NOT running a relay", then
we should state that, admitting that we do not know for whom not
running a relay is a benefit, or could be a benefit.
The point is: It is good that we be as clear as possible on the
boundaries of our knowledge regarding these issues of tor and privacy
and anonymity (another two terms that would be good to carefully
define in an end-user Glossary page).
Is it advised for or against, for high-latency and/ or low-bandwidth
users (common in rural areas) to connect to a site (vpn or just using
the relay name as a bridge) where that site has its tor running as an
What if the site they VPN to is a normal 'public' bridge relay?
What if it is an un-listed (what I understand to be 'private') bridge (relay?)?
I am expected to advocate/install etc, for a small community of couple
dozen or so people.
I have read this:
Which answers "shouldn't tor default to all tor users being relays".
At the moment, I realise I am making certain assumptions about whether
one setup, or one connection method, is more, or less, 'anonymous',
than some other setup or method.
I have a duty of care towards those I assist. I am bound in my
conscience to assist people only by coming to a full and proper
understanding of the trade-offs of different setups that I could
>> Q5) When connecting to a trusted friend's relay via the open Internet,
>> is this what's called using the relay as a "bridge"?
> Using a relay as a bridge is when you configure a public Tor relay
> instead of an unlisted bridge as one of tor bridges. There are very few
> use cases where it makes sense. See "Bridge" and "UseBridge" in tor(1)
> manual page.
My point is, the exit relay I installed is a 'public tor relay' - as
in it is not configured as 'private', but is that what you mean? In my
mind 'public tor relay' could mean 'a relay not installed and operated
by you, but instead by someone else in the public and quite possibly
Thank you for those man page pointers. That clarifies part of the
"how". Hopefully soon I'll have a solid "why" (or why not) :)
Also, the bottom of
bridges-spec.txt, which I am yet to read in full, but shall do so.
Thank you so much for your feedback,
More information about the tor-talk