[tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?

Lunar lunar at torproject.org
Mon Mar 24 08:38:41 UTC 2014

Zenaan Harkness:
> Lunar:
> > Zenaan Harkness:
> […]

Sorry, but your message is too long. You should try to ask less
questions at the same times, as the answer from one is likely to help
you answer the other. I'm jumping to the most obvious ones here.

> > TOR_SKIP_LAUNCH was designed for Whonix and Tails use cases. For both
> > the tor daemon is started independently of the Tor Browser. For the
> > former on a different host and for the latter under a different system
> > user.
> My proposed "VPN" scenario is similar to the Whonix concept.

I believe it's not. The Whonix Workstation is unable to reach the
Internet except by connecting to the tor daemon running on the
gateway. To the best of my understanding, with what you describe, the
computers that would run the Tor Browser would not be isolated of the

> When you say "running tor locally", are you referring only to a "local
> always-on relay" - eg one connected to ADSL permanently? Or do you
> also include in that term, 'running TBB locally on the spot which
> creates its own local tor instance'? As in, are you also including in
> the term "running tor locally" a "local sometimes-on relay (or
> 'private' bridge?)"?

When I say “running tor locally”, I mean running the tor daemon on
the computer that will run the Tor Browser. That's how Tor is generally
used. The tor daemon takes care of reaching the Tor network and
relaying information through it. This is sometimes referred in the
literature as an “Onion Proxy”.

This has nothing to do with relaying the traffic of others.

I still don't understand why you want to do things differently than
just run the Tor Browser and eventually configure Tor to use a bridge.

> >> Q2) When connecting to a trusted friend's relay via VPN, [...]
> >
> > Why would you want to do that instead of using a (private) bridge?
> High-latency, low-bandwidth, only sometimes-on internet connections.

Users of high-latency, law-bandwidth, only sometimes-on Internet
connections are perfectly able to use bridges.

> Also, I am struggling to find a proper definition of 'private bridge'
> and what that exactly means and how it actually works.

Bridges are unlisted Tor relays, but they are normally part of the
bridge database and get distributed to users in need through specific
channels (see <https://bridges.torproject.org/>).

Private bridges do not record themselves to the bridge database. Their
addresses need to be explicitly given by the bridge operator to be used.

> >> Q5) When connecting to a trusted friend's relay via the open Internet,
> >> is this what's called using the relay as a "bridge"?
> >
> > Using a relay as a bridge is when you configure a public Tor relay
> > instead of an unlisted bridge as one of tor bridges. There are very few
> > use cases where it makes sense. See "Bridge" and "UseBridge" in tor(1)
> > manual page.
> My point is, the exit relay I installed is a 'public tor relay' - as
> in it is not configured as 'private', but is that what you mean?

All Tor relays are public as the list of all Tor relays if available to
everyone. That's the differences with bridges. The list of all (public)
bridges is not available anywhere else than the bridge database. There
is no list of all private bridges.

There is no such thing as a private Tor relay, except on a test network.

Lunar                                             <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140324/c15f42f9/attachment-0001.sig>

More information about the tor-talk mailing list