[tor-talk] alt-svc supported by TBB
Dave Warren
dw at thedave.ca
Thu Sep 20 18:38:56 UTC 2018
On 2018-09-18 14:33, Dave Warren wrote:
> On 2018-09-18 13:33, nusenu wrote:
>>
>>
>> Dave Warren:
>>> Can anyone confirm if the current release of TBB supports alt-svc?
>>>
>>> I'm testing the Cloudflare alt-svc .onion beta project and I do see
>>> the alt-svc header, but I'm trying to determine whether TBB is
>>> actually using it or not. It seems like not, given that the website
>>> can see a tor exit IP in the Cloudflare headers (I wouldn't expect
>>> this since subsequent requests should be delivered over a .onion
>>> address).
>>>
>>
>>
>> TorBrowser is supposed to support alt-svc since version 8 but
>> we have had mixed results when testing it
>> https://twitter.com/arthuredelstein/status/1037559553380966400
>
> Using the test page at https://perfectoid.space/test.php I get either
> red or yellow exclusively, no amount of refreshing and/or changing
> circuits seems to get green which confirms my own testing on a site I
> operate that is participating in the beta.
I've been monkeying around a bit, and I can sometimes get this to work,
but very infrequently. It feels like if I open a tunnel to each of their
.onion addresses first then it increases the odds although I'm not sure
if this makes sense since a new hostname (the test site vs their .onion
addresses) should result in a new tunnel anyway.
And maybe this is just a limitation of the test site (although I don't
think so), but it seems that Cloudflare fails to notice many IPv6 exits,
whereas IPv4 exits usually get the country "T1" (meaning Cloudflare
knows this is a Tor exit and adds the Alt-Svc header).
Unfortunately the reliability doesn't seem to be here enough to try and
achieve Cloudflare's stated goals, but hopefully this is just an early
attempt and not the end of the road. On the flip side, maybe it is
working a little more than it appears since I'm not seeing CAPTCHAs when
using TBB 8, but I am from a second machine running TBB 7.
One final note: Are there any other Cloudflare users on the Free or Pro
plans? If so, could you go check if Onion Routing was enabled for you?
Their blog says it is enabled by default, but it is disabled on two of
my three sites -- Maybe this is due to being part of the beta though, I
did manually enable it on that third site and maybe that precluded it
from being enabled on my other two?
More information about the tor-talk
mailing list