"Joe Btfsplk" wrote: >But what I find happens - more than a few times, when a >site doesn't like an Tor exit (it's IP, or it's location), using New >Identity often selects another circuit *very* similar to the previous;
Yes, Tor attempts to reuse known good exits from the past hour. >It's because they >block specific countries, IPs - or ranges of them. Torbutton "New >Identity" doesn't handle this very well, - from the aspect - of getting >you connected to a site that blocked exits from specific countries. >I'm not sure of a better solution for this. Not entirely handled badly. A failure (on a clean circuit) to connect to a site because the exit is blocked should trigger closing the circuit and reattempt connection on a new clean circuit. A potential solution might be to explicitly attempt a country disjoint from (say) the previous 2 failures for a site. That or explicitly exclude the country associated with the past 2 failures for a site. >Just one example: Say, https://ixquick.com/ (or Startpage), requires a >captcha. Getting a new identity *often* doesn't remove the captcha >requirement - but sometimes does. >I started looking at possible reasons why. This is tricky. A site which asks for a captcha hasn't failed to connect. Detecting and evading arbitrary captcha would likely compound the problem by making the site block more exits. You and the entire Tor network might be better off just to answer the captcha. That's what I try to do anyway. Just saying. >I notice the same thing using "New Identity" button (while observing >countries, relay names, IPs, etc. of the old & New Identity). >Repeatedly getting a New Identity often doesn't fix the blocking or >presenting captchas. On many sites. I'm guessing it's often because >the exit relay locations (countries) and / or IPa ranges, etc., are too >close to the last one. >Often, if I Torbutton new identities enough times in a row, that >through ? luck of the draw?, the exit relay geo-location and / or IPa >range changes significantly, the sites then work fine. A possible cause is that Tor only considers building a new circuit if 30s have past since the last new identity. So if you click new identity a few times in a row nothing may happen. Another factor is that if a clean circuit exists Tor may ignore the request to build a new one until (up to) 10m have past or the existing circuits become dirty. >Five successive, >new identities - all w/ exits in "XYZ-stan(s)" countries may never allow >access to a site. Then work immediately on getting an exit in Germany, Detecting geolocation based blocks might be addressed by looking at the location (suffix, registration, ip) of the site itself or the language. >Reading those command descriptions, sounds like they're useful mainly if >you "must" access a site w/ Tor, but don't care so much about anonymity? If a site wants to track you they'll figure out a way. Even if you use different exits, new identities. Those options just provide a way to access sites that might block your access if your exit changes during use. You're right about risks though. The exit could be malicious. A site could provide you an address including dot notation to select your exit. -- leeroy -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
