Tor bundle was not slow, now it is, anything I can do?

Discussion in 'privacy technology' started by 072707, Aug 9, 2007.

Thread Status:
Not open for further replies.
  1. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    I have been using the Tor, Privoxy, and Vidalia bundle( http://tor.eff.org/download.html.en ) on my XP sp2 machine( http://www.geekstogo.com/forum/thes...ean-XP-sp2-machine-now-invulnera-t165600.html ) for about 5 days. The last 18 hours or so my Internet surfing has been dramatically slower than when I first started using Tor. I am convinced that it is Tor that is slowing my Internet surfing because bandwidth speed tests( http://reviews.cnet.com/7004-7254_7-0.html ) run with Tor off return good download("surfing") speeds.

    I understand that Tor may somewhat slow surfing speed(s); however, the extent to which it is presently slowing my surf speed is an impediment to my online activities. Again, I noticed Tor slowed my surfing as soon as I first used it and I was prepared to tolerate that level of slowing, but, after 3 or 4 days of it being tolerable, it has been at a consistent new low for almost 24 hours.

    I thought I read in a number of places that Tor results(speed) go up and down(possibly way down) regularly, but, since I am not a technically advanced user I figured that there might be configuration issues that I can change which will get me some relief.

    I am, of course, using Firefox(latest version) and my Proxy settings are manual, http 8118, ssl 8118, socks 9050(socks v5). I did not change these from the direct connection Firefox was using before Tor so I do assume the Tor bundle installation did so.

    note: Right from the start I noticed that, after about an hour and a half of surfing behind Tor, my machine sometimes seems to "hang-up" or crash. When this Tor related hanging occurs usually I can not close Vidalia and when I open Windows Task Manager it shows applications that I am running as not responding. I try to end task for the affected applications, but eventually Windows Task Manager itself stops responding. I selected to run Tor as a service in the hope that doing so would positively affect this hanging, but I am not so sure it has. ( https://www.wilderssecurity.com/showthread.php?t=181996 )

    I am running Comodo firewall and I typically block svchost every chance I get unless, like Windows Updates, it must be allowed for a particular application to succeed. ( http://www.castlecops.com/modules.php?&name=Forums&file=viewtopic&t=196459 )

    I am looking at Proxomitron, because I wonder if it will, "magically", make things faster, but I am unclear as to whether I replace Privoxy or Vidalia with Proxomitron or neither. It looks to me like Privoxy and Proxomitron do the same thing, but, then again, I am not a technically advanced user.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    There are a few things you can do. The first one is to download xB Browser and go into xB Config and change the settings to "don't manage tor connection" and then run the browser.

    If tor is classically configured, you will be able to click the included "Flush Tor Circuit" button in xB Browser and it will clear out the circuit and get you a new one, which should speed things up.

    It also has already been optimized to run on the Tor network. Another option it comes with is to disable picture loading. This will dramatically increase your surfing speeds. It also comes with and adblocking and script blocking software so you don't download the ads at all, which should speed up your surfing.

    In the alternative, if you need fast anonymity, you can always upgrade from Tor to Xerobank Plus, which will give you guaranteed broadband speeds all the time. There are free demo accounts available to see if it suits your needs. If you like I can send you a free 1-month trial account.

    Steve
     
  3. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    Does your xB Browser detect exit node that may send user to bogus site?
    How safe is it for https account login?
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Speed with Tor will vary - the best option if your connection seems unacceptably slow is to use the "New Identity" option in Vidalia's system tray menu. This will switch to a new circuit which should (hopefully) give better speeds.

    Circuits can also fail, which causes a delay while the failure is detected and a new circuit built. Again, Vidalia can help with its Network Map option which shows your current curcuits and the nodes used - if a specific node seems to cause repeated problems, then you can exclude it from future use (though you will need to edit your Vidalia/Tor configuration file manually).
    The real problem IMHO is that Tor does not include any tools for bandwidth management, which means that a few selfish users can spoil the experience for everyone else by running large downloads through Tor. In particular, Rapidshare downloads are the biggest plague with the "gimme gimme gimme" brigade using Tor as a means of bypassing Rapidshare's (IP address based) download limits, rather than purchasing an account or using a P2P network. I now block all Rapidshare download access on my server (anyone trying gets instead a message asking them not to use Tor) but it is clear that some people don't get it - I regularly see bursts of attempted Rapidshare connections (sometimes over a thousand an hour).

    Rapidshare connections accounted for about a third of the bandwidth I had allocated, and due to the filesizes involved (over 100MB in many cases) would slow down other connections for hours until I started blocking them. I have found it prudent to also block access to other download sites (0-9.megaupload.com, 0-9.megashares.com, 0-9.megarotic.com, 0-9.gigasize.com, 0-9.filesend.net, 0-9.filefactory.com, 0-9.sendspace.com, 0-9.badongo.com and 0-9.quicksharing.com) as well as video downloads from YouTube (ash/chi/lax/sjc/sjl.youtube.com - Google Video hasn't been a real problem yet but that may change). I would urge anyone else running a Tor server to consider similar steps to ensure that they can offer better speeds for normal web access.

    This doesn't cover the situation where my node acts as a middleman for a large download, but I deal with this by terminating any connections that exceed 10MB in size with a non-trivial connection speed (which should rule out any normal webpage access).
    As long as Tor is working, there is little further configuration you can do to improve performance (aside from possibly excluding problem nodes as noted above).
    There is a problem on your system there, but it may not be Tor that is the cause. Check which processes in Task Manager are using the most CPU - clicking on the "CPU Time" column will sort processes in order of long-term CPU usage which can be useful in pinpointing processor hogs.
    Proxomitron is a more powerful filter but requires more skill to use (in particular, to identify which filter is responsible if a website doesn't work properly). Unless you have real problems with Privoxy (e.g. if you see it consuming lots of CPU) I'd suggest sticking with it - otherwise review the Setting up Tor/Proxomitron+SocksCap thread for detailed advice.
     
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    It is usually pretty safe to use https for account logins. The only worry is if a certificate chained back to a Root CA in your browser has been fooled into providing an SSL certificate to a bogus site. This is unlikely. If you get popups saying that such-and-such website has an SSL certificate but that it needs to be examined or doesn't match, then don't trust it. Otherwise, feel free to use xB Machine or xB Browser.
     
  6. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Thanks for responding:

    I am concerned with vulnerabilities and security issues of a new browser that may not enjoy widespread use. I feel that I can, or should, trust Firefox more than Internet Explorer, which I take every opportunity to avoid, but, as an average user, I do not feel that I have enough technical knowledge to understand if I am safe or not in a new browser.

    Firefox is "hugely popular" and enjoys widespread use yet it still has vulnerabilities and needs regular updates. I am skeptical as to whether or not developers of a "new browser", that does not have popularity, at least on a par with Firefox, will have the resources, financial and otherwise, and usage data from a wide user base necessary to keep it "patched", secure, and up to date.

    Thankyou for the offer of the free trial. I may just have to try it. I did take a peek at xerobank.com. I assume that the 30 day trial you are offering is only on xerobank plus and I am not comfortable with having to use xB browser exclusively with plus. What is xB VPN and OpenVPN(virtual private network)? What purpose do they serve for xerobank Pro?

    I guess Tor relies on volunteers to make their machines available for the Tor network. Did xerobank just set up, say, 100 of their own servers all over the globe in order to build their own network to ricochet Internet usage through?

    acknsyn appears to be thinking along the same lines as I with regard to vulnerabilities and security issues of a new browser.

    I am using noscript with Firefox

    I have used "New Identity", but my speed tests did not significantly improve. It did change my ip, etc; so the "New Identity" was working. I used showmyip to confirm ip change.

    I am almost starting to wonder if the company I pay for access to the Internet is intentionally retarding my surf speed when I connect through Tor? Although I am not sure how easy it would be for their machines to detect(lots of servers vs few for direct connection?).

    So you are running a Tor server?

    I had no choice, but to abandon my use of Tor for the moment. I believe it may be possible that the way Tor works greatly accelerates the appearance of the "hanging" "crashing" affect that usually manifests with Tor use on my machine.

    I have DNS Client disabled. That has nothing to do with my problems does it?

    I have two hardware profiles. In the first I do my best to implement http://www.lbl.gov/cyber/systems/wxp-security-checklist.html recommendations for Windows Services configuration.

    In the second hardware profile I have added some of http://www.blackviper.com/WinXP/servicecfg.htm "safe" Windows Services configuration recommendations. This is the profile that I have been using routinely since I added it by following blackviper's instructions.

    In your opinion are my problems mainly a result of Privoxy? Should a user expect a speed increase merely by replacing Privoxy with Proxomitron?

    note: I recently read a comment to an article that indicated Google owns about 20% of Firefox(Mozilla) and has a lot of say so over how Firefox is "deployed". It was an article about Mozilla's recent statement that they are going to separate themselves from Thunderbird, which I use. The author of the comment was, among other things, saying that Thunderbird competes with gmail and so Mozilla was "ordered" to drop it. I apologize for not posting the link, but I don't have the time to hunt it down.

    Suffice it to say that I am not necessarily optimistic about Firefox surviving as a good(substantially free of built in snooping, easy vulnerabilities, etc, etc) browsing tool for even the next few years, although I felt this way even before the Tbird announcement.

    If the google Firefox connections that I read about are indeed true, then, I believe Firefox will be virtually "impotent" or compromised in less than 16 more months.

    https://www.wilderssecurity.com/showthread.php?t=128120
     
  7. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    I unchecked run as windows service. My speed using Tor is now about half my direct connection speed. What I don't know, of course, is if unchecking windows service actually had anything to do with the problem or if the Tor network itself has just returned to normal, or at least what I referred to as tolerable for the first 3 or 4 days that I used Tor.

    The speeds that prompted me to start this thread were 5 to 10 times slower than direct connect.

    I am, however, still unsure if I am prepared to take the type of "hit" to my productivity that half my direct connect speed results in.

    For now I am begrudgingly going to leave Tor off.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    xB Browser is built on firefox. And there is nothing more secure than xB Browser's modifications of firefox. It is the anonymous browser, with over 4 million downloads. Give it a shot, you won't be disappointed.

    No, you can use the 30 day trial specifically with xB Machine, which is a secure virtual workstation.

    xB VPN is a portable version of OpenVPN, typically pre-configured for the XeroBank network. It allows XeroBank Pro users to seamlessly connect to the XeroBank network, rerouting, encrypting, and anonymizing all inbound and outbound traffic.

    Something like that.

    No offense, but you are way underprotected if that is your major defense. xB Browser has noscript and a host of other modifications.

    Quite a few of them.


    To be honest there are a lot of reasons why you may be experiencing a slowdown. The slow is the normal speed, the fact that you had fast speed for a while is a fluke. You could change your circuit nodes to only use the ones with high bandwidth availability, but you reduce your anonymity.

    I think the community is there, and that is what Firefox thrives on. People want to see this browser develop and get better. The drop of Thunderbird, however, is a questionable act on the part of Mozilla. Thunderbird is an awesome email client, I would hate to see it bite the dust. But no, firefox isn't going anywhere, they have a huge marketshare, and that is worth a lot as-is. I don't see Google as having any interest in neutering Firefox. That would be shooting themselves in the foot, if the rumor is true about their ownership. The bottom line is Firefox has been good about pushing timely vulnerability updates, IE not so much. You'll find that both browsers have bugs, but the concern is how quickly they are found and fixed as a measurement for the group involved.
     
  9. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    I currently use IE/FF. I didnt realize the xB Browser was based on FF. I downloaded it and tried to launch it. I tried to find a configuration like torrc for specifying outbound tor ports and couldnt find it.
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    What you want to use is xB Config, which is in the App directory.

    Enter in whatever you like in the Tor Commands box, it will follow just like the torrc. However, if you've got a specific proxy/firewall setting you are already behind, the system is already set up to handle that.
     
  11. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    It's not really a firewall issue, it more like limiting what port tor can use. For now, I'll stick with my current setup. xBrowser I downloaded appears to be FF2.0.0.5 and current FF is 2.0.0.6.
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Possible, but difficult (they would need to maintain a list of all Tor entry servers - which would need regular updates). In practice, ISPs are far more likely to be concerned with bandwidth-hungry P2P applications or video-streaming since throttling these can save them money - those wishing to hamper Tor usage would more likely block it rather than throttle it.
    If you disable this, ensure you use something else to cache DNS lookups or you will be slowing your connection down due to repeated (and unnecessary) DNS lookups.
    Privoxy can be a CPU-hog but I doubt your speed problems are due to this, so using Proxomitron would not likely improve matters.
    The "windows service" option is only useful to users running a Tor server (who therefore wish to keep it running even when they have logged off). If you are running Tor as a client only, don't bother with it - just start Tor when you need it.
     
  13. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Well, my default hardware profile follows Berkeley Labs recommendations for services ( http://www.lbl.gov/ITSD/Security/systems/wxp-security-checklist.html ). The 2nd profile that I use almost exclusively now mostly follows BlackViper's recommendations ( http://www.blackviper.com/WinXP/Services/DNS_Client.htm ).

    BlackViper says the following about DNS Client: "This service is not required for DNS lookups, but if it makes you happy to have it running, you may. If you attempt to "repair" your network connection and a dialog box complains that the "DNS resolver failed to flush the cache," this service is the reason. It is also needed if using IPSEC." and I made a decision to act according to this advice and disable DNS Client.

    I have now placed DNS Client on "Automatic" and enabled it in both hardware profiles. Does it need to be on "Automatic" or will "Manual" suffice?

    I am not struck by any improvement in connection speed, but I probably would need to quantify that with bandwidth speed tests to be certain.
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Manual should suffice - you can check by opening a command prompt window and typing ipconfig /displaydns to view the current entries of your DNS cache.

    As for actual performance benefits, that will depend on the DNS server - with a slow server caching will show the greatest benefit. As long as you have set up Tor correctly, DNS lookups should be sent through it and handled by the exit node (which would make them slower than ones done by your PC directly - but doing DNS directly can then compromise your anonymity) so there should be some benefit.

    However from a security perspective it is better to disable the DNS Client service since it results in svchost.exe doing all DNS lookups on behalf of applications - which in turn can be abused by malware to send out information surreptitiously through your firewall (see DNSTester for an example of this). Disabling the DNS Client forces applications to do their own DNS lookups, which means any malware trying this technique should then be detected by your firewall, giving you a chance to block it. Therefore using a third party utility for DNS caching (I use Outpost firewall's DNS cache plugin) gives you the best of both performance and security.
     
  15. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Unfortunately for me, I have abandoned my use of Tor for the moment due to the problems I described in this thread.

    I have also encountered another issue( https://www.wilderssecurity.com/showthread.php?p=1057843#post1057843 ) that is quite an annoyance. Of the two issues Tor use was the easiest to abandon.


    Oh my! The items in there include buttandass.net, hornys-place.com, hardfacktor.org. Uhhhhhhh! I don't recall paying a visit to those sites, nor, did I visit sites that I would expect to have links or ads to them? Should I be concerned?

    What in the....?

    Most of the items in the DNS cache show no relation to the names of the sites that I have visited. I have McAfee SiteAdvisor running to help decide what to click on and what not to click on. Most of the DNS cache looks like sites associated with ads on webpages. Those three I mentioned appear to be the only obvious ones of their type.


    Well then, I am officially taking suggestions for a good free third party DNS cache utility that will not slow or otherwise handicap my machine. I will look at downloads.com as well.

    Can I exclude those sites I mentioned by placing them in my mvps host file? Should I? How?


    As it stands I don't think svchost could be doing much of anything on my machine
    When I connect to the Internet Comodo Firewall Pro asks me 2 or three times to do something and I block it everytime despite Comodo labeling svchost as a "safe application". It asks me one more time usually when I open my browser.

    Should I block svchost like I do? I am really not comfortable with it connecting to the Internet because I don't see why it needs to. I had DNS Cache disabled until just recently so svchost could not have been trying to do DNS lookups. Right?

    I guess I would assume svchost is only wanting to do the DNS lookup when it asks after I open my browser. What are the other requests for?
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Looks like someone's been running a Tor exit node without realising it (where others in the Tor network can access sites via your address). ;) Exit nodes are necessary for Tor to function (I run one myself) but you will get some rather nasty looking URLs in your DNS cache and firewall logs as a result - and likely have your bandwidth gobbled up by Rapidshare hoggers as per my rant above. Also pay attention to the Tor Server FAQ and Tor Legal FAQ.

    If you don't like this, you can still run as a server but limit yourself to middleman (encrypted) traffic. However you do then lose plausible deniability for any nasty URLs.... :D
    Svchost handles several things in Windows - some of which are necessary for network access (e.g. DNS/DHCP) while others are optional (Windows Updates, time synchronisation). Blocking it is possible if you have configured your setup in a minimalist fashion (e.g. using a static IP, shutdown all services) but details on this is well beyond the topic of this thread. Have a Google on it first...
     
  17. 072707

    072707 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    33
    Well then, this is all very enlightening.

    I know that I have not checked "Relay traffic for the Tor network" under "Server"; so, what do I change to turn this "tor exit node" off? The idea of me unknowingly running an exit node sounds very likely, especially considering the "slowing" that prompted me to start this thread in the first place, but, if it is not the aforementioned "Server" setting that is allowing the exit node, then, I am confused as to what is "on".

    The only thing I did that may be related to this is "Run Tor as a service", but, again, this was in the absence of activating the "Relay traffic..." setting?

    Thankyou for your help.
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If you are running a Tor server, the log (visible in Vidalia) will clearly say so at the beginning ("Your Tor server's identity key fingerprint is..." should appear as the 7th line).

    If it isn't, then either those DNS entries are from a previous Tor session inadvertantly run as a server (ipconfig /flushdns should get rid of them, check later to see if anything untoward appears) or something/someone else is accessing those domains on your PC - in the latter case, check your firewall logs for more details.
     
Loading...
Thread Status:
Not open for further replies.