checking tor circuit from browser + banning relays

elliott · December 4, 2019, 2:40pm

Hi,

this is my first message here. I have 2 questions for you, both related to Tor relays.

First the newbie question :
How do I check the tor relay circuit from browser ?
The standalone Tor browser usually shows this from the circled (i) near the address bar. It looks different with the whonix browser.

A more advanced question :
Is there a way to ban relays from a specific country system-wide ?
For instance a way to avoid all relays from the US.

Thank you

Patrick · December 4, 2019, 4:10pm

Hello, welcome to Whonix forums and thank you for your question!

Cannot. Quote Tor Browser Essentials

The Tor Circuit View and Open Network Settings functions have been disabled. The former is unsupported for security reasons, [110] while the latter would have no effect since Tor must be configured in Whonix-Gateway ™.

Change Tor settings as per Tor Documentation for Whonix Users

Which Tor settings: as per the usual Tor (same as tor Debian package). See Tor manual How can we help? | Tor Project | Support and see also Self Support First Policy for Whonix

anontor · December 5, 2019, 11:37pm

elliott, view your current circuit settings through application in Whonix Gateway- Nyx.
Go to Whisker Menu, scroll down to Nyx and open then use the right arrow key to traverse the different screens

elliott · December 11, 2019, 11:17am

Hi,

thanks for help.

So second question is solved.

If someone’s looking for a detailed answer, here it is :

Edit tor config file ( usually /usr/local/etc/torrc.d/50_user.conf in Gateway )
Add a line like that :

ExcludeNodes {us},{gb}

Here I’m excluding any relay in the US or in Great Britain.

Save and restart your virtual machines.
Now you can check relays with nyx command in Gateway.

Too bad I’m not allowed to include links in my post. For a list of country codes see ISO 3166-1 alpha-2 page in Wikipedia.

elliott · December 11, 2019, 11:24am

But I’m still struggling with the first.

See, I’m connected to a site that gives me my ip, but I can’t even find the IP it shows me in nyx list, so what the ?

anontor · December 11, 2019, 5:41pm

elliott
use caution with excluding nodes because you are more visible as your network fingerprint. This may impact anonymity. Open Nyx, use the arrow key (–>) press it 4 times to get to the interpreter panel. Then press enter. Now you can issue commands. Try this:
getinfo circuit-status
That should give you a description of your current circuit. Match the nickname to the list of active created circuits
Pay attention to Nyx’s log messages. Sometimes when you can’t see a connection in the list, turns out it ‘died’ and was reset.