Internal Tor configuration for the scanner

The scanner needs a specific Tor configuration. The following options are either set when launching Tor or required when connection to an existing Tor daemon.

Default configuration:

  • SocksPort auto: To proxy requests over Tor.

  • CookieAuthentication 1: The easiest way to authenticate to Tor.

  • UseEntryGuards 0: To avoid path bias warnings.

  • UseMicrodescriptors 0: Because full server descriptors are needed.

  • SafeLogging 0: Useful for logging, since there’s no need for anonymity.

  • LogTimeGranularity 1

  • ProtocolWarnings 1

  • FetchDirInfoEarly 1

  • FetchDirInfoExtraEarly 1: Respond to MaxAdvertisedBandwidth as soon as possible.

  • FetchUselessDescriptors 1: Keep fetching descriptors, even when idle.

  • LearnCircuitBuildTimeout 0: To keep circuit build timeouts static.

Configuration that depends on the user configuration file:

  • CircuitBuildTimeout ...: The timeout trying to build a circuit.

  • DataDirectory ...: The Tor data directory path.

  • PidFile ...: The Tor PID file path.

  • ControlSocket ...: The Tor control socket path.

  • Log notice ...: The Tor log level and path.

Configuration that needs to be set on runtime:

  • __DisablePredictedCircuits 1: To build custom circuits.

  • __LeaveStreamsUnattached 1: The scanner is attaching the streams itself.

Configuration that can be set on runtime and fail:

  • ConnectionPadding 0: Useful for avoiding extra traffic, since scanner anonymity is not a goal.

Currently most of the code that sets this configuration is in sbws.util.stem.launch_tor() and the default configuration is sbws/


the location of this code is being refactored.