Tor Country Codes
Tor has the ability to let you choose which exit nodes you’d like to use – either by name, fingerprint, or country code. If you have a trusted list of nodes you’d like to use as a whitelist, you can use that, or if you have a list of nodes on a blacklist, it supports that configuration. But for those of us that are attempting to be someone else, specifically someone from a different country, we can use Tor to not only hide our identity, but make it appear to be from a specific geographic location.
To ensure Tor will only use Some Country (i.e india code IN) based exit nodes
TORRC: TorBrowser/Data/Tor/
For desktop: ThisPC\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc
The configuration is simple, modify your torrc file to add the follwoing line :
ExitNodes {in}
StrictNodes 1
Please note that in all of these examples, we must enable StrictNodes. This example will use either Ukraine, Uganda, South Korea, or Ireland as an exit:
ExitNodes {ua},{ug},{kp},{ie}
Blacklisting: You can also use this as a defensive measure as well. If you’ve believe there is some kind of geo-centric threat in Uganda, you can configure Tor to never use these exit nodes.
ExcludeExitNodes {ua}
You can exclude all node types for a specific country as well – exits, relays, entry, and bridge nodes.
ExcludeNodes {us}
You have the ability to whitelist all node types which is to say you can make sure that your entire Tor circuit only uses a certain country. This is NOT recommended of course. An ideal circuit will cross countries and legal jurisdictions.
The ?? Country
Tor uses Maxmind’s Geo-ip lookup system for this functionality. Some of the versions of their database contain a “??” country code. This is reserved for IPs they either don’t know, or aren’t willing to share. (Tor is making some changes to compensate for this in the future.)
Knowing this can be useful in one of two ways. First, you may think that if you don’t know what country you’re going to be using as a node, then you don’t want to use it. This is probably a legitimate thought without having more information on what causes an IP to have “??”. Second, and more interestingly, some (poorly configured) firewalls will automatically drop connections from certain countries. Admins will say “Screw it, block China. Hacking problem solved!” and ask for a raise. Maxmind is a very popular Geo-ip lookup database and you can imagine that all of the security services built into those fancy enterprise firewalls will most likely be using it if it’s doing geographic lookups. While many of these admins will have policies for how to handle “us”, “cn”, and “de”, I’ve found many have issues with a country code that is “??”. In one case, I’ve found a system that blocks all exit nodes, except those coming from a “??” country. I have not identitied why this mis-configuration occurs, but hopefully someone can leverage this to their advantage.