[or-cvs] Move website to wml

Peter Palfrader weasel at seul.org
Tue Oct 4 19:10:36 UTC 2005


Update of /home/or/cvsroot/website/en
In directory moria:/tmp/cvs-serv31992/en

Added Files:
	developers.wml documentation.wml download.wml faq-abuse.wml 
	faq.wml foot.wmi gui-contest.wml howitworks.wml index.wml 
	navigation.wmi overview.wml people.wml research.wml 
	support.wml tor-manual-cvs.wml tor-manual.wml translation.wml 
	users.wml volunteer.wml 
Log Message:
Move website to wml

--- NEW FILE: developers.wml ---
## translation metadata
# Revision: $Rev: 1.214$

#include "head.wmi" TITLE="Developers"

<div class="main-column">
<div style="float: right; border: 1px solid #666666; background: #e7e7e7; padding: 5px; margin: 0 5px 0 0;">
<a href="gui/" style="color: #EF8012; font-weight: bold;">Tor GUI Competition &raquo;</a>
</div>

<h2>Tor: Developers</h2>
<hr />

<p>Browse the Tor <b>CVS repository</b>: (which may not
necessarily work or even compile)</p>
<ul>
<li><a href="<cvssandbox>">Regularly updated CVS sandbox</a></li>
<li><a href="http://cvs.seul.org/viewcvs/viewcvs.cgi/?root=tor">ViewCVS</a></li>
<li><a href="http://archives.seul.org/or/cvs/">Mailing list for cvs commits</a></li>
<li>anonymous pserver access (password is guest):
<ul>
<li>Make a new empty directory and cd into it.</li>
<li>cvs -d :pserver:guest at cvs.seul.org:/home/or/cvsroot login</li>
<li>cvs -d :pserver:guest at cvs.seul.org:/home/or/cvsroot co tor</li>
<li>cd tor; ./autogen.sh; make; make install if you like.</li>
<li>(use "co -r tor-0_1_1_4_alpha tor" to fetch a particular version.)</li>
<li>(To check out the maintenance branch, use -r tor-0_1_0-patches)</li>
</ul>
</li>
</ul>

<p>Here's the current roadmap for the 0.1.1.x release:</p>
<ul>
<li>Reduce CPU load on servers.</li>
<li>Continue decentralizing the directory.
<ul>
  <li>Gather more permanent dirservers and put their keys into the code.</li>
  <li>Need to solve what 'verified' means: it means the nickname is
      registered, but otherwise we treat servers the same.</li>
  <li>A way for clients to partition the set of servers in a safe way:
      so they don't have to learn all of them but so they're not easily
      partitionable. Write it down, but probably not do it yet.</li>
</ul></li>
<li>Helper nodes (at least preliminary).</li>
<li>Enclaves (at least preliminary).</li>
<li>Launch the GUI contest.</li>
<li>Something, anything, for sys tray on Windows.</li>
<li>Get on some websites: indymedia.org. others?</li>
<li>Research: scalability, keep thinking about end-to-end attacks.</li>
</ul>

<p>
<a href="<cvssandbox>tor/doc/TODO">The list of stuff the developers know they need to do</a>.
</p>

<p>
The <a href="http://anon.inf.tu-dresden.de/index_en.html">Java Anon
Proxy (JAP)</a> project has implemented the Tor client protocol in their
client. More on that coming soon.
</p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: documentation.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Documentation"

<div class="main-column">

<h1>Table of Contents</h1>
<hr />

<ul>
<li><a href="#RunningTor">Running Tor</a></li>
<li><a href="#DesignDoc">Design Documents</a></li>
<li><a href="#HOWTO">Various HOWTO Docs</a></li>
<li><a href="#MailingLists">Mailing List Information</a></li>
</ul>
<hr />

<a id="RunningTor"></a>
<h2><a class="anchor" href="#RunningTor">Running Tor</a></h2>
<ul>
<li><a href="<cvssandbox>tor/doc/tor-doc-win32.html">Installing Tor on Win32</a></li>
<li><a href="<cvssandbox>tor/doc/tor-doc-osx.html">Installing Tor on Mac OS X</a></li>
<li><a href="<cvssandbox>tor/doc/tor-doc-unix.html">Installing Tor on Linux/BSD/Unix</a></li>
<li><a href="<cvssandbox>tor/doc/tor-switchproxy.html">Installing SwitchProxy for Tor</a></li>
<li><a href="<cvssandbox>tor/doc/tor-doc-server.html">Configuring a Tor server</a></li>
<li><a href="<cvssandbox>tor/doc/tor-hidden-service.html">Configuring a Tor hidden service</a></li>
</ul>

<a id="DesignDoc"></a>
<h2><a class="anchor" href="#DesignDoc">Design Documents</a></h2>
<p>The <b>design document</b> (published at Usenix
Security 2004) gives our justifications and security analysis for the
Tor design:</p>
<ul>
<li><a href="<cvssandbox>tor/doc/design-paper/tor-design.pdf">PDF version</a></li>
<li><a href="<cvssandbox>tor/doc/design-paper/tor-design.html">HTML version</a></li>
</ul>

<p>Our follow-up paper on <b>challenges in low-latency anonymity</b>
(still in draft form) details more recent experiences and directions:
<a href="<cvssandbox>tor/doc/design-paper/challenges.pdf">PDF version</a>.</p>

<p>The <b>specification</b> aims to give
developers enough information to build a compatible version of Tor:</p>
<ul>
<li><a href="<cvssandbox>tor/doc/tor-spec.txt">Main Tor specification</a></li>
<li><a href="<cvssandbox>tor/doc/rend-spec.txt">Tor rendezvous specification</a></li>
<li><a href="<cvssandbox>tor/doc/dir-spec.txt">Tor directory server specification</a></li>
<li><a href="<cvssandbox>tor/doc/control-spec.txt">Tor UI control specification</a></li>
</ul>

<p>The <a href="tor-manual.html"><b>manual</b></a> for the latest stable version
provides detailed instructions for how to install and use Tor, including configuration
of client and server options.<br />
If you are running the CVS version the manual is available
<a href="tor-manual-cvs.html"><b>here</b></a>.
</p>

<p>The <a href="http://wiki.noreply.org/noreply/TheOnionRouter">wiki</a>
provides a plethora of useful contributions from Tor users.</p>

<p>Look at the <a href="http://freehaven.net/~arma/wth1.pdf">slides</a>
from <a href="http://whatthehack.org/">What the Hack (WTH)</a>, and <a
href="http://rehash.waag.org/WTH/wth-anonymous-communication-58.mp4.torrent">
watch the video of the talk</a>. We also have <a
href="http://freehaven.net/~arma/wth3.pdf">slides</a> and <a
href="http://rehash.waag.org/WTH/wth_tor_hidden_services.mp4.torrent">video</a>
of the WTH talk on hidden services.
</p>

<a id="HOWTO"></a>
<h2><a class="anchor" href="#HOWTO">Various HOWTO Docs</a></h2>
<ul>
<li><a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">Guide
to Tor-ifying various applications</a></li>
<li><a
href="http://wiki.noreply.org/noreply/TheOnionRouter/OperationalSecurity">How
to Run a Secure Tor Server</a></li>
<li><a
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">Running
Tor in a Linux chroot</a></li>
<li><a
href="http://wiki.noreply.org/noreply/TheOnionRouter/OpenbsdChrootedTor">chroot
guide for OpenBSD</a></li>
<li><a
href="http://wiki.noreply.org/wiki/TheOnionRouter/SquidProxy">Squid and
Tor</a></li>
</ul>

<a id="MailingLists"></a>
<h2><a class="anchor" href="#MailingLists">Mailing List Information</a></h2>
<ul>
<li> The <a href="http://archives.seul.org/or/announce/">or-announce
mailing list</a> is a low volume list for announcements of new releases.
</li>
<li> The <a href="http://archives.seul.org/or/talk/">or-talk mailing
list</a> is where a lot of the discussion happens, and is where we
send notifications of prereleases and release candidates. </li>
<li> The <a href="http://archives.seul.org/or/dev/">or-dev mailing
list</a> is for posting by developers only, and is very low traffic. </li>
<li> There's also a list for <a
href="http://archives.seul.org/or/cvs/">cvs commits</a>.</li>
</ul>
  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: download.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Download"

<div class="main-column">

<h2>Tor: Packages and source</h2>
<hr />

<p>Tor is distributed as <a href="http://www.fsf.org/">Free Software</a>
under the <a href="<cvssandbox>tor/LICENSE">3-clause BSD license</a>.</p>

<p>You can get the latest release from the <a href="dist/">download
directory</a>.
The latest stable release is <b><version-stable></b>, and the
latest development release is <b><version-alpha></b>.
To keep informed of security advisories and new stable releases, subscribe
to the <a href="http://archives.seul.org/or/announce/">or-announce
mailing list</a>: (you will need to confirm via email)
</p>

<form action="http://freehaven.net/cgi-bin/majordomo.cgi">
<input type="hidden" name="mlist" value="or-announce">
<input type="hidden" name="subscribe" value="1">
<input type="hidden" name="host" value="freehaven.net"> 
<input name="email" size="15">
<input type="submit" value="subscribe">
</form>

<p>Tor should run on Linux, BSD, OS X, Windows, Solaris, and more.</p>
<ul>
<li><b>Windows</b> installer:
<a href="<package-win32-stable>"><version-win32-stable></a> (<a href="<package-win32-stable-sig>">sig</a>),
<a href="<package-win32-alpha>"><version-win32-alpha></a> (<a href="<package-win32-alpha-sig>">sig</a>).
Be sure to read the <a href="<cvssandbox>tor/doc/tor-doc-win32.html">Win32 Tor instructions</a>.</li>

<li><b>Mac OS X Tiger</b> installer: 
<a href="<package-osx-stable>"><version-osx-stable></a> (<a href="<package-osx-stable-sig>">sig</a>),
<a href="<package-osx-alpha>"><version-osx-alpha></a> (<a href="<package-osx-alpha-sig>">sig</a>).
Be sure to read the <a href="<cvssandbox>tor/doc/tor-doc-osx.html">OS X Tor instructions</a>.
</li>

<li><b>Mac OS X Panther/Jaguar</b> installer: 
<a href="<package-oldosx-stable>"><version-oldosx-stable></a> (<a href="<package-oldosx-stable-sig>">sig</a>).
Be sure to read the <a href="<cvssandbox>tor/doc/tor-doc-osx.html">OS X Tor instructions</a>.
</li>
<li><b>Debian packages</b>: <kbd>apt-get install tor</kbd> (<a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorOnDebian">guide for Sarge and experimental Tor versions</a>)
</li>

<li><b>Red Hat Linux</b> package:
<a href="<package-rpm-stable>"><version-rpm-stable> RPM</a> (<a href="<package-rpm-stable-sig>">sig</a>),
<a href="<package-srpm-stable>"><version-rpm-stable> SRPM</a> (<a href="<package-srpm-stable-sig>">sig</a>),
<a href="<package-rpm-alpha>"><version-rpm-alpha> RPM</a> (<a href="<package-rpm-alpha-sig>">sig</a>),
<a href="<package-srpm-alpha>"><version-rpm-alpha> SRPM</a> (<a href="<package-srpm-alpha-sig>">sig</a>)
</li>

<li><b>Gentoo</b>: <kbd>emerge tor</kbd> (<a href="http://gentoo-wiki.com/HOWTO_Anonymity_with_Tor_and_Privoxy">guide</a>)</li>
<li><b>FreeBSD</b>: <kbd>portinstall -s security/tor</kbd></li>
<li><b>OpenBSD</b>: <kbd>cd /usr/ports/net/tor &amp;&amp; make &amp;&amp; make install</kbd> (<a href="http://wiki.noreply.org/noreply/TheOnionRouter/OpenbsdChrootedTor">guide to chrooting</a>)</li>
<li><b>NetBSD</b>: <kbd>cd /usr/pkgsrc/net/tor &amp;&amp; make install</kbd></li>
<li>Latest source tarballs: <a href="<package-source-stable>"><version-stable></a> (<a href="<package-source-stable-sig>">sig</a>),
<a href="<package-source-alpha>"><version-alpha></a> (<a href="<package-source-alpha-sig>">sig</a>) </li>
</ul>

<p>Instructions for setting up Tor on Linux/BSD/Unix are <a
href="<cvssandbox>tor/doc/tor-doc-unix.html">here</a>. This <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#DistSignatures">FAQ
entry</a> explains how to verify package signatures.
</p>

<p>See the <a href="developers.html">developers page</a> for instructions
on fetching Tor from CVS.
</p>

<hr />

<h2>Mirrors</h2>

<p>
If you are running a mirror, please email
<a href="mailto:tor-webmaster at freehaven.net">tor-webmaster at freehaven.net</a>
and we'll add it to the list.
</p>

<p>
BIT BV (<a href="ftp://ftp.bit.nl/mirror/tor/">ftp</a> | 
<a href="http://ftp.bit.nl/mirror/tor/">http</a>)<br /> 
FU - Spline (<a href="http://rem.spline.de/tor/">http</a>)<br />
Ghirai.com (<a href="http://www.ghirai.com/tor/">http</a>)<br />
Meulie.net (<a href="http://tor.meulie.net/">http</a>)<br />
Stevens Institute of Technology (<a href="ftp://ftp.cs.stevens.edu/pub/tor/">ftp</a>)<br />
Swedish Linux Society (<a href="ftp://ftp.se.linux.org/pub/crypto/tor/">ftp</a>
 | <a href="http://ftp.se.linux.org/crypto/tor/">http</a>)
</p>

<hr />

<h2>Testing releases</h2>

<p>2005-09-14:
Tor 0.1.1.7-alpha <a
href="http://archives.seul.org/or/talk/Sep-2005/msg00152.html">fixes
some bugs in 0.1.1.6-alpha</a>.
</p>

<p>2005-09-09:
Tor 0.1.1.6-alpha <a
href="http://archives.seul.org/or/talk/Sep-2005/msg00103.html">fixes
some bugs in 0.1.1.5-alpha, and adds new features including exit enclaves,
improved hidden service speed, remote reachability detection by the
dirservers, fixes to let the Tor network bootstrap again, and a start
on the new directory design</a>.
</p>

<p>2005-08-08:
Tor 0.1.1.5-alpha <a
href="http://archives.seul.org/or/talk/Aug-2005/msg00036.html">includes
the critical security fix from 0.1.0.14</a>.
</p>

<p>2005-08-04:
Tor 0.1.1.4-alpha <a
href="http://archives.seul.org/or/talk/Aug-2005/msg00010.html">includes
the critical security fix from 0.1.0.13</a>.
</p>

<p>2005-07-25:
Tor 0.1.1.3-alpha <a
href="http://archives.seul.org/or/talk/Jul-2005/msg00107.html">fixes
a crash bug with hidden services, an assert trigger in the controller,
and a few other controller bugs</a>.
</p>

<p>2005-07-14:
Tor 0.1.1.2-alpha <a
href="http://archives.seul.org/or/talk/Jul-2005/msg00055.html">fixes a
seg fault in the controller handling, plus a few other bugs</a>.
</p>

<p>2005-06-28:
Tor 0.1.1.1-alpha has a <a
href="http://archives.seul.org/or/talk/Jun-2005/msg00252.html">revised
controller protocol (version 1) that uses ascii rather than binary</a>.
</p>

<hr />

<h2>Stable releases</h2>

<p>2005-09-23:
Tor 0.1.0.15 fixes <a
href="http://archives.seul.org/or/announce/Sep-2005/msg00000.html">a crash
bug when exit nodes run out of file descriptors, and rejects two more ports
in the default exit policy</a>.
</p>

<p>2005-08-08:
Tor 0.1.0.14 fixes <a
href="http://archives.seul.org/or/announce/Aug-2005/msg00001.html">the
second half of a critical bug in the security of our crypto
handshakes</a>. All clients should upgrade <b>immediately</b>!
</p>

<p>2005-08-04:
Tor 0.1.0.13 fixes a <a
href="http://archives.seul.org/or/announce/Aug-2005/msg00000.html">critical
bug in the security of our crypto handshakes</a>.
</p>

<p>2005-07-18:
Tor 0.1.0.12 fixes an <a
href="http://archives.seul.org/or/announce/Jul-2005/msg00001.html">assert
bug that was taking down some clients and servers in rare cases</a>.
</p>

<p>2005-06-30:
Tor 0.1.0.11 fixes a <a
href="http://archives.seul.org/or/announce/Jul-2005/msg00000.html">security
problem where servers would disregard their exit policies in some
circumstances</a>.
</p>

<p>2005-06-12:
Tor 0.1.0.10 features <a
href="http://archives.seul.org/or/announce/Jun-2005/msg00000.html">cleanup
on Windows, including making NT services work; many performance
improvements, including libevent to use poll/epoll/kqueue when available,
and pthreads and better buffer management to avoid so much memory bloat;
better performance and reliability for hidden services; automated
self-reachability testing by servers; http and https proxy support for
clients; and much more support for the Tor controller protocol</a>.
</p>

<hr />

<p>You can read the <a href="<cvssandbox>tor/ChangeLog">ChangeLog</a> for more
details.</p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: faq-abuse.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Abuse FAQ for Server Operators"

<div class="main-column">

<!-- PUT CONTENT AFTER THIS TAG -->

<h2>Abuse FAQ for Tor Server Operators</h2>
<hr />

<a id="WhatAboutCriminals"></a>
<h3><a class="anchor" href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></h3>

<p>Criminals can already do bad things. Since they're willing to
break laws, they already have lots of options available that provide
<em>better</em> privacy than Tor provides. They can steal cell phones,
use them, and throw them in a ditch; they can crack into computers
in Korea or Brazil and use them to launch abusive activities; they
can use spyware, viruses, and other techniques to take control of
literally millions of Windows machines around the world. </p>

<p>Tor aims to provide protection for ordinary people who want to follow
the law. Only criminals have privacy right now; we need to fix that. </p>

<p>Some advocates of anonymity explain that it's just a tradeoff &mdash;
accepting the bad uses for the good ones &mdash; but we don't think that's
how it works in the case of Tor.
Criminals and other bad people have the motivation to learn how to
get good anonymity, and many have the motivation to pay well to achieve
it. Being able to steal and reuse the identities of innocent victims
(identify theft) makes it even easier. Normal people, on the other hand,
don't typically have the time or money to spend figuring out how to get
privacy online. This is the worst of all possible worlds. </p>

<p>So yes, criminals could in theory use Tor, but they already have
better options, and it seems unlikely that taking Tor away from the
world will stop them from doing their bad things. At the same time, Tor
and other privacy measures can <em>fight</em> identity theft, physical
crimes like stalking, and so on. </p>

<a id="DDoS"></a>
<h3><a class="anchor" href="#DDoS">What about distributed denial of service attacks?</a></h3>

<p>Distributed denial of service (DDoS) attacks typically rely on having a group
of thousands of computers all sending floods of traffic to a victim. Since
the goal is to overpower the bandwidth of the victim, they typically send
UDP packets since those don't require handshakes or coordination. </p>

<p>But because Tor only transports correctly formed TCP streams, not
all IP packets, you cannot send UDP packets over Tor. (You can't do
specialized forms of this attack like SYN flooding either.) So ordinary
DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth
amplification attacks against external sites: you need to send in a byte
for every byte that the Tor network will send to your destination. So
in general, attackers who control enough bandwidth to launch an effective
DDoS attack can do it just fine without Tor. </p>

<a id="WhatAboutSpammers"></a>
<h3><a class="anchor" href="#WhatAboutSpammers">What about spammers?</a></h3>

<p>First of all, the default Tor exit policy rejects all outgoing
port 25 (SMTP) traffic. So sending spam mail through Tor isn't going to
work by default. It's possible that some server operators will enable
port 25 on their particular exit node, in which case that computer will
allow outgoing mails; but that individual could just set up an open mail
relay too, independent of Tor. In short, Tor isn't useful for spamming,
because nearly all Tor servers refuse to deliver the mail. </p>

<p>Of course, it's not all about delivering the mail. Spammers can use
Tor to connect to open HTTP proxies (and from there to SMTP servers); to
connect to badly written mail-sending CGI scripts; and to control their
botnets &mdash; that is, to covertly communicate with armies of
compromised computers that deliver the spam.
</p>

<p>
This is a shame, but notice that spammers are already doing great
without Tor. Also, remember that many of their more subtle communication
mechanisms (like spoofed UDP packets) can't be used over Tor, because
it only transports correctly-formed TCP connections.
</p>

<a id="ExitPolicies"></a>
<h3><a class="anchor" href="#ExitPolicies">How do Tor exit policies work?</a></h3>

<p>Each Tor server has an exit policy that specifies what sort of
outbound connections are allowed or refused from that server. The exit
policies are propagated to the client via the directory, so clients
will automatically avoid picking exit nodes that would refuse to exit
to their intended destination. </p>

<p>This way each server can decide the services, hosts, and networks
he wants to allow connections to, based on abuse potential and his own
situation. </p>

<a id="HowMuchAbuse"></a>
<h3><a class="anchor" href="#HowMuchAbuse">Does Tor get much abuse?</a></h3>

<p>Not much, in the grand scheme of things. We've been running the network
since October 2003, and it's only generated a handful of complaints. Of
course, like all privacy-oriented networks on the net, we attract our
share of jerks. Tor's exit policies help separate the role of "willing
to donate resources to the network" from the role of "willing to deal
with exit abuse complaints," so we hope our network is more sustainable
than past attempts at anonymity networks. </p>

<p>Since Tor has <a
href="overview.html">many good uses as
well</a>, we feel that we're doing pretty well at striking a balance
currently. </p>

<a id="TypicalAbuses"></a>
<h3><a class="anchor" href="#TypicalAbuses">So what should I expect if I run a server?</a></h3>

<p>If you run a Tor server that allows exit connections (such as the
default exit policy), it's probably safe to say that you will eventually
hear from somebody. Abuse
complaints may come in a variety of forms. For example: </p>
<ul>
<li>Somebody connects to Hotmail, and sends a ransom note to a
company. The
FBI sends you a polite email, you explain that you run a Tor server,
and they say "oh well" and leave you alone. [Port 80]</li>
<li>Somebody tries to get you shut down by using Tor to connect to Google
groups and post spam to Usenet, and then sends an angry mail to
your ISP about how you're destroying the world. [Port 80]</li>
<li>Somebody connects to an IRC network and makes a nuisance of
himself. Your ISP gets polite mail about how your computer has been
compromised; and/or your computer gets DDoSed. [Port 6667]</li>
<li>Somebody uses Tor to download a Vin Diesel movie, and
your ISP gets a DMCA takedown notice. See EFF's <a
href="eff/tor-dmca-response.html">Tor DMCA Response
Template</a>, which explains to your ISP why it can probably ignore
the notice without any liability. [Arbitrary ports]</li>
</ul>

<p>You might also find that your Tor server's IP is blocked from accessing
some Internet sites/services. This might happen regardless of your exit
policy, because some groups don't seem to know or care that Tor has
exit policies. (If you have a spare IP not used for other activities,
you might consider running your Tor server on it.) For example, </p>

<ul>
<li>Because of a few cases of anonymous jerks messing with its web
pages, Wikipedia is currently blocking many Tor server IPs from writing
(reading still works). We're talking to Wikipedia about how they might
control abuse while still providing access to anonymous contributors,
who often have hot news or inside info on a topic but don't want to risk
revealing their identities when publishing it (or don't want to reveal
to local observers that they're accessing Wikipedia). Slashdot is also
in the same boat.</li>
<li>SORBS is putting some Tor server IPs on their email
blacklist as well. They do this because they passively detect whether your
server connects to certain IRC networks, and they conclude from this that
your server is capable of spamming. We're working with them to teach them
that not all software works this way. Until then, we recommend you avoid
them, and teach your friends (if they use them) to avoid them too.</li>
</ul>

<a id="IrcBans"></a>
<h3><a class="anchor" href="#IrcBans">Tor is banned from the IRC network I want to use.</a></h3>

<p>Sometimes jerks make use of Tor to troll IRC channels. This abuse
results in IP-specific temporary bans ("klines" in IRC lingo), as the
network operators try to keep the troll off of their network. </p>

<p>This response underscores a fundamental flaw in IRC's security model:
they assume that IP addresses equate to humans, and by banning the
IP address they can ban the human. In reality this is not the case &mdash;
many such trolls routinely make use of the literally millions of open
proxies and compromised computers around the Internet. The IRC networks
are fighting a losing battle of trying to block all these nodes,
and an entire cottage industry of blacklists and counter-trolls has
sprung up based on this flawed security model (not unlike the antivirus
industry). The Tor network is just a drop in the bucket here. </p>

<p>On the other hand, from the viewpoint of IRC server operators, security
is not an all-or-nothing thing.  By responding quickly to trolls or
any other social attack, it may be possible to make the attack scenario
less attractive to the attacker.  And most individual IP addresses do
equate to individual humans, on any given IRC network at any given time.
The exceptions include NAT gateways which may be allocated access as
special cases. While it's a losing battle to try to stop the use of open
proxies, it's not generally a losing battle to keep klining a single
ill-behaved IRC user until that user gets bored and goes away. </p>

<p>But the real answer is to implement application-level auth systems,
to let in well-behaving users and keep out badly-behaving users. This
needs to be based on some property of the human (such as a password he
knows), not some property of the way his packets are transported. </p>

<p>Of course, not all IRC networks are trying to ban Tor nodes. After
all, quite a few people use Tor to IRC in privacy in order to carry
on legitimate communications without tying them to their real-world
identity. Each IRC network needs to decide for itself if blocking a few
more of the millions of IPs that bad people can use is worth losing the
contributions from the well-behaved Tor users. </p>

<p>If you're being blocked, have a discussion with the network operators
and explain the issues to them. They may not be aware of the existence of
Tor at all, or they may not be aware that the hostnames they're klining
are Tor exit nodes.  If you explain the problem, and they conclude that
Tor ought to be blocked, you may want to consider moving to a network that
is more open to free speech.  Maybe inviting them to #tor on irc.oftc.net
will help show them that we are not all evil people. </p>

<p>Finally, if you become aware of an IRC network that seems to be
blocking Tor, or a single Tor exit node, please put that information on <a
href="http://wiki.noreply.org/wiki/TheOnionRouter/BlockingIrc">The Tor
IRC block tracker</a>
so that others can share.  At least one IRC network consults that page
to unblock exit nodes that have been blocked inadvertently. </p>

<a id="SMTPBans"></a>
<h3><a class="anchor" href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></h3>

<p>Even though <a href="#WhatAboutSpammers">Tor isn't useful for
spamming</a>, some over-zealous blacklisters seem to think that all
open networks like Tor are evil &mdash; they attempt to strong-arm network
administrators on policy, service, and routing issues, and then extract
ransoms from victims. </p>

<p>If your server administrators decide to make use of these
blacklists to refuse incoming mail, you should have a conversation with
them and explain about Tor and Tor's exit policies. </p>

<a id="Bans"></a>
<h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3>

<p>First, ask yourself if there's a way to do application-level decisions
to separate the legitimate users from the jerks. For example, you might
have certain areas of the site, or certain privileges like posting,
available only to people who are registered. You could set up this
distinction only for certain IP addresses such as Tor exit nodes. This
way you can have multi-tiered access and not have to ban everything. </p>

<p>Second, consider that thousands of people use Tor every day to protect
against data-gathering corporations like Doubleclick while going about
their normal activities. Others use Tor because it's their only
way to get past the restrictive firewalls at their school or other
organization. Some Tor users may be legitimately connecting
to your service right now to carry on normal activities. You need to
decide whether banning the Tor network is worth losing the contributions
of these users, as well as potential future legitimate users. </p>

<p>At this point, you should also ask yourself what you do about other
services that aggregate many users behind a few IP addresses. Tor is
not so different from AOL in this respect.</p>

<p>Lastly, please remember that Tor servers have individual exit
policies. Many Tor servers do not allow exiting connections at
all. Many of those that do allow some exit connections might already
disallow connections to
your service. When you go about banning nodes, you should parse the
exit policies and only block the ones that allow these connections;
and you should keep in mind that exit policies can change (as well as
the overall list of nodes in the network). </p>

<p>If you really want to do this, we provide a
<a href="<cvssandbox>tor/contrib/exitlist">Python script to parse the Tor
directory</a>.
</p>

<a id="TracingUsers"></a>
<h3><a class="anchor" href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></h3>

<p>
There is nothing the Tor developers can do to trace Tor users. The same
protections that keep bad people from breaking Tor's anonymity also
prevent us from figuring out what's going on.
</p>

<p>
Some fans have suggested that we redesign Tor to include a <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Backdoor">backdoor</a>.
There are two problems with this idea. First, it technically weakens the
system too far. Having a central way to link users to their activities
is a gaping hole for all sorts of attackers; and the policy mechanisms
needed to ensure correct handling of this responsibility are enormous
and unsolved. Second, the bad people <a href="#WhatAboutCriminals">aren't
going to get caught by this anyway</a>, since they will use other means
to ensure their anonymity (identity theft, compromising computers and
using them as bounce points, etc).
</p>

<p>
But remember that this doesn't mean that Tor is invulnerable. Traditional
police techniques can still be very effective against Tor, such as
interviewing suspects, surveillance and keyboard taps, writing style
analysis, sting operations, and other physical investigations.
</p>

<a id="LegalQuestions"></a>
<h3><a class="anchor" href="#LegalQuestions">I have legal questions about Tor abuse.</a></h3>

<p>We're only the developers. We can answer technical questions, but
we're not the ones to talk to about legal questions or concerns. </p>

<p>Please take a look at the <a
href="eff/tor-legal-faq.html">Tor Legal FAQ</a>,
and contact EFF directly if you have any further legal questions. </p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: faq.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="FAQs"

<div class="main-column">

<h2>Tor: FAQs</h2>
<hr />

<p>
The <a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ">Tor
Technical FAQ Wiki</a> is user-editable, meaning anyone can make edits
to the content. We encourage Tor users and supporters to go fix it up,
add more questions, provide answers, etc. While we will monitor the Wiki
page to help ensure accuracy, the Tor developers are not responsible
for the content.
</p>

<p>
The <a href="eff/tor-legal-faq.html">Tor Legal FAQ</a> is written by
EFF lawyers. It aims to give you an overview of some of the legal issues
that arise from the Tor project.
</p>

<p>
The <a href="faq-abuse.html">Abuse FAQ for Tor Server Operators</a> is a collection
of common questions and issues discussed when running a Tor server.
</p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: foot.wmi ---
#!/usr/bin/wml

## translation metadata
# Revision: $Rev: 1.214$

#include "functions.wmi"

</div>
  <div class="bottom" id="bottom">
     <i><a href="mailto:tor-webmaster at freehaven.net" class="smalllink">Webmaster</a></i> -
#     Id: developers.html,v 1.41 2005/08/31 20:19:16 thomass Exp 
      Last modified: <: @stat = stat($(LANG).'/'.$WML_SRC_FILENAME); print scalar localtime($stat[9]); :>
      -
      Last compiled: <: print scalar localtime(); :>

# Uncomment this in your translation:  (and translate it)
#####################################
#      <: unless (translation_current()) { :>
#      <p>
#      Warning:  This translation might be obsolete.  The English original is at Revision
#      <:= translation_get_masterrevision() :> while this translation is based on
#      <:= translation_get_basedonrevision() :>.
#      <: } :>
  </div>
</body>
</html>

--- NEW FILE: gui-contest.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="GUI Contest"

<div class="main-column">

<h2>Tor GUI Contest</h2>
<hr />
<p>DRAFT IN PROGRESS</p>
<hr />
<a id="Overview"></a>
<h3><a class="anchor" href="#Overview">Overview</a></h3>

<p>
Tor is a decentralized network of computers on the Internet that increases
privacy in Web browsing, instant messaging, and other applications. We
estimate there are some 50,000 Tor users currently, routing their traffic
through about 250 volunteer Tor servers on five continents. However, Tor's
current user interface approach --- running as a service in the background
--- does a poor job of communicating network status and security levels
to the user.
</p>

<p>
The Tor project, affiliated with the
<a href="http://www.eff.org/">Electronic Frontier Foundation</a>, is
running a UI contest to develop a vision of how Tor can
work in a user's everyday anonymous browsing experience. Some of the
challenges include how to make alerts and error conditions visible on
screen; how to let the user configure Tor to use or avoid certain routes
or nodes; how to learn about the current state of a Tor connection,
including which servers it uses; and how to find out whether (and which)
applications are using Tor safely.
</p>

<hr />
<a id="Goals"></a>
<h3><a class="anchor" href="#Goals">Goals</a></h3>

<p>Contestants will produce a work of <a
href="http://www.opensource.org/">Open Source Software</a>
that will
provide a user interface to the Tor system by way of the <a
href="<cvssandbox>control/doc/howto.txt">Tor Controller
Protocol</a>.</p>

<p>We are looking for a vision of how Tor can work in a user's everyday
anonymous browsing experience.</p>

<p>Entries will:</p>
<ul>
<li>Allow the user to fully configure Tor rather than manually searching
for and opening text files.</li>
<li>Let users learn about the current state of their Tor connection
(including which servers they are connected to, and how many connections
they have), and find out whether any of their applications are using
it.</li>
<li>Make alerts and error conditions visible to the user.</li>
<li>Run on at least one of Windows, Linux, and OS&nbsp;X, on a
not-unusually-configured consumer-level machine.</li>
</ul>

<p>In addition, they may:</p>
<ul>
<li>Provide detailed information about which
applications, ports, or packets are (or are not!) passing through Tor,
including accounting for both Tor- and non-Tor traffic.</li>
<li>Provide
additional statistics about the Tor connection.</li>
<li>Give users more control over how their Tor behaves at certain times
of day or in other contexts (like operating as a server).</li>
</ul>

<p>Some examples of useful features include:</p>
<ul>
<li>How much bandwidth is Tor using? How does this compare
to the overall network traffic to/from the computer?</li>
<li>Is there network traffic from ports or applications that the user
intended to be anonymized?</li>
<li>What Tor servers does the user know about on the network? Where are
they? How available are they?</li>
<li>An interface for displaying or controlling Tor paths:
"show me the network from Africa by way of Asia". Think of the global
satellite map from the movie <i>Sneakers</i>.</li>
<li>Configure other running applications to use Tor (for example,
by modifying or working through the network stack, and/or by altering
application configurations).</li>
<li>Provide an elegant installer for Tor, your GUI submission, and
other supporting applications.</li>
<li>Make your GUI manage the Tor process and other supporting applications
-- start them, stop them, realize when they've died.</li>
<li>Provide meaningful defaults for a good Tor experience.</li>
<li>Provide application-level anonymity -- that is, not just paying
attention to transport anonymity on the level of Tor, but also paying
attention to the anonymity of the http headers, cookies, etc.</li>
<li>Let the user specify different Tor config option sets depending on
time of day (e.g. daytime vs. nighttime).</li>
<li>Provide useful controller functions for Tor servers too --
for example, walk the user through recommended bandwidth configurations
and exit policies.</li>
<li>Have a "minimized view" of your GUI for common use, and then a more
detailed view or set of windows when the user wants more detail.</li>
<li>Provide a button or some automatically updating interface to let
the user learn whether Tor is working currently, perhaps by accessing an
external what's-my-IP site and seeing if it thinks you're a Tor server;
and give useful messages and recommendations if it doesn't seem to
be working.</li>
<li>Provide a way to automatically configure local firewalls (ipchains,
Windows firewalls, etc) to let Tor traffic out (and in, for Tor
servers). As a bonus, configure it to prevent non-Tor traffic from
leaving (and notify when it tries).</li>
</ul>

<hr />
<a id="Categories"></a>
<h3><a class="anchor" href="#Categories">Contest Categories</a></h3>

<p>
The design contest will proceed in two phases: first sketches and then
working code. You are invited to submit to either phase, or both phases.
For each phase, our panel of judges will recognize the
best submissions. All qualifying entries will receive an EFF Tor T-shirt
(subject to availability). The best sketches and working implementations
will be published on the Tor website.
</p>

<p><b>Sketches:</b>
the goal of this phase is to produce a mock-up of a functioning interface.
This should include design documents describing how the interface should
function. If you want, it should also include graphical elements that
can be used by programmers.
</p>

<p>
A qualifying sketch will present an informal specification for a
design. That is, it will present with some degree of thoroughness all
of the major interfaces that we might expect to encounter, all of the
major functionality for the interface, and a reasonable story about
how it would be integrated into currently-existing tools (if, indeed,
it would be). One example, with more detail than we would require, is
<a href="http://ui.netbeans.org/docs/ui/junits/promo_f.html">the NetBeans
UI for JUnit</a>. Note that it walks through multiple interfaces,
highlighting the features and functions of the various buttons.
</p>

<ul>
<li><b>Most featureful interface</b> will be awarded to the graphic design
that would provide usable, clear access to the most aspects of the Tor
system, covering many or most of the categories on the "useful features"
list.</li>
<li><b>Most usable experience</b> will be awarded to the graphic
design that would provide the most unobtrusive Tor experience while still
covering all criteria (working, perhaps, on the "no news is good news"
theory).</li>
<li><b>Clearest implementation guidance</b> will be awarded to the
graphic design that provides the cleanest package of graphic elements
and design documentation to aid would-be implementers.</li>
</ul>

<p><b>Code:</b> the goal of this phase is to produce a working
implementation. You may use any of the sketches, graphics, or ideas from
the first phase (with appropriate credit to
their authors), or you can make your own. See the <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/ContestSamples">Contest
Samples</a> wiki page for some other images you can reuse.
</p>

<p>
An acceptable entry will be a package of free software that builds and
runs. It can be a stand-alone application, or it can act as an extension
or plugin to other broadly-available free software. The entry will
demonstrate the points in the Goals section: that is, it will be able
to control, display, and maintain awareness as discussed above.
</p>

<ul>
<li><b>Most featureful interface</b> will be awarded to the application
that provides usable, clear access to the most aspects of the Tor system,
covering many or most of the categories on the "additional" list.</li>
<li><b>Most usable experience</b> will be awarded to the
application that provides the most unobtrusive Tor experience while
still covering all criteria (working, perhaps, on the "no news is good
news" theory).</li>
<li><b>Most flexible</b> will be awarded to the best system that runs
smoothly on all three of Windows, Linux, and OS&nbsp;X; extra points will be
awarded for additional systems.</li>
</ul>

<p>We reserve the right to award other awards as the entries deserve.</p>

<hr />
<a id="Submit"></a>
<h3><a class="anchor" href="#Submit">How to Submit</a></h3>

<p>Submissions for phase one (sketches) should come as:</p>
<ul>
<li>Images in an html page. The images must be able to be viewed on an
ordinary browser (e.g. Firefox). You can submit proprietary formats too,
but if you do then you need to also export them to something we can
all read.</li>
<li>A design document (txt, html, pdf, or ps) as described in the
<a href="#Categories">Contest Categories</a> section above.</li>
</ul>

<p>Submissions for phase two (code) should come as:</p>

<ul>
<li>Source code, with appropriate makefiles or documentation explaining
how to build it. Must be licensed under a free/open source license, as
defined by <a href="http://www.opensource.org/licenses/">OSI</a>. See <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/ContestFAQ#DefineFree">this
FAQ entry</a> for clarification.</li>
<li>Compiled binaries or bytecodes for at least one platform of choice.</li>
<li>A design document (txt, html, pdf, or ps) providing an overview of
what major functions to look for and what functions were implemented.</li>
</ul>

<p>To submit your entry, make a web page with
all your materials on it, then add a line to <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/ContestEntries">The
GUI Contest Entries Wiki</a>. (If you don't have a web page of
your own to put your entry on, find a friend who does, or mail <a
href="mailto:tor-gui at freehaven.net">tor-gui at freehaven.net</a> and we'll
put it up on a temporary page.</p>

<p>If you put it up on your own site, you can continue to update and
modify it. Remember that submitting early means you can get feedback
from Tor users and make it into a better submission!</p>

<hr />
<a id="Criteria"></a>
<h3><a class="anchor" href="#Criteria">Criteria</a></h3>

<p>Awards will be granted on the basis of (in rough preference order):</p>

<ul>
<li>Usability (<a
href="http://wiki.noreply.org/noreply/TheOnionRouter/ContestFAQ#DefineUsable">what
does this mean?</a>)</li>
<li>Informativeness: can the user learn what they need to know, both in terms
of using the network and also in terms of security decisions?</li>
<li>Total user experience</li>
<li>Aesthetics</li>
<li>Responsiveness</li>
<li>Stability and robustness</li>
<li>Internationalization (multiple language support)</li>
<li>Installation experience</li>
</ul>

<hr />
<a id="Judges"></a>
<h3><a class="anchor" href="#Judges">Judges</a></h3>

<p>Judging will be led by a panel of N prominent specialists in usability
and security (to be announced).</p>

<hr />
<a id="Timeline"></a>
<h3><a class="anchor" href="#Timeline">Timeline</a></h3>

<ul>
<li>Phase 1 deadline (sketches): October 31.</li>
<li>Phase 1 judging: November 31.</li>
<li>Phase 2 deadline (code): January 31, 2006.</li>
</ul>

<p>Winners will be announced on the webpage and also at the SOUPS 2006
conference. (Here's a suggestion on one approach to <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/ContestFAQ#AcademicResearch">academic
usability research on Tor</a>.)</p>

<hr />
<a id="Clarifications"></a>
<h3><a class="anchor" href="#Clarifications">Questions and Clarifications</a></h3>

<p>Check back <a
href="gui-contest.html#Clarifications">here</a>
periodically, and look at the <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/ContestFAQ">Contest
FAQ wiki</a>, for FAQ entries, clarifications, etc.</p>

<!--
<hr />
<h3>Testing criteria</h3>

<p>To check for basic acceptability, the contest will be judged
with several major tests. For example, the system designer should expect:</p>

<ul>
<li>A minimal test: does it work?</li>
<li>Several parameters, both obscure and obvious, will be configured. Is
it possible and easy to do so?</li>
<li>A network will be connected once the system is running. Can the
user tell that the network is now live?</li>
<li>The network will be disconnected or interrupted. Can the user tell
that the network has an error?</li>
</ul>
-->

<hr />
<a id="Technical"></a>
<h3><a class="anchor" href="#Technical">Technical Notes</a></h3>

<p>Shortly before phase two begins, the Tor developers will release
a canonical version of Tor. This is the version that will be used for
judging the contest; please ensure that you use this version. Bugfixes
to this version of Tor will be announced to the contest web site.</p>

<p>The Tor developers will also release test rigs (libraries) in both Java
and Python that demonstrate Tor's controller protocol. Code submissions
may be able to save a lot of time by using this code as a skeleton. You
can check out the <a href="<cvssandbox>control/">development
versions of these libraries</a> now.
</p>

<hr />
<a id="Legal"></a>
<h3><a class="anchor" href="#Legal">Legal Notes</a></h3>

<p>By submitting your entry to be considered in the Tor GUI contest, you
hereby:</p>

<ul>
<li>(A) represent and warrant that (1) the entry was created by you and
that you own all rights to the entry or have the authorized rights to
submit such entry and grant the licenses below; and (2) that the
entry does not infringe on any third party copyright or other
intellectual property rights; AND</li>
<li>(B) EITHER (1) grant us a worldwide, royalty-free, non-exclusive,
perpetual license to reproduce, edit, perform, display, publish, make
derivative works, and otherwise use the entry as we see fit,
including without limitation, incorporating (in whole or in part)
into the Tor software, and to sublicense such rights; OR, (2)
provide the entry pursuant to a license that complies with the
<a href="http://www.opensource.org/docs/definition.php">Open
Source Definition</a>, such as the 3-clause BSD, MIT, or
GPL licenses, or (where applicable) provide the entry licensed under
the <a href="http://creativecommons.org/licenses/by/2.5/">Creative
Commons Attribution</a> license. If you provide the entry pursuant to
such a license, you must include the applicable information in your
submission.</li>
</ul>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: howitworks.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Redirecting" REDIRECT="overview.en"


#include <foot.wmi>

--- NEW FILE: index.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="An anonymous Internet communication system"

<!-- SIDEBAR (OPTIONAL) -->
<div class="sidebar">
<a href="download.html"><img src="$(IMGROOT)/download_tor.png" alt="Download Tor" /></a>

<br />

<a href="overview.html"><img src="$(IMGROOT)/how_tor_works_thumb.png" alt="How Tor Works" /></a>
<div class="donatebutton">
<a href="http://secure.eff.org/tor">Support Tor by giving to EFF</a>
</div>
<div class="donatebutton">
<a href="gui/">Want a better Tor GUI?</a>
</div>

</div>
<!-- END SIDEBAR -->

<div class="main-column">

<!-- PUT CONTENT AFTER THIS TAG -->

<h2>Tor: An anonymous Internet communication system</h2>

<p>
Tor is a toolset for a wide range of organizations and people that want
to improve their safety and security on the Internet. Using Tor can help
you anonymize web browsing and publishing, instant messaging, IRC, SSH,
and other applications that use the TCP protocol. Tor also provides a
platform on which software developers can build new applications with
built-in anonymity, safety, and privacy features.
</p>

<p>
Your traffic is safer when you use Tor, because communications
are bounced around a distributed network of servers, called <a
href="overview.html">onion routers</a>.  Instead of taking a direct
route from source to destination, data packets on the Tor network take a
random pathway through several servers that cover your tracks so no observer
at any single point can tell where the data came from or where it's going.
This makes it hard for
recipients, observers, and even the onion routers themselves to figure
out who and where you are. Tor's technology aims to provide Internet
users with protection against "traffic analysis," a form of
network surveillance that threatens personal anonymity and privacy,
confidential business activities and relationships, and state security.
</p>

<p>
Traffic analysis is used every day by companies, governments, and
individuals that want to keep track of where people and organizations go
and what they do on the Internet.  Instead of looking at the content of
your communications, traffic analysis tracks where your data goes and
when, as well as how much is sent. For example, online advertising
companies like Fastclick and Doubleclick use traffic analysis to record
what web pages you've visited, and can build a profile of your interests
from that. A pharmaceutical company could use traffic analysis to monitor
when the research wing of a competitor visits its website, and track
what pages or products that interest the competitor. IBM hosts a
searchable patent index, and it could keep a list of every query your
company makes. A stalker could use traffic analysis to learn whether
you're in a certain Internet cafe.
</p>

<p>
Tor aims to make traffic analysis more difficult by preventing
eavesdroppers from finding out where your communications are going
online, and by letting you decide whether to identify yourself when
you communicate.
</p>

<p>
Tor's security is improved as its user base grows and as
more people volunteer to run servers.  Please consider <a
href="documentation.html">installing it</a> and then
<a href="<cvssandbox>tor/doc/tor-doc-server.html">helping out</a>.
</p>

<p>
Part of the goal of the Tor project is to deploy a public testbed for
experimenting with design trade-offs, to teach us how best to provide
privacy online. We welcome research into the security of Tor and related
anonymity systems, and want to hear about any vulnerabilities you find.
</p>

<p>
Tor is an important piece of building more safety, privacy, and anonymity
online, but it is not a complete solution.
And remember that this is development code&mdash;it's not a good idea to rely
on the current Tor network if you really need strong anonymity.
</p>

  </div><!-- #main -->

<a href="http://secure.eff.org/tor"><img src="$(IMGROOT)/eff_badge.png" alt="Tor development is supported by EFF" /></a>
<a href="http://www.onion-router.net/"><img src="$(IMGROOT)/onr-logo.jpg" alt="Tor development is supported by ONR" /></a>

#include <foot.wmi>

--- NEW FILE: navigation.wmi ---
#!/usr/bin/wml

## translation metadata
# Revision: $Rev: 1.214$

<:
	@navigation = (
		'index'			, 'Home',
		'overview'		, 'Overview',
		'download'		, 'Download',
		'documentation'		, 'Docs',
		'support'		, 'Support',
		'faq'			, 'FAQs',
		'volunteer'		, 'Volunteer',
		'developers'		, 'Developers',
		'research'		, 'Research',
		'people'		, 'People',
	);
:>

--- NEW FILE: overview.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Overview"

<div class="main-column">

<h2>Tor: Overview</h2>
<hr />

<p>
Tor is a network of virtual tunnels that allows people and groups to
improve their privacy and security on the Internet.  It also enables
software developers to create new communication tools
with built-in privacy features.  Tor provides the foundation for
a range of applications that allow organizations and individuals
to share information over public networks without compromising their
privacy.
</p>

<p>
Individuals use Tor to keep websites from tracking them and their family
members, or to connect to news sites, instant messaging services, or the
like when these are blocked by their local Internet providers.  Tor's <a
href="<cvssandbox>tor/tor-hidden-service.html">hidden services</a>
let users publish web sites and other services without needing to reveal
the location of the site. Individuals also use Tor for socially sensitive
communication: chat rooms and web forums for rape and abuse survivors,
or people with illnesses.
</p>

<p>
Journalists use Tor to communicate more safely with whistleblowers and
dissidents. Non-governmental organizations (NGOs) use Tor to allow their
workers to connect to their home website while they're in a foreign
country, without notifying everybody nearby that they're working with
that organization.
</p>

<p>
Groups such as Indymedia recommend Tor for safeguarding their members'
online privacy and security. Activist groups like the Electronic Frontier
Foundation (EFF) are supporting Tor's development as a mechanism for
maintaining civil liberties online. Corporations use Tor as a safe way
to conduct competitive analysis, and to protect sensitive procurement
patterns from eavesdroppers. They also use it to replace traditional
VPNs, which reveal the exact amount and timing of communication. Which
locations have employees working late? Which locations have employees
consulting job-hunting websites? Which research divisions are communicating
with the company's patent lawyers?
</p>

<p>
A branch of the U.S. Navy uses Tor for open source intelligence
gathering, and one of its teams used Tor while deployed in the Middle
East recently. Law enforcement uses Tor for visiting or surveilling
web sites without leaving government IP addresses in their web logs,
and for security during sting operations.
</p>

<p>
The variety of people who use Tor is actually <a
href="http://freehaven.net/doc/fc03/econymics.pdf">part of what makes
it so secure</a>.  Tor hides you among the other users on the network,
so the more populous and diverse the user base for Tor is, the more your
anonymity will be protected.
</p>

<h3>Why we need Tor</h3>

<p>
Using Tor protects you against a common form of Internet surveillance
known as "traffic analysis."  Traffic analysis can be used to infer
who is talking to whom over a public network.  Knowing the source
and destination of your Internet traffic allows others to track your
behavior and interests.  This can impact your checkbook if, for example,
an e-commerce site uses price discrimination based on your country or
institution of origin.  It can even threaten your job and physical safety
by revealing who and where you are. For example, if you're travelling
abroad and you connect to your employer's computers to check or send mail,
you can inadvertently reveal your national origin and professional
affiliation to anyone observing the network, even if the connection
is encrypted.
</p>

<p>
How does traffic analysis work?  Internet data packets have two parts:
a data payload and a header used for routing.  The data payload is
whatever is being sent, whether that's an email message, a web page, or an
audio file.  Even if you encrypt the data payload of your communications,
traffic analysis still reveals a great deal about what you're doing and,
possibly, what you're saying.  That's because it focuses on the header,
which discloses source, destination, size, timing, and so on.
</p>

<p>
A basic problem for the privacy minded is that the recipient of your
communications can see that you sent it by looking at headers.  So can
authorized intermediaries like Internet service providers, and sometimes
unauthorized intermediaries as well.  A very simple form of traffic
analysis might involve sitting somewhere between sender and recipient on
the network, looking at headers.
</p>

<p>
But there are also more powerful kinds of traffic analysis.  Some
attackers spy on multiple parts of the Internet and use sophisticated
statistical techniques to track the communications patterns of many
different organizations and individuals.  Encryption does not help against
these attackers, since it only hides the content of Internet traffic, not
the headers.
</p>

<h3>The solution: a distributed, anonymous network</h3>

<p>
Tor helps to reduce the risks of both simple and sophisticated traffic
analysis by distributing your transactions over several places on the
Internet, so no single point can link you to your destination.  The idea
is similar to using a twisty, hard-to-follow route in order to throw off
somebody who is tailing you&mdash;and then periodically erasing your
footprints.  Instead of taking a direct route from source to
destination, data packets on the Tor network take a random pathway
through several servers that cover your tracks so no observer at any
single point can tell where the data came from or where it's going.
</p>

<img alt="Tor circuit step one" src="$(IMGROOT)/htw1.png" />

<p>
To create a private network pathway with Tor, the user's software or
client incrementally builds a circuit of encrypted connections through
servers on the network.  The circuit is extended one hop at a time, and
each server along the way knows only which server gave it data and which
server it is giving data to.  No individual server ever knows the
complete path that a data packet has taken.  The client negotiates a
separate set of encryption keys for each hop along the circuit to ensure
that each hop can't trace these connections as they pass through.
</p>

<img alt="Tor circuit step two" src="$(IMGROOT)/htw2.png" />

<p>
Once a circuit has been established, many kinds of data can be exchanged
and several different sorts of software applications can be deployed
over the Tor network.  Because each server sees no more than one hop in
the circuit, neither an eavesdropper nor a compromised server can use
traffic analysis to link the connection's source and destination.  Tor
only works for TCP streams and can be used by any application with SOCKS
support.
</p>

<p>
For efficiency, the Tor software uses the same circuit for connections
that happen within the same minute or so.  Later requests are given a
new circuit, to keep people from linking your earlier actions to the new
ones.
</p>

<img alt="Tor circuit step three" src="$(IMGROOT)/htw3.png" />

<h3>Hidden services</h3>

<p>
Tor also makes it possible for users to hide their locations while
offering various kinds of services, such as web publishing or an instant
messaging server.  Using Tor "rendezvous points," other Tor users can
connect to these hidden services, each without knowing the other's
network identity.  This hidden service functionality could allow Tor
users to set up a website where people publish material without worrying
about censorship.  Nobody would be able to determine who was offering
the site, and nobody who offered the site would know who was posting to it.
</p>

<h3>Staying anonymous</h3>

<p>
Tor can't solve all anonymity problems.  It focuses only on
protecting the transport of data.  You need to use protocol-specific
support software if you don't want the sites you visit to see your
identifying information. For example, you can use web proxies such as
Privoxy while web browsing to block cookies and withhold information
about your browser type.
</p>

<p>
Also, to protect your anonymity, be smart.  Don't provide your name
or other revealing information in web forms.  Be aware that, like all
anonymizing networks that are fast enough for web browsing, Tor does not
provide protection against end-to-end timing attacks: If your attacker
can watch the traffic coming out of your computer, and also the traffic
arriving at your chosen destination, he can use statistical analysis to
discover that they are part of the same circuit.
</p>

<h3>The future of Tor</h3>

<p>
Providing a usable anonymizing network on the Internet today is an
ongoing challenge. We want software that meets users' needs. We also
want to keep the network up and running in a way that handles as many
users as possible. Security and usability don't have to be at odds:
As Tor's usability increases, it will attract more users, which will
increase the possible sources and destinations of each communication,
thus increasing security for everyone.
We're making progress, but we need your help.  Please consider
<a href="<cvssandbox>tor/doc/tor-doc-server.html">running a server</a>
or <a href="volunteer.html">volunteering</a> as a <a
href="developers.html">developer</a>.
</p>

<p>
Ongoing trends in law, policy, and technology threaten anonymity as never
before, undermining our ability to speak and read freely online. These
trends also undermine national security and critical infrastructure by
making communication among individuals, organizations, corporations,
and governments more vulnerable to analysis. Each new user and server
provides additional diversity, enhancing Tor's ability to put control
over your security and privacy back into your hands.
</p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: people.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="People"

<div class="main-column">

<h2>Tor: People</h2>
<hr />

<p>Tor is managed by <a href="http://freehaven.net/">The Free
Haven Project</a> as a building block for
a robust censorship-resistant data haven. It is developed by <a
href="http://freehaven.net/~arma/">Roger Dingledine</a> and <a
href="http://www.wangafu.net/~nickm/">Nick Mathewson</a>, with help from
many volunteers around the Internet.</p>

<p>Tor's first few years (2002-2004) were sponsored by the <a
href="http://www.nrl.navy.mil/">Naval Research Lab</a>
with support from <a href="http://www.onr.navy.mil/">ONR</a>
and <a href="http://www.darpa.mil/">DARPA</a>,
working with <a
href="http://www.syverson.org/">Paul Syverson</a> and based on the
original <a href="http://www.onion-router.net/">onion routing</a> idea
developed there.</p>

<p>Since November 2004, Tor development has been supported by the <a
href="http://www.eff.org/">Electronic Frontier Foundation</a>.</p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: research.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Research"

<div class="main-column">

<h2>Tor: Research</h2>
<hr />

<p>Read <a
href="http://freehaven.net/anonbib/topic.html#Anonymous_20communication">these
papers</a> (especially the ones in boxes) to get up to speed on anonymous
communication systems.</p>

<p>We need people to attack the system, quantify defenses,
etc. See the "security project-lets" section of the <a
href="volunteer.html">volunteer</a> page.</p>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: support.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Support"

<div class="main-column">

<h2>Tor: Support</h2>
<hr />

<p>The Tor developers spend most of their time developing
Tor. There are no people devoted to user support. So please look for <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SupportMail">other
support avenues</a> before sending mail to the developers.
</p>

<p>We have an IRC discussion channel for users and operators. Go to
<a href="irc://irc.oftc.net/tor">#tor on irc.oftc.net</a>.</p>

<p>We have a <a
href="http://bugs.noreply.org/tor">bugtracker</a>.
If you have a bug, especially a crash bug, read our <a
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#ServerCrashing">how
to report a Tor bug</a> FAQ wiki entry first and then go to the bugtracker
and tell us as much information about it as you can. (If your bug is
with Privoxy, your browser, or some other application, please don't put
it in our bugtracker.)
</p>

<p>Check out <a
href="http://www.noreply.org/tor-running-routers/">weasel's graph of
the number of Tor servers over time</a>. To learn more details of the
current Tor nodes, look at Geoff Goodell's <a
href="http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl">list
of Tor exit nodes by country</a>. You can also <a
href="http://belegost.seul.org/">fetch the latest dynamically generated
directory directly</a>. (Your Tor client fetches this automatically,
so loading it yourself is just for novelty.)
</p>

<p>
<a href="http://6sxoyfb3h2nvok2d.onion/">The hidden wiki</a> has a list
of some hidden services and other things. You need Tor and a proxy like
Privoxy to access it.
</p>

<p>
See <a href="http://wiki.noreply.org/wiki/TheOnionRouter">the Tor
wiki</a> for other user-contributed documentation, etc.
</p>

<hr />
<p>
Here's a brief list of programs you might want to use in association
with Tor:</p>
<p>
<a href="http://antinat.sourceforge.net/">Antinat</a>: seems to be a socks client library (and server, but you'd only want the client side) that supports socks4a.<br />
<a href="http://www.taiyo.co.jp/~gotoh/ssh/connect.html">Connect</a>: adds proxy support to SSH. (Win32, Linux, BSD, OS X)<br />
<a href="http://monkey.org/~dugsong/dsocks/">Dsocks</a>: SOCKS client wrapper with enough support to use the built-in OpenSSH or Tor local SOCKS proxy. (BSD)<br />
<a href="http://www.freecap.ru/eng/">Freecap</a>: redirects traffic to a SOCKS server. graphical. (Win32)<br />
<a href="http://ksb.sourceforge.net/">Kernel socks bouncer</a>: redirects certain streams into Tor. Doesn't deal with DNS. Linux 2.6 only.<br />
<a href="http://www.privoxy.org/">Privoxy</a>: an http proxy that
speaks socks4a. Also does html/cookie scrubbing. (Win32, Linux, BSD, OS X)<br />
<a href="http://proxychains.sourceforge.net/">Proxychains</a>: proxifier, supports user-defined list of proxies. (Linux, BSD, Solaris)<br />
<a href="http://www.dest-unreach.org/socat/">Socat</a>: multipurpose relay. (Linux, BSD, OS X)<br />
<a href="http://www.socks.permeo.com/Download/SocksCapDownload/index.asp">Sockscap</a>: redirects traffic to a SOCKS server. graphical. (Win32)  <br />
<a href="http://jgillick.nettripper.com/switchproxy/">Switchproxy</a>: Mozilla
extension to help you manage your proxy settings. (Firefox, Mozilla, Thunderbird)<br />
Tor-resolve:  turns hostnames into IPs privately via Tor, shipped with the Tor package. (Win32, Linux, BSD, OS X) <br />
<a href="http://www.freehaven.net/~aphex/torcap.zip">Torcap</a>: similar to sockscap and freecap. has different strengths/weaknesses. (Win32)<br />
<a href="http://freehaven.net/~edmanm/torcp/">TorCP</a>: a Tor controller with GUI for Windows. Under development, so check it out! <br />
<a href="http://freehaven.net/~aphex/TorControl/release/">TorControl</a>: a basic Tor controller with GUI. You'll need to set 'ControlPort 9051' in your torrc. <br />
<a href="http://sourceforge.net/projects/transocks/">Transocks</a>: Transparent proxy to redirect traffic through a SOCKS proxy. Uses iptables. (Linux)<br />
<a href="http://transproxy.sourceforge.net/">Transproxy</a>: Transparent proxy for HTTP requests with ipfw, ipnet, ipfwadm, ipchains or iptables . (FreeBSD, Linux).<br />
<a href="http://tsocks.sourceforge.net/">Tsocks</a>: a program that
intercepts connect() system calls and redirects them through Tor. (Linux, BSD)<b>*</b><br /> 
</p>
Files marked with a <b>*</b> don't deal with <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">DNS leaks</a>.

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: tor-manual-cvs.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Volunteer"

<div class="main-column">

<:
	$man = `man2html -M '' $(TORCVSHEAD)/doc/tor.1.in`;
	die "No manpage" unless $man;

	$man =~ s,.*<body>,,is;
	$man =~ s,</body>.*,,is;

	print $man;
:>

</div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: tor-manual.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Volunteer"

<div class="main-column">

<:
	$man = `man2html -M '' $(TORCVSSTABLE)/doc/tor.1.in`;
	die "No manpage" unless $man;

	$man =~ s,.*<body>,,is;
	$man =~ s,</body>.*,,is;

	print $man;
:>

</div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: translation.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Translation guidelines"

<div class="main-column">

<h2>Tor: Translation guidelines</h2>
<hr />

<p>
If you want to help translate the Tor website and documentation into
other languages, here are some basic guidelines to help you do this
as efficiently as possible.<br />
At this time, German, Danish and Swedish translations are under way.
</p>

<p>
Note that we're interested in getting the complete website translated
for each language, but even a few pages will still be helpful.
</p>

<ol>
<li>File names should be changed from index.html to index.xx.html, where xx
is your <a href="http://www.w3.org/WAI/ER/IG/ert/iso639.htm">ISO 639</a>
two letter language code.</li>
<li>The first line in the translated file should be<br />
&lt;!-- revision 0.00 --&gt;<br />
where 0.00 is the revision number of the original page translated, to
easily spot when a page gets out of date. The revision number is found at
the bottom on each page -- it is created by CVS so be sure to <a href="developers.html">checkout</a> the latest version of the website.</li>

<li>The second line in the translated file should be the email address of
the translator:<br />
&lt;!-- abc at example.com --&gt;<br />
so we can get ahold of you if the pages needs to be corrected or updated.</li>

<li>Translated pages should link to the other translated pages.</li>

<li>Translated pages should include a note at the top, translated to the
appropriate language: "Neither the Tor developers nor EFF have reviewed
this translation for accuracy and correctness. It may be out of date
or wrong. The official Tor web site is the English version, available
at http://tor.eff.org/"</li>

<li>Use valid <a href="http://roselli.org/adrian/articles/character_charts.asp">character entities</a>.
Even though most browsers display the characters correctly these days, we want
to be on the safe side, so we don't get bug reports from people who can't
read the text.</li>

<li>Keep your translation valid XHTML to minimize the work needed
before the page is committed to CVS. You can test your code at <a
href="http://validator.w3.org/">validator.w3.org</a>.</li>
</ol>

  </div><!-- #main -->

#include <foot.wmi>

--- NEW FILE: users.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Redirecting" REDIRECT="support.en"


#include <foot.wmi>

--- NEW FILE: volunteer.wml ---
## translation metadata
# Revision: $Rev$

#include "head.wmi" TITLE="Volunteer"

<div class="main-column">

<!-- PUT CONTENT AFTER THIS TAG -->
<h2>Seven things everyone can do now:</h2>
<ol>
<li> We need users like you to try Tor out, and let the Tor developers
know about bugs you find or features you don't find.</li>
<li> Please consider <a href="<cvssandbox>tor/doc/tor-doc-server.html">running
a server</a> to help the Tor network grow.</li>
<li> We especially need people with Windows programming skills to run
an exit server on Windows, to help us debug.</li>
<li> Run a <a href="<cvssandbox>tor/doc/tor-hidden-service.html">Tor hidden
service</a> and put interesting content on it.</li>
<li> Take a look at the <a href="gui/">Tor GUI Competition</a>, and
come up with ideas or designs to contribute to making Tor's interface
and usability better. Free T-shirt for each submission!</li>
<li> Tell your friends! Get them to run servers. Get them to run hidden
services. Get them to tell their friends.</li>
<li> Consider joining the <a href="http://secure.eff.org/tor">Electronic
Frontier Foundation</a>. More EFF donations means more freedom in the
world, including more Tor development.</li>
</ol>

<h2>Installers</h2>
<ol>
<li>Extend our NSIS-based Windows installer to include Privoxy. Include
a preconfigured config file to work well with Tor. We might also want
to include FreeCap -- is it stable enough and useful enough to be
worthwhile?</li>
<li>Develop a way to handle OS X uninstallation
that is more automated than telling people to <a
href="cvssandbox>tor/doc/tor-doc-osx.html#uninstall">manually remove
each file</a>.</li>
<li>Our <a href="<cvssandbox>tor/tor.spec.in">RPM spec file</a>
needs a maintainer, so we can get back to the business of writing Tor. If
you have RPM fu, please help out.</li>
</ol>

<h2>Usability and Interface</h2>
<ol>
<li>We need a way to intercept DNS requests so they don't "leak" while
we're trying to be anonymous. (This happens because the application does
the DNS resolve before going to the SOCKS proxy.) One option is to use
Tor's built-in support for doing DNS resolves; but you need to ask via
our new socks extension for that, and no applications do this yet. A
nicer option is to use Tor's controller interface: you intercept the
DNS resolve, tell Tor about the resolve, and Tor replies with a dummy IP
address. Then the application makes a connection through Tor to that dummy
IP address, and Tor automatically maps it back to the original query.</li>
<li>People running servers tell us they want to have one BandwidthRate
during some part of the day, and a different BandwidthRate at other parts
of the day. Rather than coding this inside Tor, we should have a little
script that speaks via the <a href="gui/">Tor Controller Interface</a>,
and does a setconf to change the bandwidth rate. Perhaps it would run out
of cron, or perhaps it would sleep until appropriate times and then do
its tweak (that's probably more portable). Can somebody write one for us
and we'll put it into <a href="<cvssandbox>tor/contrib/">tor/contrib/</a>?</li>
<li>We have a variety of ways to <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit">exit
the Tor network from a particular country</a>, but they all
require specifying the nickname of a particular Tor server. It
would be nice to be able to specify just a country, and
have something automatically pick. This requires having some
component that knows what country each Tor node is in. The <a
href="http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl">script on
serifos</a> manually parses whois entries for this. Maybe geolocation
data will also work?</li>
<li>Speaking of geolocation data, somebody should draw a map of the Earth
with a pin-point for each Tor server. Bonus points if it updates as the
network grows and changes.</li>
<li>Tor provides anonymous connections, but we don't support
keeping multiple pseudonyms in practice (say, in case you
frequently go to two websites and if anybody knew about both of
them they would conclude it's you). We should find a good approach
and interface for handling pseudonymous profiles in Tor. See <a
href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this
post</a> and <a
href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>
for details.</li>
</ol>

<h2>Documentation</h2>
<ol>
<li>Please volunteer to help maintain this website: code, content,
css, layout. Step one is to hang out on the IRC channel until we
get to know you.</li>
<li>We have too much documentation --- it's spread out too much and
duplicates itself in places. Please send us patches, pointers, and
confusions about the documentation so we can clean it up.</li>
<li>Help translate the web page and documentation into other
languages. See the <a href="translation.html">translation
guidelines</a> if you want to help out. We also need people to help
maintain the existing (Italian and German) translations.</li>
<li>Investigate privoxy vs. freecap vs. sockscap for win32 clients. Are
there usability or stability issues that we can track down and
resolve, or at least inform people about?</li>
<li>Can somebody help Matt Edman with the documentation and how-tos
for his <a href="http://freehaven.net/~edmanm/torcp/">Windows Tor
Controller</a>?</li>
<li>Evaluate, create, and <a
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">document
a list of programs</a> that can be routed through Tor.</li>
<li>We need better documentation for dynamically intercepting
connections and sending them through Tor. tsocks (Linux) and freecap
(Windows) seem to be good candidates.</li>
<li>We have a huge list of <a href="support.html">potentially useful
programs that interface to Tor</a>. Which ones are useful in which
situations? Please help us test them out and document your results.</li>
</ol>

<h2>Coding and Design</h2>
<ol>
<li>We recommend Privoxy as a good scrubbing web proxy, but it's
unmaintained and still has bugs, especially on Windows. While we're at
it, what sensitive information is not kept safe by Privoxy? Are there
other scrubbing web proxies that are more secure?</li>
<li>tsocks appears to be unmaintained: we have submitted several patches
with no response. Can somebody volunteer to start maintaining a new
tsocks branch? We'll help.</li>
<li>Some popular clients that people use with Tor
include <a href="http://gaim.sourceforge.net/">Gaim</a>
and <a href="http://www.xchat.org/">xchat</a>. These
programs support socks, but they don't support <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">socks4a
or socks5-with-remote-dns</a>. Please write a patch for them and submit
it to the appropriate people. Let us know if you've written the patch
but you're having trouble getting it accepted.</li>
<li>Right now the hidden service descriptors are being stored on just a few
directory servers. This is bad for privacy and bad for robustness. To get
more robustness, we're going to need to make hidden service descriptors
even less private because we're going to have to mirror them onto many
places. Ideally we'd like to separate the storage/lookup system from the
Tor directory servers entirely. Any reliable distributed storage system
will do, as long as it allows authenticated updates. As far as we know,
no implemented DHT code supports authenticated updates. What's the right
next step?</li>
<li>Tor exit servers need to do many DNS resolves in parallel. But
gethostbyname() is poorly designed --- it blocks until it has finished
resolving a query --- so it requires its own thread or process. So Tor
is forced to spawn many separate DNS "worker" threads. There are some
asynchronous DNS libraries out there, but historically they are buggy and
abandoned. Are any of them stable, fast, clean, and free software? (Remember,
Tor uses OpenSSL, and OpenSSL is (probably) not compatible with the GPL, so
any GPL libraries are out of the running.) If so
(or if we can make that so), we should integrate them into Tor. See <a
href="http://archives.seul.org/or/talk/Sep-2005/msg00001.html">Agl's
post</a> for one potential approach. Also see
<a href="http://daniel.haxx.se/projects/c-ares/">c-ares</a> and
<a href="http://www.monkey.org/~provos/libdnsres/">libdnsres</a>.
</li>
<li>Tor 0.1.1.x includes support for hardware crypto accelerators via
OpenSSL. Nobody has ever tested it, though. Does somebody want to get
a card and let us know how it goes?</li>
<li>Long ago, we added dmalloc support to Tor, to track leaks. But we
never quite got it working. Is dmalloc unfit for the job? Look at the
--with-dmalloc configure option and go from there.</li>
<li>Because Tor servers need to store-and-forward each cell they handle,
high-bandwidth Tor servers end up using dozens of megabytes of memory
just for buffers. We need better heuristics for when to shrink/expand
buffers. Maybe this should be modelled after the Linux kernel buffer
design, where you have many smaller buffers that link to each other,
rather than monolithic buffers?</li>
<li>How do ulimits work on Win32, anyway? We're having problems,
especially on older Windowses with people running out of file
descriptors, connection buffer space, etc. (We should handle
WSAENOBUFS as needed, look at the MaxConnections registry entry,
look at the MaxUserPort entry, and look at the TcpTimedWaitDelay
entry. We may also want to provide a way to set them as needed. See <a
href="http://bugs.noreply.org/flyspray/index.php?do=details&amp;id=98">bug
98</a>.)</li>
<li>Encrypt identity keys on disk, and implement passphrase protection
for them. Right now they're just stored in plaintext.</li>
<li>Patches to Tor's autoconf scripts. First, we'd like our configure.in
to handle cross-compilation, e.g. so we can build Tor for obscure
platforms like the Linksys WRTG54. Second, we'd like the with-ssl-dir
option to disable the search for ssl's libraries.</li>
<li>Implement reverse DNS requests inside Tor (already specified in
Section 5.4 of <a href="<cvssandbox>tor/doc/tor-spec.txt">tor-spec.txt</a>).</li>
<li>Perform a security analysis of Tor with <a
href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine
if there good fuzzing libraries out there for what we want. Win fame by
getting credit when we put out a new release because of you!</li>
<li>How hard is it to patch bind or a DNS proxy to redirect requests to
Tor via our <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications">tor-resolve socks extension</a>? What about to convert UDP DNS
requests to TCP requests and send them through Tor?</li>
<li>Tor uses TCP for transport and TLS for link
encryption. This is nice and simple, but it means all cells
on a link are delayed when a single packet gets dropped, and
it means we can only reasonably support TCP streams. We have a <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP">list
of reasons why we haven't shifted to UDP transport</a>, but it would be
great to see that list get shorter.</li>
<li>We're not that far from having IPv6 support for destination addresses
(at exit nodes). If you care strongly about IPv6, that's probably the
first place to start.</li>
</ol>

<h2>Research</h2>
<ol>
<li>The "website fingerprinting attack": make a list of a few
hundred popular websites, download their pages, and make a set of
"signatures" for each site. Then observe a Tor client's traffic. As
you watch him receive data, you quickly approach a guess about which
(if any) of those sites he is visiting. First, how effective is
this attack on the deployed Tor codebase? Then start exploring
defenses: for example, we could change Tor's cell size from 512
bytes to 1024 bytes, we could employ padding techniques like <a
href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>,
or we could add traffic delays. How much of an impact do these have,
and how much usability impact (using some suitable metric) is there from
a successful defense in each case?</li>
<li>The "end-to-end traffic confirmation attack":
by watching traffic at Alice and at Bob, we can <a
href="http://freehaven.net/anonbib/#danezis:pet2004">compare
traffic signatures and become convinced that we're watching the same
stream</a>. So far Tor accepts this as a fact of life and assumes this
attack is trivial in all cases. First of all, is that actually true? How
much traffic of what sort of distribution is needed before the adversary
is confident he has won? Are there scenarios (e.g. not transmitting much)
that slow down the attack? Do some traffic padding or traffic shaping
schemes work better than others?</li>
<li>The "run two servers and wait attack": Tor clients pick a new path
periodically. If the adversary runs an entry and an exit, eventually some
Alice will build a circuit that begins and ends with his nodes. The
current Tor threat model assumes the end-to-end traffic confirmation attack
is trivial, and instead aims to limit the chance that the adversary will
be able to see both sides of a circuit. One way to help this is 
<a href="http://freehaven.net/anonbib/#wright03">helper
nodes</a> -- Alice picks a small set of entry nodes and uses them always.
But in reality, Tor nodes disappear sometimes. So it would seem that the
attack continues, albeit slower than before. How much slower?</li>
<li>The "routing zones attack": most of the literature thinks of
the network path between Alice and her entry node (and between the
exit node and Bob) as a single link on some graph. In practice,
though, the path traverses many autonomous systems (ASes), and <a
href="http://freehaven.net/anonbib/#feamster:wpes2004">it's not uncommon
that the same AS appears on both the entry path and the exit path</a>.
Unfortunately, to accurately predict whether a given Alice, entry,
exit, Bob quad will be dangerous, we need to download an entire Internet
routing zone and perform expensive operations on it. Are there practical
approximations, such as avoiding IP addresses in the same /8 network?</li>
<li>Tor doesn't work very well when servers have asymmetric bandwidth
(e.g. cable or DSL). Because Tor has separate TCP connections between
each hop, if the incoming bytes are arriving just fine and the outgoing
bytes are all getting dropped on the floor, the TCP push-back mechanisms
don't really transmit this information back to the incoming streams.
Perhaps Tor should detect when it's dropping a lot of outgoing packets,
and rate-limit incoming streams to regulate this itself? I can imagine
a build-up and drop-off scheme where we pick a conservative rate-limit,
slowly increase it until we get lost packets, back off, repeat. We
need somebody who's good with networks to simulate this and help design
solutions; and/or we need to understand the extent of the performance
degradation, and use this as motivation to reconsider UDP transport.</li>
<li>A related topic is congestion control. Is our
current design sufficient once we have heavy use? Maybe
we should experiment with variable-sized windows rather
than fixed-size windows? That seemed to go well in an <a
href="http://www.psc.edu/networking/projects/hpn-ssh/theory.php">ssh
throughput experiment</a>. We'll need to measure and tweak, and maybe
overhaul if the results are good.</li>
<li>To let dissidents in remote countries use Tor without being blocked
at their country's firewall, we need a way to get tens of thousands of
relays, not just a few hundred. We can imagine a Tor client GUI that
has a "help China" button at the top that opens a port and relays a
few KB/s of traffic into the Tor network. (A few KB/s shouldn't be too
much hassle, and there are few abuse issues since they're not being exit
nodes.) But how do we distribute a list of these volunteer clients to the
good dissidents in an automated way that doesn't let the country-level
firewalls intercept and enumerate them? Probably needs to work on a
human-trust level.</li>
<li>Tor circuits are built one hop at a time, so in theory we have the
ability to make some streams exit from the second hop, some from the
third, and so on. This seems nice because it breaks up the set of exiting
streams that a given server can see. But if we want each stream to be safe,
the "shortest" path should be at least 3 hops long by our current logic, so
the rest will be even longer. We need to examine this performance / security
tradeoff.</li>
<li>It's not that hard to DoS Tor servers or dirservers. Are client
puzzles the right answer? What other practical approaches are there? Bonus
if they're backward-compatible with the current Tor protocol.</li>
</ol>

Drop by the #tor IRC channel at irc.oftc.net or email tor-volunteer at freehaven.net if you want to help out!

  </div><!-- #main -->

#include <foot.wmi>



More information about the tor-commits mailing list