[or-cvs] r19735: {} /beta/ stuff. updated navbar etc. (in website/branches/zed: . beta)
zed at seul.org
zed at seul.org
Thu Jun 18 01:37:55 UTC 2009
Author: zed
Date: 2009-06-17 21:37:54 -0400 (Wed, 17 Jun 2009)
New Revision: 19735
Added:
website/branches/zed/beta/
website/branches/zed/beta/30seconds.php
website/branches/zed/beta/contact.php
website/branches/zed/beta/download-unix.php
website/branches/zed/beta/faq-abuse.php
website/branches/zed/beta/footer.inc.php
website/branches/zed/beta/header.inc.php
website/branches/zed/beta/index.php
website/branches/zed/beta/overview.php
website/branches/zed/beta/people.php
website/branches/zed/beta/sitemap.php
website/branches/zed/beta/test.php
website/branches/zed/beta/tor-legal-faq.php
website/branches/zed/beta/tor-manual-dev.php
website/branches/zed/beta/torusers.php
website/branches/zed/beta/trademark-faq.php
website/branches/zed/beta/volunteer.php
Log:
/beta/ stuff. updated navbar etc.
Added: website/branches/zed/beta/30seconds.php
===================================================================
--- website/branches/zed/beta/30seconds.php (rev 0)
+++ website/branches/zed/beta/30seconds.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,84 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <h2>Why You Need Tor</h2>
+ <p>The vast majority of Internet traffic passes along public routes, making
+ it relatively easy for prying eyes to view your comings and goings -- and
+ even link some important financial or personal information to you!</p>
+ <p>Snoopers can get your information almost anywhere:</p>
+ <ul>
+ <li>Your Internet service provider</li>
+ <li>Your favorite website or online store</li>
+ <li>Your favorite coffee shop or cafe with free wifi</li>
+ </ul>
+ <p>These snooping activities are commonly called traffic analysis. Corporations,
+ marketing organizations, governments, and other parties are becoming increasingly
+ sophisticated at it.</p>
+ <p>Traffic Analysis enables: </p>
+ <ul>
+ <li>Politically rigid governments to compile lists of citizens reading outlawed
+ journals</li>
+ <li>Thieves, spammers, and phishers to launch progressively sophisticated and
+ personalized attacks</li>
+ <li>Corporations can collect and aggregate online browsing and chatting behavior
+ for better ad-targeting and profiling.</li>
+ </ul>
+ <p>For some people, this electronic spying is a nuisance that can affect their
+ pocketbook; for others, it jeopardizes their personal security.</p>
+ <p>Since 2001, the Tor Project has been developing free and open-source software
+ that helps provide anonymity for Internet users. It works by allowing users
+ to travel the web on a circuitous route over more than 1000 servers positioned
+ around the world. When you use Tor, your route on the Internet is indirect,
+ so snoops have a difficult time following your path and seizing vital information.
+ Tor also has special functionality, called hidden services, that allows you
+ to run websites without revealing their location.</p>
+ <p>Tor is compatible with different operating systems, such as Microsoft Windows,
+ Apple Mac, and various versions of Linux. Tor works with most programs that
+ connect your computer to the Internet.</p>
+ <p>Tor is used by hundreds of thousands of people to protect their activities
+ online:</p>
+ <ul>
+ <li>Journalists who need to protect their sources</li>
+ <li>Human rights workers</li>
+ <li>Dissidents in politically rigid countries</li>
+ <li>Corporations who wish to protect their employees' web traffic</li>
+ <li>Whistle blowers who fear retribution</li>
+ <li>Governments wishing to protect their agents' and employees' traffic</li>
+ <li>Law enforcement officers on Internet sting operations</li>
+ <li>People wanting to post socially sensitive information in chat rooms, like
+ rape or abuse survivors and those with stigmatized illnesses.</li>
+ </ul>
+ <p>The Tor Network also provides protection for people looking for another layer
+ of privacy from the millions of websites bent on collecting private information
+ and tracking their moves online.</p>
+ <h3>Why Tor Needs You</h3>
+ <p>Other than a few developers, the Tor Project is largely run by volunteers.
+ To help keep Tor's worldwide server network running and its open source software
+ up-to-date, the Tor project is looking for new sponsors and funding.</p>
+ <p>We guarantee your money will be put to good use. For every dollar donated
+ to the Tor Project, 85 cents goes directly into development.</p>
+ <p>Sponsors receive personal attention, better support, and the chance to help
+ us choose which of our priorities we should focus on next.</p>
+ <p>Your contribution is tax deductible! The Tor Project is a registered 501(c)(3)
+ non-profit, making donations tax deductible for those living in the United
+ States or those paying taxes with charitable donation reciprocity with the
+ U.S.</p>
+ <p>You'll be in good company! Our sponsors include Google, Bell Security Solutions,
+ SRI International, The National Science Foundation, The Netherlands' NLnet
+ Foundation, Human Rights Watch and more than 500 individuals who have donated
+ funds to the Tor Project.</p>
+ <p>You'll feel good because you're protecting your information and your rights.
+ In this day and age, Tor provides a vital layer of protection for you and
+ your data.</p>
+ <p>Please join us! Your donations will help keep this important project on
+ the cutting edge. If you have any questions about funding the Tor Project,
+ please contact: donations at torproject.org</p>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/contact.php
===================================================================
--- website/branches/zed/beta/contact.php (rev 0)
+++ website/branches/zed/beta/contact.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,55 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bgsmaller">
+ <h2>Tor: Contact</h2>
+ <p>First, if you have a problem or question about using Tor, go look at the
+ <a href="documentation.html.en#Support">Support section</a> for how to proceed.
+ The Tor developers spend most of their time developing Tor, and there are
+ no people devoted to user support, so try to help yourself before <a
+href="faq.html.en#SupportMail">politely trying to find a volunteer</a>.</p>
+ <p>If you really do need to reach us, here are some approaches. All of these
+ addresses are @torproject.org. Note that in practice most of them go to
+ the same small group of people, so please be patient and <a
+href="http://www.catb.org/~esr/faqs/smart-questions.html">helpful</a>, and please
+ make sure to write your mail in English.</p>
+ <ul>
+ <li><tt>tor-ops</tt> gets to the people who manage the directory authorities.
+ Use this if you run a Tor relay and have a question or problem with your
+ relay.</li>
+ <li><tt>tor-webmaster</tt> can fix typos on the website, change wrong statements
+ or directions on the website, and add new sections and paragraphs that
+ you send us. You might want to make a draft of your new sections on <a href="https://wiki.torproject.org/noreply/TheOnionRouter">the
+ Tor wiki</a> first.</li>
+ <li><tt>tor-volunteer</tt> wants to hear about your documents, patches,
+ testing, experiences with supporting applications, and so forth inspired
+ by our <a href="volunteer.html.en">volunteer page</a> (or other problems
+ you've fixed or documented about using Tor). There's no need to mail us
+ before you start working on something -- like all volunteer Internet projects,
+ we hear from a lot of excited people who vanish soon after, so we are
+ most interested in hearing about actual progress.</li>
+ <li><tt>tor-translation</tt> can put new <a href="translation.html.en">website
+ translations</a> into place, and help answer questions about existing
+ and new translations.</li>
+ <li><tt>tor-assistants</tt> is the catch-all address for press contacts
+ and other comments and issues.</li>
+ <li><tt>tordnsel</tt> is the alias for the people responsible for the tordns
+ exitlist.</li>
+ <li><tt>donations</tt> is for questions and comments about <a href="donate.html.en">getting
+ money to the developers</a>. More donations means <a
+href="faq.html.en#Funding">more Tor</a>. We're happy to help think about creative
+ ways for you to contribute.</li>
+ <li><tt>execdir</tt> is for questions and comments about Tor the non-profit
+ corporation: trademark questions, affiliation and coordination, major
+ gifts, contract inquiries, licensing and certification, etc.</li>
+ </ul>
+ </div>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/download-unix.php
===================================================================
--- website/branches/zed/beta/download-unix.php (rev 0)
+++ website/branches/zed/beta/download-unix.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,229 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("zedheader.inc.php");
+?>
+<div class="main-column">
+<h2>Available Linux/Unix Packages</h2>
+<div class="warning">
+Warning: Want Tor to really work?
+
+...then please don't just install it and go on. You need to change some of your habits, and reconfigure your software! Tor by itself is NOT all you need to maintain your anonymity. Please take time to read the <a href=warning.html>warning page</a> to familiarize yourself with the pitfalls and limits of Tor.
+</div>
+<div class="underline"></div>
+
+
+
+ <table class="download" width="100%">
+ <thead>
+ <tr align="center" class="download">
+ <th colspan="2" class="download"><strong>Platform</strong></th>
+ <th colspan="2" class="stable">Stable <br>
+ (0.2.0.34)</th>
+ <th colspan="2" class="unstable">Unstable<br/>
+ (0.2.1.15-rc)</th>
+ <th colspan="2" class="help">Help</th>
+ </tr>
+ <tr align="center" class="terminal">
+ <td colspan="2" class="terminal"> </th>
+ <td colspan="4" class="terminal"><a href="#packagediff">Difference between
+ Stable & Unstable ?</a></th>
+ <td colspan="2" class="terminal"> </th>
+ </tr>
+ </thead>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/debian.png"></td>
+ <td align="left" class="distro"><strong>Debian sid</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/terminal.png">
+ </td>
+ <td colspan="3" class="terminal"><kbd>apt-get install tor</kbd> </td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note""><img src="/images/distros/ubuntu.png"></td>
+ <td align="left" class="distro"><strong>Other Debian, Knoppix, Ubuntu</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/link.png"></td>
+ <td colspan="3" class="terminal"><a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian">noreply.org
+ packages</a> </td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/redhat.png"></td>
+ <td align="left" class="distro"><strong>Red Hat 3 & 4</strong></td>
+ <td align="center" class="stable"> <img src="/images/distros/package.png"><br>
+ (<a href="dist/rpm/tor-0.2.0.34-tor.0.rh4_7.i386.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.0.34-tor.0.rh4_7.i386.rpm.sha1">sha1</a>)
+ <br> </td>
+ <td align="center" class="stable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm/tor-0.2.0.34-tor.0.rh4_7.src.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.0.34-tor.0.rh4_7.src.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="unstable"> <img src="/images/distros/package.png"><br>
+ (<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh4_7.i386.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh4_7.i386.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="unstable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh4_7.src.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh4_7.src.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/redhat.png"></td>
+ <td align="left" class="distro"><strong>Red Hat 5</strong></td>
+ <td align="center" class="stable"><img src="/images/distros/package.png">
+ <br>
+ (<a href="dist/rpm/tor-0.2.0.34-tor.0.rh5_2.i386.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.0.34-tor.0.rh5_2.i386.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="stable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm/tor-0.2.0.34-tor.0.rh5_2.src.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.0.34-tor.0.rh5_2.src.rpm.sha1">sha1</a>)
+ <br> </td>
+ <td align="center" class="unstable"> <img src="/images/distros/package.png">
+ <br>
+ (<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh5_3.i386.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh5_3.i386.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="unstable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh5_3.src.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.rh5_3.src.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/fedora.png"></td>
+ <td align="left" class="distro"><strong>Fedora Core 10</strong></td>
+ <td align="center" class="stable"><img src="/images/distros/package.png"><br>
+ (<a href="dist/rpm/tor-0.2.0.34-tor.0.fc10.i386.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.0.34-tor.0.fc10.i386.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="stable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm/tor-0.2.0.34-tor.0.fc10.src.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.0.34-tor.0.fc10.src.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="unstable"> <img src="/images/distros/package.png"><br>
+ (<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.fc10.i386.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.fc10.i386.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="unstable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.fc10.src.rpm.asc">sig</a>/<a href="dist/rpm/tor-0.2.1.15.rc-tor.0.fc10.src.rpm.sha1">sha1</a>)</td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/suse.png"></td>
+ <td align="left" class="distro"><strong>openSUSE 11</strong></td>
+ <td align="center" class="stable"><img src="/images/distros/package.png"><br>
+ (<a href="dist/rpm-suse/tor-0.2.0.34-tor.0.suse.i386.rpm.asc">sig</a>/<a href="dist/rpm-suse/tor-0.2.0.34-tor.0.suse.i386.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="stable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm-suse/tor-0.2.0.34-tor.0.suse.src.rpm.asc">sig</a>/<a href="dist/rpm-suse/tor-0.2.0.34-tor.0.suse.src.rpm.sha1">sha1</a>)</td>
+ <td align="center" class="unstable"> <img src="/images/distros/package.png"><br>
+ (<a href="dist/rpm-suse/tor-0.2.1.15.rc-tor.0.suse11_1.i586.rpm.asc">sig</a>/<a href="dist/rpm-suse/tor-0.2.1.15.rc-tor.0.suse11_1.i586.rpm.sha1">sha1</a>)
+ </td>
+ <td align="center" class="unstable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/rpm-suse/tor-0.2.1.15.rc-tor.0.suse11_1.src.rpm.asc">sig</a>/<a href="dist/rpm-suse/tor-0.2.1.15.rc-tor.0.suse11_1.src.rpm.sha1">sha1</a>)</td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/generic.png"></td>
+ <td align="left" class="distro"><strong>User Contributed RPMs</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/link.png">
+ </td>
+ <td colspan="3" class="terminal"><a href="http://mirror.noreply.org/pub/devil.homelinux.org/Tor/">Contrib
+ RPMs including development snapshots</a> </td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help"> » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/gentoo.png"></td>
+ <td align="left" class="distro"><strong>Gentoo Linux</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/terminal.png"></td>
+ <td colspan="3" class="terminal"><kbd>emerge tor</kbd></td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help">
+ » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a><br/>
+ » <a href="http://gentoo-wiki.com/HOWTO_Anonymity_with_Tor_and_Privoxy">Gentoo-wiki
+ guide</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/freebsd.png"></td>
+ <td align="left" class="distro"><strong>FreeBSD</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/terminal.png"></td>
+ <td colspan="3" class="terminal"><kbd>portinstall -s security/tor</kbd></td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help">» <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a></td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/openbsd.png"></td>
+ <td align="left" class="distro"><strong>OpenBSD</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/terminal.png"></td>
+ <td colspan="3" class="terminal"><kbd>cd /usr/ports/net/tor && make
+ && make install</kbd></td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help">
+ » <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a><br/>»
+ <a href="https://wiki.torproject.org/noreply/TheOnionRouter/OpenbsdChrootedTor">chrooting
+ Tor</a>
+ </td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/netbsd.png"></td>
+ <td align="left" class="distro"><strong>NetBSD</strong></td>
+ <td align="center" class="terminal"><img src="/images/distros/terminal.png"></td>
+ <td colspan="3" class="terminal"><kbd>cd /usr/pkgsrc/net/tor &&
+ make install</kbd></td>
+ <td align="center" class="help"><img src="/images/distros/help.png"></td>
+ <td class="help">» <a href="docs/tor-doc-unix.html.en">Linux/BSD/Unix</a></td>
+ </tr>
+ <tr valign="middle">
+ <td align="center" class="note"><img src="/images/distros/generic.png"></td>
+ <td align="left" class="distro"><strong>Source tarballs</strong></td>
+ <td colspan="2" align="center" class="stable"><img src="/images/distros/src.png"><br>
+ (<a href="dist/tor-0.2.0.34.tar.gz.asc">sig</a>)</td>
+ <td colspan="2" align="center" class="unstable"> <img src="/images/distros/src.png"><br>
+ (<a href="dist/tor-0.2.1.15-rc.tar.gz.asc">sig</a>/<a href="dist/tor-0.2.1.15-rc.tar.gz.sha1">sha1</a>)
+ </td>
+ <td align="center" class="terminal"><img src="/images/distros/terminal.png"></td>
+ <td class="terminal"><kbd>./configure && make && src/or/tor</kbd></td>
+ </tr>
+ </table>
+<div class="underline"></div>
+<div class="nb">
+To keep informed of security advisories and new stable releases, subscribe
+to the <a href="http://archives.seul.org/or/announce/">or-announce
+mailing list</a> (you will be asked to confirm via email). You can also
+<a href="http://rss.gmane.org/gmane.network.onion-routing.announce">watch
+the list's RSS feed</a>.
+<div class="underline"></div>
+<link rel="alternate" title="Tor Project OR-announce" href="http://rss.gmane.org/gmane.network.onion-routing.announce" type="application/rss+xml">
+<form action="http://freehaven.net/cgi-bin/majordomo.cgi">
+<input name="mlist" value="or-announce" type="hidden">
+<input name="subscribe" value="1" type="hidden">
+<input name="host" value="freehaven.net" type="hidden">
+ <input name="email" size="24">
+<input value="subscribe to or-announce" type="submit">
+</form>
+</div>
+<div class="underline"></div>
+<div class="nb">
+Tor is distributed as <a href="http://www.fsf.org/">Free Software</a>
+under the <a href="https://git.torproject.org/checkout/tor/master/LICENSE">3-clause BSD license</a>. The
+bundles also include <a href="vidalia/index.html.en">Vidalia</a>
+and <a href="http://www.privoxy.org/">Privoxy</a>, which are supporting
+applications distributed under the GNU GPL.
+<br><br>
+There is no fee for installing Tor, or using the Tor network, but
+if you want Tor to become faster and more usable please consider
+<a href="donate.html.en">making a tax-deductible donation to The Tor Project</a>.
+</div>
+</div>
+
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/faq-abuse.php
===================================================================
--- website/branches/zed/beta/faq-abuse.php (rev 0)
+++ website/branches/zed/beta/faq-abuse.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,300 @@
+<?php
+$pagename = "Tor: Frequently Asked Questions (Abuse)";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bg">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+ <h2>Tor: Abuse FAQ</h2>
+ <!-- BEGIN SIDEBAR -->
+ <div class="sidebar-left">
+ <h4>Questions</h4>
+ » <a href="faq-abuse.html.en#WhatAboutCriminals">Doesn't Tor
+ enable criminals to do bad things?</a><br>
+ » <a href="faq-abuse.html.en#DDoS">What about distributed denial
+ of service attacks?</a><br>
+ » <a href="faq-abuse.html.en#WhatAboutSpammers">What about spammers?</a><br>
+ » <a href="faq-abuse.html.en#ExitPolicies">How do Tor exit policies
+ work?</a><br>
+ » <a href="faq-abuse.html.en#HowMuchAbuse">Does Tor get much
+ abuse?</a><br>
+ » <a href="faq-abuse.html.en#TypicalAbuses">So what should I
+ expect if I run an exit relay?</a><br>
+ » <a href="faq-abuse.html.en#IrcBans">Tor is banned from the
+ IRC network I want to use.</a><br>
+ » <a href="faq-abuse.html.en#SMTPBans">Your nodes are banned
+ from the mail server I want to use.</a><br>
+ » <a href="faq-abuse.html.en#Bans">I want to ban the Tor network
+ from my service.</a><br>
+ » <a href="faq-abuse.html.en#TracingUsers">I have a compelling
+ reason to trace a Tor user. Can you help?</a><br>
+ » <a href="faq-abuse.html.en#LegalQuestions">I have legal questions
+ about Tor abuse.</a> </div>
+ <!-- END SIDEBAR -->
+ <a id="WhatAboutCriminals"></a>
+ <h3><a class="anchor" href="#WhatAboutCriminals">Doesn't Tor enable criminals
+ to do bad things?</a></h3>
+ <p>Criminals can already do bad things. Since they're willing to break laws,
+ they already have lots of options available that provide <em>better</em>
+ privacy than Tor provides. They can steal cell phones, use them, and throw
+ them in a ditch; they can crack into computers in Korea or Brazil and use
+ them to launch abusive activities; they can use spyware, viruses, and other
+ techniques to take control of literally millions of Windows machines around
+ the world. </p>
+ <p>Tor aims to provide protection for ordinary people who want to follow the
+ law. Only criminals have privacy right now, and we need to fix that. </p>
+ <p>Some advocates of anonymity explain that it's just a tradeoff — accepting
+ the bad uses for the good ones — but there's more to it than that.
+ Criminals and other bad people have the motivation to learn how to get good
+ anonymity, and many have the motivation to pay well to achieve it. Being
+ able to steal and reuse the identities of innocent victims (identify theft)
+ makes it even easier. Normal people, on the other hand, don't have the time
+ or money to spend figuring out how to get privacy online. This is the worst
+ of all possible worlds. </p>
+ <p>So yes, criminals could in theory use Tor, but they already have better
+ options, and it seems unlikely that taking Tor away from the world will
+ stop them from doing their bad things. At the same time, Tor and other privacy
+ measures can <em>fight</em> identity theft, physical crimes like stalking,
+ and so on. </p>
+ <!--
+<a id="Pervasive"></a>
+<h3><a class="anchor" href="#Pervasive">If the whole world starts using
+Tor, won't civilization collapse?</a></h3>
+-->
+ <a id="DDoS"></a>
+ <h3><a class="anchor" href="#DDoS">What about distributed denial of service
+ attacks?</a></h3>
+ <p>Distributed denial of service (DDoS) attacks typically rely on having a
+ group of thousands of computers all sending floods of traffic to a victim.
+ Since the goal is to overpower the bandwidth of the victim, they typically
+ send UDP packets since those don't require handshakes or coordination. </p>
+ <p>But because Tor only transports correctly formed TCP streams, not all IP
+ packets, you cannot send UDP packets over Tor. (You can't do specialized
+ forms of this attack like SYN flooding either.) So ordinary DDoS attacks
+ are not possible over Tor. Tor also doesn't allow bandwidth amplification
+ attacks against external sites: you need to send in a byte for every byte
+ that the Tor network will send to your destination. So in general, attackers
+ who control enough bandwidth to launch an effective DDoS attack can do it
+ just fine without Tor. </p>
+ <a id="WhatAboutSpammers"></a>
+ <h3><a class="anchor" href="#WhatAboutSpammers">What about spammers?</a></h3>
+ <p>First of all, the default Tor exit policy rejects all outgoing port 25
+ (SMTP) traffic. So sending spam mail through Tor isn't going to work by
+ default. It's possible that some relay operators will enable port 25 on
+ their particular exit node, in which case that computer will allow outgoing
+ mails; but that individual could just set up an open mail relay too, independent
+ of Tor. In short, Tor isn't useful for spamming, because nearly all Tor
+ relays refuse to deliver the mail. </p>
+ <p>Of course, it's not all about delivering the mail. Spammers can use Tor
+ to connect to open HTTP proxies (and from there to SMTP servers); to connect
+ to badly written mail-sending CGI scripts; and to control their botnets
+ — that is, to covertly communicate with armies of compromised computers
+ that deliver the spam. </p>
+ <p> This is a shame, but notice that spammers are already doing great without
+ Tor. Also, remember that many of their more subtle communication mechanisms
+ (like spoofed UDP packets) can't be used over Tor, because it only transports
+ correctly-formed TCP connections. </p>
+ <a id="ExitPolicies"></a>
+ <h3><a class="anchor" href="#ExitPolicies">How do Tor exit policies work?</a></h3>
+ <p>Each Tor relay has an exit policy that specifies what sort of outbound
+ connections are allowed or refused from that relay. The exit policies are
+ propagated to the client via the directory, so clients will automatically
+ avoid picking exit nodes that would refuse to exit to their intended destination.
+ </p>
+ <p>This way each relay can decide the services, hosts, and networks he wants
+ to allow connections to, based on abuse potential and his own situation.
+ </p>
+ <a id="HowMuchAbuse"></a>
+ <h3><a class="anchor" href="#HowMuchAbuse">Does Tor get much abuse?</a></h3>
+ <p>Not much, in the grand scheme of things. We've been running the network
+ since October 2003, and it's only generated a handful of complaints. Of
+ course, like all privacy-oriented networks on the net, we attract our share
+ of jerks. Tor's exit policies help separate the role of "willing to donate
+ resources to the network" from the role of "willing to deal with exit abuse
+ complaints," so we hope our network is more sustainable than past attempts
+ at anonymity networks. </p>
+ <p>Since Tor has <a href="overview.html.en">many good uses as well</a>, we
+ feel that we're doing pretty well at striking a balance currently. </p>
+ <a id="TypicalAbuses"></a>
+ <h3><a class="anchor" href="#TypicalAbuses">So what should I expect if I run
+ an exit relay?</a></h3>
+ <p>If you run a Tor relay that allows exit connections (such as the default
+ exit policy), it's probably safe to say that you will eventually hear from
+ somebody. Abuse complaints may come in a variety of forms. For example:
+ </p>
+ <ul>
+ <li>Somebody connects to Hotmail, and sends a ransom note to a company.
+ The FBI sends you a polite email, you explain that you run a Tor relay,
+ and they say "oh well" and leave you alone. [Port 80]</li>
+ <li>Somebody tries to get you shut down by using Tor to connect to Google
+ groups and post spam to Usenet, and then sends an angry mail to your ISP
+ about how you're destroying the world. [Port 80]</li>
+ <li>Somebody connects to an IRC network and makes a nuisance of himself.
+ Your ISP gets polite mail about how your computer has been compromised;
+ and/or your computer gets DDoSed. [Port 6667]</li>
+ <li>Somebody uses Tor to download a Vin Diesel movie, and your ISP gets
+ a DMCA takedown notice. See EFF's <a href="eff/tor-dmca-response.html.en">Tor
+ DMCA Response Template</a>, which explains why your ISP can probably ignore
+ the notice without any liability. [Arbitrary ports]</li>
+ </ul>
+ <p>You might also find that your Tor relay's IP is blocked from accessing
+ some Internet sites/services. This might happen regardless of your exit
+ policy, because some groups don't seem to know or care that Tor has exit
+ policies. (If you have a spare IP not used for other activities, you might
+ consider running your Tor relay on it.) For example, </p>
+ <ul>
+ <li>Because of a few cases of anonymous jerks messing with its web pages,
+ Wikipedia is currently blocking many Tor relay IPs from writing (reading
+ still works). We're talking to Wikipedia about how they might control
+ abuse while still providing access to anonymous contributors, who often
+ have hot news or inside info on a topic but don't want to risk revealing
+ their identities when publishing it (or don't want to reveal to local
+ observers that they're accessing Wikipedia). Slashdot is also in the same
+ boat.</li>
+ <li>SORBS is putting some Tor relay IPs on their email blacklist as well.
+ They do this because they passively detect whether your relay connects
+ to certain IRC networks, and they conclude from this that your relay is
+ capable of spamming. We tried to work with them to teach them that not
+ all software works this way, but we have given up. We recommend you avoid
+ them, and <a
+href="http://paulgraham.com/spamhausblacklist.html">teach your friends (if they
+ use them) to avoid abusive blacklists too</a>.</li>
+ </ul>
+ <a id="IrcBans"></a>
+ <h3><a class="anchor" href="#IrcBans">Tor is banned from the IRC network I
+ want to use.</a></h3>
+ <p>Sometimes jerks make use of Tor to troll IRC channels. This abuse results
+ in IP-specific temporary bans ("klines" in IRC lingo), as the network operators
+ try to keep the troll off of their network. </p>
+ <p>This response underscores a fundamental flaw in IRC's security model: they
+ assume that IP addresses equate to humans, and by banning the IP address
+ they can ban the human. In reality this is not the case — many such
+ trolls routinely make use of the literally millions of open proxies and
+ compromised computers around the Internet. The IRC networks are fighting
+ a losing battle of trying to block all these nodes, and an entire cottage
+ industry of blacklists and counter-trolls has sprung up based on this flawed
+ security model (not unlike the antivirus industry). The Tor network is just
+ a drop in the bucket here. </p>
+ <p>On the other hand, from the viewpoint of IRC server operators, security
+ is not an all-or-nothing thing. By responding quickly to trolls or any other
+ social attack, it may be possible to make the attack scenario less attractive
+ to the attacker. And most individual IP addresses do equate to individual
+ humans, on any given IRC network at any given time. The exceptions include
+ NAT gateways which may be allocated access as special cases. While it's
+ a losing battle to try to stop the use of open proxies, it's not generally
+ a losing battle to keep klining a single ill-behaved IRC user until that
+ user gets bored and goes away. </p>
+ <p>But the real answer is to implement application-level auth systems, to
+ let in well-behaving users and keep out badly-behaving users. This needs
+ to be based on some property of the human (such as a password he knows),
+ not some property of the way his packets are transported. </p>
+ <p>Of course, not all IRC networks are trying to ban Tor nodes. After all,
+ quite a few people use Tor to IRC in privacy in order to carry on legitimate
+ communications without tying them to their real-world identity. Each IRC
+ network needs to decide for itself if blocking a few more of the millions
+ of IPs that bad people can use is worth losing the contributions from the
+ well-behaved Tor users. </p>
+ <p>If you're being blocked, have a discussion with the network operators and
+ explain the issues to them. They may not be aware of the existence of Tor
+ at all, or they may not be aware that the hostnames they're klining are
+ Tor exit nodes. If you explain the problem, and they conclude that Tor ought
+ to be blocked, you may want to consider moving to a network that is more
+ open to free speech. Maybe inviting them to #tor on irc.oftc.net will help
+ show them that we are not all evil people. </p>
+ <p>Finally, if you become aware of an IRC network that seems to be blocking
+ Tor, or a single Tor exit node, please put that information on <a
+href="https://wiki.torproject.org/wiki/TheOnionRouter/BlockingIrc">The Tor IRC
+ block tracker</a> so that others can share. At least one IRC network consults
+ that page to unblock exit nodes that have been blocked inadvertently. </p>
+ <a id="SMTPBans"></a>
+ <h3><a class="anchor" href="#SMTPBans">Your nodes are banned from the mail
+ server I want to use.</a></h3>
+ <p>Even though <a href="#WhatAboutSpammers">Tor isn't useful for spamming</a>,
+ some over-zealous blacklisters seem to think that all open networks like
+ Tor are evil — they attempt to strong-arm network administrators on
+ policy, service, and routing issues, and then extract ransoms from victims.
+ </p>
+ <p>If your server administrators decide to make use of these blacklists to
+ refuse incoming mail, you should have a conversation with them and explain
+ about Tor and Tor's exit policies. </p>
+ <a id="Bans"></a>
+ <h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3>
+ <p>We're sorry to hear that. There are some situations where it makes sense
+ to block anonymous users for an Internet service. But in many cases, there
+ are easier solutions that can solve your problem while still allowing users
+ to access your website securely.</p>
+ <p>First, ask yourself if there's a way to do application-level decisions
+ to separate the legitimate users from the jerks. For example, you might
+ have certain areas of the site, or certain privileges like posting, available
+ only to people who are registered. It's easy to build an up-to-date list
+ of Tor IP addresses that allow connections to your service, so you could
+ set up this distinction only for Tor users. This way you can have multi-tiered
+ access and not have to ban every aspect of your service. </p>
+ <p>For example, the <a
+href="http://freenode.net/policy.shtml#tor">Freenode IRC network</a> had a problem
+ with a coordinated group of abusers joining channels and subtly taking over
+ the conversation; but when they labelled all users coming from Tor nodes
+ as "anonymous users," removing the ability of the abusers to blend in, the
+ abusers moved back to using their open proxies and bot networks. </p>
+ <p>Second, consider that hundreds of thousands of people use Tor every day
+ simply for good data hygiene — for example, to protect against data-gathering
+ advertising companies while going about their normal activities. Others
+ use Tor because it's their only way to get past restrictive local firewalls.
+ Some Tor users may be legitimately connecting to your service right now
+ to carry on normal activities. You need to decide whether banning the Tor
+ network is worth losing the contributions of these users, as well as potential
+ future legitimate users. (Often people don't have a good measure of how
+ many polite Tor users are connecting to their service — you never
+ notice them until there's an impolite one.)</p>
+ <p>At this point, you should also ask yourself what you do about other services
+ that aggregate many users behind a few IP addresses. Tor is not so different
+ from AOL in this respect.</p>
+ <p>Lastly, please remember that Tor relays have <a
+href="#ExitPolicies">individual exit policies</a>. Many Tor relays do not allow
+ exiting connections at all. Many of those that do allow some exit connections
+ might already disallow connections to your service. When you go about banning
+ nodes, you should parse the exit policies and only block the ones that allow
+ these connections; and you should keep in mind that exit policies can change
+ (as well as the overall list of nodes in the network).</p>
+ <p>If you really want to do this, we provide a <a href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">Tor
+ exit relay list</a> or a <a href="tordnsel/index.html.en">DNS-based list
+ you can query</a>. </p>
+ <p> (Some system administrators block ranges of IP addresses because of official
+ policy or some abuse pattern, but some have also asked about whitelisting
+ Tor exit relays because they want to permit access to their systems only
+ using Tor. These scripts are usable for whitelisting as well.) </p>
+ <a id="TracingUsers"></a>
+ <h3><a class="anchor" href="#TracingUsers">I have a compelling reason to trace
+ a Tor user. Can you help?</a></h3>
+ <p> There is nothing the Tor developers can do to trace Tor users. The same
+ protections that keep bad people from breaking Tor's anonymity also prevent
+ us from figuring out what's going on. </p>
+ <p> Some fans have suggested that we redesign Tor to include a <a
+href="faq.html.en#Backdoor">backdoor</a>. There are two problems with this idea.
+ First, it technically weakens the system too far. Having a central way to
+ link users to their activities is a gaping hole for all sorts of attackers;
+ and the policy mechanisms needed to ensure correct handling of this responsibility
+ are enormous and unsolved. Second, the bad people <a href="#WhatAboutCriminals">aren't
+ going to get caught by this anyway</a>, since they will use other means
+ to ensure their anonymity (identity theft, compromising computers and using
+ them as bounce points, etc). </p>
+ <p> But remember that this doesn't mean that Tor is invulnerable. Traditional
+ police techniques can still be very effective against Tor, such as interviewing
+ suspects, surveillance and keyboard taps, writing style analysis, sting
+ operations, and other physical investigations. </p>
+ <a id="LegalQuestions"></a>
+ <h3><a class="anchor" href="#LegalQuestions">I have legal questions about
+ Tor abuse.</a></h3>
+ <p>We're only the developers. We can answer technical questions, but we're
+ not the ones to talk to about legal questions or concerns. </p>
+ <p>Please take a look at the <a href="eff/tor-legal-faq.html.en">Tor Legal
+ FAQ</a>, and contact EFF directly if you have any further legal questions.
+ </p>
+ </div>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/footer.inc.php
===================================================================
--- website/branches/zed/beta/footer.inc.php (rev 0)
+++ website/branches/zed/beta/footer.inc.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,26 @@
+
+<div class="bottom" id="bottom">
+This page is also available in the <a href="http://www.debian.org/intro/cn#howtoset" title="How to set the default language" target="_blank">following languages</a>:<br> <a href="index.html-2.html">Deutsch</a>,
+ <a href="index.html-3.html">español</a>, <a href="index.html-4.html">فارسی
+ (Fārsī)</a>, <a href="index.html-5.html">suomi</a>, <a href="index.html-6.html">français</a>,
+ <a href="index.html-7.html">Italiano</a>, <a href="index.html-8.html">日本語 (Nihongo)</a>,
+ <a href="index.html-9.html">한국어 (Hangul)</a>, <a href="index.html-10.html">Nederlands</a>,
+ <a href="index.html-11.html">norsk</a>, <a href="index.html-12.html">polski</a>,
+ <a href="index.html-13.html">Português</a>, <a href="index.html-14.html">Русский (Russkij)</a>,
+ <a href="index.html-15.html">svenska</a>, <a href="index.html-16.html">Türkçe</a>,
+ <a href="index.html-17.html">中文(简) (Simplified Chinese)</a>.
+ <br>
+<!-- <p> <i><a href="contact.html.html" class="smalllink">Webmaster</a></i> - Last
+ modified: Fri Mar 13 17:24:15 2009 - Last compiled: Fri Mar 13 17:35:16 2009
+ </p> -->
+</div>
+<div class="legal" id="legal">
+"Tor" and the "Onion Logo" are <a href="trademark-faq.html">registered trademarks</a>
+ of The Tor Project, Inc. <br>Content on this site is licensed under a <a href="http://creativecommons.org/licenses/by/3.0/us/">Creative
+ Commons Attribution 3.0 United States License</a>, unless otherwise noted.
+</div>
+<div class="footnav" id="footnav"><a href="#top">Top of page</a> <a href="/beta/sitemap.php">Sitemap</a> <a href="/beta/">Home</a> <a href="/beta/tor-legal-faq.php">Legal FAQ</a> <a href="/beta/faq-abuse.php">Abuse FAQ</a> <a href="/beta/trademark-faq.php">Trademarks FAQ</a> <a href="/beta/contact.php">Contact</a>
+ </div>
+</div>
+</body>
+</html>
Added: website/branches/zed/beta/header.inc.php
===================================================================
--- website/branches/zed/beta/header.inc.php (rev 0)
+++ website/branches/zed/beta/header.inc.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,332 @@
+<?php
+ $parts = Explode('/', $_SERVER["SCRIPT_NAME"]);
+ $scriptname = $parts[count($parts) - 1];
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
+<html>
+<head>
+<title><?php echo $pagename; ?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="stylesheet" type="text/css" href="/zedstylesheet-ltr.css" title="light" />
+<link rel="alternate stylesheet" type="text/css" href="/black-zedstylesheet-ltr.css" title="dark" />
+<link rel="stylesheet" type="text/css" href="/navbar.css">
+<link rel="shortcut icon" href="/images/favicon.ico">
+</head>
+<body><div class="page">
+<table height="24" width=100% border="0" align=center cellpadding="0" cellspacing="0" summary="www.torproject.org">
+ <tr>
+ <td valign="middle" class=topbanner> <table width="100%" border="0" align="center" cellpadding="0">
+ <tr valign="bottom">
+ <td><a id="top" class=fade href=/><img src=/images/torshadow.png alt="https://torproject.org" border="0" class=navlogo></a></td>
+ <td align="right" nowrap> <form action="http://www.google.com/cse" id="cse-search-box">
+ <div>
+ <input type="hidden" name="cx" value="001416743349295456282:tpdswzqu2v0" />
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="text" class="formfield" name="q" size="14" />
+ <input type="submit" class="formbutton" name="sa" value="Search" />
+ <br>
+ <div class="smallboldtxt"> [ Tor & subs via <a href="http://www.google-watch.org/bigbro.html" title="Search Tor domains via Google" target="_blank">Google</a>
+ ]</div>
+ </div>
+ </form></td>
+ </tr>
+ </table></td>
+ <td width=10></td>
+ </tr>
+</table>
+<table class=banner border=0 cellpadding=0 cellspacing=0 summary="Tor's Navigation Bar">
+ <tr>
+ <td nowrap class=banner-middle><div style="clear: both;"></div>
+ <ul id=nav class="dropdown dropdown-horizontal">
+ <li id=organisation><a href=/ class=dir>Tor <img src="/images/navdropdownarrow.png" class="flyout"><span>
+ The Tor Project » What is the Tor Project? Who's involved?</span>
+ </a>
+ <ul>
+ <li><a href=/30seconds.html>Why use Tor?<span> Why you need Tor &
+ why Tor needs you!</span></a> </li>
+ <li><a href=/overview.html>Overview<span> What is Tor? Why would I
+ want to use it? How does it work?</span></a> </li>
+ <li><a href=/people.html>Contributors<span> Who participates in the
+ project?</span></a> </li>
+ <li><a href=/donate.html>Donations<span> Donate to the non-profit
+ Tor project and help Tor prosper!</span></a> </li>
+ <li><a href=/sponsors.html>Sponsors<span> Tor's financial supporters.</span></a>
+ </li>
+ <li><a href=/translation.html>Translators<span> Help translate Tor
+ & documentation into your language!</span></a> </li>
+ <li><a href=/torusers.html>Users<span> Who uses Tor? Could you benefit?</span></a>
+ </li>
+ <li><a href=/volunteer.html>Volunteers<span> Would you like to help
+ with the project? Here's where we need your help..</span></a> </li>
+ </ul>
+ </li>
+ <li id=news><a href=/news.html>News <img src="/images/navdropdownarrow.png" class="flyout"><span>
+ The Tor Project » News, blog, & press sightings..</span></a>
+ <ul>
+ <li class=first><a href=https://blog.torproject.org>Tor Blog<span>
+ News from the Tor front line.</span></a> </li>
+ <li><a href=https://blog.torproject.org/blog/feed>Blog RSS Feed<span>Medium
+ volume RSS feed for the Tor Project blog.</span></a> </li>
+ <li><a href=/press/>Press Releases<span> Offical Press Releases for
+ the Tor Project.</span></a> </li>
+ <li><a href=/tormedia>In The Media<span>Tor coverage in the media
+ at large.</span></a> </li>
+ <li><a href=http://rss.gmane.org/gmane.network.onion-routing.announce>Tor
+ Updates<span> Low volume RSS Feed detailing Tor releases and security
+ fixes</span></a> </li>
+ </ul>
+ <li id=help><a href=/30seconds.html class=dir>Support <img src="/images/navdropdownarrow.png" class="flyout"><span>
+ The Tor Project » Help, support & technical documentation.</span></a>
+ <ul>
+ <li><span class=dir>For Tor Users</span>
+ <ul>
+ <li><span class=dir>Installation</span>
+ <ul>
+ <li class=first><a href=/docs/tor-doc-windows.html>Win32<span> Installing Tor on Microsoft Windows.</span></a>
+ </li>
+ <li><a href=/docs/tor-doc-osx.html.en>OS X<span> Installing Tor on Apple OS X.</span></a> </li>
+ <li><a href=/docs/tor-doc-unix.html.en>Linux/Unix/BSD<span> Installing Tor on Linux, Unix & BSD.</span></a>
+ </li>
+ <li><a href=/torbutton/index.html>Torbutton<span> Torbutton extension for Firefox.</span></a> </li>
+ </ul>
+ </li>
+ <li><span class=dir>Configuration</span>
+ <ul>
+ <li class=first><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate>Is
+ Tor working?<span> How do I test that Tor is working? How can I be sure my connections are fully anonymized?</span></a> </li>
+ <li><a href=http://rootatlocalhost.bouldernet.org/tor_configurator.html>Torrc
+ Configurator<span> Generate a custom Tor configuration file (torrc) using a web based interface.</span></a></li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/PrivoxyConfig>Sample
+ Privoxy Config<span> Sample privoxy configuration file for use with the Unixish and Gnu/Linux packages.</span></a></li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#RelayCrashing>Tor
+ Crashes<span> Help with troubleshooting Tor crashes.</span></a> </li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO/BitTorrent?highlight=%2528bittorrent%2529#BitTorrent>Tor
+ & BitTorrent.<span> Using Tor with BitTorrent, and how to configure it correctly.</span></a> </li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO/IrcSilc>Tor
+ & IRC<span> Configuring IRC clients for use with Tor.</span></a> </li>
+ </ul>
+ <li class=first><a href=/x21/documentation.html>Tor
+ Documentation<span> Tor's main documentation page.</span></a>
+ <li><a href=https://check.torproject.org>Check
+ Tor works<span> Verify your browser is using Tor [https://check.torproject.org].</span></a></li>
+ <li><span class=dir>Tor Wiki</span>
+ <ul>
+ <li class=first><a href=https://wiki.torproject.org/noreply/TheOnionRouter>Main
+ Page<span> The Onion Router Wiki</span></a></li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ>Tor
+ Wiki FAQ<span> Tor Wiki Frequently Asked Questions.</span></a> </li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#GoogleSpyware>Tor
+ & Google<span> Why does Google report that my machine is infected with spyware?</span></a> </li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/SupportPrograms>Support
+ Programs<span> A list of programs you may wish to use in conjunction with Tor.</span></a> </li>
+ </ul>
+ </li>
+ <li><a href=irc://irc.oftc.net/tor>IRC
+ support channel<span> Tor's official IRC support channel [#tor on irc.oftc.net].</span></a></li>
+ <li class=first><a href=https://torstatus.kgprog.com/>Tor
+ Relay Status<span> View status of available Tor nodes.</span></a></li>
+ <li><a href=/docs/tor-hidden-service.html>Setup
+ Hidden Service<span> How to configure a Tor hidden service.</span></a></li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#AccessHiddenService>View
+ Hidden Services<span> How to access Tor's hidden services.</span></a> </li>
+ <li class=first><a href=/trademark-faq.html>Trademark
+ FAQ<span> All you need to know about Tor's trademarks.</span></a></li>
+ </ul>
+ <li title=""><span class=dir>For Relay Operators</span>
+ <ul>
+ <li class=first><a href=/docs/tor-doc-relay.html>Running
+ a Relay<span> How to configure a Tor node.</span></a></li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DefaultPorts>Default
+ Exit Ports<span> Tor's default list of permitted exit ports used when running a relay.</span></a> </li>
+ <li><a href=https://wiki.torproject.org/noreply/TheOnionRouter/OperationalSecurity>Tor
+ Relay Security<span> How to run a secure Tor server.</span></a> </li>
+ <li><a href=/eff/tor-legal-faq.html>Legal
+ FAQ<span> Legal guidance for Tor Relay Operators.</span></a> </li>
+ <li><a href=/eff/tor-dmca-response.html>DMCA
+ Response<span> Response template for Tor relay maintainer to ISP.</span></a> </li>
+ </ul>
+ <li title=""><span class=dir>For Developers</span>
+ <ul>
+ <li class=first><a href=https://www.torproject.org/documentation.html.en#Developers>Developer
+ Help<span> Help for Tor Developers</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/>Browse
+ SVN<span> Browse Tor's repository</span></a></li>
+ <li><a href=http://archives.seul.org/or/cvs/>Tor
+ SVN Commits<span> List of Tor SVN commits</span></a></li>
+ <li><a href=http://cvs.seul.org/viewcvs/viewcvs.cgi/tor/?root=Tor>View
+ Tor's Source<span> View Tor's source code</span></a></li>
+ <li><a href=https://bugs.torproject.org>Tor
+ Bug Tracker<span> Review and report Tor bugs here.</span></a></li>
+ <li><a href=http://archives.seul.org/or/dev/>Dev's
+ Mailing List<span> Low volume Tor developer mailing list.</span></a></li>
+ </ul>
+ <li><span class=dir>Technical
+ Docs</span>
+ <ul>
+ <li class=first><a href=/tor-manual.html>Tor
+ Manual<span> Concise Tor instruction manual (man pages).</span></a>
+ <li><a href=/tor-manual-dev.html>Tor
+ Dev Manual<span> Manual for development (unstable) version of Tor.</span></a></li>
+ <li><span class=dir>Specifications</span>
+ <ul>
+ <li class=first><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/tor-spec.txt>Tor
+ Specification<span> Main Tor specification document.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/dir-spec.txt>Directory
+ Spec. (v3)<span> Tor version 3 directory server specification.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/control-spec.txt>Control
+ Protocol Spec.<span> Tor control protocol specification.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/rend-spec.txt>Rendezvous
+ Spec.<span> Tor rendezvous specification.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/path-spec.txt>Path
+ Selection Spec.<span> Tor path selection specification.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/address-spec.txt>Address
+ Spec.<span> Special host names in Tor.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt>SOCKS
+ Support<span> Tor's SOCKS support and extensions.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/version-spec.txt>Version
+ Spec.<span> How Tor's version numbers work.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/>Proposals<span> In-progress drafts of new specifications and proposed changes.</span></a></li>
+ </ul>
+ <li class=design><a href=https://svn.torproject.org/svn/tor/trunk/doc/design-paper/tor-design.html>Tor
+ Design<span> Justifications and design considerations for Tor.</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/design-paper/blocking.html>Defeating
+ Tor blocks<span> Design of a blocking-resistant anonymity system (draft).</span></a></li>
+ <li><a href=https://svn.torproject.org/svn/tor/trunk/doc/contrib/torel-design.txt>Tor
+ DNSEL Design<span> Document detailing proposal for the design for a DNS Exit List (DNSEL) for Tor exit nodes.</span></a></li>
+ <li><a href=http://freehaven.net/anonbib/>Anonymity
+ Docs<span> Selected Papers in Anonymity.</span></a></li>
+ </ul>
+ <li class=first><a href=/faq>Tor
+ FAQ<span> Frequently asked questions relating to Tor. (See also: Wiki FAQ).</span></a></li>
+ <li><span class=dir>Mailing Lists</span>
+ <ul>
+ <li class=first><a href=http://archives.seul.org/or/talk/>Or-Talk<span> Tor's general purpose list for discussion of Tor and support.</span></a>
+ </li>
+ <li><a href=http://archives.seul.org/or/announce/>Or-Announce<span> Tor's low volume announce list detailing new versions and security fixes.</span></a>
+ </li>
+ <li><a href=http://archives.seul.org/or/dev/>Or-Dev<span> Tor's low volume developer list.</span></a>
+ </li>
+ </ul>
+ </li>
+ <li><span class=dir>Abuse</span>
+ <ul>
+ <li><a href=/faq-abuse.html>Abuse
+ FAQ<span> How can Tor be abused, and what can I do to protect myself?</span></a> </li>
+ <li><a href=https://www.torproject.org/faq-abuse.html.en#Bans>Blocking
+ Tor<span> How do I block Tor access to my network or server?</span></a> </li>
+ <li><a href=https://www.torproject.org/faq-abuse.html.en#WhatAboutSpammers>Tor
+ and Spam<span> Why Tor isn't the best tool for spammers.</span></a> </li>
+ <li><a href=https://check.torproject.org/cgi-bin/TorBulkExitList.py>Exit
+ List Generator<span> Creates an IP list of active Tor nodes.</span></a></li>
+ <li><a href=/tordnsel/>Tor
+ DNSEL<span> Tor DNS Exit List (DNSEL) is an active testing, DNS-based list of Tor exit nodes.</span></a></li>
+ </ul>
+ <li><a href=/contact.html>Contact<span> Get in touch with Tor!</span></a>
+ </li>
+ </ul>
+ </li>
+ <li class=first><a href=/projects/ class=dir>Projects <img src="/images/navdropdownarrow.png" class="flyout"><span>The
+ Tor Project » Associated applications and projects.</span></a>
+ <ul>
+ <li class=first><a href=/projects/google.html>Auto-update<span> Secure auto-update for Tor, sponsored by Google.</span></a>
+ </li>
+ <li><a href=/torbrowser/>Browser
+ Bundle<span> Tor Browser Bundle (TBB) is a self-contained pre-configured Tor bundle with Firefox and Pidgin Instant Messenger for Windows.</span></a> </li>
+ <li><a href=/projects/hidserv.html>Hidden
+ Services<span> Improving the performance of Tor Hidden Services.</span></a> </li>
+ <li><a href="http://www.
+browseanonymouslyanywhere.com/incognito/">Incognito<span> Incognito is an open source LiveDistro based on Gentoo Linux assisting you to securely and anonymously use the Internet almost anywhere you go.</span></a>
+ </li>
+ <li><a href=/projects/lowbandwidth.html>Low-bandwidth<span> Enhancing performance of Tor over low bandwidth connections.</span></a></li>
+ <li><a href=/projects/metrics.html>Metrics<span> Measuring performance of the Tor network.</span></a>
+ </li>
+ <li><a href=http://portabletor.sourceforge.net/>PortableTor <span> A ready to run Tor for Windows, suitable for use on systems where installation isn't possible (eg netcafes, public libraries etc).</span></a>
+ </li>
+ <li><a href=http://fscked.org/projects/torflow>TorFlow<span> TorFlow is a set of python scripts written to scan the Tor network for misbehaving, misconfigured, and overloaded Tor nodes.</span></a></li>
+ <li><a href=/torbutton/>Torbutton<span> Torbutton addon provides security enhancements to the Firefox web browser when in conjunction with Tor.</span></a>
+ </li>
+ <li><a href=http://www.anonymityanywhere.com/tork/>TorK<span> A Linux/KDE based gui controller for Tor. Single-click configuration for many apps, anonymous mail, configuration of Tor relays and hidden service etc.</span></a>
+ </li>
+ <li><a href=/torvm/>TorVM<span> TorVM is a virtual machine based on Qemu that acts as a transparent network proxy, enabling a more robust and secure Tor configuration for clients and relays.</span></a>
+ </li>
+ <li><a href=http://vidalia-project.net>Vidalia<span> Vidalia is cross platform gui controller for Tor. Available for Windows, OS X, Linux/Unix/BSD.</span></a>
+ </li>
+ </ul>
+ </li>
+ <li id=contribute><a href=/volunteer.html class=dir>Contribute <img src="/images/navdropdownarrow.png" class="flyout"><span>
+ The Tor Project » Get involved with the project!</span></a>
+ <ul>
+ <li class=first><a href=/docs/tor-doc-relay.html>Run
+ a Relay<span> Run a relay and help the network.</span></a> </li>
+ <li><a href=/donate.html>Donate<span> Help the Tor project grow!</span></a>
+ </li>
+ <li><a href=/translation.html>Translate<span> Help translate Tor into your language. Arabic and Farsi urgently needed</span></a>
+ </li>
+ <li><a href=/volunteer.html#Projects>Develop<span> Help with Tor's code and developing companion applications.</span></a>
+ </li>
+ <li><a href=/volunteer.html#Documentation>Document<span> Help write documentation and improve existing information.</span></a>
+ </li>
+ <li><a href=/volunteer.html#Advocacy.>Promote
+ Tor<span> Help promote Tor in your area!</span></a>
+ </ul>
+ </li>
+ <li id=download><a href=/easy-download.html class=dir>Download <img src="/images/navdropdownarrow.png" class="flyout"><span>
+ The Tor Project » Download Tor for your platform!</span></a>
+ <ul>
+ <li class=first><a href=/easy-download.html>Windows
+ Bundle<span> Bundle installer for Windows systems. (Contains Tor, Vidalia, Privoxy & Torbutton).</span></a></li>
+ <li><a href=/torbrowser/>Browser
+ Bundle<span> Zero-install pre-configured Tor bundle with Firefox and Pidgin Instant Messenger for Windows.</span></a> </li>
+ <li><a href=/easy-download.html>OS
+ X Bundle<span> Apple OS X installer. (Contains Tor, Vidalia, Polipo & Torbutton).</span></a> </li>
+ <li><a href=/download-unix.html>Unix
+ & Linux<span> Downloads for various Unix & Linux distributions.</span></a></li>
+ <li><a href=/download.html>Advanced<span> Downloads page for advanced users. Stable and development builds and bundles.</span></a>
+ </li>
+ </ul>
+ </li></li>
+ <li id=languages><a href=https://translation.torproject.org class=dir title="Choose the language for this document."><img src=/images/flag.png alt="Language" class="flag">
+ <img src="/images/navdropdownarrow.png" class="flyout"><span> The Tor
+ Project » Choose the language for this page.</span></a>
+ <ul>
+ <li><a class=fade href=#><img src=/images/flags/cn.png> 中文(简)
+ (Chinese)</a> </li>
+ <li><a class=fade href=#><img src=/images/flags/de.png> Deutsch</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/gb.png> English</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/es.png> Español</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/ir.png> فارسی
+ (Fārsī)</a> </li>
+ <li><a class=fade href=#><img src=/images/flags/fr.png> Français</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/kn.png> 한국어 (Hangul)</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/it.png> Italiano</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/nl.png> Nederlands</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/no.png> Norsk</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/jp.png> 日本語 (Nihongo)</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/pl.png> Polski</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/pt.png> Português</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/ru.png> Русский (Russkij)</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/pt.png> Suomi</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/se.png> Svenska</a>
+ </li>
+ <li><a class=fade href=#><img src=/images/flags/tr.png> Türkçe</a></li>
+ </ul>
+ </li></li>
+
+ </ul></ul>
+ </td>
+ <td align=center valign=middle class=banner-right></td>
+ </tr>
+</table>
Added: website/branches/zed/beta/index.php
===================================================================
--- website/branches/zed/beta/index.php (rev 0)
+++ website/branches/zed/beta/index.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,79 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column"> <div class="bgsmall">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+ <h2>TOR: ANONYMITY ONLINE</h2>
+ <!-- BEGIN SIDEBAR -->
+ <div class="sidebar">
+ <h4>Summary</h4>
+» <a href="/30seconds.html">What is Tor?</a><br>
+» <a href="/torusers.html">Who uses Tor?</a><br>
+» <a href="/overview.html">Want more detail?</a><br>
+ <div class="downloadbutton">
+<a href="/easy-download.html">Download</a>
+ </div>
+ <div class="donatebutton">
+<a href="/donate.html">Donate</a>
+ </div>
+ </div>
+ <!-- END SIDEBAR -->
+ <p>Tor is free software and an open network that helps you defend against a
+ form of network surveillance that threatens personal freedom and privacy,
+ confidential business activities and relationships, and state security known
+ as <a href="/overview.html">traffic analysis</a>.</p>
+ <p>Tor protects you by bouncing your communications around a distributed network
+ of relays run by volunteers all around the world: it prevents somebody watching
+ your Internet connection from learning what sites you visit, and it prevents
+ the sites you visit from learning your physical location. Tor works with many
+ of your existing applications, including web browsers, instant messaging clients,
+ remote login, and other applications based on the TCP protocol. </p>
+ <p> Hundreds of thousands of people around the world use Tor for a wide variety
+ of reasons: journalists and bloggers, human rights workers, law enforcement
+ officers, soldiers, corporations, citizens of repressive regimes, and just
+ ordinary citizens. See the <a href="/torusers.html">Who Uses Tor?</a> page
+ for examples of typical Tor users. See the <a href="/overview.html">overview
+ page</a> for a more detailed explanation of what Tor does, and why this diversity
+ of users is important. </p>
+ <p>Tor doesn't magically encrypt all of your Internet activities, though. You
+ should <a href="/download.html#Warning">understand what Tor does and does
+ not do for you</a>.</p>
+ <p> Tor's security improves as its user base grows and as more people volunteer
+ to <a href="/docs/tor-doc-relay.html">run relays</a>. (It isn't nearly as
+ hard to set up as you might think, and can significantly <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#RelayAnonymity">
+ enhance your own security</a>.) If running a relay isn't for you, we need
+ <a href="/volunteer.html">help with many other aspects of the project</a>,
+ and we need funds to continue making the Tor network faster and easier to
+ use while maintaining good security</a>.</p>
+ <p>Tor is a registered 501(c)(3) non-profit whose mission is to allow you to
+ protect your Internet traffic from analysis. Please make a <a href="/donate.html">tax-deductible
+ donation.</a> </p>
+ <h3><a class="anchor" href="#News">News</a></h3>
+ <ul>
+ <li>12 March 2009: Tor launches performance roadmap and campaign. Read the
+ <a href="/press/2009-03-12-performance-roadmap-press-release.html">Press
+ Release</a> for more information.</li>
+ <li>09 February 2009: Tor 0.2.0.34 released as stable. Read the <a
+href="http://archives.seul.org/or/announce/Feb-2009/msg00000.html">announcement</a>
+ for the updates and changes. This release fixes a security issue.</li>
+ <li>21 January 2009: Tor 0.2.0.33 released as stable. Read the <a
+href="http://archives.seul.org/or/announce/Jan-2009/msg00000.html">announcement</a>
+ for the updates and changes.</li>
+ <li>19 December 2008: Tor releases 3-year development roadmap. Read the <a href="/press/2008-12-19-roadmap-press-release.html">Press
+ Release</a> for more information.</li>
+ <li><b>We are actively looking for new sponsors and funding.</b> If your organization
+ has an interest in keeping the Tor network usable and fast, please <a href="/contact.html">contact
+ us</a>. <a href="/sponsors.html">Sponsors of Tor</a> also get personal attention,
+ better support, publicity (if they want it), and get to influence the direction
+ of our research and development. <a href="/donate.html">Please donate.</a></li>
+ </ul>
+ <p><a href="/news.html">More news</a> | <a href="/press/index.html">Press
+ Releases</a> | <a href="/tormedia.html">Tor in the News</a></p>
+</div>
+</div>
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/overview.php
===================================================================
--- website/branches/zed/beta/overview.php (rev 0)
+++ website/branches/zed/beta/overview.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,220 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+<a name="overview"></a>
+<h2><a class="anchor" href="#overview">Tor: Overview</a></h2>
+<!-- BEGIN SIDEBAR -->
+<div class="sidebar-left">
+<h4>Topics</h4>
+
+» <a href="overview.html.en#overview">Overview</a><br>
+» <a href="overview.html.en#whyweneedtor">Why we need Tor</a><br>
+» <a href="overview.html.en#thesolution">The Solution</a><br>
+» <a href="overview.html.en#hiddenservices">Hidden services</a><br>
+» <a href="overview.html.en#stayinganonymous">Staying anonymous</a><br>
+» <a href="overview.html.en#thefutureoftor">The future of Tor</a><br>
+
+</div>
+<!-- END SIDEBAR -->
+<p>
+Tor is a network of virtual tunnels that allows people and groups to
+improve their privacy and security on the Internet. It also enables
+software developers to create new communication tools
+with built-in privacy features. Tor provides the foundation for
+a range of applications that allow organizations and individuals
+to share information over public networks without compromising their
+privacy.
+</p>
+<p>
+Individuals use Tor to keep websites from tracking them and their family
+members, or to connect to news sites, instant messaging services, or the
+like when these are blocked by their local Internet providers. Tor's <a
+href="docs/tor-hidden-service.html.en">hidden services</a>
+let users publish web sites and other services without needing to reveal
+the location of the site. Individuals also use Tor for socially sensitive
+communication: chat rooms and web forums for rape and abuse survivors,
+or people with illnesses.
+</p>
+<p>
+Journalists use Tor to communicate more safely with whistleblowers and
+dissidents. Non-governmental organizations (NGOs) use Tor to allow their
+workers to connect to their home website while they're in a foreign
+country, without notifying everybody nearby that they're working with
+that organization.
+</p>
+<p>
+Groups such as Indymedia recommend Tor for safeguarding their members'
+online privacy and security. Activist groups like the Electronic Frontier
+Foundation (EFF) recommend Tor as a mechanism for
+maintaining civil liberties online. Corporations use Tor as a safe way
+to conduct competitive analysis, and to protect sensitive procurement
+patterns from eavesdroppers. They also use it to replace traditional
+VPNs, which reveal the exact amount and timing of communication. Which
+locations have employees working late? Which locations have employees
+consulting job-hunting websites? Which research divisions are communicating
+with the company's patent lawyers?
+</p>
+<p>
+A branch of the U.S. Navy uses Tor for open source intelligence
+gathering, and one of its teams used Tor while deployed in the Middle
+East recently. Law enforcement uses Tor for visiting or surveilling
+web sites without leaving government IP addresses in their web logs,
+and for security during sting operations.
+</p>
+<p>
+The variety of people who use Tor is actually <a
+href="http://freehaven.net/doc/fc03/econymics.pdf">part of what makes
+it so secure</a>. Tor hides you among <a href="torusers.html.en">the
+other users on the network</a>,
+so the more populous and diverse the user base for Tor is, the more your
+anonymity will be protected.
+</p>
+<a name="whyweneedtor"></a>
+<h3><a class="anchor" href="#whyweneedtor">Why we need Tor</a></h3>
+<p>
+Using Tor protects you against a common form of Internet surveillance
+known as "traffic analysis." Traffic analysis can be used to infer
+who is talking to whom over a public network. Knowing the source
+and destination of your Internet traffic allows others to track your
+behavior and interests. This can impact your checkbook if, for example,
+an e-commerce site uses price discrimination based on your country or
+institution of origin. It can even threaten your job and physical safety
+by revealing who and where you are. For example, if you're travelling
+abroad and you connect to your employer's computers to check or send mail,
+you can inadvertently reveal your national origin and professional
+affiliation to anyone observing the network, even if the connection
+is encrypted.
+</p>
+<p>
+How does traffic analysis work? Internet data packets have two parts:
+a data payload and a header used for routing. The data payload is
+whatever is being sent, whether that's an email message, a web page, or an
+audio file. Even if you encrypt the data payload of your communications,
+traffic analysis still reveals a great deal about what you're doing and,
+possibly, what you're saying. That's because it focuses on the header,
+which discloses source, destination, size, timing, and so on.
+</p>
+<p>
+A basic problem for the privacy minded is that the recipient of your
+communications can see that you sent it by looking at headers. So can
+authorized intermediaries like Internet service providers, and sometimes
+unauthorized intermediaries as well. A very simple form of traffic
+analysis might involve sitting somewhere between sender and recipient on
+the network, looking at headers.
+</p>
+<p>
+But there are also more powerful kinds of traffic analysis. Some
+attackers spy on multiple parts of the Internet and use sophisticated
+statistical techniques to track the communications patterns of many
+different organizations and individuals. Encryption does not help against
+these attackers, since it only hides the content of Internet traffic, not
+the headers.
+</p>
+<a name="thesolution"></a>
+<h3><a class="anchor" href="#thesolution">The solution: a distributed, anonymous network</a></h3>
+<p>
+Tor helps to reduce the risks of both simple and sophisticated traffic
+analysis by distributing your transactions over several places on the
+Internet, so no single point can link you to your destination. The idea
+is similar to using a twisty, hard-to-follow route in order to throw off
+somebody who is tailing you — and then periodically erasing your
+footprints. Instead of taking a direct route from source to
+destination, data packets on the Tor network take a random pathway
+through several relays that cover your tracks so no observer at any
+single point can tell where the data came from or where it's going.
+</p>
+<img src="/images/htw1.png" alt="Tor circuit step one" width="510" height="326" class="imagefloat">
+<p>
+To create a private network pathway with Tor, the user's software or
+client incrementally builds a circuit of encrypted connections through
+relays on the network. The circuit is extended one hop at a time, and
+each relay along the way knows only which relay gave it data and which
+relay it is giving data to. No individual relay ever knows the
+complete path that a data packet has taken. The client negotiates a
+separate set of encryption keys for each hop along the circuit to ensure
+that each hop can't trace these connections as they pass through.
+</p>
+<img src="/images/htw2.png" alt="Tor circuit step two" width="510" height="326" class="imagefloat">
+<p>
+Once a circuit has been established, many kinds of data can be exchanged
+and several different sorts of software applications can be deployed
+over the Tor network. Because each relay sees no more than one hop in
+the circuit, neither an eavesdropper nor a compromised relay can use
+traffic analysis to link the connection's source and destination. Tor
+only works for TCP streams and can be used by any application with SOCKS
+support.
+</p>
+<p>
+For efficiency, the Tor software uses the same circuit for connections
+that happen within the same ten minutes or so. Later requests are given a
+new circuit, to keep people from linking your earlier actions to the new
+ones.
+</p>
+<img src="/images/htw3.png" alt="Tor circuit step three" width="510" height="326" class="imagefloat">
+<a name="hiddenservices"></a>
+<h3><a class="anchor" href="#hiddenservices">Hidden services</a></h3>
+<p>
+Tor also makes it possible for users to hide their locations while
+offering various kinds of services, such as web publishing or an instant
+messaging server. Using Tor "rendezvous points," other Tor users can
+connect to these hidden services, each without knowing the other's
+network identity. This hidden service functionality could allow Tor
+users to set up a website where people publish material without worrying
+about censorship. Nobody would be able to determine who was offering
+the site, and nobody who offered the site would know who was posting to it.
+Learn more about <a href="docs/tor-hidden-service.html.en">configuring
+hidden services</a> and how the <a href="hidden-services.html.en">hidden
+service protocol</a> works.
+</p>
+<a name="stayinganonymous"></a>
+<h3><a class="anchor" href="#stayinganonymous">Staying anonymous</a></h3>
+<p>
+Tor can't solve all anonymity problems. It focuses only on
+protecting the transport of data. You need to use protocol-specific
+support software if you don't want the sites you visit to see your
+identifying information. For example, you can use web proxies such as
+Privoxy while web browsing to block cookies and withhold information
+about your browser type.
+</p>
+<p>
+Also, to protect your anonymity, be smart. Don't provide your name
+or other revealing information in web forms. Be aware that, like all
+anonymizing networks that are fast enough for web browsing, Tor does not
+provide protection against end-to-end timing attacks: If your attacker
+can watch the traffic coming out of your computer, and also the traffic
+arriving at your chosen destination, he can use statistical analysis to
+discover that they are part of the same circuit.
+</p>
+<a name="thefutureoftor"></a>
+<h3><a class="anchor" href="#thefutureoftor">The future of Tor</a></h3>
+<p>
+Providing a usable anonymizing network on the Internet today is an
+ongoing challenge. We want software that meets users' needs. We also
+want to keep the network up and running in a way that handles as many
+users as possible. Security and usability don't have to be at odds:
+As Tor's usability increases, it will attract more users, which will
+increase the possible sources and destinations of each communication,
+thus increasing security for everyone.
+We're making progress, but we need your help. Please consider
+<a href="docs/tor-doc-relay.html.en">running a relay</a>
+or <a href="volunteer.html.en">volunteering</a> as a
+<a href="documentation.html.en#Developers">developer</a>.
+</p>
+<p>
+Ongoing trends in law, policy, and technology threaten anonymity as never
+before, undermining our ability to speak and read freely online. These
+trends also undermine national security and critical infrastructure by
+making communication among individuals, organizations, corporations,
+and governments more vulnerable to analysis. Each new user and relay
+provides additional diversity, enhancing Tor's ability to put control
+over your security and privacy back into your hands.
+</p>
+ </div><!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/people.php
===================================================================
--- website/branches/zed/beta/people.php (rev 0)
+++ website/branches/zed/beta/people.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,252 @@
+<?php
+$pagename = "Tor: people";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bg">
+ <h2>Tor: People</h2>
+ <p>The Tor Project is a 501(c)(3) non-profit based in the United States. The
+ official address of the organization is: </p>
+ <address>
+ The Tor Project<br>
+ 122 Scott Circle<br>
+ Dedham, MA 02026-6416 USA<br>
+ </address>
+ <p>The organization consists of many volunteers and a few employees. Please
+ don't contact us individually about Tor topics — if you have a problem
+ or question, please look through the <a href="contact.html.html">contact
+ page</a> for appropriate addresses.</p>
+ <a id="Core"></a>
+ <h3><a class="anchor" href="#Core">Core Tor people:</a></h3>
+ <dl>
+ <dt>Jacob Appelbaum (Developer and Advocate)</dt>
+ <dd>Runs the <a
+href="https://check.torproject.org/">Tor DNSEL</a> <a
+href="http://exitlist.torproject.org/">site</a>, the <a
+href="https://translation.torproject.org/">Tor Translation Portal</a>, and also
+ the in-progress Tor weather site.</dd>
+ <dt>Roger Dingledine (Project Leader; Director)</dt>
+ <dd>Original developer of Tor; now plays pretty much all the roles to keep
+ everything on track.</dd>
+ <dt>Matt Edman (Developer)</dt>
+ <dd>Lead developer for <a
+href="http://vidalia-project.net/">Vidalia</a>, a cross-platform Tor GUI included
+ in the Windows and OS X bundles.</dd>
+ <dt>Sebastian Hahn</dt>
+ <dd> Worked during the 2008 Google Summer of Code on a networking application
+ to automatically carry out tests for Tor. Currently assists in migration
+ to Git and generally helps out a lot.</dd>
+ <dt>Andrew Lewman (Executive Director; Director)</dt>
+ <dd>Manages the business operations of The Tor Project, Inc. Builds packages
+ for Windows, OS X, Red Hat, and SuSE. </dd>
+ <dt>Karsten Loesing (Developer)</dt>
+ <dd> Worked during the 2007 Google Summer of Code on <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/114-distributed-storage.txt">distributing
+ and securing the publishing and fetching of hidden service descriptors</a>.
+ Currently working on <a href="projects/hidserv.html.html">making hidden
+ services faster and more reliable</a>, and on <a href="projects/metrics.html.html">metrics</a>.</dd>
+ <dt>Nick Mathewson (Chief architect; Director)</dt>
+ <dd>One of the three original designers of Tor; does a lot of the ongoing
+ design work. One of the two main developers, along with Roger.</dd>
+ <dt>Steven Murdoch (Researcher and Developer)</dt>
+ <dd>Researcher at the University of Cambridge, currently funded by The Tor
+ Project to improve the security, performance, and usability of Tor. Creator
+ of the <a href="torbrowser/index.html.html">Tor Browser Bundle</a>.</dd>
+ <dt>Peter Palfrader</dt>
+ <dd>Manages the Debian packages, runs one of the directory authorities,
+ runs the website and the wiki, and generally helps out a lot.</dd>
+ <dt>Martin Peck (Developer)</dt>
+ <dd>Working on a VM-based transparent proxying approach for Tor clients
+ on Windows.</dd>
+ <dt>Mike Perry (Developer)</dt>
+ <dd>Author of <a
+href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>, a Tor
+ controller that builds paths through the Tor network and measures various
+ properties and behaviors, and new author of <a
+href="torbutton/index.html.html">Torbutton</a>.</dd>
+ <dt>Paul Syverson</dt>
+ <dd>Inventor of <a
+href="http://www.onion-router.net/">Onion Routing</a>, original designer of Tor
+ along with Roger and Nick, and project leader for original design, development,
+ and deployment of Tor. Currently helps out with research and design.</dd>
+ <dt>Jillian C. York</dt>
+ <dd><a href="http://jilliancyork.com/">Jillian C. York</a> is a writer,
+ blogger, and activist based in Boston. She blogs on the uses of Tor and
+ anonymity at <a
+href="http://www.knightpulse.org/blog/tor">KnightPulse</a>.</dd>
+ </dl>
+ <a id="Board"></a>
+ <h3><a class="anchor" href="#Board">The Tor Project Board of Directors:</a></h3>
+ <dl>
+ <dt>Ian Goldberg (Director)</dt>
+ <dd>Cryptographer, privacy expert, and professor; one of the designers of
+ <a
+href="http://www.cypherpunks.ca/otr/">Off-the-Record Messaging</a>.</dd>
+ <dt>Xianghui (Isaac) Mao (Director)</dt>
+ <dd>Chinese blogging and privacy activist. His current activities can be
+ found at <a href="http://isaacmao.com/">his website</a>.</dd>
+ <dt>Frank Rieger (Director)</dt>
+ <dd>CTO of <a href="http://www.gsmk.de/">GSMK Cryptophone</a>.</dd>
+ <dt>Wendy Seltzer (Director)</dt>
+ <dd>Lawyer, cyberlaw professor, and founder of <a
+href="http://chillingeffects.org/">ChillingEffects.org</a>.</dd>
+ <dt>Fred von Lohmann (Director)</dt>
+ <dd>Fred is a Senior Intellectual Property Attorney at the Electronic Frontier
+ Foundation (EFF). His complete bio can be found at the <a
+href="http://www.eff.org/about/staff/?f=fred_von_lohmann.html">EFF Staff Site</a>.</dd>
+ <dt>Along with Roger, Nick, and Andrew listed above as Directors.</dt>
+ </dl>
+ <a id="Translators"></a>
+ <h3><a class="anchor" href="#Translators">Core translators:</a></h3>
+ <dl>
+ <dt>Bogdan Drozdowski</dt>
+ <dd><a
+href="index.html-12.html">Polish</a>.</dd>
+ <dt>fredzupy</dt>
+ <dd><a
+href="index.html-6.html">French</a>.</dd>
+ <dt>Ruben Garcia</dt>
+ <dd><a
+href="index.html-3.html">Spanish</a>.</dd>
+ <dt>Jens Kubieziel and Oliver Knapp</dt>
+ <dd><a
+href="index.html-2.html">German</a>.</dd>
+ <dt>Pei Hanru and bridgefish</dt>
+ <dd><a
+href="index.html-17.html">Simplified Chinese</a>.</dd>
+ <dt>Jan Reister</dt>
+ <dd><a
+href="index.html-7.html">Italian</a>.</dd>
+ <dt>Masaki Taniguchi</dt>
+ <dd><a
+href="index.html-8.html">Japanese</a>.</dd>
+ <dt>Jan Woning</dt>
+ <dd><a
+href="index.html-10.html">Dutch</a>.</dd>
+ <dt>ygrek</dt>
+ <dd><a
+href="index.html-14.html">Russian</a>.</dd>
+ </dl>
+ <a id="Volunteers"></a>
+ <h3><a class="anchor" href="#Volunteers">More volunteers:</a></h3>
+ <dl>
+ <dt>Anonym</dt>
+ <dd>Maintainer of the Incognito LiveCD.</dd>
+ <dt>Kevin Bankston</dt>
+ <dd>EFF lawyer who helped write the <a
+href="eff/tor-legal-faq.html.html">Tor Legal FAQ</a> and tirelessly answers the
+ phone when somebody in the world has a legal question about Tor.</dd>
+ <dt>Christian Fromme</dt>
+ <dd>Helps out on Tor weather, gettor, and other projects.</dd>
+ <dt>Kasimir Gabert</dt>
+ <dd>Maintains the <a
+href="https://torstatus.kgprog.com/">TorStatus</a> statistics pages.</dd>
+ <dt>Geoff Goodell</dt>
+ <dd>Started the <a
+href="https://svn.torproject.org/svn/blossom/trunk/">Blossom project</a> which
+ uses Tor as its overlay network; also helped motivate Tor's control interface
+ to be as flexible as it is.</dd>
+ <dt>Aleksei Gorny</dt>
+ <dd> Working on Tor exit scanner improvements (<a
+href="https://svn.torproject.org/cgi-bin/viewcvs.cgi/torflow/branches/gsoc2008/">svn</a>),
+ originally started as part of Google Summer of Code 2008.</dd>
+ <dt>Robert Hogan</dt>
+ <dd>Developer for the <a
+href="http://tork.sf.net/">TorK</a> Tor controller.</dd>
+ <dt>Fabian Keil</dt>
+ <dd>One of the core Privoxy developers, and also a Tor fan. He's the reason
+ Tor and Privoxy still work well together.</dd>
+ <dt>Julius Mittenzwei</dt>
+ <dd>A lawyer with the CCC in Germany. Coordinates the German Tor community
+ with respect to legal questions and concerns.</dd>
+ <dt>Shava Nerad</dt>
+ <dd>Our former Development Director. She still works on PR and community
+ relations.</dd>
+ <dt>Lasse Øverlier</dt>
+ <dd>Writes research papers on Tor: attacks, defenses, and resource management,
+ especially for hidden services.</dd>
+ <dt>rovv (a pseudonym -- he's managed to stay anonymous even from us!)</dt>
+ <dd>The most dedicated bug reporter we've ever heard from. He must read
+ Tor source code every day over breakfast.</dd>
+ <dt>tup (another pseudonym)</dt>
+ <dd>Periodically adds new features for making Tor easier to use as a <a
+href="https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy">transparent
+ proxy</a>. Also maintains the <a
+href="http://p56soo2ibjkx23xo.onion/">TorDNSEL code</a>.</dd>
+ <dt>Kyle Williams</dt>
+ <dd>Developer for JanusVM, a VMWare-based transparent Tor proxy that makes
+ Tor easier to set up and use.</dd>
+ <dt>Ethan Zuckerman</dt>
+ <dd>A blogger who has written some <a href="http://www.ethanzuckerman.com/blog/?p=1019">interesting</a>
+ <a href="http://advocacy.globalvoicesonline.org/tools/guide/">tutorials</a>
+ for how, when, and whether to use Tor. He also teaches activists around
+ the world about Tor and related tools.</dd>
+ <dt>All our relay operators, people who write <a
+href="http://freehaven.net/anonbib/">research papers</a> about Tor, people who
+ teach others about Tor, etc.</dt>
+ </dl>
+ <a id="Past"></a>
+ <h3><a class="anchor" href="#Past">Past thanks to:</a></h3>
+ <dl>
+ <dt>Domenik Bork</dt>
+ <dd> Worked on Configuration of Hidden Services with User Authorization
+ in Vidalia (<a
+href="http://trac.vidalia-project.net/browser/vidalia/branches/hidden-services">svn</a>)
+ as part of Google Summer of Code 2008.</dd>
+ <dt>Benedikt Boss</dt>
+ <dd>Worked during the 2007 Google Summer of Code on <a
+href="https://svn.torproject.org/svn/topf/trunk/README">TOPF</a>, a fuzzer for
+ Tor; mentored by Roger.</dd>
+ <dt>Ren Bucholz</dt>
+ <dd>Our fine logo and images.</dd>
+ <dt>Fallon Chen</dt>
+ <dd> Worked on Improving Tor Path Selection (<a
+href="https://svn.torproject.org/cgi-bin/viewcvs.cgi/torflow/branches/gsoc2008/">svn</a>)
+ as part of Google Summer of Code 2008.</dd>
+ <dt>Pat Double</dt>
+ <dd>Creator of the Incognito LiveCD.</dd>
+ <dt>Justin Hipple</dt>
+ <dd>The other developer for Vidalia.</dd>
+ <dt>Christian King</dt>
+ <dd> Worked during the 2007 Google Summer of Code on making Tor relays stable
+ on Windows, by developing a <a
+href="https://svn.torproject.org/svn/libevent-urz/trunk/README">buffer implementation
+ for libevent</a>; mentored by Nick.</dd>
+ <dt>Joe Kowalski</dt>
+ <dd>Original author and provider of the torstatus script formerly run on
+ nighteffect.</dd>
+ <dt>Adam Langley</dt>
+ <dd>Our fine eventdns code.</dd>
+ <dt>Rebecca MacKinnon</dt>
+ <dd>Former Director of Tor. Co-Founder of <a
+href="http://www.globalvoicesonline.org/">Global Voices Online</a>.</dd>
+ <dt>Chris Palmer</dt>
+ <dd>Our liaison and tech guy with EFF while EFF was funding us. Also helped
+ advocate and write end-user docs.</dd>
+ <dt>Matej Pfajfar</dt>
+ <dd>Author of the original onion routing code that Tor is based on, so we
+ didn't have to start from scratch.</dd>
+ <dt>Johannes Renner</dt>
+ <dd> Worked during the 2007 Google Summer of Code on modifying <a
+href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a> to measure
+ various properties of the Tor network; mentored by Mike Perry.</dd>
+ <dt>Scott Squires</dt>
+ <dd>The original developer of <a
+href="torbutton/index.html.html">Torbutton</a>.</dd>
+ <dt>Camilo Viecco</dt>
+ <dd> Worked on Providing Blossom functionality to Vidalia (<a
+href="http://trac.vidalia-project.net/browser/vidalia/branches/exit-country">svn</a>)
+ as part of Google Summer of Code 2008.</dd>
+ <dt>Christian Wilms</dt>
+ <dd> Worked on Performance Enhancing Measures for Tor Hidden Services (<a
+href="https://svn.torproject.org/cgi-bin/viewcvs.cgi/tor/branches/hidserv-perf/">svn</a>)
+ as part of Google Summer of Code 2008.</dd>
+ </dl>
+ </div>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/sitemap.php
===================================================================
--- website/branches/zed/beta/sitemap.php (rev 0)
+++ website/branches/zed/beta/sitemap.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,260 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column"> <div class="bg">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+ <h2>Tor: sitemap</h2>
+ <!-- BEGIN SIDEBAR -->
+ <!-- END SIDEBAR -->
+<div class="sitemap">
+<li id="organisation"> <a href="/" class="dir" title="What is the Tor project? Who's involved?">Tor</a>
+ <ul>
+ <li> <a href="/30seconds.html" title="Why you need Tor.">Why use Tor?</a>
+ </li>
+ <li> <a href="/overview.html" title="What is Tor? Why would I want to use it? How does it work?">Overview</a>
+ </li>
+ <li> <a href="/people.html" title="Who participates in the project?">Contributors</a>
+ </li>
+ <li> <a href="/donate.html" title="Donate to the Tor project. (Tor is a non-profit organisation established to help prevent surveillance and censorship on the internet.)">Donations</a>
+ </li>
+ <li> <a href="/sponsors.html" title="Tor's financial supporters.">Sponsors</a>
+ </li>
+ <li> <a href="/translation-overview.html" title="Help translate Tor into your language!">Translators</a>
+ </li>
+ <li> <a href="/torusers.html" title="Who uses Tor? Could you benefit?">Users</a>
+ </li>
+ <li> <a href="/volunteer.html" title="How to help with the project.">Volunteers</a>
+ </li>
+ </ul>
+ </li>
+ <li id="news"> <a href="/news.html" class="dir" title="News, blog, & press sightings">News</a>
+ <ul>
+ <li class="first"> <a href="https://blog.torproject.org" title="News from the Tor front line.">Tor
+ Blog</a> </li>
+ <li> <a href="/press/" title="Tor press releases.">Press Releases</a>
+ </li>
+ <li> <a href="/tormedia" title="Tor coverage in the media at large.">In
+ The Media</a> </li>
+ <li> <a href="http://rss.gmane.org/gmane.network.onion-routing.announce" title="Low volume RSS Feed detailing Tor releases and security fixes.">Tor
+ Updates</a> </li>
+ </ul>
+ <li id="help"> <a href="/30seconds.html" class="dir" title="Get assistance with Tor!">Support</a>
+ <ul>
+ <li><span class="dir"><a href=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#RunningAClient title="Configuring and troubleshooting Tor.">For
+ Tor Users</a></span>
+ <ul>
+ <li> <span class="dir">Installation</span>
+ <ul>
+ <li class="first"> <a href="/docs/tor-doc-windows.html">Win32</a>
+ </li>
+ <li> <a href="/docs/tor-doc-osx.html.en">OS X</a> </li>
+ <li> <a href="/docs/tor-doc-unix.html.en">Linux/Unix/BSD</a>
+ </li>
+ <li> <a href="/torbutton/index.html">Torbutton</a> </li>
+ </ul>
+ </li>
+ <li> <span class="dir">Configuration</span>
+ <ul>
+ <li class="first"> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate" title="How do I test that Tor is working? How can I be sure my connections are fully anonymized?">Is
+ Tor working?</a> </li>
+ <li> <a href="http://rootatlocalhost.bouldernet.org/tor_configurator.html" title="Generate a custom Tor configuration file (torrc) using a web based interface.">Torrc
+ Configurator</a></li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/PrivoxyConfig" title="Sample privoxy configuration file for use with the Unixish and Gnu/Linux packages.">Sample
+ Privoxy Config</a></li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#RelayCrashing" title="Help with troubleshooting Tor crashes.">Tor
+ Crashes</a> </li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO/BitTorrent?highlight=%2528bittorrent%2529#BitTorrent" title="Using Tor with BitTorrent, and how to configure it correctly.">Tor
+ & BitTorrent.</a> </li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO/IrcSilc" title="Configuring IRC clients for use with Tor.">Tor
+ & IRC</a> </li>
+ </ul>
+ <li class="first"> <a href="documentation.html" title="Tor's main documentation page.">Tor
+ Documentation</a>
+ <li> <a href="https://check.torproject.org" title="Verify your browser is using Tor [https://check.torproject.org].">Check
+ Tor works</a></li>
+ <li> <span class="dir"><a href="https://wiki.torproject.org">Tor
+ Wiki</a></span>
+ <ul>
+ <li class="first"> <a href="https://wiki.torproject.org/noreply/TheOnionRouter" title="The Onion Router Wiki">Main
+ Page</a></li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ" title="Tor Wiki Frequently Asked Questions.">Tor
+ Wiki FAQ</a> </li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#GoogleSpyware" title="Why does Google report that my machine is infected with spyware?">Tor
+ & Google</a> </li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/SupportPrograms" title="A list of programs you may wish to use in conjunction with Tor.">Support
+ Programs</a> </li>
+ </ul>
+ </li>
+ <li> <a href="irc://irc.oftc.net/tor" title="Tor's official IRC support channel [#tor on irc.oftc.net].">IRC
+ support channel</a></li>
+ <li class="first"> <a href="https://torstatus.kgprog.com/" title="View status of available Tor nodes.">Tor
+ Relay Status</a></li>
+ <li> <a href="/docs/tor-hidden-service.html" title="How to configure a Tor hidden service.">Setup
+ Hidden Service</a></li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#AccessHiddenService" title="How to access Tor's hidden services.">View
+ Hidden Services</a> </li>
+ <li class="first"> <a href="/trademark-faq.html" title="All you need to know about Tor's trademarks.">Trademark
+ FAQ</a></li>
+ </ul>
+ <li title=""> <span class="dir">For Relay Operators</span>
+ <ul>
+ <li class="first"> <a href="/docs/tor-doc-relay.html" title="How to configure a Tor node.">Running
+ a Relay</a></li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DefaultPorts" title="Tor's default list of permitted exit ports used when running a relay.">Default
+ Exit Ports</a> </li>
+ <li> <a href="https://wiki.torproject.org/noreply/TheOnionRouter/OperationalSecurity" title="How to run a secure Tor server.">Tor
+ Relay Security</a> </li>
+ <li> <a href="/eff/tor-legal-faq.html" title="Legal guidance for Tor Relay Operators.">Legal
+ FAQ</a> </li>
+ <li> <a href="/eff/tor-dmca-response.html" title="Response template for Tor relay maintainer to ISP.">DMCA
+ Response</a> </li>
+ </ul>
+ <li title=""> <span class="dir">For Developers</span>
+ <ul>
+ <li class="first"> <a href="https://www.torproject.org/documentation.html.en#Developers" title="Help for Tor Developers">Developer
+ Help</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/" title="Browse Tor's repository">Browse
+ SVN </a></li>
+ <li> <a href="http://archives.seul.org/or/cvs/" title="List of Tor SVN commits">Tor
+ SVN Commits</a></li>
+ <li> <a href="http://cvs.seul.org/viewcvs/viewcvs.cgi/tor/?root=Tor" title="View Tor's source code">View
+ Tor's Source</a></li>
+ <li><a href="https://bugs.torproject.org" title="Review and report Tor bugs here.">Tor
+ Bug Tracker</a></li>
+ <li> <a href="http://archives.seul.org/or/dev/" title="Low volume Tor developer mailing list.">Dev's
+ Mailing List</a></li>
+ </ul>
+ <li> <span class="dir" title="Technical documents, specifications and proposals.">Technical
+ Docs</span>
+ <ul>
+ <li class="first"> <a href="/tor-manual.html" title="Concise Tor instruction manual (man pages).">Tor
+ Manual</a>
+ <li> <a href="/tor-manual-dev.html" title="Manual for development (unstable) version of Tor.">Tor
+ Dev Manual</a></li>
+ <li> <span class="dir">Specifications</span>
+ <ul>
+ <li class="first"> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/tor-spec.txt" title="Main Tor specification document.">Tor
+ Specification</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/dir-spec.txt" title="Tor version 3 directory server specification.">Directory
+ Spec. (v3)</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/control-spec.txt" title="Tor control protocol specification.">Control
+ Protocol Spec.</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/rend-spec.txt" title="Tor rendezvous specification.">Rendezvous
+ Spec.</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/path-spec.txt" title="Tor path selection specification.">Path
+ Selection Spec.</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/address-spec.txt" title="Special host names in Tor.">Address
+ Spec.</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt" title="Tor's SOCKS support and extensions.">SOCKS
+ Support</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/version-spec.txt" title="How Tor's version numbers work.">Version
+ Spec.</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/" title="In-progress drafts of new specifications and proposed changes.">Proposals</a></li>
+ </ul>
+ <li class="design"> <a href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/tor-design.html" title="Justifications and design considerations for Tor.">Tor
+ Design</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/blocking.html" title="Design of a blocking-resistant anonymity system (draft).">Defeating
+ Tor blocks</a></li>
+ <li> <a href="https://svn.torproject.org/svn/tor/trunk/doc/contrib/torel-design.txt" title="Document detailing proposal for the design for a DNS Exit List (DNSEL) for Tor exit nodes.">Tor
+ DNSEL Design</a></li>
+ <li> <a href="http://freehaven.net/anonbib/" title="Selected Papers in Anonymity.">Anonymity
+ Docs</a></li>
+ </ul>
+ <li class="first"> <a href="/faq" title="Frequently asked questions relating to Tor. (See also: Wiki FAQ).">Tor
+ FAQ</a></li>
+ <li title="Tor's Mailing Lists."> <span class="dir">Mailing Lists</span>
+ <ul>
+ <li class="first"> <a href="http://archives.seul.org/or/talk/" title="Tor's general purpose list for discussion of Tor and support.">Or-Talk</a>
+ </li>
+ <li> <a href="http://archives.seul.org/or/announce/" title="Tor's low volume announce list detailing new versions and security fixes.">Or-Announce</a>
+ </li>
+ <li> <a href="http://archives.seul.org/or/dev/" title="Tor's low volume developer list.">Or-Dev</a>
+ </li>
+ </ul>
+ </li>
+ <li title="Documents and tools to mitigate risk of abuse."> <span class="dir">Abuse</span>
+ <ul>
+ <li> <a href="/faq-abuse.html" title="How can Tor be abused, and what can I do to protect myself?">Abuse
+ FAQ</a> </li>
+ <li> <a href="https://www.torproject.org/faq-abuse.html.en#Bans" title="How do I block Tor access to my network or server?">Blocking
+ Tor</a> </li>
+ <li> <a href="https://www.torproject.org/faq-abuse.html.en#WhatAboutSpammers" title="Why Tor isn't the best tool for spammers.">Tor
+ and Spam</a> </li>
+ <li> <a href="https://check.torproject.org/cgi-bin/TorBulkExitList.py" title="Creates an IP list of active Tor nodes.">Exit
+ List Generator</a></li>
+ <li> <a href="/tordnsel/" title="Tor DNS Exit List (DNSEL) is an active testing, DNS-based list of Tor exit nodes.">Tor
+ DNSEL</a></li>
+ </ul>
+ <li> <a href="/contact.html" title="Get in touch with Tor">Contact</a>
+ </li>
+ </ul>
+ </li>
+ <li class="first"> <a href="/projects/" title="Related projects." class="dir">Projects</a>
+ <ul>
+ <li class="first"> <a href="/projects/google.html" title="Secure auto-update for Tor, sponsored by Google.">Auto-update</a>
+ </li>
+ <li><a href="/torbrowser/" title="Tor Browser Bundle (TBB) is a self-contained pre-configured Tor bundle with Firefox and Pidgin Instant Messenger for Windows.">Browser
+ Bundle</a> </li>
+ <li><a href="/projects/hidserv.html" title="Improving the performance of Tor Hidden Services.">Hidden
+ Services</a> </li>
+ <li> <a href="http://www.
+browseanonymouslyanywhere.com/incognito/" title="Incognito is an open source LiveDistro based on Gentoo Linux assisting you to securely and anonymously use the Internet almost anywhere you go.">Incognito</a>
+ </li>
+ <li><a href="/projects/lowbandwidth.html" title="Enhancing performance of Tor over low bandwidth connections.">Low-bandwidth</a></li>
+ <li> <a href="/projects/metrics.html" title="Measuring performance of the Tor network.">Metrics</a>
+ </li>
+ <li> <a href="http://portabletor.sourceforge.net/" title="A ready to run Tor for Windows, suitable for use on systems where installation isn't possible (eg netcafes, public libraries etc).">PortableTor</a>
+ </li>
+ <li><a href="http://fscked.org/projects/torflow" title="TorFlow is a set of python scripts written to scan the Tor network for misbehaving, misconfigured, and overloaded Tor nodes. ">TorFlow</a></li>
+ <li><a href="/torbutton/" title="Torbutton addon provides security enhancements to the Firefox web browser when in conjunction with Tor.">Torbutton</a>
+ </li>
+ <li><a href="http://www.anonymityanywhere.com/tork/" title="A Linux/KDE based gui controller for Tor. Single-click configuration for many apps, anonymous mail, configuration of Tor relays and hidden service etc.">TorK</a>
+ </li>
+ <li> <a href="/torvm/" title="TorVM is a virtual machine based on Qemu that acts as a transparent network proxy, enabling a more robust and secure Tor configuration for clients and relays.">TorVM</a>
+ </li>
+ <li> <a href="http://vidalia-project.net" title="Vidalia is cross platform gui controller for Tor. Available for Windows, OS X, Linux/Unix/BSD.">Vidalia</a>
+ </li>
+ </ul>
+ </li>
+
+ <li id="contribute"> <a href="/volunteer.html" class="dir" title="How to contribute to the Tor project. Donate, translate, run a relay, promote Tor in area..">Contribute</a>
+ <ul>
+ <li class="first"> <a href="/docs/tor-doc-relay.html" title="Run a relay and help the network.">Run a Relay</a> </li>
+ <li> <a href="/donate.html" title="Help the Tor project grow!">Donate</a>
+ </li>
+
+ <li> <a href="/translation.html" title="Help translate Tor into your language. Arabic and Farsi urgently needed!">Translate</a>
+ </li>
+ <li> <a href="/volunteer.html#Projects" title="Help with Tor's code and developing companion applications.">Develop</a>
+ </li>
+ <li> <a href="/volunteer.html#Documentation" title="Help write documentation and improve existing information.">Document</a>
+ </li>
+
+<li> <a href="/volunteer.html#Advocacy." title="Help promote Tor in your area!">Promote Tor</a> </ul>
+ </li>
+
+
+
+ <li id="download"> <a href="/easy-download.html" class="dir" title="Get Tor!">Download</a>
+ <ul>
+ <li class="first"> <a href="/easy-download.html" title="Bundle installer for Windows systems. (Contains Tor, Vidalia, Privoxy & Torbutton).">Windows
+ Bundle </a></li>
+ <li> <a href="/torbrowser/" title="Zero-install pre-configured Tor bundle with Firefox and Pidgin Instant Messenger for Windows.">
+ Browser Bundle</a> </li>
+ <li> <a href="/easy-download.html" title="Apple OS X installer. (Contains Tor, Vidalia, Polipo & Torbutton).">OS
+ X Bundle</a> </li>
+ <li> <a href="/download-unix.html" title="Downloads for various Unix & Linux distributions.">Unix
+ & Linux </a> </li>
+ <li><a href="/download.html" title="Downloads page for advanced users. Stable and development builds and bundles.">Advanced</a></li>
+ </ul>
+ </li>
+ </div>
+ </div>
+ </div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/test.php
===================================================================
--- website/branches/zed/beta/test.php (rev 0)
+++ website/branches/zed/beta/test.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,22 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("zedheader.inc.php");
+?>
+<div class="main-column">
+
+<form action="../styleswitch.php" method="post">
+<select name="set">
+<option value="zedstylesheet-ltr" selected>Light</option>
+<option value="black-zedstylesheet-ltr">Dark</option>
+</select>
+<input type="submit" value="Change Style">
+</form>
+
+
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/tor-legal-faq.php
===================================================================
--- website/branches/zed/beta/tor-legal-faq.php (rev 0)
+++ website/branches/zed/beta/tor-legal-faq.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,175 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bg">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+ <h2>Legal FAQ for Tor Relay Operators</h2>
+ <p>FAQ written by the Electronic Frontier Foundation (<a href="http://www.eff.org/">EFF</a>).
+ Last updated 25 Apr 2005.</p>
+ <p><strong>NOTE:</strong> This FAQ is for informational purposes only and
+ does not constitute legal advice. EFF has not analyzed any particular factual
+ situation or laws in drafting this FAQ. Our aim is to provide a general
+ description of the legal issues surrounding Tor in the United States. Different
+ factual situations and different legal jurisdictions will result in different
+ answers to a number of questions. Therefore, please do not act on this information
+ alone; if you have any specific legal problems, issues, or questions, seek
+ a complete review of your situation with a lawyer licensed to practice in
+ your jurisdiction. </p>
+ <p>Also, if you received this document from anywhere besides <a
+href="https://www.torproject.org/eff/tor-legal-faq.html">https://www.torproject.org/eff/tor-legal-faq.html</a>,
+ it may be out of date. Follow the link to get the latest version.</p>
+ <a id="Lawsuits"></a>
+ <h3><a class="anchor" href="#Lawsuits">Has anyone ever been sued for running
+ Tor? </a></h3>
+ <p><strong>No.</strong> Further, we believe that running a Tor node, including
+ a Tor exit node that allows people to anonymously send and receive traffic,
+ is lawful under U.S. law.</p>
+ <a id="IllegalPurposes"></a>
+ <h3><a class="anchor" href="#IllegalPurposes">Should I use Tor, or encourage
+ the use of Tor, for illegal purposes such as spamming, harassment, distribution
+ of child porn, or copyright infringement?</a></h3>
+ <p><strong>No.</strong> Tor has been developed to be a tool for free speech,
+ privacy, and human rights. It is not a tool designed or intended to be used
+ to break the law, either by Tor users or Tor relay operators.</p>
+ <p>We further recommend that you not keep any potentially illegal files on
+ the same machine you use for Tor, nor use that machine for any illegal purpose.
+ Although no Tor relay in the US has ever been seized, nor any relay operator
+ sued, the future possibility cannot be ruled out. If that happens, you will
+ want your machine to be clean.</p>
+ <a id="Promise"></a>
+ <h3><a class="anchor" href="#Promise">Can EFF promise that I won't get in
+ trouble for running a Tor relay?</a></h3>
+ <p><strong>No.</strong> All new technologies create legal uncertainties, and
+ Tor is no exception to the rule. Presently, no court has ever considered
+ any case involving the Tor technology, and we therefore cannot guarantee
+ that you will never face any legal liability as a result of running a Tor
+ relay. However, EFF believes so strongly that those running Tor relays shouldn't
+ be liable for traffic that passes through the relay that we're running our
+ own Tor relay. </p>
+ <a id="Represent"></a>
+ <h3><a class="anchor" href="#Represent">Will EFF represent me if I get in
+ trouble for running a Tor relay?</a></h3>
+ <p><strong>Maybe.</strong> While EFF cannot promise legal representation of
+ all Tor relay operators, it will assist relay operators in assessing the
+ situation and will try to locate qualified legal counsel when necessary.
+ Inquiries to EFF for the purpose of securing legal representation or referrals
+ should be directed to staff attorney Kevin Bankston (bankston at eff.org
+ or US +1 (415) 436-9333 x 126). Such inquiries will be kept confidential
+ subject to the limits of the attorney/client privilege. Note that although
+ EFF cannot practice law outside of the U.S., it will still try to assist
+ non-U.S. relay operators in finding local representation.</p>
+ <a id="DevelopersAreNotLawyers"></a>
+ <h3><a class="anchor" href="#DevelopersAreNotLawyers">Should I contact the
+ Tor developers when I have legal questions about Tor or to inform them if
+ I suspect Tor is being used for illegal purposes?</a></h3>
+ <p><strong>No.</strong> Tor's core developers, Roger Dingledine and Nick Mathewson,
+ are available to answer technical questions, but they are not lawyers and
+ cannot give legal advice. Nor do they have any ability to prevent illegal
+ activity that may occur through Tor relays. Furthermore, your communications
+ with Tor's core developers are not protected by any legal privilege, so
+ law enforcement or civil litigants could subpoena and obtain any information
+ you give to them.</p>
+ <a id="RequestForLogs"></a>
+ <h3><a class="anchor" href="#RequestForLogs">If I receive a request from law
+ enforcement or anyone else for my Tor relay's logs, what should I do?</a></h3>
+ <p><strong>Educate them about Tor.</strong> In most instances, properly configured
+ Tor relays will have no useful data for inquiring parties, and you should
+ feel free to educate them on this point. To the extent you do maintain logs,
+ however, you should not disclose them to any third party without first consulting
+ a lawyer. In the U.S., such a disclosure may violate the Electronic Communications
+ Privacy Act, and relay operators outside of the U.S. may be subject to similar
+ data protection laws.</p>
+ <p>You may receive legal inquiries where you are prohibited by law from telling
+ anyone about the request. We believe that, at least in the U.S., such gag
+ orders do not prevent you from talking to a lawyer, including calling a
+ lawyer to find representation. Inquiries to EFF for the purpose of securing
+ legal representation should be directed to staff attorney Kevin Bankston
+ (bankston at eff.org or US +1 (415) 436-9333 x126). Such inquiries will
+ be kept confidential subject to the limits of the attorney/client privilege.</p>
+ <p>EFF is currently working on informational materials to help you respond
+ to the most likely types of legal requests or notices, so watch this space.</p>
+ <a id="DMCA"></a>
+ <h3><a class="anchor" href="#DMCA">My ISP/University/etc just sent me a DMCA
+ notice. What should I do?</a></h3>
+ <p>The EFF has written a <a
+href="tor-dmca-response.html">short template</a> to help you write a response
+ to your ISP/University/etc, to let them know about the details of DMCA safe
+ harbor, and how Tor fits in. Note that this only refers to a U.S. jurisdiction.</p>
+ <p>If you like, you should consider submitting a copy of your notice to <a href="http://www.chillingeffects.org/">Chilling
+ Effects</a>. This will help us recognize trends and issues that the lawyers
+ might want to focus on. Chilling Effects encourages submissions from people
+ outside the United States too.</p>
+ <p>EFF is actively seeking Tor relay operators willing to stand up and help
+ set a clear legal precedent establishing that merely running a node does
+ not create copyright liability for either node operators or their bandwidth
+ providers. If you want to be the EFF's test case, <a href="http://archives.seul.org/or/talk/Oct-2005/msg00208.html">read
+ more here</a>.</p>
+ <a id="ExitSnooping"></a>
+ <h3><a class="anchor" href="#ExitSnooping">Should I snoop on the plaintext
+ that exits through my Tor relay?</a></h3>
+ <p><strong>No.</strong> You may be technically capable of modifying the Tor
+ source code or installing additional software to monitor or log plaintext
+ that exits your node. However, Tor relay operators in the U.S. can create
+ legal and possibly even criminal liability for themselves under state or
+ federal wiretap laws if they affirmatively monitor, log, or disclose Tor
+ users' communications, while non-U.S. operators may be subject to similar
+ laws. Do not examine the contents of anyone's communications without first
+ talking to a lawyer.</p>
+ <a id="DirectoryWarranty"></a>
+ <h3><a class="anchor" href="#DirectoryWarranty">Do Tor's core developers make
+ any promises about the trustworthiness or reliability of Tor relays that
+ are listed in their directory?</a></h3>
+ <p><strong>No.</strong> Although the developers attempt to verify that Tor
+ relays listed in the directory the core developers maintain are stable and
+ have adequate bandwidth, neither they nor EFF can guarantee the personal
+ trustworthiness or reliability of the individuals who run those relays.
+ Tor's core developers further reserve the right to refuse a Tor relay operator's
+ request to be listed in their directory or to remove any relay from their
+ directory for any reason.</p>
+ <a id="License"></a>
+ <h3><a class="anchor" href="#License">Is the Tor software subject to any license
+ terms?</a></h3>
+ <p><strong>Yes.</strong> The Tor software is distributed under the Modified
+ BSD license, and is reproduced below. The Vidalia software is distributed
+ under the GPL v2. Privoxy is distributed under the GPL v2. "src/common/strlcat.c
+ and src/common/strlcpy.c" by Todd C. Miller are licensed under the Modified
+ BSD license. </p>
+ <p>If you have Tor as a static binary with OpenSSL included, then you should
+ know: "This product includes software developed by the OpenSSL Project for
+ use in the OpenSSL Toolkit (http://www.openssl.org/)"</p>
+ <p>The Tor software license is the Modified BSD, which is as follows:</p>
+ <p>Copyright © 2001-2004, Roger Dingledine<br>
+ Copyright © 2004-2007, Roger Dingledine, Nick Mathewson<br>
+ Copyright © 2007-2008 The Tor Project, Inc.</p>
+ <p>Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:</p>
+ <ul>
+ <li>Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.</li>
+ <li>Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.</li>
+ <li>Neither the names of the copyright owners nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.</li>
+ </ul>
+ <p class="blurb">THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</p>
+ </div>
+ <!-- #main -->
+</div>
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/tor-manual-dev.php
===================================================================
--- website/branches/zed/beta/tor-manual-dev.php (rev 0)
+++ website/branches/zed/beta/tor-manual-dev.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,1569 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bg">
+ <H2>TOR</H2>
+ Section: User Commands (1)<BR>
+ Updated: January 2009<BR>
+ <A HREF="#index">Index</A> <A HREF="">Return to Main Contents</A>
+ <HR>
+ <A NAME="lbAB"> </A>
+ <h3>NAME</h3>
+ tor - The second-generation onion router <A NAME="lbAC"> </A>
+ <h3>SYNOPSIS</h3>
+ <B>tor</B> [<I>OPTION value</I>]... <A NAME="lbAD"> </A>
+ <h3>DESCRIPTION</h3>
+ <I>tor</I> is a connection-oriented anonymizing communication service. Users
+ choose a source-routed path through a set of nodes, and negotiate a "virtual
+ circuit" through the network, in which each node knows its predecessor
+ and successor, but no others. Traffic flowing down the circuit is unwrapped
+ by a symmetric key at each node, which reveals the downstream node.
+ <p>
+ <P> Basically <I>tor</I> provides a distributed network of servers ("onion
+ routers"). Users bounce their TCP streams -- web traffic, ftp, ssh,
+ etc -- around the routers, and recipients, observers, and even the routers
+ themselves have difficulty tracking the source of the stream. <A NAME="lbAE"> </A>
+ <h3>OPTIONS</h3>
+ <DL COMPACT>
+ <DT><B>-h, -help</B>
+ <DD>Display a short help message and exit.
+ </DL>
+ <DL COMPACT>
+ <DT><B>-f </B><I>FILE</I>
+ <DD> FILE contains further "option value" pairs. (Default: @CONFDIR@/torrc)
+ </DL>
+ <DL COMPACT>
+ <DT><B>--hash-password</B>
+ <DD> Generates a hashed password for control port access.
+ </DL>
+ <DL COMPACT>
+ <DT><B>--list-fingerprint</B>
+ <DD> Generate your keys and output your nickname and fingerprint.
+ </DL>
+ <DL COMPACT>
+ <DT><B>--verify-config</B>
+ <DD> Verify the configuration file is valid.
+ </DL>
+ <DL COMPACT>
+ <DT><B>--nt-service</B>
+ <DD> <B>--service [install|remove|start|stop]</B> Manage the Tor Windows
+ NT/2000/XP service. Current instructions can be found at <A HREF="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WinNTService">http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WinNTService</A>
+ </DL>
+ <DL COMPACT>
+ <DT><B>--list-torrc-options</B>
+ <DD> List all valid options.
+ </DL>
+ <DL COMPACT>
+ <DT><B>--version</B>
+ <DD> Display Tor version and exit.
+ </DL>
+ <DL COMPACT>
+ <DT><B>--quiet</B>
+ <DD> Do not start Tor with a console log unless explicitly requested to
+ do so. (By default, Tor starts out logging messages at level "notice"
+ or higher to the console, until it has parsed its configuration.)
+ </DL>
+ <DL COMPACT>
+ <DT>Other options can be specified either on the command-line (<I>--option
+ <DD> value</I>), or in the configuration file (<I>option value</I> or <I>option
+ "value"</I>). Options are case-insensitive. C-style escaped
+ characters are allowed inside quoted values.
+ </DL>
+ <DL COMPACT>
+ <DT><B>BandwidthRate </B><I>N</I> <B>bytes</B>|<B>KB</B>|<B>MB</B>|<B>GB</B>|<B>TB</B>
+ <DD> A token bucket limits the average incoming bandwidth usage on this
+ node to the specified number of bytes per second, and the average outgoing
+ bandwidth usage to that same value. (Default: 5 MB)
+ </DL>
+ <DL COMPACT>
+ <DT><B>BandwidthBurst </B><I>N</I> <B>bytes</B>|<B>KB</B>|<B>MB</B>|<B>GB</B>|<B>TB</B>
+ <DD> Limit the maximum token bucket size (also known as the burst) to the
+ given number of bytes in each direction. (Default: 10 MB)
+ </DL>
+ <DL COMPACT>
+ <DT><B>MaxAdvertisedBandwidth </B><I>N</I> <B>bytes</B>|<B>KB</B>|<B>MB</B>|<B>GB</B>|<B>TB</B>
+ <DD> If set, we will not advertise more than this amount of bandwidth for
+ our BandwidthRate. Server operators who want to reduce the number of clients
+ who ask to build circuits through them (since this is proportional to
+ advertised bandwidth rate) can thus reduce the CPU demands on their server
+ without impacting network performance.
+ </DL>
+ <DL COMPACT>
+ <DT><B>RelayBandwidthRate </B><I>N</I> <B>bytes</B>|<B>KB</B>|<B>MB</B>|<B>GB</B>|<B>TB</B>
+ <DD> If defined, a separate token bucket limits the average incoming bandwidth
+ usage for _relayed traffic_ on this node to the specified number of bytes
+ per second, and the average outgoing bandwidth usage to that same value.
+ Relayed traffic currently is calculated to include answers to directory
+ requests, but that may change in future versions. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>RelayBandwidthBurst </B><I>N</I> <B>bytes</B>|<B>KB</B>|<B>MB</B>|<B>GB</B>|<B>TB</B>
+ <DD> Limit the maximum token bucket size (also known as the burst) for _relayed
+ traffic_ to the given number of bytes in each direction. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ConnLimit </B><I>NUM</I>
+ <DD> The minimum number of file descriptors that must be available to the
+ Tor process before it will start. Tor will ask the OS for as many file
+ descriptors as the OS will allow (you can find this by "ulimit -H
+ -n"). If this number is less than ConnLimit, then Tor will refuse
+ to start. You probably don't need to adjust this. It has no effect on
+ Windows since that platform lacks getrlimit(). (Default: 1000)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ConstrainedSockets </B><B>0</B>|<B>1</B>
+ <DD> If set, Tor will tell the kernel to attempt to shrink the buffers for
+ all sockets to the size specified in <B>ConstrainedSockSize</B>. This
+ is useful for virtual servers and other environments where system level
+ TCP buffers may be limited. If you're on a virtual server, and you encounter
+ the "Error creating network socket: No buffer space available"
+ message, you are likely experiencing this problem.
+ <P> The preferred solution is to have the admin increase the buffer pool
+ for the host itself via /proc/sys/net/ipv4/tcp_mem or equivalent facility;
+ this configuration option is a second-resort.
+ <P> The DirPort option should also not be used if TCP buffers are scarce.
+ The cached directory requests consume additional sockets which exacerbates
+ the problem.
+ <P> You should <B>not</B> enable this feature unless you encounter the
+ "no buffer space available" issue. Reducing the TCP buffers
+ affects window size for the TCP stream and will reduce throughput in
+ proportion to round trip time on long paths. (Default: 0.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ConstrainedSockSize </B><I>N</I> <B>bytes</B>|<B>KB</B>
+ <DD> When <B>ConstrainedSockets</B> is enabled the receive and transmit
+ buffers for all sockets will be set to this limit. Must be a value between
+ 2048 and 262144, in 1024 byte increments. Default of 8192 is recommended.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ControlPort </B><I>Port</I>
+ <DD> If set, Tor will accept connections on this port and allow those connections
+ to control the Tor process using the Tor Control Protocol (described in
+ control-spec.txt). Note: unless you also specify one of <B>HashedControlPassword</B>
+ or <B>CookieAuthentication</B>, setting this option will cause Tor to
+ allow any process on the local host to control it. This option is required
+ for many Tor controllers; most use the value of 9051.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ControlListenAddress </B><I>IP</I>[:<I>PORT</I>]
+ <DD> Bind the controller listener to this address. If you specify a port,
+ bind to this port rather than the one specified in ControlPort. We strongly
+ recommend that you leave this alone unless you know what you're doing,
+ since giving attackers access to your control listener is really dangerous.
+ (Default: 127.0.0.1) This directive can be specified multiple times to
+ bind to multiple addresses/ports.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ControlSocket </B><I>Path</I>
+ <DD> Like ControlPort, but listens on a Unix domain socket, rather than
+ a TCP socket. (Unix and Unix-like systems only.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HashedControlPassword </B><I>hashed_password</I>
+ <DD> Don't allow any connections on the control port except when the other
+ process knows the password whose one-way hash is <I>hashed_password</I>.
+ You can compute the hash of a password by running "tor --hash-password
+ <I>password</I>". You can provide several acceptable passwords by
+ using more than HashedControlPassword line.
+ </DL>
+ <DL COMPACT>
+ <DT><B>CookieAuthentication </B><B>0</B>|<B>1</B>
+ <DD> If this option is set to 1, don't allow any connections on the control
+ port except when the connecting process knows the contents of a file named
+ "control_auth_cookie", which Tor will create in its data directory.
+ This authentication method should only be used on systems with good filesystem
+ security. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>CookieAuthFile </B><I>Path</I>
+ <DD> If set, this option overrides the default location and file name for
+ Tor's cookie file. (See CookieAuthentication above.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>CookieAuthFileGroupReadable </B><B>0</B>|<B>1</B>|<I>GroupName</I>
+ <DD> If this option is set to 0, don't allow the filesystem group to read
+ the cookie file. If the option is set to 1, make the cookie file readable
+ by the default GID. [Making the file readable by other groups is not yet
+ implemented; let us know if you need this for some reason.] (Default:
+ 0).
+ </DL>
+ <DL COMPACT>
+ <DT><B>DataDirectory </B><I>DIR</I>
+ <DD> Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
+ </DL>
+ <DL COMPACT>
+ <DT><B>DirServer </B>[<I>nickname</I>] [<B>flags</B>] <I>address</I><B>:</B><I>port
+ fingerprint</I>
+ <DD> Use a nonstandard authoritative directory server at the provided address
+ and port, with the specified key fingerprint. This option can be repeated
+ many times, for multiple authoritative directory servers. Flags are separated
+ by spaces, and determine what kind of an authority this directory is.
+ By default, every authority is authoritative for current ("v2")-style
+ directories, unless the "no-v2" flag is given.
+ <P>
+ <p>If the "v1" flags is provided, Tor will use this server as
+ an authority for old-style (v1) directories as well. (Only directory
+ mirrors care about this.) Tor will use this server as an authority for
+ hidden service information if the "hs" flag is set, or if
+ the "v1" flag is set and the "no-hs" flag is <B>not</B>
+ set. Tor will use this authority as a bridge authoritative directory
+ if the "bridge" flag is set. If a flag "orport=<B>port</B>"
+ is given, Tor will use the given port when opening encrypted tunnels
+ to the dirserver. Lastly, if a flag "v3ident=<B>fp</B>" is
+ given, the dirserver is a v3 directory authority whose v3 long-term
+ signing key has the fingerprint <B>fp</B>.
+ <P>
+ <P>If no <B>dirserver</B> line is given, Tor will use the default directory
+ servers. NOTE: this option is intended for setting up a private Tor
+ network with its own directory authorities. If you use it, you will
+ be distinguishable from other users, because you won't believe the same
+ authorities they do.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AlternateDirAuthority </B>[<I>nickname</I>] [<B>flags</B>] <I>address</I><B>:</B><I>port
+ fingerprint</I>
+ <DD>
+ </DL>
+ <DL COMPACT>
+ <DT><B>AlternateHSAuthority </B>[<I>nickname</I>] [<B>flags</B>] <I>address</I><B>:</B><I>port
+ fingerprint</I>
+ <DD>
+ </DL>
+ <DL COMPACT>
+ <DT><B>AlternateBridgeAuthority </B>[<I>nickname</I>] [<B>flags</B>] <I>address</I><B>:</B><I>port
+ fingerprint</I>
+ <DD> As DirServer, but replaces less of the default directory authorities.
+ Using AlternateDirAuthority replaces the default Tor directory authorities,
+ but leaves the hidden service authorities and bridge authorities in place.
+ Similarly, Using AlternateHSAuthority replaces the default hidden service
+ authorities, but not the directory or bridge authorities.
+ </DL>
+ <DL COMPACT>
+ <DT><B>FetchDirInfoEarly </B><B>0</B>|<B>1</B>
+ <DD> If set to 1, Tor will always fetch directory information like other
+ directory caches, even if you don't meet the normal criteria for fetching
+ early. Normal users should leave it off. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>FetchHidServDescriptors </B><B>0</B>|<B>1</B>
+ <DD> If set to 0, Tor will never fetch any hidden service descriptors from
+ the rendezvous directories. This option is only useful if you're using
+ a Tor controller that handles hidserv fetches for you. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>FetchServerDescriptors </B><B>0</B>|<B>1</B>
+ <DD> If set to 0, Tor will never fetch any network status summaries or server
+ descriptors from the directory servers. This option is only useful if
+ you're using a Tor controller that handles directory fetches for you.
+ (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>FetchUselessDescriptors </B><B>0</B>|<B>1</B>
+ <DD> If set to 1, Tor will fetch every non-obsolete descriptor from the
+ authorities that it hears about. Otherwise, it will avoid fetching useless
+ descriptors, for example for routers that are not running. This option
+ is useful if you're using the contributed "exitlist" script
+ to enumerate Tor nodes that exit to certain addresses. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HttpProxy</B> <I>host</I>[:<I>port</I>]
+ <DD> Tor will make all its directory requests through this host:port (or
+ host:80 if port is not specified), rather than connecting directly to
+ any directory servers.
+ </DL>
+ <DL COMPACT>
+ <DT><B>HttpProxyAuthenticator</B> <I>username:password</I>
+ <DD> If defined, Tor will use this username:password for Basic Http proxy
+ authentication, as in RFC 2617. This is currently the only form of Http
+ proxy authentication that Tor supports; feel free to submit a patch if
+ you want it to support others.
+ </DL>
+ <DL COMPACT>
+ <DT><B>HttpsProxy</B> <I>host</I>[:<I>port</I>]
+ <DD> Tor will make all its OR (SSL) connections through this host:port (or
+ host:443 if port is not specified), via HTTP CONNECT rather than connecting
+ directly to servers. You may want to set <B>FascistFirewall</B> to restrict
+ the set of ports you might try to connect to, if your Https proxy only
+ allows connecting to certain ports.
+ </DL>
+ <DL COMPACT>
+ <DT><B>HttpsProxyAuthenticator</B> <I>username:password</I>
+ <DD> If defined, Tor will use this username:password for Basic Https proxy
+ authentication, as in RFC 2617. This is currently the only form of Https
+ proxy authentication that Tor supports; feel free to submit a patch if
+ you want it to support others.
+ </DL>
+ <DL COMPACT>
+ <DT><B>KeepalivePeriod </B><I>NUM</I>
+ <DD> To keep firewalls from expiring connections, send a padding keepalive
+ cell every NUM seconds on open connections that are in use. If the connection
+ has no open circuits, it will instead be closed after NUM seconds of idleness.
+ (Default: 5 minutes)
+ </DL>
+ <DL COMPACT>
+ <DT><B>Log </B><I>minSeverity</I>[-<I>maxSeverity</I>] <B>stderr</B>|<B>stdout</B>|<B>syslog</B>
+ <DD> Send all messages between <I>minSeverity</I> and <I>maxSeverity</I>
+ to the standard output stream, the standard error stream, or to the system
+ log. (The "syslog" value is only supported on Unix.) Recognized
+ severity levels are debug, info, notice, warn, and err. We advise using
+ "notice" in most cases, since anything more verbose may provide
+ sensitive information to an attacker who obtains the logs. If only one
+ severity level is given, all messages of that level or higher will be
+ sent to the listed destination.
+ </DL>
+ <DL COMPACT>
+ <DT><B>Log </B><I>minSeverity</I>[-<I>maxSeverity</I>] <B>file</B> <I>FILENAME</I>
+ <DD> As above, but send log messages to the listed filename. The "Log"
+ option may appear more than once in a configuration file. Messages are
+ sent to all the logs that match their severity level.
+ </DL>
+ <DL COMPACT>
+ <DT><B>OutboundBindAddress </B><I>IP</I>
+ <DD> Make all outbound connections originate from the IP address specified.
+ This is only useful when you have multiple network interfaces, and you
+ want all of Tor's outgoing connections to use a single one.
+ </DL>
+ <DL COMPACT>
+ <DT><B>PidFile </B><I>FILE</I>
+ <DD> On startup, write our PID to FILE. On clean shutdown, remove FILE.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ProtocolWarnings </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor will log with severity 'warn' various cases of other parties
+ not following the Tor specification. Otherwise, they are logged with severity
+ 'info'. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>RunAsDaemon </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor forks and daemonizes to the background. This option has no
+ effect on Windows; instead you should use the --service command-line option.
+ (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>SafeLogging </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor replaces potentially sensitive strings in the logs (e.g.
+ addresses) with the string [scrubbed]. This way logs can still be useful,
+ but they don't leave behind personally identifying information about what
+ sites a user might have visited. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>User </B><I>UID</I>
+ <DD> On startup, setuid to this user and setgid to their primary group.
+ </DL>
+ <DL COMPACT>
+ <DT><B>HardwareAccel </B><B>0</B>|<B>1</B>
+ <DD> If non-zero, try to use crypto hardware acceleration when available.
+ This is untested and probably buggy. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AvoidDiskWrites </B><B>0</B>|<B>1</B>
+ <DD> If non-zero, try to write to disk less frequently than we would otherwise.
+ This is useful when running on flash memory or other media that support
+ only a limited number of writes. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TunnelDirConns </B><B>0</B>|<B>1</B>
+ <DD> If non-zero, when a directory server we contact supports it, we will
+ build a one-hop circuit and make an encrypted connection via its ORPort.
+ (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>PreferTunneledDirConns </B><B>0</B>|<B>1</B>
+ <DD> If non-zero, we will avoid directory servers that don't support tunneled
+ directory connections, when possible. (Default: 1)
+ </DL>
+ <A NAME="lbAF"> </A>
+ <h3>CLIENT OPTIONS</h3>
+ <P> The following options are useful only for clients (that is, if <B>SocksPort</B>
+ is non-zero):
+ <DL COMPACT>
+ <DT><B>AllowInvalidNodes</B> <B>entry</B>|<B>exit</B>|<B>middle</B>|<B>introduction</B>|<B>rendezvous</B>|...
+ <DD> If some Tor servers are obviously not working right, the directory
+ authorities can manually mark them as invalid, meaning that it's not recommended
+ you use them for entry or exit positions in your circuits. You can opt
+ to use them in some circuit positions, though. The default is "middle,rendezvous",
+ and other choices are not advised.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ExcludeSingleHopRelays </B><B>0</B>|<B>1</B>
+ <DD> This option controls whether circuits built by Tor will include relays
+ with the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays
+ is set to 0, these relays will be included. Note that these relays might
+ be at higher risk of being seized or observed, so they are not normally
+ included. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>Bridge </B><I>IP:ORPort</I> [fingerprint]
+ <DD> When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort"
+ as a "bridge" relaying into the Tor network. If "fingerprint"
+ is provided (using the same format as for DirServer), we will verify that
+ the relay running at that location has the right fingerprint. We also
+ use fingerprint to look up the bridge descriptor at the bridge authority,
+ if it's provided and if UpdateBridgesFromAuthority is set too.
+ </DL>
+ <DL COMPACT>
+ <DT><B>CircuitBuildTimeout </B><I>NUM</I>
+ <DD> Try for at most NUM seconds when building circuits. If the circuit
+ isn't open in that time, give up on it. (Default: 1 minute.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>CircuitIdleTimeout </B><I>NUM</I>
+ <DD> If we have kept a clean (never used) circuit around for NUM seconds,
+ then close it. This way when the Tor client is entirely idle, it can expire
+ all of its circuits, and then expire its TLS connections. Also, if we
+ end up making a circuit that is not useful for exiting any of the requests
+ we're receiving, it won't forever take up a slot in the circuit list.
+ (Default: 1 hour.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ClientOnly </B><B>0</B>|<B>1</B>
+ <DD> If set to 1, Tor will under no circumstances run as a server or serve
+ directory requests. The default is to run as a client unless ORPort is
+ configured. (Usually, you don't need to set this; Tor is pretty smart
+ at figuring out whether you are reliable and high-bandwidth enough to
+ be a useful server.) (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ExcludeNodes </B><I>node</I>,<I>node</I>,<I>...</I>
+ <DD> A list of identity fingerprints, nicknames, country codes and address
+ patterns of nodes to never use when building a circuit. (Example: ExcludeNodes
+ SlowServer, $ABCDEFFFFFFFFFFFFFFF, {cc}, 255.254.0.0/8)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ExcludeExitNodes </B><I>node</I>,<I>node</I>,<I>...</I>
+ <DD> A list of identity fingerprints, nicknames, country codes and address
+ patterns of nodes to never use when picking an exit node. Note that any
+ node listed in ExcludeNodes is automatically considered to be part of
+ this list.
+ </DL>
+ <DL COMPACT>
+ <DT><B>EntryNodes </B><I>node</I>,<I>node</I>,<I>...</I>
+ <DD> A list of identity fingerprints, nicknames, country codes and address
+ patterns of nodes to use for the first hop in the circuit. These are treated
+ only as preferences unless StrictEntryNodes (see below) is also set.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ExitNodes </B><I>node</I>,<I>node</I>,<I>...</I>
+ <DD> A list of identity fingerprints, nicknames, country codes and address
+ patterns of nodes to use for the last hop in the circuit. These are treated
+ only as preferences unless StrictExitNodes (see below) is also set.
+ </DL>
+ <DL COMPACT>
+ <DT><B>StrictEntryNodes </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor will never use any nodes besides those listed in "EntryNodes"
+ for the first hop of a circuit.
+ </DL>
+ <DL COMPACT>
+ <DT><B>StrictExitNodes </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor will never use any nodes besides those listed in "ExitNodes"
+ for the last hop of a circuit.
+ </DL>
+ <DL COMPACT>
+ <DT><B>FascistFirewall </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor will only create outgoing connections to ORs running on ports
+ that your firewall allows (defaults to 80 and 443; see <B>FirewallPorts</B>).
+ This will allow you to run Tor as a client behind a firewall with restrictive
+ policies, but will not allow you to run as a server behind such a firewall.
+ If you prefer more fine-grained control, use ReachableAddresses instead.
+ </DL>
+ <DL COMPACT>
+ <DT><B>FirewallPorts </B><I>PORTS</I>
+ <DD> A list of ports that your firewall allows you to connect to. Only used
+ when <B>FascistFirewall</B> is set. This option is deprecated; use ReachableAddresses
+ instead. (Default: 80, 443)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HidServAuth </B><I>onion-address</I> <I>auth-cookie</I> <I>service-name</I>
+ <DD> Client authorization for a hidden service. Valid onion addresses contain
+ 16 characters in a-z2-7 plus ".onion", and valid auth cookies
+ contain 22 characters in A-Za-z0-9+/. The service name is only used for
+ internal purposes, e.g., for Tor controllers. This option may be used
+ multiple times for different hidden services. If a hidden service uses
+ authorization and this option is not set, the hidden service is not accessible.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ReachableAddresses </B><I>ADDR</I>[<B>/</B><I>MASK</I>][:<I>PORT</I>]...
+ <DD> A comma-separated list of IP addresses and ports that your firewall
+ allows you to connect to. The format is as for the addresses in ExitPolicy,
+ except that "accept" is understood unless "reject"
+ is explicitly provided. For example, 'ReachableAddresses 99.0.0.0/8, reject
+ 18.0.0.0/8:80, accept *:80' means that your firewall allows connections
+ to everything inside net 99, rejects port 80 connections to net 18, and
+ accepts connections to port 80 otherwise. (Default: 'accept *:*'.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ReachableDirAddresses </B><I>ADDR</I>[<B>/</B><I>MASK</I>][:<I>PORT</I>]...
+ <DD> Like <B>ReachableAddresses</B>, a list of addresses and ports. Tor
+ will obey these restrictions when fetching directory information, using
+ standard HTTP GET requests. If not set explicitly then the value of <B>ReachableAddresses</B>
+ is used. If <B>HttpProxy</B> is set then these connections will go through
+ that proxy.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ReachableORAddresses </B><I>ADDR</I>[<B>/</B><I>MASK</I>][:<I>PORT</I>]...
+ <DD> Like <B>ReachableAddresses</B>, a list of addresses and ports. Tor
+ will obey these restrictions when connecting to Onion Routers, using TLS/SSL.
+ If not set explicitly then the value of <B>ReachableAddresses</B> is used.
+ If <B>HttpsProxy</B> is set then these connections will go through that
+ proxy.
+ <p>
+ <P> The separation between <B>ReachableORAddresses</B> and <B>ReachableDirAddresses</B>
+ is only interesting when you are connecting through proxies (see <B>HttpProxy</B>
+ and <B>HttpsProxy</B>). Most proxies limit TLS connections (which Tor
+ uses to connect to Onion Routers) to port 443, and some limit HTTP GET
+ requests (which Tor uses for fetching directory information) to port
+ 80.
+ </DL>
+ <DL COMPACT>
+ <DT><B>LongLivedPorts </B><I>PORTS</I>
+ <DD> A list of ports for services that tend to have long-running connections
+ (e.g. chat and interactive shells). Circuits for streams that use these
+ ports will contain only high-uptime nodes, to reduce the chance that a
+ node will go down before the stream is finished. (Default: 21, 22, 706,
+ 1863, 5050, 5190, 5222, 5223, 6667, 6697, 8300)
+ </DL>
+ <DL COMPACT>
+ <DT><B>MapAddress</B> <I>address</I> <I>newaddress</I>
+ <DD> When a request for address arrives to Tor, it will rewrite it to newaddress
+ before processing it. For example, if you always want connections to <A HREF="http://www.indymedia.org">www.indymedia.org</A>
+ to exit via <I>torserver</I> (where <I>torserver</I> is the nickname of
+ the server), use "MapAddress <A HREF="http://www.indymedia.org">www.indymedia.org</A>
+ <A HREF="http://www.indymedia.org.torserver.exit">www.indymedia.org.torserver.exit</A>".
+ </DL>
+ <DL COMPACT>
+ <DT><B>NewCircuitPeriod </B><I>NUM</I>
+ <DD> Every NUM seconds consider whether to build a new circuit. (Default:
+ 30 seconds)
+ </DL>
+ <DL COMPACT>
+ <DT><B>MaxCircuitDirtiness </B><I>NUM</I>
+ <DD> Feel free to reuse a circuit that was first used at most NUM seconds
+ ago, but never attach a new stream to a circuit that is too old. (Default:
+ 10 minutes)
+ </DL>
+ <DL COMPACT>
+ <DT><B>NodeFamily </B><I>node</I>,<I>node</I>,<I>...</I>
+ <DD> The Tor servers, defined by their identity fingerprints or nicknames,
+ constitute a "family" of similar or co-administered servers,
+ so never use any two of them in the same circuit. Defining a NodeFamily
+ is only needed when a server doesn't list the family itself (with MyFamily).
+ This option can be used multiple times.
+ </DL>
+ <DL COMPACT>
+ <DT><B>EnforceDistinctSubnets </B><B>0</B>|<B>1</B>
+ <DD> If 1, Tor will not put two servers whose IP addresses are "too
+ close" on the same circuit. Currently, two addresses are "too
+ close" if they lie in the same /16 range. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>SocksPort </B><I>PORT</I>
+ <DD> Advertise this port to listen for connections from Socks-speaking applications.
+ Set this to 0 if you don't want to allow application connections. (Default:
+ 9050)
+ </DL>
+ <DL COMPACT>
+ <DT><B>SocksListenAddress </B><I>IP</I>[:<I>PORT</I>]
+ <DD> Bind to this address to listen for connections from Socks-speaking
+ applications. (Default: 127.0.0.1) You can also specify a port (e.g. 192.168.0.1:9100).
+ This directive can be specified multiple times to bind to multiple addresses/ports.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SocksPolicy </B><I>policy</I>,<I>policy</I>,<I>...</I>
+ <DD> Set an entrance policy for this server, to limit who can connect to
+ the SocksPort and DNSPort ports. The policies have the same form as exit
+ policies below.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SocksTimeout </B><I>NUM</I>
+ <DD> Let a socks connection wait NUM seconds handshaking, and NUM seconds
+ unattached waiting for an appropriate circuit, before we fail it. (Default:
+ 2 minutes.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TrackHostExits </B><I>host</I>,<I>.domain</I>,<I>...</I>
+ <DD> For each value in the comma separated list, Tor will track recent connections
+ to hosts that match this value and attempt to reuse the same exit node
+ for each. If the value is prepended with a '.', it is treated as matching
+ an entire domain. If one of the values is just a '.', it means match everything.
+ This option is useful if you frequently connect to sites that will expire
+ all your authentication cookies (ie log you out) if your IP address changes.
+ Note that this option does have the disadvantage of making it more clear
+ that a given history is associated with a single user. However, most people
+ who would wish to observe this will observe it through cookies or other
+ protocol-specific means anyhow.
+ </DL>
+ <DL COMPACT>
+ <DT><B>TrackHostExitsExpire </B><I>NUM</I>
+ <DD> Since exit servers go up and down, it is desirable to expire the association
+ between host and exit server after NUM seconds. The default is 1800 seconds
+ (30 minutes).
+ </DL>
+ <DL COMPACT>
+ <DT><B>UpdateBridgesFromAuthority </B><B>0</B>|<B>1</B>
+ <DD> When set (along with UseBridges), Tor will try to fetch bridge descriptors
+ from the configured bridge authorities when feasible. It will fall back
+ to a direct request if the authority responds with a 404. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>UseBridges </B><B>0</B>|<B>1</B>
+ <DD> When set, Tor will fetch descriptors for each bridge listed in the
+ "Bridge" config lines, and use these relays as both entry guards
+ and directory guards. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>UseEntryGuards </B><B>0</B>|<B>1</B>
+ <DD> If this option is set to 1, we pick a few long-term entry servers,
+ and try to stick with them. This is desirable because constantly changing
+ servers increases the odds that an adversary who owns some servers will
+ observe a fraction of your paths. (Defaults to 1.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>NumEntryGuards </B><I>NUM</I>
+ <DD> If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
+ as long-term entries for our circuits. (Defaults to 3.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>SafeSocks </B><B>0</B>|<B>1</B>
+ <DD> When this option is enabled, Tor will reject application connections
+ that use unsafe variants of the socks protocol -- ones that only provide
+ an IP address, meaning the application is doing a DNS resolve first. Specifically,
+ these are socks4 and socks5 when not doing remote DNS. (Defaults to 0.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TestSocks </B><B>0</B>|<B>1</B>
+ <DD> When this option is enabled, Tor will make a notice-level log entry
+ for each connection to the Socks port indicating whether the request used
+ a safe socks protocol or an unsafe one (see above entry on SafeSocks).
+ This helps to determine whether an application using Tor is possibly leaking
+ DNS requests. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>VirtualAddrNetwork </B><I>Address</I><B>/</B><I>bits</I>
+ <DD> When a controller asks for a virtual (unused) address with the MAPADDRESS
+ command, Tor picks an unassigned address from this range. (Default: 127.192.0.0/10)
+ <p>
+ <P> When providing proxy server service to a network of computers using
+ a tool like dns-proxy-tor, change this address to "10.192.0.0/10"
+ or "172.16.0.0/12". The default <B>VirtualAddrNetwork</B>
+ address range on a properly configured machine will route to the loopback
+ interface. For local use, no change to the default <B>VirtualAddrNetwork</B>
+ setting is needed.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AllowNonRFC953Hostnames </B><B>0</B>|<B>1</B>
+ <DD> When this option is disabled, Tor blocks hostnames containing illegal
+ characters (like @ and :) rather than sending them to an exit node to
+ be resolved. This helps trap accidental attempts to resolve URLs and so
+ on. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>FastFirstHopPK </B><B>0</B>|<B>1</B>
+ <DD> When this option is disabled, Tor uses the public key step for the
+ first hop of creating circuits. Skipping it is generally safe since we
+ have already used TLS to authenticate the relay and to establish forward-secure
+ keys. Turning this option off makes circuit building slower.
+ <p>
+ <P> Note that Tor will always use the public key step for the first hop
+ if it's operating as a relay, and it will never use the public key step
+ if it doesn't yet know the onion key of the first hop. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TransPort</B> <I>PORT</I>
+ <DD> If non-zero, enables transparent proxy support on <I>PORT</I> (by convention,
+ 9040). Requires OS support for transparent proxies, such as BSDs' pf or
+ Linux's IPTables. If you're planning to use Tor as a transparent proxy
+ for a network, you'll want to examine and change VirtualAddrNetwork from
+ the default setting. You'll also want to set the TransListenAddress option
+ for the network you'd like to proxy. (Default: 0).
+ </DL>
+ <DL COMPACT>
+ <DT><B>TransListenAddress</B> <I>IP</I>[:<I>PORT</I>]
+ <DD> Bind to this address to listen for transparent proxy connections. (Default:
+ 127.0.0.1). This is useful for exporting a transparent proxy server to
+ an entire network.
+ </DL>
+ <DL COMPACT>
+ <DT><B>NATDPort</B> <I>PORT</I>
+ <DD> Allow old versions of ipfw (as included in old versions of FreeBSD,
+ etc.) to send connections through Tor using the NATD protocol. This option
+ is only for people who cannot use TransPort.
+ </DL>
+ <DL COMPACT>
+ <DT><B>NATDListenAddress</B> <I>IP</I>[:<I>PORT</I>]
+ <DD> Bind to this address to listen for NATD connections. (Default: 127.0.0.1).
+ </DL>
+ <DL COMPACT>
+ <DT><B>AutomapHostsOnResolve</B> <B>0</B>|<B>1</B>
+ <DD> When this option is enabled, and we get a request to resolve an address
+ that ends with one of the suffixes in <B>AutomapHostsSuffixes</B>, we
+ map an unused virtual address to that address, and return the new virtual
+ address. This is handy for making ".onion" addresses work with
+ applications that resolve an address and then connect to it. (Default:
+ 0).
+ </DL>
+ <DL COMPACT>
+ <DT><B>AutomapHostsSuffixes</B> <I>SUFFIX</I>,<I>SUFFIX</I>,...
+ <DD> A comma-separated list of suffixes to use with <B>AutomapHostsOnResolve</B>.
+ The "." suffix is equivalent to "all addresses." (Default:
+ .exit,.onion).
+ </DL>
+ <DL COMPACT>
+ <DT><B>DNSPort</B> <I>PORT</I>
+ <DD> If non-zero, Tor listens for UDP DNS requests on this port and resolves
+ them anonymously. (Default: 0).
+ </DL>
+ <DL COMPACT>
+ <DT><B>DNSListenAddress</B> <I>IP</I>[:<I>PORT</I>]
+ <DD> Bind to this address to listen for DNS connections. (Default: 127.0.0.1).
+ </DL>
+ <DL COMPACT>
+ <DT><B>ClientDNSRejectInternalAddresses</B> <B>0</B>|<B>1</B>
+ <DD> If true, Tor does not believe any anonymously retrieved DNS answer
+ that tells it that an address resolves to an internal address (like 127.0.0.1
+ or 192.168.0.1). This option prevents certain browser-based attacks; don't
+ turn it off unless you know what you're doing. (Default: 1).
+ </DL>
+ <DL COMPACT>
+ <DT><B>DownloadExtraInfo</B> <B>0</B>|<B>1</B>
+ <DD> If true, Tor downloads and caches "extra-info" documents.
+ These documents contain information about servers other than the information
+ in their regular router descriptors. Tor does not use this information
+ for anything itself; to save bandwidth, leave this option turned off.
+ (Default: 0).
+ </DL>
+ <DL COMPACT>
+ <DT><B>FallbackNetworkstatusFile</B> <I>FILENAME</I>
+ <DD> If Tor doesn't have a cached networkstatus file, it starts out using
+ this one instead. Even if this file is out of date, Tor can still use
+ it to learn about directory mirrors, so it doesn't need to put load on
+ the authorities. (Default: None).
+ </DL>
+ <DL COMPACT>
+ <DT><B>WarnPlaintextPorts</B> <I>port</I>,<I>port</I>,<I>...</I>
+ <DD> Tells Tor to issue a warnings whenever the user tries to make an anonymous
+ connection to one of these ports. This option is designed to alert users
+ to services that risk sending passwords in the clear. (Default: 23,109,110,143).
+ </DL>
+ <DL COMPACT>
+ <DT><B>RejectPlaintextPorts</B> <I>port</I>,<I>port</I>,<I>...</I>
+ <DD> Like WarnPlaintextPorts, but instead of warning about risky port uses,
+ Tor will instead refuse to make the connection. (Default: None).
+ </DL>
+ <A NAME="lbAG"> </A>
+ <h3>SERVER OPTIONS</h3>
+ <P> The following options are useful only for servers (that is, if <B>ORPort</B>
+ is non-zero):
+ <DL COMPACT>
+ <DT><B>Address </B><I>address</I>
+ <DD> The IP address or fqdn of this server (e.g. moria.mit.edu). You can
+ leave this unset, and Tor will guess your IP address.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AllowSingleHopExits </B><B>0</B>|<B>1</B>
+ <DD> This option controls whether clients can use this server as a single
+ hop proxy. If set to 1, clients can use this server as an exit even if
+ it is the only hop in the circuit. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AssumeReachable </B><B>0</B>|<B>1</B>
+ <DD> This option is used when bootstrapping a new Tor network. If set to
+ 1, don't do self-reachability testing; just upload your server descriptor
+ immediately. If <B>AuthoritativeDirectory</B> is also set, this option
+ instructs the dirserver to bypass remote reachability testing too and
+ list all connected servers as running.
+ </DL>
+ <DL COMPACT>
+ <DT><B>BridgeRelay </B><B>0</B>|<B>1</B>
+ <DD> Sets the relay to act as a "bridge" with respect to relaying
+ connections from bridge users to the Tor network. Mainly it influences
+ how the relay will cache and serve directory information. Usually used
+ in combination with PublishServerDescriptor.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ContactInfo </B><I>email_address</I>
+ <DD> Administrative contact information for server. This line might get
+ picked up by spam harvesters, so you may want to obscure the fact that
+ it's an email address.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ExitPolicy </B><I>policy</I>,<I>policy</I>,<I>...</I>
+ <DD> Set an exit policy for this server. Each policy is of the form "<B>accept</B>|<B>reject</B>
+ <I>ADDR</I>[<B>/</B><I>MASK</I>]<B>[:</B><I>PORT</I>]". If <B>/</B><I>MASK</I>
+ is omitted then this policy just applies to the host given. Instead of
+ giving a host or network you can also use "<B>*</B>" to denote
+ the universe (0.0.0.0/0). <I>PORT</I> can be a single port number, an
+ interval of ports "<I>FROM_PORT</I><B>-</B><I>TO_PORT</I>",
+ or "<B>*</B>". If <I>PORT</I> is omitted, that means "<B>*</B>".
+ <P> For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept
+ *:*" would reject any traffic destined for MIT except for web.mit.edu,
+ and accept anything else.
+ <P> To specify all internal and link-local networks (including 0.0.0.0/8,
+ 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12),
+ you can use the "private" alias instead of an address. These
+ addresses are rejected by default (at the beginning of your exit policy),
+ along with your public IP address, unless you set the ExitPolicyRejectPrivate
+ config option to 0. For example, once you've done that, you could allow
+ HTTP to 127.0.0.1 and block all other connections to internal networks
+ with "accept 127.0.0.1:80,reject private:*", though that may
+ also allow connections to your own computer that are addressed to its
+ public (external) IP address. See RFC 1918 and RFC 3330 for more details
+ about internal and reserved IP address space.
+ <P> This directive can be specified multiple times so you don't have to
+ put it all on one line.
+ <P> Policies are considered first to last, and the first match wins. If
+ you want to _replace_ the default exit policy, end your exit policy
+ with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_
+ (prepending to) the default exit policy. The default exit policy is:
+ <DL COMPACT>
+ <DT>
+ <DD>
+ <DL COMPACT>
+ <DT>reject *:25
+ <DD>
+ <DT>reject *:119
+ <DD>
+ <DT>reject *:135-139
+ <DD>
+ <DT>reject *:445
+ <DD>
+ <DT>reject *:563
+ <DD>
+ <DT>reject *:1214
+ <DD>
+ <DT>reject *:4661-4666
+ <DD>
+ <DT>reject *:6346-6429
+ <DD>
+ <DT>reject *:6699
+ <DD>
+ <DT>reject *:6881-6999
+ <DD>
+ <DT>accept *:*
+ <DD>
+ </DL>
+ </DL>
+ </DL>
+ <DL COMPACT>
+ <DT><B>ExitPolicyRejectPrivate </B><B>0</B>|<B>1</B>
+ <DD> Reject all private (local) networks, along with your own public IP
+ address, at the beginning of your exit policy. See above entry on ExitPolicy.
+ (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>MaxOnionsPending </B><I>NUM</I>
+ <DD> If you have more than this number of onionskins queued for decrypt,
+ reject new ones. (Default: 100)
+ </DL>
+ <DL COMPACT>
+ <DT><B>MyFamily </B><I>node</I>,<I>node</I>,<I>...</I>
+ <DD> Declare that this Tor server is controlled or administered by a group
+ or organization identical or similar to that of the other servers, defined
+ by their identity fingerprints or nicknames. When two servers both declare
+ that they are in the same 'family', Tor clients will not use them in the
+ same circuit. (Each server only needs to list the other servers in its
+ family; it doesn't need to list itself, but it won't hurt.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>Nickname </B><I>name</I>
+ <DD> Set the server's nickname to 'name'. Nicknames must be between 1 and
+ 19 characters inclusive, and must contain only the characters [a-zA-Z0-9].
+ </DL>
+ <DL COMPACT>
+ <DT><B>NumCPUs </B><I>num</I>
+ <DD> How many processes to use at once for decrypting onionskins. (Default:
+ 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ORPort </B><I>PORT</I>
+ <DD> Advertise this port to listen for connections from Tor clients and
+ servers.
+ </DL>
+ <DL COMPACT>
+ <DT><B>ORListenAddress </B><I>IP</I>[:<I>PORT</I>]
+ <DD> Bind to this IP address to listen for connections from Tor clients
+ and servers. If you specify a port, bind to this port rather than the
+ one specified in ORPort. (Default: 0.0.0.0) This directive can be specified
+ multiple times to bind to multiple addresses/ports.
+ </DL>
+ <DL COMPACT>
+ <DT><B>PublishServerDescriptor </B><B>0</B>|<B>1</B>|<B>v1</B>|<B>v2</B>|<B>v3</B>|<B>bridge</B>|<B>hidserv</B>,
+ ...
+ <DD> This option is only considered if you have an ORPort defined. You can
+ choose multiple arguments, separated by commas.
+ <P> If set to 0, Tor will act as a server but it will not publish its
+ descriptor to the directory authorities. (This is useful if you're testing
+ out your server, or if you're using a Tor controller that handles directory
+ publishing for you.) Otherwise, Tor will publish its descriptor to all
+ directory authorities of the type(s) specified. The value "1"
+ is the default, which means "publish to the appropriate authorities".
+ </DL>
+ <DL COMPACT>
+ <DT><B>ShutdownWaitLength</B> <I>NUM</I>
+ <DD> When we get a SIGINT and we're a server, we begin shutting down: we
+ close listeners and start refusing new circuits. After <B>NUM</B> seconds,
+ we exit. If we get a second SIGINT, we exit immediately. (Default: 30
+ seconds)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AccountingMax </B><I>N</I> <B>bytes</B>|<B>KB</B>|<B>MB</B>|<B>GB</B>|<B>TB</B>
+ <DD> Never send more than the specified number of bytes in a given accounting
+ period, or receive more than that number in the period. For example, with
+ AccountingMax set to 1 GB, a server could send 900 MB and receive 800
+ MB and continue running. It will only hibernate once one of the two reaches
+ 1 GB. When the number of bytes is exhausted, Tor will hibernate until
+ some time in the next accounting period. To prevent all servers from waking
+ at the same time, Tor will also wait until a random point in each period
+ before waking up. If you have bandwidth cost issues, enabling hibernation
+ is preferable to setting a low bandwidth, since it provides users with
+ a collection of fast servers that are up some of the time, which is more
+ useful than a set of slow servers that are always "available".
+ </DL>
+ <DL COMPACT>
+ <DT><B>AccountingStart </B><B>day</B>|<B>week</B>|<B>month</B> [<I>day</I>]
+ <I>HH:MM</I>
+ <DD> Specify how long accounting periods last. If <B>month</B> is given,
+ each accounting period runs from the time <I>HH:MM</I> on the <I>day</I>th
+ day of one month to the same day and time of the next. (The day must be
+ between 1 and 28.) If <B>week</B> is given, each accounting period runs
+ from the time <I>HH:MM</I> of the <I>day</I>th day of one week to the
+ same day and time of the next week, with Monday as day 1 and Sunday as
+ day 7. If <B>day</B> is given, each accounting period runs from the time
+ <I>HH:MM</I> each day to the same time on the next day. All times are
+ local, and given in 24-hour time. (Defaults to "month 1 0:00".)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSResolvConfFile </B><I>filename</I>
+ <DD> Overrides the default DNS configuration with the configuration in <I>filename</I>.
+ The file format is the same as the standard Unix "<B>resolv.conf</B>"
+ file (7). This option, like all other ServerDNS options, only affects
+ name lookups that your server does on behalf of clients. (Defaults to
+ use the system DNS configuration.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSAllowBrokenConfig </B><B>0</B>|<B>1</B>
+ <DD> If this option is false, Tor exits immediately if there are problems
+ parsing the system DNS configuration or connecting to nameservers. Otherwise,
+ Tor continues to periodically retry the system namesevers until it eventually
+ succeeds. (Defaults to "1".)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSSearchDomains </B><B>0</B>|<B>1</B>
+ <DD> If set to <B>1</B>, then we will search for addresses in the local
+ search domain. For example, if this system is configured to believe it
+ is in "example.com", and a client tries to connect to "www",
+ the client will be connected to "<A HREF="http://www.example.com">www.example.com</A>".
+ This option only affects name lookups that your server does on behalf
+ of clients. (Defaults to "0".)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSDetectHijacking </B><B>0</B>|<B>1</B>
+ <DD> When this option is set to 1, we will test periodically to determine
+ whether our local nameservers have been configured to hijack failing DNS
+ requests (usually to an advertising site). If they are, we will attempt
+ to correct this. This option only affects name lookups that your server
+ does on behalf of clients. (Defaults to "1".)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSTestAddresses </B><I>address</I>,<I>address</I>,<I>...</I>
+ <DD> When we're detecting DNS hijacking, make sure that these <I>valid</I>
+ addresses aren't getting redirected. If they are, then our DNS is completely
+ useless, and we'll reset our exit policy to "reject *:*". This
+ option only affects name lookups that your server does on behalf of clients.
+ (Defaults to "<A HREF="http://www.google.com">www.google.com</A>,
+ <A HREF="http://www.mit.edu">www.mit.edu</A>, <A HREF="http://www.yahoo.com">www.yahoo.com</A>,
+ <A HREF="http://www.slashdot.org">www.slashdot.org</A>".)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSAllowNonRFC953Hostnames </B><B>0</B>|<B>1</B>
+ <DD> When this option is disabled, Tor does not try to resolve hostnames
+ containing illegal characters (like @ and :) rather than sending them
+ to an exit node to be resolved. This helps trap accidental attempts to
+ resolve URLs and so on. This option only affects name lookups that your
+ server does on behalf of clients. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>BridgeRecordUsageByCountry </B><B>0</B>|<B>1</B>
+ <DD> When this option is enabled and BridgeRelay is also enabled, and we
+ have GeoIP data, Tor keeps a keep a per-country count of how many client
+ addresses have contacted it so that it can help the bridge authority guess
+ which countries have blocked access to it. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>ServerDNSRandomizeCase </B><B>0</B>|<B>1</B>
+ <DD> When this option is set, Tor sets the case of each character randomly
+ in outgoing DNS requests, and makes sure that the case matches in DNS
+ replies. This so-called "0x20 hack" helps resist some types
+ of DNS poisoning attack. For more information, see "Increased DNS
+ Forgery Resistance through 0x20-Bit Encoding". This option only affects
+ name lookups that your server does on behalf of clients. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>GeoIPFile </B><I>filename</I>
+ <DD> A filename containing GeoIP data, for use with BridgeRecordUsageByCountry.
+ </DL>
+ <A NAME="lbAH"> </A>
+ <h3>DIRECTORY SERVER OPTIONS</h3>
+ <P> The following options are useful only for directory servers (that is,
+ if <B>DirPort</B> is non-zero):
+ <DL COMPACT>
+ <DT><B>AuthoritativeDirectory </B><B>0</B>|<B>1</B>
+ <DD> When this option is set to 1, Tor operates as an authoritative directory
+ server. Instead of caching the directory, it generates its own list of
+ good servers, signs it, and sends that to the clients. Unless the clients
+ already have you listed as a trusted directory, you probably do not want
+ to set this option. Please coordinate with the other admins at <A HREF="mailto:tor-ops at freehaven.net">tor-ops at freehaven.net</A>
+ if you think you should be a directory.
+ </DL>
+ <DL COMPACT>
+ <DT><B>DirPortFrontPage </B><I>FILENAME</I>
+ <DD> When this option is set, it takes an html file and publishes it as
+ "/" on the DirPort. Now relay operators can provide a disclaimer
+ without needing to set up a separate webserver. There's a sample disclaimer
+ in contrib/tor-exit-notice.html.
+ </DL>
+ <DL COMPACT>
+ <DT><B>V1AuthoritativeDirectory </B><B>0</B>|<B>1</B>
+ <DD> When this option is set in addition to <B>AuthoritativeDirectory</B>,
+ Tor generates version 1 directory and running-routers documents (for legacy
+ Tor clients up to 0.1.0.x).
+ </DL>
+ <DL COMPACT>
+ <DT><B>V2AuthoritativeDirectory </B><B>0</B>|<B>1</B>
+ <DD> When this option is set in addition to <B>AuthoritativeDirectory</B>,
+ Tor generates version 2 network statuses and serves descriptors, etc as
+ described in doc/spec/dir-spec-v2.txt (for Tor clients and servers running
+ 0.1.1.x and 0.1.2.x).
+ </DL>
+ <DL COMPACT>
+ <DT><B>V3AuthoritativeDirectory </B><B>0</B>|<B>1</B>
+ <DD> When this option is set in addition to <B>AuthoritativeDirectory</B>,
+ Tor generates version 3 network statuses and serves descriptors, etc as
+ described in doc/spec/dir-spec.txt (for Tor clients and servers running
+ at least 0.2.0.x).
+ </DL>
+ <DL COMPACT>
+ <DT><B>VersioningAuthoritativeDirectory </B><B>0</B>|<B>1</B>
+ <DD> When this option is set to 1, Tor adds information on which versions
+ of Tor are still believed safe for use to the published directory. Each
+ version 1 authority is automatically a versioning authority; version 2
+ authorities provide this service optionally. See <B>RecommendedVersions</B>,
+ <B>RecommendedClientVersions</B>, and <B>RecommendedServerVersions</B>.
+ </DL>
+ <DL COMPACT>
+ <DT><B>NamingAuthoritativeDirectory </B><B>0</B>|<B>1</B>
+ <DD> When this option is set to 1, then the server advertises that it has
+ opinions about nickname-to-fingerprint bindings. It will include these
+ opinions in its published network-status pages, by listing servers with
+ the flag "Named" if a correct binding between that nickname
+ and fingerprint has been registered with the dirserver. Naming dirservers
+ will refuse to accept or publish descriptors that contradict a registered
+ binding. See <B>approved-routers</B> in the <B>FILES</B> section below.
+ </DL>
+ <DL COMPACT>
+ <DT><B>HSAuthoritativeDir </B><B>0</B>|<B>1</B>
+ <DD> When this option is set in addition to <B>AuthoritativeDirectory</B>,
+ Tor also accepts and serves hidden service descriptors. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HSAuthorityRecordStats </B><B>0</B>|<B>1</B>
+ <DD> When this option is set in addition to <B>HSAuthoritativeDir</B>, Tor
+ periodically (every 15 minutes) writes statistics about hidden service
+ usage to a file <B>hsusage</B> in its data directory. (Default: 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HidServDirectoryV2 </B><B>0</B>|<B>1</B>
+ <DD> When this option is set, Tor accepts and serves v2 hidden service descriptors.
+ Setting DirPort is not required for this, because clients connect via
+ the ORPort by default. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>BridgeAuthoritativeDir </B><B>0</B>|<B>1</B>
+ <DD> When this option is set in addition to <B>AuthoritativeDirectory</B>,
+ Tor accepts and serves router descriptors, but it caches and serves the
+ main networkstatus documents rather than generating its own. (Default:
+ 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>MinUptimeHidServDirectoryV2 </B><I>N</I> <B>seconds</B>|<B>minutes</B>|<B>hours</B>|<B>days</B>|<B>weeks</B>
+ <DD> Minimum uptime of a v2 hidden service directory to be accepted as such
+ by authoritative directories. (Default: 24 hours)
+ </DL>
+ <DL COMPACT>
+ <DT><B>DirPort </B><I>PORT</I>
+ <DD> Advertise the directory service on this port.
+ </DL>
+ <DL COMPACT>
+ <DT><B>DirListenAddress </B><I>IP</I>[:<I>PORT</I>]
+ <DD> Bind the directory service to this address. If you specify a port,
+ bind to this port rather than the one specified in DirPort. (Default:
+ 0.0.0.0) This directive can be specified multiple times to bind to multiple
+ addresses/ports.
+ </DL>
+ <DL COMPACT>
+ <DT><B>DirPolicy </B><I>policy</I>,<I>policy</I>,<I>...</I>
+ <DD> Set an entrance policy for this server, to limit who can connect to
+ the directory ports. The policies have the same form as exit policies
+ above.
+ </DL>
+ <A NAME="lbAI"> </A>
+ <h3>DIRECTORY AUTHORITY SERVER OPTIONS</h3>
+ <P>
+ <DL COMPACT>
+ <DT><B>RecommendedVersions </B><I>STRING</I>
+ <DD> STRING is a comma-separated list of Tor versions currently believed
+ to be safe. The list is included in each directory, and nodes which pull
+ down the directory learn whether they need to upgrade. This option can
+ appear multiple times: the values from multiple lines are spliced together.
+ When this is set then <B>VersioningAuthoritativeDirectory</B> should be
+ set too.
+ </DL>
+ <DL COMPACT>
+ <DT><B>RecommendedClientVersions </B><I>STRING</I>
+ <DD> STRING is a comma-separated list of Tor versions currently believed
+ to be safe for clients to use. This information is included in version
+ 2 directories. If this is not set then the value of <B>RecommendedVersions</B>
+ is used. When this is set then <B>VersioningAuthoritativeDirectory</B>
+ should be set too.
+ </DL>
+ <DL COMPACT>
+ <DT><B>RecommendedServerVersions </B><I>STRING</I>
+ <DD> STRING is a comma-separated list of Tor versions currently believed
+ to be safe for servers to use. This information is included in version
+ 2 directories. If this is not set then the value of <B>RecommendedVersions</B>
+ is used. When this is set then <B>VersioningAuthoritativeDirectory</B>
+ should be set too.
+ </DL>
+ <DL COMPACT>
+ <DT><B>DirAllowPrivateAddresses </B><B>0</B>|<B>1</B>
+ <DD> If set to 1, Tor will accept router descriptors with arbitrary "Address"
+ elements. Otherwise, if the address is not an IP address or is a private
+ IP address, it will reject the router descriptor. Defaults to 0.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirBadDir </B><I>AddressPattern</I>...
+ <DD> Authoritative directories only. A set of address patterns for servers
+ that will be listed as bad directories in any network status document
+ this authority publishes, if <B>AuthDirListBadDirs</B> is set.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirBadExit </B><I>AddressPattern</I>...
+ <DD> Authoritative directories only. A set of address patterns for servers
+ that will be listed as bad exits in any network status document this authority
+ publishes, if <B>AuthDirListBadExits</B> is set.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirInvalid </B><I>AddressPattern</I>...
+ <DD> Authoritative directories only. A set of address patterns for servers
+ that will never be listed as "valid" in any network status document
+ that this authority publishes.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirReject </B><I>AddressPattern</I>...
+ <DD> Authoritative directories only. A set of address patterns for servers
+ that will never be listed at all in any network status document that this
+ authority publishes, or accepted as an OR address in any descriptor submitted
+ for publication by this authority.
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirListBadDirs </B><B>0</B>|<B>1</B>
+ <DD> Authoritative directories only. If set to 1, this directory has some
+ opinion about which nodes are unsuitable as directory caches. (Do not
+ set this to 1 unless you plan to list nonfunctioning directories as bad;
+ otherwise, you are effectively voting in favor of every declared directory.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirListBadExits </B><B>0</B>|<B>1</B>
+ <DD> Authoritative directories only. If set to 1, this directory has some
+ opinion about which nodes are unsuitable as exit nodes. (Do not set this
+ to 1 unless you plan to list nonfunctioning exits as bad; otherwise, you
+ are effectively voting in favor of every declared exit as an exit.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirRejectUnlisted </B><B>0</B>|<B>1</B>
+ <DD> Authoritative directories only. If set to 1, the directory server rejects
+ all uploaded server descriptors that aren't explicitly listed in the fingerprints
+ file. This acts as a "panic button" if we get Sybiled. (Default:
+ 0)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirMaxServersPerAddr</B> <I>NUM</I>
+ <DD> Authoritative directories only. The maximum number of servers that
+ we will list as acceptable on a single IP address. Set this to "0"
+ for "no limit". (Default: 2)
+ </DL>
+ <DL COMPACT>
+ <DT><B>AuthDirMaxServersPerAuthAddr</B> <I>NUM</I>
+ <DD> Authoritative directories only. Like AuthDirMaxServersPerAddr, but
+ applies to addresses shared with directory authorities. (Default: 5)
+ </DL>
+ <DL COMPACT>
+ <DT><B>V3AuthVotingInterval</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> V3 authoritative directories only. Configures the server's preferred
+ voting interval. Note that voting will <I>actually</I> happen at an interval
+ chosen by consensus from all the authorities' preferred intervals. This
+ time SHOULD divide evenly into a day. (Default: 1 hour)
+ </DL>
+ <DL COMPACT>
+ <DT><B>V3AuthVoteDelay</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> V3 authoritative directories only. Configures the server's preferred
+ delay between publishing its vote and assuming it has all the votes from
+ all the other authorities. Note that the actual time used is not the server's
+ preferred time, but the consensus of all preferences. (Default: 5 minutes.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>V3AuthDistDelay</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> V3 authoritative directories only. Configures the server's preferred
+ delay between publishing its consensus and signature and assuming it has
+ all the signatures from all the other authorities. Note that the actual
+ time used is not the server's preferred time, but the consensus of all
+ preferences. (Default: 5 minutes.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>V3AuthNIntervalsValid</B> <I>NUM</I>
+ <DD> V3 authoritative directories only. Configures the number of VotingIntervals
+ for which each consensus should be valid for. Choosing high numbers increases
+ network partitioning risks; choosing low numbers increases directory traffic.
+ Note that the actual number of intervals used is not the server's preferred
+ number, but the consensus of all preferences. Must be at least 2. (Default:
+ 3.)
+ </DL>
+ <A NAME="lbAJ"> </A>
+ <h3>HIDDEN SERVICE OPTIONS</h3>
+ <P> The following options are used to configure a hidden service.
+ <DL COMPACT>
+ <DT><B>HiddenServiceDir </B><I>DIRECTORY</I>
+ <DD> Store data files for a hidden service in DIRECTORY. Every hidden service
+ must have a separate directory. You may use this option multiple times
+ to specify multiple services.
+ </DL>
+ <DL COMPACT>
+ <DT><B>HiddenServicePort </B><I>VIRTPORT </I>[<I>TARGET</I>]
+ <DD> Configure a virtual port VIRTPORT for a hidden service. You may use
+ this option multiple times; each time applies to the service using the
+ most recent hiddenservicedir. By default, this option maps the virtual
+ port to the same port on 127.0.0.1. You may override the target port,
+ address, or both by specifying a target of addr, port, or addr:port. You
+ may also have multiple lines with the same VIRTPORT: when a user connects
+ to that VIRTPORT, one of the TARGETs from those lines will be chosen at
+ random.
+ </DL>
+ <DL COMPACT>
+ <DT><B>PublishHidServDescriptors </B><B>0</B>|<B>1</B>
+ <DD> If set to 0, Tor will run any hidden services you configure, but it
+ won't advertise them to the rendezvous directory. This option is only
+ useful if you're using a Tor controller that handles hidserv publishing
+ for you. (Default: 1)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HiddenServiceVersion </B><I>version</I>,<I>version</I>,<I>...</I>
+ <DD> A list of rendezvous service descriptor versions to publish for the
+ hidden service. Possible version numbers are 0 and 2. (Default: 0, 2)
+ </DL>
+ <DL COMPACT>
+ <DT><B>HiddenServiceAuthorizeClient </B><I>auth-type</I> <I>client-name</I>,<I>client-name</I>,<I>...</I>
+ <DD> If configured, the hidden service is accessible for authorized clients
+ only. The auth-type can either be 'basic' for a general-purpose authorization
+ protocol or 'stealth' for a less scalable protocol that also hides service
+ activity from unauthorized clients. Only clients that are listed here
+ are authorized to access the hidden service. Valid client names are 1
+ to 19 characters long and only use characters in A-Za-z0-9+-_ (no spaces).
+ If this option is set, the hidden service is not accessible for clients
+ without authorization any more. Generated authorization data can be found
+ in the hostname file.
+ </DL>
+ <DL COMPACT>
+ <DT><B>RendPostPeriod </B><I>N</I> <B>seconds</B>|<B>minutes</B>|<B>hours</B>|<B>days</B>|<B>weeks</B>
+ <DD> Every time the specified period elapses, Tor uploads any rendezvous
+ service descriptors to the directory servers. This information is also
+ uploaded whenever it changes. (Default: 20 minutes)
+ </DL>
+ <A NAME="lbAK"> </A>
+ <h3>TESTING NETWORK OPTIONS</h3>
+ <P> The following options are used for running a testing Tor network.
+ <DL COMPACT>
+ <DT><B>TestingTorNetwork </B><B>0</B>|<B>1</B>
+ <DD> If set to 1, Tor adjusts default values of the configuration options
+ below, so that it is easier to set up a testing Tor network. May only
+ be set if non-default set of DirServers is set. Cannot be unset while
+ Tor is running. (Default: 0)
+ <DL COMPACT>
+ <DT>
+ <DD>
+ <DL COMPACT>
+ <DT>ServerDNSAllowBrokenConfig 1
+ <DD>
+ <DT>DirAllowPrivateAddresses 1
+ <DD>
+ <DT>EnforceDistinctSubnets 0
+ <DD>
+ <DT>AssumeReachable 1
+ <DD>
+ <DT>AuthDirMaxServersPerAddr 0
+ <DD>
+ <DT>AuthDirMaxServersPerAuthAddr 0
+ <DD>
+ <DT>ClientDNSRejectInternalAddresses 0
+ <DD>
+ <DT>ExitPolicyRejectPrivate 0
+ <DD>
+ <DT>V3AuthVotingInterval 5 minutes
+ <DD>
+ <DT>V3AuthVoteDelay 20 seconds
+ <DD>
+ <DT>V3AuthDistDelay 20 seconds
+ <DD>
+ <DT>TestingV3AuthInitialVotingInterval 5 minutes
+ <DD>
+ <DT>TestingV3AuthInitialVoteDelay 20 seconds
+ <DD>
+ <DT>TestingV3AuthInitialDistDelay 20 seconds
+ <DD>
+ <DT>TestingAuthDirTimeToLearnReachability 0 minutes
+ <DD>
+ <DT>TestingEstimatedDescriptorPropagationTime 0 minutes
+ <DD>
+ </DL>
+ </DL>
+ </DL>
+ <DL COMPACT>
+ <DT><B>TestingV3AuthInitialVotingInterval</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> Like <B>V3AuthVotingInterval</B>, but for initial voting interval before
+ the first consensus has been created. Changing this requires that <B>TestingTorNetwork</B>
+ is set. (Default: 30 minutes)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TestingV3AuthInitialVoteDelay</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> Like <B>TestingV3AuthInitialVoteDelay</B>, but for initial voting interval
+ before the first consensus has been created. Changing this requires that
+ <B>TestingTorNetwork</B> is set. (Default: 5 minutes)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TestingV3AuthInitialDistDelay</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> Like <B>TestingV3AuthInitialDistDelay</B>, but for initial voting interval
+ before the first consensus has been created. Changing this requires that
+ <B>TestingTorNetwork</B> is set. (Default: 5 minutes)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TestingAuthDirTimeToLearnReachability</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> After starting as an authority, do not make claims about whether routers
+ are Running until this much time has passed. Changing this requires that<B>TestingTorNetwork</B>
+ is set. (Default: 30 minutes)
+ </DL>
+ <DL COMPACT>
+ <DT><B>TestingEstimatedDescriptorPropagationTime</B> <I>N</I> <B>minutes</B>|<B>hours</B>
+ <DD> Clients try downloading router descriptors from directory caches after
+ this time. Changing this requires that <B>TestingTorNetwork</B> is set.
+ (Default: 10 minutes)
+ </DL>
+ <A NAME="lbAL"> </A>
+ <h3>SIGNALS</h3>
+ Tor catches the following signals:
+ <DL COMPACT>
+ <DT><B>SIGTERM</B>
+ <DD> Tor will catch this, clean up and sync to disk if necessary, and exit.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGINT</B>
+ <DD> Tor clients behave as with SIGTERM; but Tor servers will do a controlled
+ slow shutdown, closing listeners and waiting 30 seconds before exiting.
+ (The delay can be configured with the ShutdownWaitLength config option.)
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGHUP</B>
+ <DD> The signal instructs Tor to reload its configuration (including closing
+ and reopening logs), fetch a new directory, and kill and restart its helper
+ processes if applicable.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGUSR1</B>
+ <DD> Log statistics about current connections, past connections, and throughput.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGUSR2</B>
+ <DD> Switch all logs to loglevel debug. You can go back to the old loglevels
+ by sending a SIGHUP.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGCHLD</B>
+ <DD> Tor receives this signal when one of its helper processes has exited,
+ so it can clean up.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGPIPE</B>
+ <DD> Tor catches this signal and ignores it.
+ </DL>
+ <DL COMPACT>
+ <DT><B>SIGXFSZ</B>
+ <DD> If this signal exists on your platform, Tor catches and ignores it.
+ </DL>
+ <A NAME="lbAM"> </A>
+ <h3>FILES</h3>
+ <DL COMPACT>
+ <DT><B>@CONFDIR@/torrc</B>
+ <DD> The configuration file, which contains "option value" pairs.
+ </DL>
+ <DL COMPACT>
+ <DT><B>@LOCALSTATEDIR@/lib/tor/</B>
+ <DD> The tor process stores keys and other data here.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/cached-status/*
+ <DD> The most recently downloaded network status document for each authority.
+ Each file holds one such document; the filenames are the hexadecimal identity
+ key fingerprints of the directory authorities.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I><B>/cached-descriptors</B> and <B>cached-descriptors.new</B>
+ <DD> These files hold downloaded router statuses. Some routers may appear
+ more than once; if so, the most recently published descriptor is used.
+ Lines beginning with @-signs are annotations that contain more information
+ about a given router. The ".new" file is an append-only journal;
+ when it gets too large, all entries are merged into a new cached-routers
+ file.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I><B>/cached-routers</B> and <B>cached-routers.new</B>
+ <DD> Obsolete versions of cached-descriptors and cached-descriptors.new.
+ When Tor can't find the newer files, it looks here instead.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/state
+ <DD> A set of persistent key-value mappings. These are documented in the
+ file. These include:
+ <DL COMPACT>
+ <DT>
+ <DD>
+ <DL COMPACT>
+ <DT>- The current entry guards and their status.
+ <DD>
+ <DT>- The current bandwidth accounting values (unused so far; see
+ below).
+ <DD>
+ <DT>- When the file was last written
+ <DD>
+ <DT>- What version of Tor generated the state file
+ <DD>
+ <DT>- A short history of bandwidth usage, as produced in the router
+ descriptors.
+ <DD>
+ </DL>
+ </DL>
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/bw_accounting
+ <DD> Used to track bandwidth accounting values (when the current period
+ starts and ends; how much has been read and written so far this period).
+ This file is obsolete, and the data is now stored in the 'state' file
+ as well. Only used when bandwidth accounting is enabled.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/hsusage
+ <DD> Used to track hidden service usage in terms of fetch and publish requests
+ to this hidden service authoritative directory. Only used when recording
+ of statistics is enabled.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/control_auth_cookie
+ <DD> Used for cookie authentication with the controller. Location can be
+ overridden by the CookieAuthFile config option. Regenerated on startup.
+ See control-spec.txt for details. Only used when cookie authentication
+ is enabled.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/keys/*
+ <DD> Only used by servers. Holds identity keys and onion keys.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/fingerprint
+ <DD> Only used by servers. Holds the fingerprint of the server's identity
+ key.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/approved-routers
+ <DD> Only for naming authoritative directory servers (see <B>NamingAuthoritativeDirectory</B>).
+ This file lists nickname to identity bindings. Each line lists a nickname
+ and a fingerprint separated by whitespace. See your <B>fingerprint</B>
+ file in the <I>DataDirectory</I> for an example line. If the nickname
+ is <B>!reject</B> then descriptors from the given identity (fingerprint)
+ are rejected by this server. If it is <B>!invalid</B> then descriptors
+ are accepted but marked in the directory as not valid, that is, not recommended.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>DataDirectory</I>/router-stability
+ <DD> Only used by authoritative directory servers. Tracks measurements for
+ router mean-time-between-failures so that authorities have a good idea
+ of how to set their Stable flags.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>HiddenServiceDirectory</I>/hostname
+ <DD> The <base32-encoded-fingerprint>.onion domain name for this hidden
+ service. If the hidden service is restricted to authorized clients only,
+ this file also contains authorization data for all clients.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>HiddenServiceDirectory</I>/private_key
+ <DD> The private key for this hidden service.
+ </DL>
+ <DL COMPACT>
+ <DT><B></B><I>HiddenServiceDirectory</I>/client_keys
+ <DD> Authorization data for a hidden service that is only accessible by
+ authorized clients.
+ </DL>
+ <A NAME="lbAN"> </A>
+ <h3>SEE ALSO</h3>
+ <B><A HREF="?1+privoxy">privoxy</A></B>(1), <B><A HREF="?1+tsocks">tsocks</A></B>(1),
+ <B><A HREF="?1+torify">torify</A></B>(1)
+ <P> <B><A HREF="https://www.torproject.org/">https://www.torproject.org/</A></B>
+ <P> <A NAME="lbAO"> </A>
+ <h3>BUGS</h3>
+ Plenty, probably. Tor is still in development. Please report them. <A NAME="lbAP"> </A>
+ <h3>AUTHORS</h3>
+ Roger Dingledine <<A HREF="mailto:arma at mit.edu">arma at mit.edu</A>>, Nick
+ Mathewson <<A HREF="mailto:nickm at alum.mit.edu">nickm at alum.mit.edu</A>>.
+ <HR>
+ <A NAME="index"> </A>
+ <h3>Index</h3>
+ <DL>
+ <DT><A HREF="#lbAB">NAME</A>
+ <DD>
+ <DT><A HREF="#lbAC">SYNOPSIS</A>
+ <DD>
+ <DT><A HREF="#lbAD">DESCRIPTION</A>
+ <DD>
+ <DT><A HREF="#lbAE">OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAF">CLIENT OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAG">SERVER OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAH">DIRECTORY SERVER OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAI">DIRECTORY AUTHORITY SERVER OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAJ">HIDDEN SERVICE OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAK">TESTING NETWORK OPTIONS</A>
+ <DD>
+ <DT><A HREF="#lbAL">SIGNALS</A>
+ <DD>
+ <DT><A HREF="#lbAM">FILES</A>
+ <DD>
+ <DT><A HREF="#lbAN">SEE ALSO</A>
+ <DD>
+ <DT><A HREF="#lbAO">BUGS</A>
+ <DD>
+ <DT><A HREF="#lbAP">AUTHORS</A>
+ <DD>
+ </DL>
+ <HR>
+ This document was created by <A HREF="">man2html</A>, using the manual pages.<BR>
+ Time: 13:25:21 GMT, May 06, 2009 </div>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/torusers.php
===================================================================
--- website/branches/zed/beta/torusers.php (rev 0)
+++ website/branches/zed/beta/torusers.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,284 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <h2>Tor's Inception</h2>
+ <!-- BEGIN SIDEBAR -->
+ <div class="sidebar-left">
+ <h3>Who uses Tor?</h3>
+» <a href="torusers.html.html#normalusers">Normal people</a><br>
+» <a href="torusers.html.html#military">Militaries</a><br>
+» <a href="torusers.html.html#journalist">Journalists & their audience</a><br>
+» <a href="torusers.html.html#lawenforcement">Law enforcement officers</a><br>
+» <a href="torusers.html.html#activists">Activists & Whistleblowers</a><br>
+» <a href="torusers.html.html#spotlight">High & low profile people</a><br>
+» <a href="torusers.html.html#executives">Business executives</a><br>
+» <a href="torusers.html.html#bloggers">Bloggers</a><br>
+ </div>
+ <!-- END SIDEBAR -->
+ <p> Tor was originally designed, implemented, and deployed as a third-generation
+ <a href="http://www.onion-router.net/">onion routing project of the Naval
+ Research Laboratory</a>. It was originally developed with the U.S. Navy in
+ mind, for the primary purpose of protecting government communications. Today,
+ it is used every day for a wide variety of purposes by the military, journalists,
+ law enforcement officers, activists, and many others. Here are some of the
+ specific uses we've seen or recommend. </p>
+ <a name="normalusers"></a>
+ <h3><a class="anchor" href="#normalusers">Normal people use Tor</a></h3>
+ <ul>
+ <li><strong>They protect their privacy from unscrupulous marketers and identity
+ thieves.</strong> Internet Service Providers (ISPs) <a href="http://seekingalpha.com/article/29449-compete-ceo-isps-sell-clickstreams-for-5-a-month">
+ sell your Internet browsing records</a> to marketers or anyone else willing
+ to pay for it. ISPs typically say that they anonymize the data by not providing
+ personally identifiable information, but <a href="http://www.wired.com/politics/security/news/2006/08/71579?currentPage=all">this
+ has proven incorrect</a>. A full record of every site you visit, the text
+ of every search you perform, and potentially userid and even password information
+ can still be part of this data. In addition to your ISP, the websites (<a href="http://www.google.com/privacy_faq.html">and
+ search engines</a>) you visit have their own logs, containing the same or
+ more information. </li>
+ <li><strong> They protect their communications from irresponsible corporations.</strong>
+ All over the Internet, Tor is being recommended to people newly concerned
+ about their privacy in the face of increasing breaches and betrayals of
+ private data. From <a href="http://www.securityfocus.com/news/11048">lost
+ backup tapes</a>, to <a href="http://www.nytimes.com/2006/08/09/technology/09aol.html?ex=1312776000&en=f6f61949c6da4d38&ei=5090">giving
+ away the data to researchers</a>, your data is often not well protected
+ by those you are supposed to trust to keep it safe. </li>
+ <li><strong>They protect their children online.</strong> You've told your
+ kids they shouldn't share personally identifying information online, but
+ they may be sharing their location simply by not concealing their IP address.
+ Increasingly, IP addresses can be <a href="http://whatismyipaddress.com/">literally
+ mapped to a city or even street location</a>, and can <a href="http://whatsmyip.org/more/">reveal
+ other information</a> about how you are connecting to the Internet. In the
+ United States, the government is pushing to make this mapping increasingly
+ precise. </li>
+ <li><strong>They research sensitive topics.</strong> There's a wealth of information
+ available online. But perhaps in your country, access to information on
+ AIDS, birth control, <a href="http://www.cbsnews.com/stories/2002/12/03/tech/main531567.shtml">Tibetan
+ culture</a>, or world religions is behind a national firewall. </li>
+ </ul>
+ <a name="military"></a>
+ <h3><a class="anchor" href="#military">Militaries use Tor</a></h3>
+ <ul>
+ <li> <strong>Field Agents:</strong> It is not difficult for insurgents to
+ monitor Internet traffic and discover all the hotels and other locations
+ from which people are connecting to known military servers. Military field
+ agents deployed away from home use Tor to mask the sites they are visiting,
+ protecting military interests and operations, as well as protecting themselves
+ from physical harm. </li>
+ <li><strong>Hidden services:</strong> When the Internet was designed by DARPA,
+ its primary purpose was to be able to facilitate distributed, robust communications
+ in case of local strikes. However, some functions must be centralized, such
+ as command and control sites. It's the nature of the Internet protocols
+ to reveal the geographic location of any server that is reachable online.
+ Tor's hidden services capacity allows military command and control to be
+ physically secure from discovery and takedown. </li>
+ <li><strong>Intelligence gathering:</strong> Military personnel need to use
+ electronic resources run and monitored by insurgents. They do not want the
+ webserver logs on an insurgent website to record a military address, thereby
+ revealing the surveillance. </li>
+ </ul>
+ <a name="journalist"></a>
+ <h3><a class="anchor" href="#journalist">Journalists and their audience use
+ Tor</a></h3>
+ <ul>
+ <li><strong><a href="http://www.rsf.org/">Reporters without Borders</a></strong>
+ tracks Internet prisoners of conscience and jailed or harmed journalists
+ all over the world. They advise journalists, sources, bloggers, and dissidents
+ to use Tor to ensure their privacy and safety. </li>
+ <li><strong>The US <a href="http://www.ibb.gov/">International Broadcasting
+ Bureau</a></strong> (Voice of America/Radio Free Europe/Radio Free Asia)
+ supports Tor development to help Internet users in countries without safe
+ access to free media. Tor preserves the ability of persons behind national
+ firewalls or under the surveillance of repressive regimes to obtain a global
+ perspective on controversial topics including democracy, economics and religion.
+ </li>
+ <li><strong>Citizen journalists in China</strong> use Tor to write about local
+ events to encourage social change and political reform. </li>
+ <li><strong>Citizens and journalists in <a
+href="http://www.rsf.org/rubrique.php3?id_rubrique=554">Internet black holes</a></strong>
+ use Tor to research state propaganda and opposing viewpoints, to file stories
+ with non-State controlled media, and to avoid risking the personal consequences
+ of intellectual curiosity. </li>
+ </ul>
+ <a name="lawenforcement"></a>
+ <h3><a class="anchor" href="#lawenforcement">Law enforcement officers use Tor</a></h3>
+ <ul>
+ <li><strong>Online surveillance:</strong> Tor allows officials to surf questionable
+ web sites and services without leaving tell-tale tracks. If the system administrator
+ of an illegal gambling site, for example, were to see multiple connections
+ from government or law enforcement IP addresses in usage logs, investigations
+ may be hampered. </li>
+ <li><strong>Sting operations:</strong> Similarly, anonymity allows law officers
+ to engage in online “undercover ” operations. Regardless of
+ how good an undercover officer's “street cred” may be, if the
+ communications include IP ranges from police addresses, the cover is blown.
+ </li>
+ <li><strong>Truly anonymous tip lines:</strong> While online anonymous tip
+ lines are popular, without anonymity software, they are far less useful.
+ Sophisticated sources understand that although a name or email address is
+ not attached to information, server logs can identify them very quickly.
+ As a result, tip line web sites that do not encourage anonymity are limiting
+ the sources of their tips. </li>
+ </ul>
+ <a name="activists"></a>
+ <h3><a class="anchor" href="#activists">Activists & Whistleblowers use Tor</a></h3>
+ <ul>
+ <li><strong>Human rights activists use Tor to anonymously report abuses from
+ danger zones.</strong> Internationally, labor rights workers use Tor and
+ other forms of online and offline anonymity to organize workers in accordance
+ with the Universal Declaration of Human Rights. Even though they are within
+ the law, it does not mean they are safe. Tor provides the ability to avoid
+ persecution while still raising a voice. </li>
+ <li>When groups such as the <strong>Friends Service Committee and environmental
+ groups are increasingly <a href="http://www.afsc.org/news/2005/government-spying.htm">falling
+ under surveillance</a> in the United States</strong> under laws meant to
+ protect against terrorism, many peaceful agents of change rely on Tor for
+ basic privacy during legitimate activities. </li>
+ <li><strong><a href="http://hrw.org/doc/?t=internet">Human Rights Watch</a></strong>
+ recommends Tor in their report, “ <a href="http://www.hrw.org/reports/2006/china0806/">Race
+ to the Bottom: Corporate Complicity in Chinese Internet Censorship</a>.”
+ The study co-author interviewed Roger Dingledine, Tor project leader, on
+ Tor use. They cover Tor in the section on how to breach the <a
+href="http://www.hrw.org/reports/2006/china0806/3.htm#_Toc142395820">“Great
+ Firewall of China,”</a> and recommend that human rights workers throughout
+ the globe use Tor for “secure browsing and communications.”
+ </li>
+ <li> Tor has consulted with and volunteered help to <strong>Amnesty International's
+ recent <a href="http://irrepressible.info/">corporate responsibility campaign</a></strong>.
+ See also their <a href="http://irrepressible.info/static/pdf/FOE-in-china-2006-lores.pdf">full
+ report</a> on China Internet issues. </li>
+ <li><a href="http://www.globalvoicesonline.org/">Global Voices</a> recommends
+ Tor, especially for <strong>anonymous blogging</strong>, throughout their
+ <a href="http://www.google.com/search?q=site:www.globalvoicesonline.org+tor">
+ web site.</a> </li>
+ <li>In the US, the Supreme Court recently stripped legal protections from
+ government whistleblowers. But whistleblowers working for governmental transparency
+ or corporate accountability can use Tor to seek justice without personal
+ repercussions. </li>
+ <li>A contact of ours who works with a public health nonprofit in Africa reports
+ that his nonprofit <strong>must budget 10% to cover various sorts of corruption</strong>,
+ mostly bribes and such. When that percentage rises steeply, not only can
+ they not afford the money, but they can not afford to complain — this
+ is the point at which open objection can become dangerous. So his nonprofit
+ has been working to <strong>use Tor to safely whistleblow on government
+ corruption</strong> in order to continue their work. </li>
+ <li>At a recent conference, a Tor staffer ran into a woman who came from a
+ “company town” in the eastern United States. She was attempting
+ to blog anonymously to rally local residents to <strong>urge reform in the
+ company</strong> that dominated the town's economic and government affairs.
+ She is fully cognizant that the kind of organizing she was doing <strong>could
+ lead to harm or “fatal accidents.”</strong> </li>
+ <li>In east Asia, some labor organizers use anonymity to <strong>reveal information
+ regarding sweatshops</strong> that produce goods for western countries and
+ to organize local labor. </li>
+ <li> Tor can help activists avoid government or corporate censorship that
+ hinders organization. In one such case, a <a href="http://www.cbc.ca/story/canada/national/2005/07/24/telus-sites050724.html">Canadian
+ ISP blocked access to a union website used by their own employees</a> to
+ help organize a strike. </li>
+ </ul>
+ <a name="spotlight"></a>
+ <h3><a class="anchor" href="#spotlight">High & low profile people use Tor</a></h3>
+ <ul>
+ <li>Does being in the public spotlight shut you off from having a private
+ life, forever, online? A rural lawyer in a New England state keeps an anonymous
+ blog because, with the diverse clientele at his prestigious law firm, <strong>his
+ political beliefs are bound to offend someone</strong>. Yet, he doesn't
+ want to remain silent on issues he cares about. Tor helps him feel secure
+ that he can express his opinion without consequences to his public role.
+ </li>
+ <li>People living in poverty often don't participate fully in civil society
+ -- not out of ignorance or apathy, but out of fear. If something you write
+ were to get back to your boss, would you lose your job? If your social worker
+ read about your opinion of the system, would she treat you differently?
+ Anonymity gives a voice to the voiceless. To support this, <strong>Tor currently
+ has an open Americorps/VISTA position</strong> pending. This government
+ grant will cover a full time stipend for a volunteer to create curricula
+ to <strong>show low-income populations how to use anonymity online for safer
+ civic engagement</strong>. Although it's often said that the poor do not
+ use online access for civic engagement, failing to act in their self-interests,
+ it is our hypothesis (based on personal conversations and anecdotal information)
+ that it is precisely the “permanent record ” left online that
+ keeps many of the poor from speaking out on the Internet. We hope to show
+ people how to engage more safely online, and then at the end of the year,
+ evaluate how online and offline civic engagement has changed, and how the
+ population sees this continuing into the future. </li>
+ </ul>
+ <a name="executives"></a>
+ <h3><a class="anchor" href="#executives">Business executives use Tor</a></h3>
+ <ul>
+ <li><strong>Security breach information clearinghouses:</strong> Say a financial
+ institution participates in a security clearinghouse of information on Internet
+ attacks. Such a repository requires members to report breaches to a central
+ group, who correlates attacks to detect coordinated patterns and send out
+ alerts. But if a specific bank in St. Louis is breached, they don't want
+ an attacker watching the incoming traffic to such a repository to be able
+ to track where information is coming from. Even though every packet were
+ encrypted, the IP address would betray the location of a compromised system.
+ Tor allows such repositories of sensitive information to resist compromises.
+ </li>
+ <li><strong>Seeing your competition as your market does:</strong> If you try
+ to check out a competitor's pricing, you may find no information or misleading
+ information on their web site. This is because their web server may be keyed
+ to detect connections from competitors, and block or spread disinformation
+ to your staff. Tor allows a business to view their sector as the general
+ public would view it. </li>
+ <li><strong>Keeping strategies confidential:</strong> An investment bank,
+ for example, might not want industry snoopers to be able to track what web
+ sites their analysts are watching. The strategic importance of traffic patterns,
+ and the vulnerability of the surveillance of such data, is starting to be
+ more widely recognized in several areas of the business world. </li>
+ <li><strong>Accountability:</strong> In an age when irresponsible and unreported
+ corporate activity has undermined multi-billion dollar businesses, an executive
+ exercising true stewardship wants the whole staff to feel free to disclose
+ internal malfeasance. Tor facilitates internal accountability before it
+ turns into whistleblowing. </li>
+ </ul>
+ <a name="bloggers"></a>
+ <h3><a class="anchor" href="#bloggers">Bloggers use Tor</a></h3>
+ <ul>
+ <li>Every day we hear about bloggers who are <a href="http://online.wsj.com/public/article/SB112541909221726743-Kl4kLxv0wSbjqrkXg_DieY3c8lg_20050930.html">sued</a>
+ or <a href="http://www.usatoday.com/money/workplace/2005-06-14-worker-blogs-usat_x.htm">fired</a>
+ for saying perfectly legal things online, in their blog. In addition to
+ following the advice in the <a href="http://w2.eff.org/bloggers/lg/">EFF
+ Legal Guide for Bloggers</a> and Reporters Without Borders' <a href="http://www.rsf.org/rubrique.php3?id_rubrique=542">Handbook
+ for bloggers and cyber-dissidents</a>, we recommend using Tor. </li>
+ </ul>
+ <p> Please do send us your success stories. They are very important because
+ Tor provides anonymity. While it is thrilling to speculate about <a
+href="faq-abuse.html.html">undesired effects of Tor</a>, when it succeeds, nobody
+ notices. This is great for users, but not so good for us, since publishing
+ success stories about how people or organizations are staying anonymous could
+ be counterproductive. For example, we talked to an FBI officer who explained
+ that he uses Tor every day for his work — but he quickly followed up
+ with a request not to provide details or mention his name.</p>
+ <p> Like any technology, from pencils to cellphones, anonymity can be used for
+ both good and bad. You have probably seen some of the vigorous debate (<a href="http://www.wired.com/politics/security/commentary/securitymatters/2006/01/70000">pro</a>,
+ <a href="http://www.edge.org/q2006/q06_4.html#kelly">con</a>, and <a
+href="http://web.mit.edu/gtmarx/www/anon.html">academic</a>) over anonymity. The
+ Tor project is based on the belief that anonymity is not just a good idea
+ some of the time - it is a requirement for a free and functioning society.
+ The <a href="http://www.eff.org/issues/anonymity">EFF maintains a good overview</a>
+ of how anonymity was crucial to the founding of the United States. Anonymity
+ is recognized by US courts as a fundamental and important right. In fact,
+ governments mandate anonymity in many cases themselves: <a href="https://www.crimeline.co.za/default.asp">police
+ tip lines</a>, <a href="http://www.texasbar.com/Content/ContentGroups/Public_Information1/Legal_Resources_Consumer_Information/Family_Law1/Adoption_Options.htm#sect2">adoption
+ services</a>, <a href="http://writ.news.findlaw.com/aronson/20020827.html">police
+ officer identities</a>, and so forth. It would be impossible to rehash the
+ entire anonymity debate here - it is too large an issue with too many nuances,
+ and there are plenty of other places where this information can be found.
+ We do have a <a href="faq-abuse.html.html">Tor abuse</a> page describing some
+ of the possible abuse cases for Tor, but suffice it to say that if you want
+ to abuse the system, you'll either find it mostly closed for your purposes
+ (e.g. the majority of Tor relays do not support SMTP in order to prevent anonymous
+ email spamming), or if you're one of the <a href="http://www.schneier.com/blog/archives/2005/12/computer_crime_1.html">Four
+ Horsemen of the Information Apocalypse</a>, you have better options than Tor.
+ While not dismissing the potential abuses of Tor, this page shows a few of
+ the many important ways anonymity is used online today.</p>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/trademark-faq.php
===================================================================
--- website/branches/zed/beta/trademark-faq.php (rev 0)
+++ website/branches/zed/beta/trademark-faq.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,75 @@
+<?php
+$pagename = "Tor: Trademark Faq";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bg">
+ <!-- PUT CONTENT AFTER THIS TAG -->
+ <h2>Tor Trademark Frequently Asked Questions</h2>
+ <a id="usage"></a>
+ <h3>How can I use the name "Tor"?</h3>
+ <p>The Tor Project encourages developers to use the name Tor in ways that
+ do not confuse the public about the source of anonymity software and services.
+ If you are building open-source non-commercial software or services that
+ incorporate or work with The Tor Project's code, you may use the name “Tor”
+ in an accurate description of your work. We ask you to include a link to
+ the official Tor website <a href="https://www.torproject.org/">https://www.torproject.org/</a>
+ so users can verify the original source of Tor for themselves, and a note
+ indicating that your project is not sponsored by The Tor Project. For example,
+ “This product is produced independently from the Tor® anonymity software
+ and carries no guarantee from The Tor Project about quality, suitability
+ or anything else.”</p>
+ <a id="onionlogo"></a>
+ <h3>Can I use the Tor onion logo?</h3>
+ <p>If you're making non-commercial use of Tor software, you may also use the
+ Tor onion logo (as an illustration, not as a brand for your products). Please
+ don't modify the design or colors of the logo. You can use items that look
+ like the Tor onion logo to illustrate a point (e.g. an exploded onion with
+ layers, for instance), so long as they're not used as logos in ways that
+ would confuse people.</p>
+ <a id="combining"></a>
+ <h3>Can I use the word "Tor" as part of the name of my product or my domain
+ name?</h3>
+ <p>We recommend that you don't do this, but rather find a name that will accurately
+ identify <i>your</i> products or services. Remember that our goal is to
+ make sure that people aren't confused about whether your product or project
+ is made or endorsed by The Tor Project. Creating a new brand that incorporates
+ the Tor brand is likely to lead to confusion.</p>
+ <a id="enforcing"></a>
+ <h3>Does this mean you're enforcing trademark rights?</h3>
+ <p>The Tor Project is a non-profit corporation organized to research and develop
+ the Tor anonymity software and network. We don't want to be trademark bullies,
+ but we will use trademark to protect the public's ability to recognize Tor
+ Project software. Trademark law helps us to assure that the name is used
+ only in connection with genuine Tor anonymity software and for accurate
+ description of software and services. After all, to protect their anonymity
+ securely, computer users must be able to identify the software they are
+ using, so they can account properly for its strengths and weaknesses. Tor
+ has become well-known as a software package and associated network of onion-routing
+ anonymizing proxies, with online documentation, instructions for strengthening
+ anonymity protection, and warnings that even at this stage it remains experimental
+ software. We work with developers to improve the software and network and
+ actively encourage researchers to document attacks to help us strengthen
+ its anonymity protection further. We distribute the software itself freely,
+ but require correct attribution. </p>
+ <a id="commercial"></a>
+ <h3>What if I produce non-open source, commercial products based on Tor?</h3>
+ <p>Contact us, and let's talk.</p>
+ <a id="licensee"></a>
+ <h3>Are there official licensees of the Tor trademarks?</h3>
+ Yes. A few open source, non-commercial projects are Tor trademark licensees:
+ <ul>
+ <li><a href="http://anonymityanywhere.com/incognito/">Incognito</a></li>
+ <li><a href="http://portabletor.sourceforge.net/">Portable Tor</a></li>
+ <li><a href="http://torstatus.kgprog.com/">Kprog Tor Status</a></li>
+ <li><a href="vidalia/index.html.en">Vidalia</a></li>
+ <li><a href="http://www.anonymityanywhere.com/tork/">TorK</a></li>
+ </ul>
+ </div>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
Added: website/branches/zed/beta/volunteer.php
===================================================================
--- website/branches/zed/beta/volunteer.php (rev 0)
+++ website/branches/zed/beta/volunteer.php 2009-06-18 01:37:54 UTC (rev 19735)
@@ -0,0 +1,947 @@
+<?php
+$pagename = "Tor: anonymity online";
+include("header.inc.php");
+?>
+<div class="main-column">
+ <div class="bg">
+ <h2>A few things everyone can do now:</h2>
+ <ol>
+ <li>Please consider <a href="docs/tor-doc-relay.html.html">running a relay</a>
+ to help the Tor network grow.</li>
+ <li>Tell your friends! Get them to run relays. Get them to run hidden services.
+ Get them to tell their friends.</li>
+ <li>If you like Tor's goals, please <a href="donate.html">take a moment
+ to donate to support further Tor development</a>. We're also looking for
+ more sponsors — if you know any companies, NGOs, agencies, or other
+ organizations that want anonymity / privacy / communications security,
+ let them know about us.</li>
+ <li>We're looking for more <a href="torusers.html">good examples of Tor
+ users and Tor use cases</a>. If you use Tor for a scenario or purpose
+ not yet described on that page, and you're comfortable sharing it with
+ us, we'd love to hear from you.</li>
+ </ol>
+ <a id="Usability"></a>
+ <h3><a class="anchor" href="#Usability">Supporting Applications</a></h3>
+ <ol>
+ <li>We need more and better ways to intercept DNS requests so they don't
+ "leak" their request to a local observer while we're trying to be anonymous.
+ (This happens because the application does the DNS resolve before going
+ to the SOCKS proxy.)</li>
+ <li>Tsocks/dsocks items:
+ <ul>
+ <li>We need to <a
+href="https://wiki.torproject.org/noreply/TheOnionRouter/TSocksPatches">apply
+ all our tsocks patches</a> and maintain a new fork. We'll host it
+ if you want.</li>
+ <li>We should patch Dug Song's "dsocks" program to use Tor's <i>mapaddress</i>
+ commands from the controller interface, so we don't waste a whole
+ round-trip inside Tor doing the resolve before connecting.</li>
+ <li>We need to make our <i>torify</i> script detect which of tsocks
+ or dsocks is installed, and call them appropriately. This probably
+ means unifying their interfaces, and might involve sharing code between
+ them or discarding one entirely.</li>
+ </ul>
+ </li>
+ <li>People running relays tell us they want to have one BandwidthRate during
+ some part of the day, and a different BandwidthRate at other parts of
+ the day. Rather than coding this inside Tor, we should have a little script
+ that speaks via the <a href="gui/index.html.html">Tor Controller Interface</a>,
+ and does a setconf to change the bandwidth rate. There is one for Unix
+ and Mac already (it uses bash and cron), but Windows users still need
+ a solution. </li>
+ <li>Speaking of geolocation data, somebody should draw a map of the Earth
+ with a pin-point for each Tor relay. Bonus points if it updates as the
+ network grows and changes. Unfortunately, the easy ways to do this involve
+ sending all the data to Google and having them draw the map for you. How
+ much does this impact privacy, and do we have any other good options?</li>
+ </ol>
+ <a id="Advocacy"></a>
+ <h3><a class="anchor" href="#Advocacy">Advocacy</a></h3>
+ <ol>
+ <li>Create a community logo under a Creative Commons license that all can
+ use and modify</li>
+ <li>Create a presentation that can be used for various user group meetings
+ around the world</li>
+ <li>Create a video about your positive uses of Tor. Some have already started
+ on Seesmic.</li>
+ <li>Create a poster, or a set of posters, around a theme, such as "Tor for
+ Freedom!"</li>
+ </ol>
+ <a id="Documentation"></a>
+ <h3><a class="anchor" href="#Documentation">Documentation</a></h3>
+ <ol>
+ <li>Please help Matt Edman with the documentation and how-tos for his Tor
+ controller, <a href="http://vidalia-project.net/">Vidalia</a>.</li>
+ <li>Evaluate and document <a href="https://wiki.torproject.org/wiki/TheOnionRouter/TorifyHOWTO">our
+ list of programs</a> that can be configured to use Tor.</li>
+ <li>We need better documentation for dynamically intercepting connections
+ and sending them through Tor. tsocks (Linux), dsocks (BSD), and freecap
+ (Windows) seem to be good candidates, as would better use of our new TransPort
+ feature.</li>
+ <li>We have a huge list of <a href="https://wiki.torproject.org/noreply/TheOnionRouter/SupportPrograms">potentially
+ useful programs that interface to Tor</a>. Which ones are useful in which
+ situations? Please help us test them out and document your results.</li>
+ <li>Help translate the web page and documentation into other languages.
+ See the <a href="translation.html.html">translation guidelines</a> if
+ you want to help out. We especially need Arabic or Farsi translations,
+ for the many Tor users in censored areas.</li>
+ </ol>
+ <a id="Coding"></a> <a id="Summer"></a> <a id="Projects"></a>
+ <h3><a class="anchor" href="#Projects">Good Coding Projects</a></h3>
+ <p> You may find some of these projects to be good <a href="gsoc.html.html">Google
+ Summer of Code 2009</a> ideas. We have labelled each idea with how useful
+ it would be to the overall Tor project (priority), how much work we expect
+ it would be (effort level), how much clue you should start with (skill level),
+ and which of our <a href="people.html#Core">core developers</a> would be
+ good mentors. If one or more of these ideas looks promising to you, please
+ <a
+href="contact.html.html">contact us</a> to discuss your plans rather than sending
+ blind applications. You may also want to propose your own project idea which
+ often results in the best applications. </p>
+ <ol>
+ <li> <b>Tor Browser Bundle for Linux/Mac OS X</b> <br>
+ Priority: <i>High</i> <br>
+ Effort Level: <i>High</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Steven, Andrew</i> <br>
+ The Tor Browser bundle incorporates Tor, Firefox, and the Vidalia user
+ interface (and optionally Pidgin IM). Components are pre-configured to
+ operate in a secure way, and it has very few dependencies on the installed
+ operating system. It has therefore become one of the most easy to use,
+ and popular, ways to use Tor on Windows. <br>
+ However, there is currently no comparable package for Linux and Mac OS
+ X, so this project would be to implement Tor Browser Bundle for these
+ platforms. This will involve modifications to Vidalia (C++), possibly
+ Firefox (C) then creating and testing the launcher on a range of operating
+ system versions and configurations to verify portability. <br>
+ Students should be familiar with application development on one or preferably
+ both of Linux and Mac OS X, and be comfortable with C/C++ and shell scripting.
+ <br>
+ Part of this project could be usability testing of Tor Browser Bundle,
+ ideally amongst our target demographic. That would help a lot in knowing
+ what needs to be done in terms of bug fixes or new features. We get this
+ informally at the moment, but a more structured process would be better.
+ </li>
+ <li> <b>Translation wiki for our website</b> <br>
+ Priority: <i>High</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Jacob</i> <br>
+ The Tor Project has been working over the past year to set up web-based
+ tools to help volunteers translate our applications into other languages.
+ We finally hit upon Pootle, and we have a fine web-based translation engine
+ in place for Vidalia, Torbutton, and Torcheck. However, Pootle only translates
+ strings that are in the "po" format, and our website uses wml files. This
+ project is about finding a way to convert our wml files into po strings
+ and back, so they can be handled by Pootle. </li>
+ <li> <b>Help track the overall Tor Network status</b> <br>
+ Priority: <i>Medium to High</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Karsten, Roger</i> <br>
+ It would be great to set up an automated system for tracking network health
+ over time, graphing it, etc. Part of this project would involve inventing
+ better metrics for assessing network health and growth. Is the average
+ uptime of the network increasing? How many relays are qualifying for Guard
+ status this month compared to last month? What's the turnover in terms
+ of new relays showing up and relays shutting off? Periodically people
+ collect brief snapshots, but where it gets really interesting is when
+ we start tracking data points over time. <br>
+ Data could be collected from the Tor Network Scanners in <a
+href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>, from the
+ server descriptors that each relay publishes, and from other sources.
+ Results over time could be integrated into one of the <a
+href="https://torstatus.blutmagie.de/">Tor Status</a> web pages, or be kept separate.
+ Speaking of the Tor Status pages, take a look at Roger's <a href="http://archives.seul.org/or/talk/Jan-2008/msg00300.html">Tor
+ Status wish list</a>. </li>
+ <li> <b>Improving Tor's ability to resist censorship</b> <br>
+ Priority: <i>Medium to High</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>High</i> <br>
+ Likely Mentors: <i>Nick, Roger, Steven</i> <br>
+ The Tor 0.2.0.x series makes <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/blocking.html">significant
+ improvements</a> in resisting national and organizational censorship.
+ But Tor still needs better mechanisms for some parts of its anti-censorship
+ design. For example, current Tors can only listen on a single address/port
+ combination at a time. There's <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/118-multiple-orports.txt">a
+ proposal to address this limitation</a> and allow clients to connect to
+ any given Tor on multiple addresses and ports, but it needs more work.
+ Another anti-censorship project (far more difficult) is to try to make
+ Tor more scanning-resistant. Right now, an adversary can identify <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/125-bridges.txt">Tor
+ bridges</a> just by trying to connect to them, following the Tor protocol,
+ and seeing if they respond. To solve this, bridges could <a href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/blocking.html#tth_sEc9.3">act
+ like webservers</a> (HTTP or HTTPS) when contacted by port-scanning tools,
+ and not act like bridges until the user provides a bridge-specific key.
+ <br>
+ This project involves a lot of research and design. One of the big challenges
+ will be identifying and crafting approaches that can still resist an adversary
+ even after the adversary knows the design, and then trading off censorship
+ resistance with usability and robustness. </li>
+ <li> <b>Tuneup Tor!</b> <br>
+ Priority: <i>Medium to High</i> <br>
+ Effort Level: <i>Medium to High</i> <br>
+ Skill Level: <i>High</i> <br>
+ Likely Mentors: <i>Nick, Roger, Mike, Karsten</i> <br>
+ Right now, Tor relays measure and report their own bandwidth, and Tor
+ clients choose which relays to use in part based on that bandwidth. This
+ approach is vulnerable to <a href="http://freehaven.net/anonbib/#bauer:wpes2007">attacks
+ where relays lie about their bandwidth</a>; to address this, Tor currently
+ caps the maximum bandwidth it's willing to believe any relay provides.
+ This is a limited fix, and a waste of bandwidth capacity to boot. Instead,
+ Tor should possibly measure bandwidth in a more distributed way, perhaps
+ as described in the <a href="http://freehaven.net/anonbib/author.html#snader08">"A
+ Tune-up for Tor"</a> paper by Snader and Borisov. One could use current
+ testing code to double-check this paper's findings and verify the extent
+ to which they dovetail with Tor as deployed in the wild, and determine
+ good ways to incorporate them into their suggestions Tor network without
+ adding too much communications overhead between relays and directory authorities.
+ </li>
+ <li> <b>Improving Polipo on Windows</b> <br>
+ Priority: <i>Medium to High</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Martin</i> <br>
+ Help port <a
+href="http://www.pps.jussieu.fr/~jch/software/polipo/">Polipo</a> to Windows.
+ Example topics to tackle include: 1) the ability to asynchronously query
+ name servers, find the system nameservers, and manage netbios and dns
+ queries. 2) manage events and buffers natively (i.e. in Unix-like OSes,
+ Polipo defaults to 25% of ram, in Windows it's whatever the config specifies).
+ 3) some sort of GUI config and reporting tool, bonus if it has a systray
+ icon with right clickable menu options. Double bonus if it's cross-platform
+ compatible. 4) allow the software to use the Windows Registry and handle
+ proper Windows directory locations, such as "C:\Program Files\Polipo"
+ </li>
+ <li> <b>Implement a torrent-based scheme for downloading Thandy packages</b>
+ <br>
+ Priority: <i>Medium to High</i> <br>
+ Effort Level: <i>High</i> <br>
+ Skill Level: <i>Medium to High</i> <br>
+ Likely Mentors: <i>Martin, Nick</i> <br>
+ <a
+href="http://git.torproject.org/checkout/thandy/master/specs/thandy-spec.txt">Thandy</a>
+ is a relatively new software to allow assisted updates of Tor and related
+ software. Currently, there are very few users, but we expect Thandy to
+ be used by almost every Tor user in the future. To avoid crashing servers
+ on the day of a Tor update, we need new ways to distribute new packages
+ efficiently, and using libtorrent seems to be a possible solution. If
+ you think of other good ideas, great - please do let us know!<br>
+ We also need to investigate how to include our mirrors better. If possible,
+ there should be an easy way for them to help distributing the packages.
+ </li>
+ <li> <b>Tor Controller Status Event Interface</b> <br>
+ Priority: <i>Medium</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Low to Medium</i> <br>
+ Likely Mentors: <i>Matt</i> <br>
+ There are a number of status changes inside Tor of which the user may
+ need to be informed. For example, if the user is trying to set up his
+ Tor as a relay and Tor decides that its ports are not reachable from outside
+ the user's network, we should alert the user. Currently, all the user
+ gets is a couple log messages in Vidalia's 'message log' window, which
+ they likely never see since they don't receive a notification that something
+ has gone wrong. Even if the user does actually look at the message log,
+ most of the messages make little sense to the novice user. <br>
+ Tor has the ability to inform Vidalia of many such status changes, and
+ we recently implemented support for a couple of these events. Still, there
+ are many more status events the user should be informed of and we need
+ a better UI for actually displaying them to the user. <br>
+ The goal of this project then is to design and implement a UI for displaying
+ Tor status events to the user. For example, we might put a little badge
+ on Vidalia's tray icon that alerts the user to new status events they
+ should look at. Double-clicking the icon could bring up a dialog that
+ summarizes recent status events in simple terms and maybe suggests a remedy
+ for any negative events if they can be corrected by the user. Of course,
+ this is just an example and one is free to suggest another approach. <br>
+ A person undertaking this project should have good UI design and layout
+ and some C++ development experience. Previous experience with Qt and Qt's
+ Designer will be very helpful, but are not required. Some English writing
+ ability will also be useful, since this project will likely involve writing
+ small amounts of help documentation that should be understandable by non-technical
+ users. Bonus points for some graphic design/Photoshop fu, since we might
+ want/need some shiny new icons too. </li>
+ <li> <b>Improve our unit testing process</b> <br>
+ Priority: <i>Medium</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Nick, Roger</i> <br>
+ Tor needs to be far more tested. This is a multi-part effort. To start
+ with, our unit test coverage should rise substantially, especially in
+ the areas outside the utility functions. This will require significant
+ refactoring of some parts of Tor, in order to dissociate as much logic
+ as possible from globals. <br>
+ Additionally, we need to automate our performance testing. We've got buildbot
+ to automate our regular integration and compile testing already (though
+ we need somebody to set it up on Windows), but we need to get our network
+ simulation tests (as built in <a
+href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>) updated
+ for more recent versions of Tor, and designed to launch a test network
+ either on a single machine, or across several, so we can test changes
+ in performance on machines in different roles automatically. </li>
+ <li> <b>Help revive an independent Tor client implementation</b> <br>
+ Priority: <i>Medium</i> <br>
+ Effort Level: <i>High</i> <br>
+ Skill Level: <i>Medium to High</i> <br>
+ Likely Mentors: <i>Karsten, Nick</i> <br>
+ Reanimate one of the approaches to implement a Tor client in Java, e.g.
+ the <a href="http://onioncoffee.sourceforge.net/">OnionCoffee project</a>,
+ and make it run on <a
+href="http://code.google.com/android/">Android</a>. The first step would be to
+ port the existing code and execute it in an Android environment. Next,
+ the code should be updated to support the newer Tor protocol versions
+ like the <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/dir-spec.txt">v3
+ directory protocol</a>. Further, support for requesting or even providing
+ Tor hidden services would be neat, but not required. <br>
+ A prospective developer should be able to understand and write new Java
+ code, including a Java cryptography API. Being able to read C code would
+ be helpful, too. One should be willing to read the existing documentation,
+ implement code based on it, and refine the documentation when things are
+ underdocumented. This project is mostly about coding and to a small degree
+ about design. </li>
+ <li> <b>New Torbutton Features</b> <br>
+ Priority: <i>Medium</i> <br>
+ Effort Level: <i>High</i> <br>
+ Skill Level: <i>High</i> <br>
+ Likely Mentors: <i>Mike</i> <br>
+ There are several <a
+href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5&type=2">good
+ feature requests</a> on the Torbutton Flyspray section. In particular,
+ <a
+href="https://bugs.torproject.org/flyspray/index.php?do=details&id=523">Integrating
+ 'New Identity' with Vidalia</a>, <a href="https://bugs.torproject.org/flyspray/index.php?do=details&id=940">ways
+ of managing multiple cookie jars/identities</a>, <a
+href="https://bugs.torproject.org/flyspray/index.php?do=details&id=637">preserving
+ specific cookies</a> when cookies are cleared, <a
+href="https://bugs.torproject.org/flyspray/index.php?do=details&id=524">better
+ referrer spoofing</a>, <a
+href="https://bugs.torproject.org/flyspray/index.php?do=details&id=564">correct
+ Tor status reporting</a>, and <a
+href="https://bugs.torproject.org/flyspray/index.php?do=details&id=462">"tor://"
+ and "tors://" urls</a> are all interesting features that could be added.
+ <br>
+ This work would be independent coding in Javascript and the fun world
+ of <a
+href="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">XUL</a>,
+ with not too much involvement in the Tor internals. </li>
+ <li> <b>New Thandy Features</b> <br>
+ Priority: <i>Medium</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium to High</i> <br>
+ Likely Mentors: <i>Martin</i> <br>
+ Additional capabilities are needed for assisted updates of all the Tor
+ related software for Windows and other operating systems. Some of the
+ features to consider include: 1) Integration of the <a
+href="http://chandlerproject.org/Projects/MeTooCrypto">MeTooCrypto Python library</a>
+ for authenticated HTTPS downloads. 2) Adding a level of indirection between
+ the timestamp signatures and the package files included in an update.
+ See the "Thandy attacks / suggestions" thread on or-dev. 3) Support locale
+ specific installation and configuration of assisted updates based on preference,
+ host, or user account language settings. Familiarity with Windows codepages,
+ unicode, and other character sets is helpful in addition to general win32
+ and posix API experience and Python proficiency. </li>
+ <li> <b>Simulator for slow Internet connections</b> <br>
+ Priority: <i>Medium</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Steven</i> <br>
+ Many users of Tor have poor-quality Internet connections, giving low bandwidth,
+ high latency, and high packet loss/re-ordering. User experience is that
+ Tor reacts badly to these conditions, but it is difficult to improve the
+ situation without being able to repeat the problems in the lab. <br>
+ This project would be to build a simulation environment which replicates
+ the poor connectivity so that the effect on Tor performance can be measured.
+ Other components would be a testing utility to establish what are the
+ properties of connections available, and to measure the effect of performance-improving
+ modifications to Tor. <br>
+ The tools used would be up to the student, but dummynet (for FreeBSD)
+ and nistnet (for Linux) are two potential components on which this project
+ could be built. Students should be experienced with network programming/debugging
+ and TCP/IP, and preferably familiar with C and a scripting language. </li>
+ <li> <b>An Improved and More Usable Network Map in Vidalia</b> <br>
+ Priority: <i>Low to Medium</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Medium</i> <br>
+ Likely Mentors: <i>Matt</i> <br>
+ One of Vidalia's existing features is a network map that shows the user
+ the approximate geographic location of relays in the Tor network and plots
+ the paths the user's traffic takes as it is tunneled through the Tor network.
+ The map is currently not very interactive and has rather poor graphics.
+ Instead, we implemented KDE's Marble widget such that it gives us a better
+ quality map and enables improved interactivity, such as allowing the user
+ to click on individual relays or circuits to display additional information.
+ We want to add the ability for users to click on a particular relay or
+ a country containing one or more Tor exit relays and say, "I want my connections
+ to exit from here." <br>
+ This project will first involve getting familiar with Vidalia and the
+ Marble widget's API. One will then integrate the widget into Vidalia and
+ customize Marble to be better suited for our application, such as making
+ circuits clickable, storing cached map data in Vidalia's own data directory,
+ and customizing some of the widget's dialogs. <br>
+ A person undertaking this project should have good C++ development experience.
+ Previous experience with Qt and CMake is helpful, but not required. </li>
+ <li> <b>Bring moniTor to life</b> <br>
+ Priority: <i>Low</i> <br>
+ Effort Level: <i>Medium</i> <br>
+ Skill Level: <i>Low to Medium</i> <br>
+ Likely Mentors: <i>Karsten, Jacob</i> <br>
+ Implement a <a href="http://www.ss64.com/bash/top.html">top-like</a> management
+ tool for Tor relays. The purpose of such a tool would be to monitor a
+ local Tor relay via its control port and include useful system information
+ of the underlying machine. When running this tool, it would dynamically
+ update its content like top does for Linux processes. <a href="http://archives.seul.org/or/dev/Jan-2008/msg00005.html">This
+ or-dev post</a> might be a good first read. <br>
+ A person interested in this should be familiar with or willing to learn
+ about administering a Tor relay and configuring it via its control port.
+ As an initial prototype is written in Python, some knowledge about writing
+ Python code would be helpful, too. This project is one part about identifying
+ requirements to such a tool and designing its interface, and one part
+ lots of coding. </li>
+ <li> <b>Torbutton equivalent for Thunderbird</b> <br>
+ Priority: <i>Low</i> <br>
+ Effort Level: <i>High</i> <br>
+ Skill Level: <i>High</i> <br>
+ Likely Mentors: <i>Mike</i> <br>
+ We're hearing from an increasing number of users that they want to use
+ Thunderbird with Tor. However, there are plenty of application-level concerns,
+ for example, by default Thunderbird will put your hostname in the outgoing
+ mail that it sends. At some point we should start a new push to build
+ a Thunderbird extension similar to Torbutton. </li>
+ <li> <b>Intermediate Level Network Device Driver</b> <br>
+ Priority: <i>Low</i> <br>
+ Effort Level: <i>High</i> <br>
+ Skill Level: <i>High</i> <br>
+ Likely Mentors: <i>Martin</i> <br>
+ The WinPCAP device driver used by Tor VM for bridged networking does not
+ support a number of wireless and non-Ethernet network adapters. Implementation
+ of a intermediate level network device driver for win32 and 64bit would
+ provide a way to intercept and route traffic over such networks. This
+ project will require knowledge of and experience with Windows kernel device
+ driver development and testing. Familiarity with Winsock and Qemu would
+ also be helpful. </li>
+ <li> <b>Bring up new ideas!</b> <br>
+ Don't like any of these? Look at the <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/roadmaps/2008-12-19-roadmap-full.pdf">Tor
+ development roadmap</a> for more ideas. Some of the <a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/">current
+ proposals</a> might also be short on developers. </li>
+ <!-- Mike is already working on this.
+<li>
+<b>Tor Node Scanner improvements</b>
+<br>
+Similar to the SoaT exit scanner (or perhaps even during exit scanning),
+statistics can be gathered about the reliability of nodes. Nodes that
+fail too high a percentage of their circuits should not be given
+Guard status. Perhaps they should have their reported bandwidth
+penalized by some ratio as well, or just get marked as Invalid. In
+addition, nodes that exhibit a very low average stream capacity but
+advertise a very high node bandwidth can also be marked as Invalid.
+Much of this statistics gathering is already done, it just needs to be
+transformed into something that can be reported to the Directory
+Authorities to blacklist/penalize nodes in such a way that clients
+will listen.
+<br>
+In addition, these same statistics can be gathered about the traffic
+through a node. Events can be added to the <a
+href="https://svn.torproject.org/svn/torctl/trunk/doc/howto.txt">Tor Control
+Protocol</a> to
+report if a circuit extend attempt through the node succeeds or fails, and
+passive statistics can be gathered on both bandwidth and reliability
+of other nodes via a node-based monitor using these events. Such a
+scanner would also report information on oddly-behaving nodes to
+the Directory Authorities, but a communication channel for this
+currently does not exist and would need to be developed as well.
+</li>
+-->
+ <!-- Is this still a useful project? If so, move it to another section.
+<li>
+<b>Better Debian/Ubuntu Packaging for Tor+Vidalia</b>
+<br>
+Vidalia currently doesn't play nicely on Debian and Ubuntu with the
+default Tor packages. The current Tor packages automatically start Tor
+as a daemon running as the debian-tor user and (sensibly) do not have a
+<a href="https://svn.torproject.org/svn/tor/trunk/doc/spec/control-spec.txt">ControlPort</a> defined
+in the default torrc. Consequently, Vidalia will try
+to start its own Tor process since it could not connect to the existing
+Tor, and Vidalia's Tor process will then exit with an error message
+the user likely doesn't understand since Tor cannot bind its listening
+ports — they're already in use by the original Tor daemon.
+<br>
+The current solution involves either telling the user to stop the
+existing Tor daemon and let Vidalia start its own Tor process, or
+explaining to the user how to set a control port and password in their
+torrc. A better solution on Debian would be to use Tor's ControlSocket,
+which allows Vidalia to talk to Tor via a Unix domain socket, and could
+possibly be enabled by default in Tor's Debian packages. Vidalia can
+then authenticate to Tor using filesystem-based (cookie) authentication
+if the user running Vidalia is also in the debian-tor group.
+<br>
+This project will first involve adding support for Tor's ControlSocket
+to Vidalia. The student will then develop and test Debian and Ubuntu
+packages for Vidalia that conform to Debian's packaging standards and
+make sure they work well with the existing Tor packages. We can also
+set up an apt repository to host the new Vidalia packages.
+<br>
+The next challenge would be to find an intuitive usable way for Vidalia
+to be able to change Tor's configuration (torrc) even though it is
+located in <code>/etc/tor/torrc</code> and thus immutable. The best
+idea we've come up with so far is to feed Tor a new configuration via
+the ControlSocket when Vidalia starts, but that's bad because Tor starts
+each boot with a different configuration than the user wants. The second
+best idea
+we've come up with is for Vidalia to write out a temporary torrc file
+and ask the user to manually move it to <code>/etc/tor/torrc</code>,
+but that's bad because users shouldn't have to mess with files directly.
+<br>
+A person undertaking this project should have prior knowledge of
+Debian package management and some C++ development experience. Previous
+experience with Qt is helpful, but not required.
+</li>
+-->
+ <!-- This should be mostly done.
+<li>
+<b>Tor/Polipo/Vidalia Auto-Update Framework</b>
+<br>
+We're in need of a good authenticated-update framework.
+Vidalia already has the ability to notice when the user is running an
+outdated or unrecommended version of Tor, using signed statements inside
+the Tor directory information. Currently, Vidalia simply pops
+up a little message box that lets the user know they should manually
+upgrade. The goal of this project would be to extend Vidalia with the
+ability to also fetch and install the updated Tor software for the
+user. We should do the fetches via Tor when possible, but also fall back
+to direct fetches in a smart way. Time permitting, we would also like
+to be able to update other
+applications included in the bundled installers, such as Polipo and
+Vidalia itself.
+<br>
+To complete this project, the student will first need to first investigate
+the existing auto-update frameworks (e.g., Sparkle on OS X) to evaluate
+their strengths, weaknesses, security properties, and ability to be
+integrated into Vidalia. If none are found to be suitable, the student
+will design their own auto-update framework, document the design, and
+then discuss the design with other developers to assess any security
+issues. The student will then implement their framework (or integrate
+an existing one) and test it.
+<br>
+A person undertaking this project should have good C++ development
+experience. Previous experience with Qt is helpful, but not required. One
+should also have a good understanding of common security
+practices, such as package signature verification. Good writing ability
+is also important for this project, since a vital step of the project
+will be producing a design document to review and discuss
+with others prior to implementation.
+</li>
+-->
+ <!-- Jake already did most of this.
+<li>
+<b>Improvements on our active browser configuration tester</b> -
+<a href="https://check.torproject.org/">https://check.torproject.org/</a>
+<br>
+We currently have a functional web page to detect if Tor is working. It
+has a few places where it falls short. It requires improvements with
+regard to default languages and functionality. It currently only responds
+in English. In addition, it is a hack of a perl script that should have
+never seen the light of day. It should probably be rewritten in python
+with multi-lingual support in mind. It currently uses the <a
+href="http://exitlist.torproject.org/">Tor DNS exit list</a>
+and should continue to do so in the future. It currently result in certain
+false positives and these should be discovered, documented, and fixed
+where possible. Anyone working on this project should be interested in
+DNS, basic perl or preferably python programming skills, and will have
+to interact minimally with Tor to test their code.
+<br>
+If you want to make the project more exciting
+and involve more design and coding, take a look at <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/131-verify-tor-usage.txt">proposal
+131-verify-tor-usage.txt</a>.
+</li>
+-->
+ <!-- If we decide to switch to the exit list in TorStatus, this is obsolete.
+<li>
+<b>Improvements on our DNS Exit List service</b> -
+<a href="http://exitlist.torproject.org/">http://exitlist.torproject.org/</a>
+<br>
+The <a href="http://p56soo2ibjkx23xo.onion/">exitlist software</a>
+is written by our fabulous anonymous
+contributer Tup. It's a DNS server written in Haskell that supports part of our <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/contrib/torel-design.txt">exitlist
+design document</a>. Currently, it is functional and it is used by
+check.torproject.org and other users. The issues that are outstanding
+are mostly aesthetic. This wonderful service could use a much better
+website using the common Tor theme. It would be best served with better
+documentation for common services that use an RBL. It could use more
+publicity. A person working on this project should be interested in DNS,
+basic RBL configuration for popular services, and writing documentation.
+The person would require minimal Tor interaction — testing their
+own documentation at the very least. Furthermore, it would be useful
+if they were interested in Haskell and wanted to implement more of the
+torel-design.txt suggestions.
+</li>
+-->
+ <!-- Nobody wanted to keep this.
+<li>
+<b>Testing integration of Tor with web browsers for our end users</b>
+<br>
+The Tor project currently lacks a solid test suite to ensure that a
+user has a properly and safely configured web browser. It should test for as
+many known issues as possible. It should attempt to decloak the
+user in any way possible. Two current webpages that track these
+kinds of issues are run by Greg Fleischer and HD Moore. Greg keeps a nice <a
+href="http://pseudo-flaw.net/tor/torbutton/">list of issues along
+with their proof of concept code, bug issues, etc</a>. HD Moore runs
+the <a href="http://www.decloak.net/">metasploit
+decloak website</a>. A person interested in defending Tor could start
+by collecting as many workable and known methods for decloaking a
+Tor user. (<a href="https://torcheck.xenobite.eu/">This page</a> may
+be helpful as a start.) One should be familiar with the common pitfalls but
+possibly have new methods in mind for implementing decloaking issues. The
+website should ensure that it tells a user what their problem is. It
+should help them to fix the problem or direct them to the proper support
+channels. The person should also be closely familiar with using Tor and how
+to prevent Tor information leakage.
+</li>
+-->
+ <!-- Nick did quite some work here. Is this project still required then?
+<li>
+<b>Libevent and Tor integration improvements</b>
+<br>
+Tor should make better use of the more recent features of Niels
+Provos's <a href="http://monkey.org/~provos/libevent/">Libevent</a>
+library. Tor already uses Libevent for its low-level asynchronous IO
+calls, and could also use Libevent's increasingly good implementations
+of network buffers and of HTTP. This wouldn't be simply a matter of
+replacing Tor's internal calls with calls to Libevent: instead, we'll
+need to refactor Tor to use Libevent calls that do not follow the
+same models as Tor's existing backends. Also, we'll need to add
+missing functionality to Libevent as needed — most difficult likely
+will be adding OpenSSL support on top of Libevent's buffer abstraction.
+Also tricky will be adding rate-limiting to Libevent.
+</li>
+-->
+ <!--
+<li>
+<b>Improving the Tor QA process: Continuous Integration for Windows builds</b>
+<br>
+It would be useful to have automated build processes for Windows and
+probably other platforms. The purpose of having a continuous integration
+build environment is to ensure that Windows isn't left behind for any of
+the software projects used in the Tor project or its accompanying.<br>
+Buildbot may be a good choice for this as it appears to support all of
+the platforms Tor does. See the
+<a href="http://en.wikipedia.org/wiki/BuildBot">wikipedia entry for
+buildbot</a>.<br>
+There may be better options and the person undertaking this task should
+evaluate other options. Any person working on this automatic build
+process should have experience or be willing to learn how to build all
+of the respective Tor related code bases from scratch. Furthermore, the
+person should have some experience building software in Windows
+environments as this is the target audience we want to ensure we do not
+leave behind. It would require close work with the Tor source code but
+probably only in the form of building, not authoring.<br>
+Additionally, we need to automate our performance testing for all platforms.
+We've got buildbot (except on Windows — as noted above) to automate
+our regular integration and compile testing already,
+but we need to get our network simulation tests (as built in torflow)
+updated for more recent versions of Tor, and designed to launch a test
+network either on a single machine, or across several, so we can test
+changes in performance on machines in different roles automatically.
+</li>
+-->
+ <!-- Removed, unless Mike still wants this to be in.
+<li>
+<b>Torbutton improvements</b>
+<br>
+Torbutton has a number of improvements that can be made in the post-1.2
+timeframe. Most of these are documented as feature requests in the <a
+href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">Torbutton
+flyspray section</a>. Good examples include: stripping off node.exit on http
+headers, more fine-grained control over formfill blocking, improved referrer
+spoofing based on the domain of the site (a-la <a
+href="https://addons.mozilla.org/en-US/firefox/addon/953">refcontrol extension</a>),
+tighter integration with Vidalia for reporting Tor status, a New Identity
+button with Tor integration and multiple identity management, and anything
+else you might think of.
+<br>
+This work would be independent coding in Javascript and the fun world of <a
+href="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">XUL</a>,
+with not too much involvement in the Tor internals.
+</li>
+-->
+ <!-- Is Blossom development still happening?
+<li>
+<b>Rework and extend Blossom</b>
+<br>
+Rework and extend Blossom (a tool for monitoring and
+selecting appropriate Tor circuits based upon exit node requirements
+specified by the user) to gather data in a self-contained way, with
+parameters easily configurable by the user. Blossom is presently
+implemented as a single Python script that interfaces with Tor using the
+Controller interface and depends upon metadata about Tor nodes obtained
+via external processes, such as a webpage indicating status of the nodes
+plus publically available data from DNS, whois, etc. This project has
+two parts: (1) Determine which additional metadata may be useful and
+rework Blossom so that it cleanly obtains the metadata on its own rather
+than depend upon external scripts (this may, for example, involve
+additional threads or inter-process communication), and (2) develop a
+means by which the user can easily configure Blossom, starting with a
+configuration file and possibly working up to a web configuration engine.
+Knowledge of Tor and Python are important; knowledge of
+TCP, interprocess communication, and Perl will also be helpful. An
+interest in network neutrality is important as well, since the
+principles of evaluating and understanding internet inconsistency are at
+the core of the Blossom effort.
+</li>
+<li>
+<b>Improve Blossom: Allow users to qualitatively describe exit nodes they desire</b>
+<br>
+Develop and implement a means of affording Blossom
+users the ability to qualitatively describe the exit node that they
+want. The Internet is an inconsistent place: some Tor exit nodes see
+the world differently than others. As presently implemented, Blossom (a
+tool for monitoring and selecting appropriate Tor circuits based upon
+exit node requirements specified by the user) lacks a sufficiently rich
+language to describe how the different vantage points are different.
+For example, some exit nodes may have an upstream network that filters
+certain kinds of traffic or certain websites. Other exit nodes may
+provide access to special content as a result of their location, perhaps
+as a result of discrimination on the part of the content providers
+themselves. This project has two parts: (1) develop a language for
+describing characteristics of networks in which exit nodes reside, and
+(2) incorporate this language into Blossom so that users can select Tor
+paths based upon the description.
+Knowledge of Tor and Python are important; knowledge of
+TCP, interprocess communication, and Perl will also be helpful. An
+interest in network neutrality is important as well, since the
+principles of evaluating and understanding internet inconsistency are at
+the core of the Blossom effort.
+</li>
+-->
+ <!-- not really suited for GSoC; integrated into TBB for Linux/Mac OS X
+<li>
+<b>Usability testing of Tor</b>
+<br>
+Priority: <i>Medium</i>
+<br>
+Effort Level: <i>Medium</i>
+<br>
+Skill Level: <i>Low to Medium</i>
+<br>
+Likely Mentors: <i>Andrew</i>
+<br>
+Especially the browser bundle, ideally amongst our target demographic.
+That would help a lot in knowing what needs to be done in terms of bug
+fixes or new features. We get this informally at the moment, but a more
+structured process would be better.
+</li>
+-->
+ </ol>
+ <a id="OtherCoding"></a>
+ <h3><a class="anchor" href="#OtherCoding">Other Coding and Design related
+ ideas</a></h3>
+ <ol>
+ <li>Tor relays don't work well on Windows XP. On Windows, Tor uses the standard
+ <tt>select()</tt> system call, which uses space in the non-page pool.
+ This means that a medium sized Tor relay will empty the non-page pool,
+ <a
+href="https://wiki.torproject.org/noreply/TheOnionRouter/WindowsBufferProblems">causing
+ havoc and system crashes</a>. We should probably be using overlapped IO
+ instead. One solution would be to teach <a
+href="http://www.monkey.org/~provos/libevent/">libevent</a> how to use overlapped
+ IO rather than select() on Windows, and then adapt Tor to the new libevent
+ interface. Christian King made a <a href="https://svn.torproject.org/svn/libevent-urz/trunk/">good
+ start</a> on this in the summer of 2007.</li>
+ <li>We need to actually start building our <a href="documentation.html#DesignDoc">blocking-resistance
+ design</a>. This involves fleshing out the design, modifying many different
+ pieces of Tor, adapting <a href="http://vidalia-project.net/">Vidalia</a>
+ so it supports the new features, and planning for deployment.</li>
+ <li>We need a flexible simulator framework for studying end-to-end traffic
+ confirmation attacks. Many researchers have whipped up ad hoc simulators
+ to support their intuition either that the attacks work really well or
+ that some defense works great. Can we build a simulator that's clearly
+ documented and open enough that everybody knows it's giving a reasonable
+ answer? This will spur a lot of new research. See the entry <a href="#Research">below</a>
+ on confirmation attacks for details on the research side of this task
+ — who knows, when it's done maybe you can help write a paper or
+ three also.</li>
+ <li>Tor 0.1.1.x and later include support for hardware crypto accelerators
+ via OpenSSL. It has been lightly tested and is possibly very buggy. We're
+ looking for more rigorous testing, performance analysis, and optimally,
+ code fixes to openssl and Tor if needed.</li>
+ <li>Perform a security analysis of Tor with <a
+href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine if there
+ are good fuzzing libraries out there for what we want. Win fame by getting
+ credit when we put out a new release because of you!</li>
+ <li>Tor uses TCP for transport and TLS for link encryption. This is nice
+ and simple, but it means all cells on a link are delayed when a single
+ packet gets dropped, and it means we can only reasonably support TCP streams.
+ We have a <a
+href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP">list
+ of reasons why we haven't shifted to UDP transport</a>, but it would be
+ great to see that list get shorter. We also have a proposed <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/100-tor-spec-udp.txt">specification
+ for Tor and UDP</a> — please let us know what's wrong with it.</li>
+ <li>We're not that far from having IPv6 support for destination addresses
+ (at exit nodes). If you care strongly about IPv6, that's probably the
+ first place to start.</li>
+ <li>We need a way to generate the website diagrams (for example, the "How
+ Tor Works" pictures on the <a href="overview.html">overview page</a> from
+ source, so we can translate them as UTF-8 text rather than edit them by
+ hand with Gimp. We might want to integrate this as an wml file so translations
+ are easy and images are generated in multiple languages whenever we build
+ the website.</li>
+ <li>How can we make the <a
+href="http://anonymityanywhere.com/incognito/">Incognito LiveCD</a> easier to
+ maintain, improve, and document?</li>
+ </ol>
+ <a id="Research"></a>
+ <h3><a class="anchor" href="#Research">Research</a></h3>
+ <ol>
+ <li>The "website fingerprinting attack": make a list of a few hundred popular
+ websites, download their pages, and make a set of "signatures" for each
+ site. Then observe a Tor client's traffic. As you watch him receive data,
+ you quickly approach a guess about which (if any) of those sites he is
+ visiting. First, how effective is this attack on the deployed Tor codebase?
+ Then start exploring defenses: for example, we could change Tor's cell
+ size from 512 bytes to 1024 bytes, we could employ padding techniques
+ like <a
+href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>, or
+ we could add traffic delays. How much of an impact do these have, and
+ how much usability impact (using some suitable metric) is there from a
+ successful defense in each case?</li>
+ <li>The "end-to-end traffic confirmation attack": by watching traffic at
+ Alice and at Bob, we can <a
+href="http://freehaven.net/anonbib/#danezis:pet2004">compare traffic signatures
+ and become convinced that we're watching the same stream</a>. So far Tor
+ accepts this as a fact of life and assumes this attack is trivial in all
+ cases. First of all, is that actually true? How much traffic of what sort
+ of distribution is needed before the adversary is confident he has won?
+ Are there scenarios (e.g. not transmitting much) that slow down the attack?
+ Do some traffic padding or traffic shaping schemes work better than others?</li>
+ <li>A related question is: Does running a relay/bridge provide additional
+ protection against these timing attacks? Can an external adversary that
+ can't see inside TLS links still recognize individual streams reliably?
+ Does the amount of traffic carried degrade this ability any? What if the
+ client-relay deliberately delayed upstream relayed traffic to create a
+ queue that could be used to mimic timings of client downstream traffic
+ to make it look like it was also relayed? This same queue could also be
+ used for masking timings in client upstream traffic with the techniques
+ from <a
+href="http://www.freehaven.net/anonbib/#ShWa-Timing06">adaptive padding</a>, but
+ without the need for additional traffic. Would such an interleaving of
+ client upstream traffic obscure timings for external adversaries? Would
+ the strategies need to be adjusted for asymmetric links? For example,
+ on asymmetric links, is it actually possible to differentiate client traffic
+ from natural bursts due to their asymmetric capacity? Or is it easier
+ than symmetric links for some other reason?</li>
+ <li>Repeat Murdoch and Danezis's <a
+href="http://www.cl.cam.ac.uk/~sjm217/projects/anon/#torta">attack from Oakland
+ 05</a> on the current Tor network. See if you can learn why it works well
+ on some nodes and not well on others. (My theory is that the fast nodes
+ with spare capacity resist the attack better.) If that's true, then experiment
+ with the RelayBandwidthRate and RelayBandwidthBurst options to run a relay
+ that is used as a client while relaying the attacker's traffic: as we
+ crank down the RelayBandwidthRate, does the attack get harder? What's
+ the right ratio of RelayBandwidthRate to actually capacity? Or is it a
+ ratio at all? While we're at it, does a much larger set of candidate relays
+ increase the false positive rate or other complexity for the attack? (The
+ Tor network is now almost two orders of magnitude larger than it was when
+ they wrote their paper.) Be sure to read <a href="http://freehaven.net/anonbib/#clog-the-queue">Don't
+ Clog the Queue</a> too.</li>
+ <li>The "routing zones attack": most of the literature thinks of the network
+ path between Alice and her entry node (and between the exit node and Bob)
+ as a single link on some graph. In practice, though, the path traverses
+ many autonomous systems (ASes), and <a
+href="http://freehaven.net/anonbib/#feamster:wpes2004">it's not uncommon that
+ the same AS appears on both the entry path and the exit path</a>. Unfortunately,
+ to accurately predict whether a given Alice, entry, exit, Bob quad will
+ be dangerous, we need to download an entire Internet routing zone and
+ perform expensive operations on it. Are there practical approximations,
+ such as avoiding IP addresses in the same /8 network?</li>
+ <li>Other research questions regarding geographic diversity consider the
+ tradeoff between choosing an efficient circuit and choosing a random circuit.
+ Look at Stephen Rollyson's <a
+href="http://swiki.cc.gatech.edu:8080/ugResearch/uploads/7/ImprovingTor.pdf">position
+ paper</a> on how to discard particularly slow choices without hurting
+ anonymity "too much". This line of reasoning needs more work and more
+ thinking, but it looks very promising.</li>
+ <li>Tor doesn't work very well when relays have asymmetric bandwidth (e.g.
+ cable or DSL). Because Tor has separate TCP connections between each hop,
+ if the incoming bytes are arriving just fine and the outgoing bytes are
+ all getting dropped on the floor, the TCP push-back mechanisms don't really
+ transmit this information back to the incoming streams. Perhaps Tor should
+ detect when it's dropping a lot of outgoing packets, and rate-limit incoming
+ streams to regulate this itself? I can imagine a build-up and drop-off
+ scheme where we pick a conservative rate-limit, slowly increase it until
+ we get lost packets, back off, repeat. We need somebody who's good with
+ networks to simulate this and help design solutions; and/or we need to
+ understand the extent of the performance degradation, and use this as
+ motivation to reconsider UDP transport.</li>
+ <li>A related topic is congestion control. Is our current design sufficient
+ once we have heavy use? Maybe we should experiment with variable-sized
+ windows rather than fixed-size windows? That seemed to go well in an <a
+href="http://www.psc.edu/networking/projects/hpn-ssh/theory.php">ssh throughput
+ experiment</a>. We'll need to measure and tweak, and maybe overhaul if
+ the results are good.</li>
+ <li>Our censorship-resistance goals include preventing an attacker who's
+ looking at Tor traffic on the wire from <a
+href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/blocking.html#sec:network-fingerprint">distinguishing
+ it from normal SSL traffic</a>. Obviously we can't achieve perfect steganography
+ and still remain usable, but for a first step we'd like to block any attacks
+ that can win by observing only a few packets. One of the remaining attacks
+ we haven't examined much is that Tor cells are 512 bytes, so the traffic
+ on the wire may well be a multiple of 512 bytes. How much does the batching
+ and overhead in TLS records blur this on the wire? Do different buffer
+ flushing strategies in Tor affect this? Could a bit of padding help a
+ lot, or is this an attack we must accept?</li>
+ <li>Tor circuits are built one hop at a time, so in theory we have the ability
+ to make some streams exit from the second hop, some from the third, and
+ so on. This seems nice because it breaks up the set of exiting streams
+ that a given relay can see. But if we want each stream to be safe, the
+ "shortest" path should be at least 3 hops long by our current logic, so
+ the rest will be even longer. We need to examine this performance / security
+ tradeoff.</li>
+ <li>It's not that hard to DoS Tor relays or directory authorities. Are client
+ puzzles the right answer? What other practical approaches are there? Bonus
+ if they're backward-compatible with the current Tor protocol.</li>
+ <li>Programs like <a
+href="torbutton/index.html.html">Torbutton</a> aim to hide your browser's UserAgent
+ string by replacing it with a uniform answer for every Tor user. That
+ way the attacker can't splinter Tor's anonymity set by looking at that
+ header. It tries to pick a string that is commonly used by non-Tor users
+ too, so it doesn't stand out. Question one: how badly do we hurt ourselves
+ by periodically updating the version of Firefox that Torbutton claims
+ to be? If we update it too often, we splinter the anonymity sets ourselves.
+ If we don't update it often enough, then all the Tor users stand out because
+ they claim to be running a quite old version of Firefox. The answer here
+ probably depends on the Firefox versions seen in the wild. Question two:
+ periodically people ask us to cycle through N UserAgent strings rather
+ than stick with one. Does this approach help, hurt, or not matter? Consider:
+ cookies and recognizing Torbutton users by their rotating UserAgents;
+ malicious websites who only attack certain browsers; and whether the answers
+ to question one impact this answer. </li>
+ <li>Right now Tor clients are willing to reuse a given circuit for ten minutes
+ after it's first used. The goal is to avoid loading down the network with
+ too many circuit extend operations, yet to also avoid having clients use
+ the same circuit for so long that the exit node can build a useful pseudonymous
+ profile of them. Alas, ten minutes is probably way too long, especially
+ if connections from multiple protocols (e.g. IM and web browsing) are
+ put on the same circuit. If we keep fixed the overall number of circuit
+ extends that the network needs to do, are there more efficient and/or
+ safer ways for clients to allocate streams to circuits, or for clients
+ to build preemptive circuits? Perhaps this research item needs to start
+ with gathering some traces of what connections typical clients try to
+ launch, so you have something realistic to try to optimize. </li>
+ <li>How many bridge relays do you need to know to maintain reachability?
+ We should measure the churn in our bridges. If there is lots of churn,
+ are there ways to keep bridge users more likely to stay connected? </li>
+ </ol>
+ <p> <a href="contact.html.html">Let us know</a> if you've made progress on
+ any of these! </p>
+ </div>
+</div>
+<!-- #main -->
+<?php
+
+include("footer.inc.php");
+
+?>
More information about the tor-commits
mailing list