[tor-commits] r26664: {website} get rid of trailing whitespace; no actual changes (website/trunk/docs/en)
Roger Dingledine
arma at torproject.org
Sat Mar 22 18:46:25 UTC 2014
Author: arma
Date: 2014-03-22 18:46:25 +0000 (Sat, 22 Mar 2014)
New Revision: 26664
Modified:
website/trunk/docs/en/faq.wml
Log:
get rid of trailing whitespace; no actual changes
Modified: website/trunk/docs/en/faq.wml
===================================================================
--- website/trunk/docs/en/faq.wml 2014-03-22 11:02:12 UTC (rev 26663)
+++ website/trunk/docs/en/faq.wml 2014-03-22 18:46:25 UTC (rev 26664)
@@ -45,12 +45,12 @@
</a></li>
<li><a href="#Funding">What would The Tor Project do with more
funding?</a></li>
- <li><a href="#IsItWorking">How can I tell if Tor is working, and that my
+ <li><a href="#IsItWorking">How can I tell if Tor is working, and that my
connections really are anonymized?</a></li>
- <li><a href="#OutboundPorts">Do I have to open all these outbound ports
+ <li><a href="#OutboundPorts">Do I have to open all these outbound ports
on my firewall?</a></li>
<li><a href="#FTP">How do I use my browser for ftp with Tor?</a></li>
- <li><a href="#NoDataScrubbing">Does Tor remove personal information
+ <li><a href="#NoDataScrubbing">Does Tor remove personal information
from the data my application sends?</a></li>
<li><a href="#Metrics">How many people use Tor? How many relays or
exit nodes are there?</a></li>
@@ -80,7 +80,7 @@
Flash-based sites?</a></li>
<li><a href="#Ubuntu">I'm using Ubuntu, and I can't start Tor Browser.
</a></li>
- <li><a href="#UbuntuBlackedOut">I'm using Ubuntu, and I can't type
+ <li><a href="#UbuntuBlackedOut">I'm using Ubuntu, and I can't type
anything into my browser.</a></li>
<li><a href="#SophosOnMac">I'm using the Sophos anti-virus
software on my Mac, and Tor Browser won't start.</a></li>
@@ -96,37 +96,37 @@
unsafe?</a></li>
<li><a href="#TBBOtherBrowser">I want to use Chrome/IE/Opera/etc
with Tor.</a></li>
- <li><a href="#TorbuttonOtherBrowser">Will Torbutton be available
+ <li><a href="#TorbuttonOtherBrowser">Will Torbutton be available
for other browsers?</a></li>
<li><a href="#TBBCloseBrowser">I want to leave Tor Browser Bundle
running but close the browser.</a></li>
<li><a href="#GoogleCAPTCHA">Google makes me solve a CAPTCHA or tells
me I have spyware installed.</a></li>
- <li><a href="#ForeignLanguages">Why does Google show up in foreign
+ <li><a href="#ForeignLanguages">Why does Google show up in foreign
languages?</a></li>
<li><a href="#GmailWarning">Gmail warns me that my account may have
been compromised.</a></li>
- <li><a href="#NeedToUseAProxy">My internet connection requires an HTTP
+ <li><a href="#NeedToUseAProxy">My internet connection requires an HTTP
or SOCKS Proxy</a></li>
- <li><a href="#CantSetProxy">What should I do if I can't set a proxy
+ <li><a href="#CantSetProxy">What should I do if I can't set a proxy
with my application?</a></li>
</ul>
<p>Tor Browser Bundle (3.x series):</p>
<ul>
- <li><a href="#WhereDidVidaliaGo">Where did the world map (Vidalia)
+ <li><a href="#WhereDidVidaliaGo">Where did the world map (Vidalia)
go?</a></li>
<li><a href="#DisableJS">How do I disable JavaScript?</a></li>
- <li><a href="#VerifyDownload">How do I verify the download
+ <li><a href="#VerifyDownload">How do I verify the download
(sha256sums.txt)?</a></li>
<li><a href="#PluggableTransports">How do I use pluggable transports?</a></li>
- <li><a href="#NewIdentityClosingTabs">Why does "New Identity" close
+ <li><a href="#NewIdentityClosingTabs">Why does "New Identity" close
all my open tabs?</a></li>
- <li><a href="#ConfigureRelayOrBridge">How do I configure Tor as a relay
+ <li><a href="#ConfigureRelayOrBridge">How do I configure Tor as a relay
or bridge?</a></li>
<li><a href="#Timestamps">Why are the file timestamps from 2000?</a></li>
- <li><a href="#TBBSourceCode">Where is the source code for the bundle? How do
+ <li><a href="#TBBSourceCode">Where is the source code for the bundle? How do
I verify a build?</a></li>
</ul>
@@ -149,10 +149,10 @@
<li><a href="#FirewallPorts">My firewall only allows a few outgoing
ports.</a></li>
<li><a href="#DefaultExitPorts">Is there a list of default exit ports?</a></li>
- <li><a href="#WarningsAboutSOCKSandDNSInformationLeaks">I keep seeing
- these warnings about SOCKS and DNS information leaks. Should I
+ <li><a href="#WarningsAboutSOCKSandDNSInformationLeaks">I keep seeing
+ these warnings about SOCKS and DNS information leaks. Should I
worry?</a></li>
- <li><a href="#SocksAndDNS">How do I check if my application that uses
+ <li><a href="#SocksAndDNS">How do I check if my application that uses
SOCKS is leaking DNS requests?</a></li>
</ul>
@@ -161,49 +161,49 @@
<li><a href="#HowDoIDecide">How do I decide if I should run a relay?
</a></li>
- <li><a href="#WhyIsntMyRelayBeingUsedMore">Why isn't my relay being
+ <li><a href="#WhyIsntMyRelayBeingUsedMore">Why isn't my relay being
used more?</a></li>
<li><a href="#IDontHaveAStaticIP">I don't have a static IP.</a></li>
- <li><a href="#PortscannedMore">Why do I get portscanned more often
+ <li><a href="#PortscannedMore">Why do I get portscanned more often
when I run a Tor relay?</a></li>
- <li><a href="#MoreThanOneCPU">I have more than one CPU. Does this
+ <li><a href="#MoreThanOneCPU">I have more than one CPU. Does this
help?</a></li>
- <li><a href="#HighCapacityConnection">How can I get Tor to fully
+ <li><a href="#HighCapacityConnection">How can I get Tor to fully
make use of my high capacity connection?</a></li>
<li><a href="#RelayFlexible">How stable does my relay need to
be?</a></li>
- <li><a href="#BandwidthShaping">What bandwidth shaping options are
+ <li><a href="#BandwidthShaping">What bandwidth shaping options are
available to Tor relays?</a></li>
- <li><a href="#LimitTotalBandwidth">How can I limit the total amount
+ <li><a href="#LimitTotalBandwidth">How can I limit the total amount
of bandwidth used by my Tor relay?</a></li>
- <li><a href="#RelayWritesMoreThanItReads">Why does my relay write
+ <li><a href="#RelayWritesMoreThanItReads">Why does my relay write
more bytes onto the network than it reads?</a></li>
- <li><a href="#Hibernation">Why can I not browse anymore after
+ <li><a href="#Hibernation">Why can I not browse anymore after
limiting bandwidth on my Tor relay?</a></li>
<li><a href="#ExitPolicies">I'd run a relay, but I don't want to deal
with abuse issues.</a></li>
- <li><a href="#BestOSForRelay">Why doesn't my Windows (or other OS) Tor
+ <li><a href="#BestOSForRelay">Why doesn't my Windows (or other OS) Tor
relay run well?</a></li>
<li><a href="#WhatIsTheBadExitFlag">What is the BadExit flag?</a></li>
- <li><a href="#IGotTheBadExitFlagWhyDidThatHappen">I got the BadExit flag.
+ <li><a href="#IGotTheBadExitFlagWhyDidThatHappen">I got the BadExit flag.
Why did that happen?</a></li>
- <li><a href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf">My
+ <li><a href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf">My
relay recently got the Guard flag and traffic dropped by half.</a></li>
- <li><a href="#TorClientOnADifferentComputerThanMyApplications">I want to run my Tor client on a
+ <li><a href="#TorClientOnADifferentComputerThanMyApplications">I want to run my Tor client on a
different computer than my applications.</a></li>
- <li><a href="#ServerClient">Can I install Tor on a central server, and
+ <li><a href="#ServerClient">Can I install Tor on a central server, and
have my clients connect to it?</a></li>
- <li><a href="#JoinTheNetwork">So I can just configure a nickname and
+ <li><a href="#JoinTheNetwork">So I can just configure a nickname and
ORPort and join the network?</a></li>
<li><a href="#RelayOrBridge">Should I be a normal relay or bridge
relay?</a></li>
- <li><a href="#UpgradeOrMove">I want to upgrade/move my relay. How do I
+ <li><a href="#UpgradeOrMove">I want to upgrade/move my relay. How do I
keep the same key?</a></li>
<li><a href="#MultipleRelays">I want to run more than one
relay.</a></li>
<li><a href="#NTService">How do I run my Tor relay as an NT service?
</a></li>
- <li><a href="#VirtualServer">Can I run a Tor relay from my virtual server
+ <li><a href="#VirtualServer">Can I run a Tor relay from my virtual server
account?</a></li>
<li><a href="#WrongIP">My relay is picking the wrong IP address.</a></li>
<li><a href="#BehindANAT">I'm behind a NAT/Firewall</a></li>
@@ -211,7 +211,7 @@
</a></li>
<li><a href="#BetterAnonymity">Do I get better anonymity if I run a relay?
</a></li>
- <li><a href="#FacingLegalTrouble">I'm facing legal trouble. How do I
+ <li><a href="#FacingLegalTrouble">I'm facing legal trouble. How do I
prove that my server was a Tor relay at a given time?</a></li>
<li><a href="#RelayDonations">Can I donate for a relay rather than
run my own?</a></li>
@@ -227,43 +227,43 @@
<p>Development:</p>
<ul>
- <li><a href="#VersionNumbers">What do these weird version numbers
+ <li><a href="#VersionNumbers">What do these weird version numbers
mean?</a></li>
<li><a href="#PrivateTorNetwork">How do I set up my own private
Tor network?</a></li>
- <li><a href="#UseTorWithJava">How can I make my Java program use the
+ <li><a href="#UseTorWithJava">How can I make my Java program use the
Tor network?</a></li>
<li><a href="#WhatIsLibevent">What is Libevent?</a></li>
- <li><a href="#MyNewFeature">What do I need to do to get a new feature
+ <li><a href="#MyNewFeature">What do I need to do to get a new feature
into Tor?</a></li>
</ul>
<p>Anonymity and Security:</p>
<ul>
- <li><a href="#WhatProtectionsDoesTorProvide">What protections does Tor
+ <li><a href="#WhatProtectionsDoesTorProvide">What protections does Tor
provide?</a></li>
- <li><a href="#CanExitNodesEavesdrop">Can exit nodes eavesdrop on
+ <li><a href="#CanExitNodesEavesdrop">Can exit nodes eavesdrop on
communications? Isn't that bad? </a></li>
- <li><a href="#AmITotallyAnonymous">So I'm totally anonymous if I use
+ <li><a href="#AmITotallyAnonymous">So I'm totally anonymous if I use
Tor?</a></li>
<li><a href="#ExitEnclaving">What is Exit Enclaving?</a></li>
<li><a href="#KeyManagement">Tell me about all the keys Tor
uses.</a></li>
<li><a href="#EntryGuards">What are Entry Guards?</a></li>
<li><a href="#ChangePaths">How often does Tor change its paths?</a></li>
- <li><a href="#CellSize">Tor uses hundreds of bytes for every IRC line. I
+ <li><a href="#CellSize">Tor uses hundreds of bytes for every IRC line. I
can't afford that!</a></li>
- <li><a href="#OutboundConnections">Why does netstat show these outbound
+ <li><a href="#OutboundConnections">Why does netstat show these outbound
connections?</a></li>
<li><a href="#PowerfulBlockers">What about powerful blocking mechanisms
</a></li>
- <li><a href="#RemotePhysicalDeviceFingerprinting">Does Tor resist
+ <li><a href="#RemotePhysicalDeviceFingerprinting">Does Tor resist
"remote physical device fingerprinting"?</a></li>
<li><a href="#IsTorLikeAVPN">Is Tor like a VPN?</a></li>
<li><a href="#ShouldIUseTorWithAVPN">Should I use Tor with a VPN?</a></li>
- <li><a href="#Proxychains">Aren't 10 proxies (proxychains) better than
+ <li><a href="#Proxychains">Aren't 10 proxies (proxychains) better than
Tor with only 3 hops?</a></li>
- <li><a href="#AttacksOnOnionRouting">What attacks remain against onion
+ <li><a href="#AttacksOnOnionRouting">What attacks remain against onion
routing?</a></li>
<li><a href="#LearnMoreAboutAnonymity">Where can I learn more about anonymity?</a></li>
</ul>
@@ -278,23 +278,23 @@
not just TCP packets.</a></li>
<li><a href="#HideExits">You should hide the list of Tor relays,
so people can't block the exits.</a></li>
- <li><a href="#ChoosePathLength">You should let people choose their path
+ <li><a href="#ChoosePathLength">You should let people choose their path
length.</a></li>
- <li><a href="#SplitEachConnection">You should split each connection over
+ <li><a href="#SplitEachConnection">You should split each connection over
many paths.</a></li>
- <li><a href="#MigrateApplicationStreamsAcrossCircuits">You should migrate
+ <li><a href="#MigrateApplicationStreamsAcrossCircuits">You should migrate
application streams across circuits.</a></li>
- <li><a href="#LetTheNetworkPickThePath">You should let the network pick
+ <li><a href="#LetTheNetworkPickThePath">You should let the network pick
the path, not the client.</a></li>
- <li><a href="#UnallocatedNetBlocks">Your default exit policy should block
+ <li><a href="#UnallocatedNetBlocks">Your default exit policy should block
unallocated net blocks too.</a></li>
- <li><a href="#BlockWebsites">Exit policies should be able to block
+ <li><a href="#BlockWebsites">Exit policies should be able to block
websites, not just IP addresses.</a></li>
- <li><a href="#BlockContent">You should change Tor to prevent users from
+ <li><a href="#BlockContent">You should change Tor to prevent users from
posting certain content.</a></li>
<li><a href="#SendPadding">You should send padding so it's more secure.
</a></li>
- <li><a href="#Steganography">You should use steganography to hide Tor
+ <li><a href="#Steganography">You should use steganography to hide Tor
traffic.</a></li>
</ul>
@@ -442,10 +442,10 @@
can I use with Tor?</a></h3>
<p>
- If you want to use Tor with a web browser, we provide the Tor Browser
- Bundle, which includes everything you need to browse the web safely using
- Tor. If you want to use another web browser with Tor, see <a
- href="#TBBOtherBrowser">Other web browsers</a>.
+ If you want to use Tor with a web browser, we provide the Tor Browser
+ Bundle, which includes everything you need to browse the web safely using
+ Tor. If you want to use another web browser with Tor, see <a
+ href="#TBBOtherBrowser">Other web browsers</a>.
</p>
<p>
There are plenty of other programs you can use with Tor,
@@ -634,7 +634,7 @@
<a id="Forum"></a>
<h3><a class="anchor" href="#Forum">Is there a Tor forum?</a></h3>
- <p>We have a <a href="https://tor.stackexchange.com/">StackExchange
+ <p>We have a <a href="https://tor.stackexchange.com/">StackExchange
page</a> that is currently in public beta.
</p>
@@ -749,14 +749,14 @@
<hr>
<a id="FileSharing"></a>
- <h3><a class="anchor" href="#FileSharing">How can I share files
+ <h3><a class="anchor" href="#FileSharing">How can I share files
anonymously through Tor?</a></h3>
<p>
- File sharing (peer-to-peer/P2P) is widely unwanted in the Tor network,
- and exit nodes are configured to block file sharing traffic by default.
- Tor is not really designed for it, and file sharing through Tor slows
- down everyone's browsing. Also, Bittorrent over Tor <a
+ File sharing (peer-to-peer/P2P) is widely unwanted in the Tor network,
+ and exit nodes are configured to block file sharing traffic by default.
+ Tor is not really designed for it, and file sharing through Tor slows
+ down everyone's browsing. Also, Bittorrent over Tor <a
href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">
is not anonymous</a>!
</p>
@@ -893,95 +893,95 @@
<hr>
<a id="OutboundPorts"></a>
- <h3><a class="anchor" href="#OutboundPorts">Do I have to open all these
+ <h3><a class="anchor" href="#OutboundPorts">Do I have to open all these
outbound ports on my firewall?</a></h3>
<p>
- Tor may attempt to connect to any port that is advertised in the
- directory as an ORPort (for making Tor connections) or a DirPort (for
- fetching updates to the directory). There are a variety of these ports,
+ Tor may attempt to connect to any port that is advertised in the
+ directory as an ORPort (for making Tor connections) or a DirPort (for
+ fetching updates to the directory). There are a variety of these ports,
but many of them are running on 80, 443, 9001, and 9030.
</p>
<p>
- So as a client, you could probably get away with opening only those four
- ports. Since Tor does all its connections in the background, it will retry
- ones that fail, and hopefully you'll never have to know that it failed, as
- long as it finds a working one often enough. However, to get the most
- diversity in your entry nodes -- and thus the most security -- as well as
- the most robustness in your connectivity, you'll want to let it connect
+ So as a client, you could probably get away with opening only those four
+ ports. Since Tor does all its connections in the background, it will retry
+ ones that fail, and hopefully you'll never have to know that it failed, as
+ long as it finds a working one often enough. However, to get the most
+ diversity in your entry nodes -- and thus the most security -- as well as
+ the most robustness in your connectivity, you'll want to let it connect
to all of them.
</p>
<p>
- If you really need to connect to only a small set of ports, see the FAQ
+ If you really need to connect to only a small set of ports, see the FAQ
entry on <a href="#FirewallPorts">firewalled ports</a>.
</p>
<p>
- Note that if you're running Tor as a relay, you must allow outgoing
- connections to every other relay and to anywhere your exit policy
- advertises that you allow. The cleanest way to do that is simply to allow
- all outgoing connections at your firewall. If you don't, clients will try
- to use these connections and things won't work.
+ Note that if you're running Tor as a relay, you must allow outgoing
+ connections to every other relay and to anywhere your exit policy
+ advertises that you allow. The cleanest way to do that is simply to allow
+ all outgoing connections at your firewall. If you don't, clients will try
+ to use these connections and things won't work.
</p>
-
+
<hr>
-
+
<a id="IsItWorking"></a>
- <h3><a class="anchor" href="#IsItWorking">How can I tell if Tor is
+ <h3><a class="anchor" href="#IsItWorking">How can I tell if Tor is
working, and that my connections really are anonymized?</a></h3>
<p>
- There are sites you can visit that will tell you if you appear to be
+ There are sites you can visit that will tell you if you appear to be
coming through the Tor network. Try the <a href="https://check.torproject.org">
Tor Check</a> site and see whether it thinks you are using Tor or not.
</p>
<p>
- If that site is down, you can still test, but it will involve more effort.
- Sites like <a href="http://ipid.shat.net">http://ipid.shat.net</a> and
- <a href="http://www.showmyip.com/">http://www.showmyip.com/</a> will tell
- you what your IP address appears to be, but you'll need to know your
- current IP address so you can compare and decide whether you're using Tor
+ If that site is down, you can still test, but it will involve more effort.
+ Sites like <a href="http://ipid.shat.net">http://ipid.shat.net</a> and
+ <a href="http://www.showmyip.com/">http://www.showmyip.com/</a> will tell
+ you what your IP address appears to be, but you'll need to know your
+ current IP address so you can compare and decide whether you're using Tor
correctly.
</p>
<p>
- To learn your IP address on OS X, Linux, BSD, etc, run "ifconfig". On
- Windows, go to the Start menu, click Run and enter "cmd". At the command
+ To learn your IP address on OS X, Linux, BSD, etc, run "ifconfig". On
+ Windows, go to the Start menu, click Run and enter "cmd". At the command
prompt, enter "ipconfig /a".
</p>
<p>
- If you are behind a NAT or firewall, though, your IP address will be
- within the range of 10.XXX.XXX.XXX, 192.168.XXX.XXX, or 172.16.XXX.XXX -
- 172.31.XXX.XXX, which is not your public IP address. In this case, you
- should check your IP address with one of the sites above without using
- Tor, and then check again using Tor to see whether your IP address has
- changed.
+ If you are behind a NAT or firewall, though, your IP address will be
+ within the range of 10.XXX.XXX.XXX, 192.168.XXX.XXX, or 172.16.XXX.XXX -
+ 172.31.XXX.XXX, which is not your public IP address. In this case, you
+ should check your IP address with one of the sites above without using
+ Tor, and then check again using Tor to see whether your IP address has
+ changed.
</p>
-
+
<hr>
-
+
<a id="FTP"></a>
<h3><a class="anchor" href="#FTP">How do I use my browser for ftp with Tor?
</a></h3>
<p>
- Use the <a href="https://torproject.org/projects/torbrowser.html">Tor
- Browser Bundle</a>. If you want a separate application for an
- ftp client, we've heard good things about FileZilla for Windows. You can
- configure it to point to Tor as a "socks4a" proxy on "localhost" port
- "9050".
+ Use the <a href="https://torproject.org/projects/torbrowser.html">Tor
+ Browser Bundle</a>. If you want a separate application for an
+ ftp client, we've heard good things about FileZilla for Windows. You can
+ configure it to point to Tor as a "socks4a" proxy on "localhost" port
+ "9050".
</p>
<hr>
-
+
<a id="NoDataScrubbing"></a>
- <h3><a class="anchor" href="#NoDataScrubbing">Does Tor remove personal
+ <h3><a class="anchor" href="#NoDataScrubbing">Does Tor remove personal
information from the data my application sends?</a></h3>
- <p>No, it doesn't. You need to use a separate program that understands
- your application and protocol and knows how to clean or "scrub" the data
- it sends. The Tor Browser Bundle tries to keep application-level data,
- like the user-agent string, uniform for all users. The Tor Browser can't
- do anything about text that you type into forms, though. <a
- href="https://www.torproject.org/download/download-easy.html.en#warning">Be
+ <p>No, it doesn't. You need to use a separate program that understands
+ your application and protocol and knows how to clean or "scrub" the data
+ it sends. The Tor Browser Bundle tries to keep application-level data,
+ like the user-agent string, uniform for all users. The Tor Browser can't
+ do anything about text that you type into forms, though. <a
+ href="https://www.torproject.org/download/download-easy.html.en#warning">Be
careful and be smart.</a>
</p>
@@ -997,7 +997,7 @@
<hr>
<a id="SSLcertfingerprint"></a>
- <h3><a class="anchor" href="#SSLcertfingerprint">What are the SSL
+ <h3><a class="anchor" href="#SSLcertfingerprint">What are the SSL
certificate fingerprints for Tor's various websites?</a></h3>
<p>
<pre>
@@ -1033,7 +1033,7 @@
entirely on how you installed it and which operating system you
have. If you installed a package, then hopefully your package has a
way to
- uninstall itself. The Windows packages include uninstallers.
+ uninstall itself. The Windows packages include uninstallers.
</p>
<p>
@@ -1101,30 +1101,30 @@
<a id="VirusFalsePositives"></a>
<h3><a class="anchor" href="#VirusFalsePositives"></a></h3>
<p>
- Sometimes, overzealous Windows virus and spyware detectors trigger on
- some parts of the Tor Windows binary. Our best guess is that these are
- false positives — after all, the anti-virus and anti-spyware business is
- just a guessing game anyway. You should contact your vendor and explain
- that you have a program that seems to be triggering false positives. Or
+ Sometimes, overzealous Windows virus and spyware detectors trigger on
+ some parts of the Tor Windows binary. Our best guess is that these are
+ false positives — after all, the anti-virus and anti-spyware business is
+ just a guessing game anyway. You should contact your vendor and explain
+ that you have a program that seems to be triggering false positives. Or
pick a better vendor.
</p>
- <p>In the meantime, we encourage you to not just take our word for it.
- Our job is to provide the source; if you're concerned, please do
+ <p>In the meantime, we encourage you to not just take our word for it.
+ Our job is to provide the source; if you're concerned, please do
recompile it yourself.</p>
<hr>
<a id="tarballs"></a>
- <h3><a class="anchor" href="#tarballs">How do I open a .tar.gz
+ <h3><a class="anchor" href="#tarballs">How do I open a .tar.gz
or .tar.xz file?</a></h3>
<p>
Tar is a common archive utility for Unix and Linux systems. If your
- system has a mouse, you can usually open them by double clicking.
- Otherwise open a command prompt and execute</p>
+ system has a mouse, you can usually open them by double clicking.
+ Otherwise open a command prompt and execute</p>
<pre>tar xzf <FILENAME>.tar.gz</pre> or <pre>tar xJf <FILENAME>.tar.xz</pre>
<p>
- as documented on tar's man page.
+ as documented on tar's man page.
</p>
<hr>
@@ -1160,15 +1160,15 @@
local IP address</a>, and <a
href="http://epic.org/privacy/cookies/flash.html">storing their own
cookies</a>. It is possible to use a LiveCD solution such as
-or <a href="https://tails.boum.org/">The Amnesic Incognito Live System</a>
-that creates a secure, transparent proxy to protect you from proxy bypass,
-however issues with local IP address discovery and Flash cookies still remain.
+or <a href="https://tails.boum.org/">The Amnesic Incognito Live System</a>
+that creates a secure, transparent proxy to protect you from proxy bypass,
+however issues with local IP address discovery and Flash cookies still remain.
</p>
<p>
<a href="https://www.youtube.com/html5">YouTube offers experimental HTML5 video
-support</a> for many of their videos. Often you can get the HTML5 version of
-videos that don't want to play by grabbing the YouTube URL from the "Embed"
+support</a> for many of their videos. Often you can get the HTML5 version of
+videos that don't want to play by grabbing the YouTube URL from the "Embed"
code under a video's "Share" option. The link switches out a URL that looks</p>
<pre>https://www.youtube.com/watch?v=CJNxbpbHA-I</pre>
<p>to something that looks like</p>
@@ -1180,8 +1180,8 @@
<h3><a class="anchor" href="#Ubuntu">
I'm using Ubuntu and I can't start Tor Browser.</a></h3>
<p>
-Ubuntu prevents its users from executing shell scripts by clicking them,
-even when the file permissions are set correctly. For now you need to
+Ubuntu prevents its users from executing shell scripts by clicking them,
+even when the file permissions are set correctly. For now you need to
start the Tor Browser from the command line by running </p>
<pre>./start-tor-browser</pre>
<p>
@@ -1195,14 +1195,14 @@
I'm using Ubuntu, and I can't type anything into my browser.</a></h3>
<p>Another issue affecting Ubuntu users is that when Tor Browser opens, text
fields, including the address bar, are blacked out and can not be used.
-This is not so great, and we hope to include a fix in a coming release.
-In the mean time, this issue can be worked around by editing the
+This is not so great, and we hope to include a fix in a coming release.
+In the mean time, this issue can be worked around by editing the
start-tor-browser script and adding the following line below line 1:</p>
<pre>export GTK_IM_MODULE=xim</pre>
-<p>This issue is related to the version of IBUS that ships with Ubuntu.
+<p>This issue is related to the version of IBUS that ships with Ubuntu.
Some users have also reported success by executing this command</p>
<pre>ibus exit</pre>
-<p>To follow the progress of this issue, see this <a
+<p>To follow the progress of this issue, see this <a
href="https://trac.torproject.org/projects/tor/ticket/9353">bug ticket.</a>
</p>
@@ -1212,8 +1212,8 @@
<h3><a class="anchor" href="#SophosOnMac">I'm using the Sophos anti-virus
software on my Mac, and Tor Browser won't start.</a></h3>
<p>
-You'll need to modify Sophos anti-virus so that Tor can connect to the
-internet. Go to Preferences -> Web Protection -> General, and turn off
+You'll need to modify Sophos anti-virus so that Tor can connect to the
+internet. Go to Preferences -> Web Protection -> General, and turn off
the protections for "Malicious websites" and "Malicious downloads".
</p>
@@ -1273,22 +1273,22 @@
Firefox extensions?</a></h3>
<p>
-The Tor Browser is free software, so there is nothing preventing you from
-modifying it any way you like. However, we do not recommend installing any
-additional Firefox add-ons with the Tor Browser Bundle. Add-ons can break
-your anonymity in a number of ways, including browser fingerprinting and
+The Tor Browser is free software, so there is nothing preventing you from
+modifying it any way you like. However, we do not recommend installing any
+additional Firefox add-ons with the Tor Browser Bundle. Add-ons can break
+your anonymity in a number of ways, including browser fingerprinting and
bypassing proxy settings.
</p>
<p>
-Some people have suggested we include ad-blocking software or
-anti-tracking software with the Tor Browser Bundle. Right now, we do not
-think that's such a good idea. The Tor Browser Bundle aims to provide
-sufficient privacy that additional add-ons to stop ads and trackers are
-not necessary. Using add-ons like these may cause some sites to break, which
+Some people have suggested we include ad-blocking software or
+anti-tracking software with the Tor Browser Bundle. Right now, we do not
+think that's such a good idea. The Tor Browser Bundle aims to provide
+sufficient privacy that additional add-ons to stop ads and trackers are
+not necessary. Using add-ons like these may cause some sites to break, which
<a href="https://www.torproject.org/projects/torbrowser/design/#philosophy">
-we don't want to do</a>. Additionally, maintaining a list of "bad" sites that
-should be black-listed provides another opportunity to uniquely fingerprint
-users.
+we don't want to do</a>. Additionally, maintaining a list of "bad" sites that
+should be black-listed provides another opportunity to uniquely fingerprint
+users.
</p>
<hr>
@@ -1375,7 +1375,7 @@
We don't support IE, Opera or Safari and never plan to. There are too many ways that your privacy can go wrong with those browsers, and because of their closed design it is really hard for us to do anything to change these privacy problems.
</p>
<p>
-We are working with the Chrome people to modify Chrome's internals so that we can eventually support it. But for now, Firefox is the only safe choice.
+We are working with the Chrome people to modify Chrome's internals so that we can eventually support it. But for now, Firefox is the only safe choice.
</p>
<hr>
@@ -1440,29 +1440,29 @@
Why does Google show up in foreign languages?</a></h3>
<p>
- Google uses "geolocation" to determine where in the world you are, so it
- can give you a personalized experience. This includes using the language
- it thinks you prefer, and it also includes giving you different results
+ Google uses "geolocation" to determine where in the world you are, so it
+ can give you a personalized experience. This includes using the language
+ it thinks you prefer, and it also includes giving you different results
on your queries.
</p>
<p>
-If you really want to see Google in English you can click the link that
-provides that. But we consider this a feature with Tor, not a bug --- the
-Internet is not flat, and it in fact does look different depending on
-where you are. This feature reminds people of this fact. The easy way to
-avoid this "feature" is to use
+If you really want to see Google in English you can click the link that
+provides that. But we consider this a feature with Tor, not a bug --- the
+Internet is not flat, and it in fact does look different depending on
+where you are. This feature reminds people of this fact. The easy way to
+avoid this "feature" is to use
<a href="https://google.com/ncr">https://google.com/ncr</a>.
</p>
<p>
-Note that Google search URLs take name/value pairs as arguments and one
-of those names is "hl". If you set "hl" to "en" then Google will return
-search results in English regardless of what Google server you have been
-sent to. On a query this looks like:
+Note that Google search URLs take name/value pairs as arguments and one
+of those names is "hl". If you set "hl" to "en" then Google will return
+search results in English regardless of what Google server you have been
+sent to. On a query this looks like:
</p>
<pre>https://encrypted.google.com/search?q=online%20anonymity&hl=en</pre>
<p>
-Another method is to simply use your country code for accessing Google.
-This can be google.be, google.de, google.us and so on.
+Another method is to simply use your country code for accessing Google.
+This can be google.be, google.de, google.us and so on.
</p>
<hr />
<a id="GmailWarning"></a>
@@ -1514,52 +1514,52 @@
<hr>
<a id="NeedToUseAProxy"></a>
-<h3><a class="anchor" href="#NeedToUseAProxy">My internet connection
+<h3><a class="anchor" href="#NeedToUseAProxy">My internet connection
requires an HTTP or SOCKS Proxy</a></h3>
<p>
-You can set Proxy IP address, port, and authentication information in
-Tor Browser's Network Settings. If you're using Tor another way, check
-out the HTTPProxy and HTTPSProxy config options in the <a
-href="https://www.torproject.org/docs/tor-manual.html.en">man page</a>,
-and modify your torrc file accordingly. You will need an HTTP proxy for
-doing GET requests to fetch the Tor directory, and you will need an
-HTTPS proxy for doing CONNECT requests to get to Tor relays. (It's fine
-if they're the same proxy.) Tor also recognizes the torrc options
-Socks4Proxy and Socks5Proxy.
+You can set Proxy IP address, port, and authentication information in
+Tor Browser's Network Settings. If you're using Tor another way, check
+out the HTTPProxy and HTTPSProxy config options in the <a
+href="https://www.torproject.org/docs/tor-manual.html.en">man page</a>,
+and modify your torrc file accordingly. You will need an HTTP proxy for
+doing GET requests to fetch the Tor directory, and you will need an
+HTTPS proxy for doing CONNECT requests to get to Tor relays. (It's fine
+if they're the same proxy.) Tor also recognizes the torrc options
+Socks4Proxy and Socks5Proxy.
</p>
<p>
-Also read up on the HTTPProxyAuthenticator and HTTPSProxyAuthenticator
-options if your proxy requires auth. We only support basic auth currently,
-but if you need NTLM authentication, you may find <a
-href="http://archives.seul.org/or/talk/Jun-2005/msg00223.html">this post
-in the archives</a> useful.
+Also read up on the HTTPProxyAuthenticator and HTTPSProxyAuthenticator
+options if your proxy requires auth. We only support basic auth currently,
+but if you need NTLM authentication, you may find <a
+href="http://archives.seul.org/or/talk/Jun-2005/msg00223.html">this post
+in the archives</a> useful.
</p>
<p>
-If your proxies only allow you to connect to certain ports, look at the
-entry on <a href="#FirewallPorts">Firewalled clients</a> for how
-to restrict what ports your Tor will try to access.
+If your proxies only allow you to connect to certain ports, look at the
+entry on <a href="#FirewallPorts">Firewalled clients</a> for how
+to restrict what ports your Tor will try to access.
</p>
<hr>
<a id="CantSetProxy"></a>
-<h3><a class="anchor" href="#CantSetProxy">What should I do if I can't
+<h3><a class="anchor" href="#CantSetProxy">What should I do if I can't
set a proxy with my application?</a></h3>
<p>
-On Unix, we recommend you give <a
-href="https://github.com/dgoulet/torsocks/">torsocks</a> a try.
-Alternative proxifying tools like <a
-href="http://www.dest-unreach.org/socat/">socat</a> and <a
-href="http://proxychains.sourceforge.net/">proxychains</a> are also
+On Unix, we recommend you give <a
+href="https://github.com/dgoulet/torsocks/">torsocks</a> a try.
+Alternative proxifying tools like <a
+href="http://www.dest-unreach.org/socat/">socat</a> and <a
+href="http://proxychains.sourceforge.net/">proxychains</a> are also
available.</p>
-<p>
-The Windows way to force applications through Tor is less clear. <a
-href="http://freecap.ru/eng/">Some</a> <a
-href="http://www.freehaven.net/~aphex/torcap/">tools</a> have been <a
+<p>
+The Windows way to force applications through Tor is less clear. <a
+href="http://freecap.ru/eng/">Some</a> <a
+href="http://www.freehaven.net/~aphex/torcap/">tools</a> have been <a
href="http://www.crowdstrike.com/community-tools/index.html#tool-79">proposed
-</a>, but we'd also like to see further testing done here.
+</a>, but we'd also like to see further testing done here.
</p>
<hr>
@@ -1567,31 +1567,31 @@
<a id="TBB3.x"></a>
<h2><a class="anchor">Tor Browser Bundle (3.x series):</a></h2>
<a id="WhereDidVidaliaGo"></a>
- <h3><a class="anchor" href="#WhereDidVidaliaGo">Where did the world map
+ <h3><a class="anchor" href="#WhereDidVidaliaGo">Where did the world map
(Vidalia) go?</a></h3>
- <p>Vidalia has been replaced with Tor Launcher, which is a Firefox
- extension that provides similar functionality. Unfortunately, circuit
- status reporting is still missing, but we are <a
- href="https://trac.torproject.org/projects/tor/ticket/8641">working
+ <p>Vidalia has been replaced with Tor Launcher, which is a Firefox
+ extension that provides similar functionality. Unfortunately, circuit
+ status reporting is still missing, but we are <a
+ href="https://trac.torproject.org/projects/tor/ticket/8641">working
on providing it</a>. </p>
- <p>In the meantime, we are providing standalone Vidalia packages for
- people who still want the map. Windows and Linux versions are <a
+ <p>In the meantime, we are providing standalone Vidalia packages for
+ people who still want the map. Windows and Linux versions are <a
href="https://people.torproject.org/~erinn/vidalia-standalone-bundles/">
- available here</a>.</p>
+ available here</a>.</p>
- <p>To use these packages, extract them, then run the startup script.
- On Windows, this is "Start Vidalia.exe". On Linux, it is start-vidalia.
- They can be placed in a different directory from TBB (and likely should
+ <p>To use these packages, extract them, then run the startup script.
+ On Windows, this is "Start Vidalia.exe". On Linux, it is start-vidalia.
+ They can be placed in a different directory from TBB (and likely should
be). </p>
- <p>This Vidalia package will only run properly if Tor Browser has already
+ <p>This Vidalia package will only run properly if Tor Browser has already
been launched. You cannot start it before launching Tor Browser. </p>
- <p>MacOS is still under development, but in the mean time you can modify
- your TBB 2.x to be a standalone Vidalia (and then use it after starting
- TBB 3.x) by opening your TBB 2.x vidalia.conf file in an editor and
+ <p>MacOS is still under development, but in the mean time you can modify
+ your TBB 2.x to be a standalone Vidalia (and then use it after starting
+ TBB 3.x) by opening your TBB 2.x vidalia.conf file in an editor and
replacing its contents with just these lines:</p>
<pre>
@@ -1604,7 +1604,7 @@
Torrc=.
DataDirectory=.
AuthenticationMethod=cookie
- </pre>
+ </pre>
<hr>
@@ -1612,30 +1612,30 @@
<h3><a class="anchor" href="#DisableJS">How do I disable JavaScript?</a>
</h3>
- <p>Alas, Mozilla decided to get rid of the config checkbox for JavaScript
- from earlier Firefox versions. And since TBB 3.5 is based on Firefox 24
- (FF17 is unmaintained), that means TBB 3.5 doesn't have the config
+ <p>Alas, Mozilla decided to get rid of the config checkbox for JavaScript
+ from earlier Firefox versions. And since TBB 3.5 is based on Firefox 24
+ (FF17 is unmaintained), that means TBB 3.5 doesn't have the config
checkbox anymore either, which is unfortunate.</p>
- <p>The simplest way to disable JavaScript in TBB 3.5 is to click on the
- Noscript "S" (between the green onion and the address bar), and select
- "Forbid scripts globally". Note that vanilla NoScript actually whitelists
- several domains even when you try to disable scripts globally, whereas
+ <p>The simplest way to disable JavaScript in TBB 3.5 is to click on the
+ Noscript "S" (between the green onion and the address bar), and select
+ "Forbid scripts globally". Note that vanilla NoScript actually whitelists
+ several domains even when you try to disable scripts globally, whereas
Tor Browser's NoScript configuration disables all of them. </p>
- <p>The more klunky way to disable JavaScript is to go to about:config,
+ <p>The more klunky way to disable JavaScript is to go to about:config,
find javascript.enabled, and set it to false.</p>
<p>There is also a very simple addon available at addons.mozilla.org
called QuickJS, which provides a toolbar toggle for the javascript.enabled
- about:config control. There are no configuration options for the addon,
- it just switches the javascript.enabled entry between true and false and
+ about:config control. There are no configuration options for the addon,
+ it just switches the javascript.enabled entry between true and false and
provides a button for it. </p>
- <p>If you want to be extra safe, use both the about:config setting and
+ <p>If you want to be extra safe, use both the about:config setting and
NoScript. </p>
- <p>As for whether you should disable it or leave it enabled, that's <a
+ <p>As for whether you should disable it or leave it enabled, that's <a
href="#TBBJavaScriptEnabled">a tradeoff we leave to you</a>.</p>
<hr>
@@ -1644,31 +1644,31 @@
<h3><a class="anchor" href="#VerifyDownload">How do I verify the download
(sha256sums.txt)?</a></h3>
- <p>You can still verify your Tor Browser download by downloading the
- signature file (.asc) along with your package and <a
+ <p>You can still verify your Tor Browser download by downloading the
+ signature file (.asc) along with your package and <a
href="https://www.torproject.org/docs/verifying-signatures.html.en">
- checking the GPG signature</a> as before. We now have an additional
- verification method that allows you to verify the build as well as
+ checking the GPG signature</a> as before. We now have an additional
+ verification method that allows you to verify the build as well as
the download.</p>
<ul>
<li>Download the Tor Browser package, the sha256sums.txt file, and the
- sha256sums signature files. They can all be found in the same directory
+ sha256sums signature files. They can all be found in the same directory
under <a href="https://www.torproject.org/dist/torbrowser/">
- https://www.torproject.org/dist/torbrowser/</a>, for example in 3.5
+ https://www.torproject.org/dist/torbrowser/</a>, for example in 3.5
for TBB 3.5.</li>
- <li>Retrieve the signers' GPG keys. This can be done from the command
- line by entering something like
+ <li>Retrieve the signers' GPG keys. This can be done from the command
+ line by entering something like
<pre>gpg --keyserver keys.mozilla.org --recv-keys 0x29846B3C683686CC</pre>
- (This will bring you developer Mike Perry's public key. Other
+ (This will bring you developer Mike Perry's public key. Other
developers' key IDs can be found on
- <a href="https://www.torproject.org/docs/signing-keys.html.en">this
+ <a href="https://www.torproject.org/docs/signing-keys.html.en">this
page</a>.)</li>
<li>Verify the sha256sums.txt file by executing this command:
<pre>gpg --verify <NAME OF THE SIGNATURE FILE>.asc sha256sums.txt</pre></li>
- <li>You should see a message like "Good signature from <DEVELOPER
+ <li>You should see a message like "Good signature from <DEVELOPER
NAME>". If you don't, there is a problem. Try these steps again.</li>
- <li>Now you can take the sha256sum of the Tor Browser package. On
+ <li>Now you can take the sha256sum of the Tor Browser package. On
Windows you can use the <a href="http://md5deep.sourceforge.net/">
hashdeep utility</a> and run
<pre>C:\location\where\you\saved\hashdeep -c sha256sum <TOR BROWSER FILE NAME>.exe</pre>
@@ -1677,15 +1677,15 @@
<li>Open sha256sums.txt in a text editor.</li>
<li>Locate the name of the Tor Browser file you downloaded.</li>
<li>Compare the string of letters and numbers to the left of your
- filename with the string of letters and numbers that appeared
- on your command line. If they match, you've successfully verified the
- build.</li>
+ filename with the string of letters and numbers that appeared
+ on your command line. If they match, you've successfully verified the
+ build.</li>
</ul>
<p><a href="https://github.com/isislovecruft/scripts/blob/master/verify-gitian-builder-signatures">
- Scripts</a> to <a
+ Scripts</a> to <a
href="http://tor.stackexchange.com/questions/648/how-to-verify-tor-browser-bundle-tbb-3-x">automate
- </a> these steps have been written, but to use them you will need to
+ </a> these steps have been written, but to use them you will need to
modify them yourself with the latest Tor Browser Bundle filename.</p>
<hr>
@@ -1694,26 +1694,26 @@
<h3><a class="anchor" href="#PluggableTransports">How do I use pluggable transports?</a></h3>
<p>
- For now, the Pluggable Transports-capable TBB is still a separate
- unofficial package. Download them <a
+ For now, the Pluggable Transports-capable TBB is still a separate
+ unofficial package. Download them <a
href="https://people.torproject.org/~dcf/pt-bundle/3.5-pt20131217/">
here</a>. We hope to have combined packages available in a beta soon.
</p>
<p>
- The separate Pluggable Transports-capable TBB is different from the
- Pluggable Transports bundles that have been released in the past.
- They include the programs necessary to use obfsproxy and flash proxy,
- but the pluggable transports are not enabled by default. You must
- enable them manually by adding Bridge lines to the torrc file.
- (Please see ticket <a
- href="https://trac.torproject.org/projects/tor/ticket/10418">#10418</a>
+ The separate Pluggable Transports-capable TBB is different from the
+ Pluggable Transports bundles that have been released in the past.
+ They include the programs necessary to use obfsproxy and flash proxy,
+ but the pluggable transports are not enabled by default. You must
+ enable them manually by adding Bridge lines to the torrc file.
+ (Please see ticket <a
+ href="https://trac.torproject.org/projects/tor/ticket/10418">#10418</a>
for how we hope to make it easier to do in the future.)
</p>
<p>
- To enable <b>obfsproxy</b>, edit the file called Data/Tor/torrc inside the
- bundle and add the lines:
+ To enable <b>obfsproxy</b>, edit the file called Data/Tor/torrc inside the
+ bundle and add the lines:
</p>
<pre>
@@ -1730,8 +1730,8 @@
Bridge obfs2 128.31.0.34:1051 CA7434F14A898C7D3427B8295A7F83446BC7F496
</pre>
<p>
- To enable <b>flash proxy</b>, edit the file called Data/Tor/torrc inside the
- bundle and add the line:
+ To enable <b>flash proxy</b>, edit the file called Data/Tor/torrc inside the
+ bundle and add the line:
</p>
<pre>
Bridge flashproxy 0.0.1.0:1
@@ -1740,12 +1740,12 @@
<hr>
<a id="NewIdentityClosingTabs"></a>
- <h3><a class="anchor" href="#NewIdentityClosingTabs">Why does "New
+ <h3><a class="anchor" href="#NewIdentityClosingTabs">Why does "New
Identity" close all my open tabs?</a></h3>
<p>
- That's actually a feature, since it's discarding your application-level
- browser data too. But it sure is a surprising feature, for people who
+ That's actually a feature, since it's discarding your application-level
+ browser data too. But it sure is a surprising feature, for people who
are used to Vidalia's "new identity" behavior.
</p>
@@ -1770,26 +1770,26 @@
<h3><a class="anchor" href="#ConfigureRelayOrBridge">How do I configure Tor as a relay or bridge?</a></h3>
<p>
- You've got three options.
+ You've got three options.
</p>
<p>
- First (best option), if you're on Linux, you can install the system
- Tor package (e.g. apt-get install tor) and then set it up to be a relay
- (<a href="https://www.torproject.org/docs/tor-relay-debian">instructions</a>).
+ First (best option), if you're on Linux, you can install the system
+ Tor package (e.g. apt-get install tor) and then set it up to be a relay
+ (<a href="https://www.torproject.org/docs/tor-relay-debian">instructions</a>).
You can then use TBB independent of that.
</p>
<p>
- Second (simpler option), if you're on Windows, you can fetch the separate
- "Vidalia relay bundle" or "Vidalia bridge bundle" from the download page
- and then use that (again you can use TBB independent of it).
+ Second (simpler option), if you're on Windows, you can fetch the separate
+ "Vidalia relay bundle" or "Vidalia bridge bundle" from the download page
+ and then use that (again you can use TBB independent of it).
</p>
<p>
- Third (complex option), you can either hook your Vidalia up to TBB (as
- described in the FAQ above) or edit your torrc file (in Data/Tor/torrc)
- directly to add the following lines:
+ Third (complex option), you can either hook your Vidalia up to TBB (as
+ described in the FAQ above) or edit your torrc file (in Data/Tor/torrc)
+ directly to add the following lines:
</p>
<pre>
ORPort 443
@@ -1797,36 +1797,36 @@
BridgeRelay 1 # only add this line if you want to be a bridge
</pre>
<p>
- If you've installed <a
- href="https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#instructions">Obfsproxy</a>,
+ If you've installed <a
+ href="https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#instructions">Obfsproxy</a>,
you'll need to add one more line:
</p>
<pre>
ServerTransportPlugin obfs3 exec /usr/bin/obfsproxy managed
</pre>
<p>
- This third option is pretty klunky right now; see e.g. <a
- href="https://trac.torproject.org/projects/tor/ticket/10449">this bug</a>;
- but we're hoping it will become an easy option in the future.
+ This third option is pretty klunky right now; see e.g. <a
+ href="https://trac.torproject.org/projects/tor/ticket/10449">this bug</a>;
+ but we're hoping it will become an easy option in the future.
</p>
<hr>
<a id="Timestamps"></a>
- <h3><a class="anchor" href="#Timestamps">Why are the file timestamps
+ <h3><a class="anchor" href="#Timestamps">Why are the file timestamps
from 2000?</a></h3>
- <p>One of the huge new features in TBB 3.x is the "deterministic build"
- process, which allows many people to build the Tor Browser Bundle and
- verify that they all make exactly the same package. See Mike's <a
- href="https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise">first
- blog</a> post for the motivation, and his <a
+ <p>One of the huge new features in TBB 3.x is the "deterministic build"
+ process, which allows many people to build the Tor Browser Bundle and
+ verify that they all make exactly the same package. See Mike's <a
+ href="https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise">first
+ blog</a> post for the motivation, and his <a
href="https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details">second
- blog post</a> for the technical details of how we do it.
+ blog post</a> for the technical details of how we do it.
</p>
- <p>Part of creating identical builds is having everybody use the same
- timestamp. Mike picked the beginning of 2000 for that time. The reason
+ <p>Part of creating identical builds is having everybody use the same
+ timestamp. Mike picked the beginning of 2000 for that time. The reason
you might see 7pm in 1999 is because of time zones. </p>
<hr>
@@ -1851,14 +1851,14 @@
<p>
Tor installs a text file called torrc that contains configuration
instructions for how your Tor program should behave. The default
-configuration should work fine for most Tor users.
+configuration should work fine for most Tor users.
</p>
<p>
If you installed Tor Browser Bundle, look for
-<code>Data/Tor/torrc</code> inside your Tor Browser Bundle directory.
-On OS X, you must right-click or command-click on the browser bundle icon,
-and select "Show Package Contents" before the Tor Browser directories become
-visible.
+<code>Data/Tor/torrc</code> inside your Tor Browser Bundle directory.
+On OS X, you must right-click or command-click on the browser bundle icon,
+and select "Show Package Contents" before the Tor Browser directories become
+visible.
</p>
<p>
Tor puts the torrc file in <code>/usr/local/etc/tor/torrc</code> if you compiled tor from source, and <code>/etc/tor/torrc</code> or <code>/etc/torrc</code> if you installed a pre-built package.</p>
@@ -1872,10 +1872,10 @@
<p>
For other configuration options you can use, see the <a href="<page
-docs/tor-manual>">Tor manual page</a>. Have a look at <a
+docs/tor-manual>">Tor manual page</a>. Have a look at <a
href="https://gitweb.torproject.org/tor.git/blob/HEAD:/src/config/torrc.sample.in">
-the sample torrc file</a> for hints on common configurations. Remember, all
-lines beginning with # in torrc are treated as comments and have no effect
+the sample torrc file</a> for hints on common configurations. Remember, all
+lines beginning with # in torrc are treated as comments and have no effect
on Tor's configuration.
</p>
@@ -1945,38 +1945,38 @@
<h3><a class="anchor" href="#LogLevel">What log level should I use?</a></h3>
<p>
-There are five log levels (also called "log severities") you might see in
+There are five log levels (also called "log severities") you might see in
Tor's logs:
</p>
<ul>
- <li>"err": something bad just happened, and we can't recover. Tor will
+ <li>"err": something bad just happened, and we can't recover. Tor will
exit.</li>
- <li>"warn": something bad happened, but we're still running. The bad
- thing might be a bug in the code, some other Tor process doing something
- unexpected, etc. The operator should examine the message and try to
+ <li>"warn": something bad happened, but we're still running. The bad
+ thing might be a bug in the code, some other Tor process doing something
+ unexpected, etc. The operator should examine the message and try to
correct the problem.</li>
<li>"notice": something the operator will want to know about.</li>
- <li>"info": something happened (maybe bad, maybe ok), but there's
+ <li>"info": something happened (maybe bad, maybe ok), but there's
nothing you need to (or can) do about it.</li>
- <li>"debug": for everything louder than info. It is quite loud indeed.</li>
+ <li>"debug": for everything louder than info. It is quite loud indeed.</li>
</ul>
<p>
-Alas, some of the warn messages are hard for ordinary users to correct -- the
-developers are slowly making progress at making Tor automatically react
+Alas, some of the warn messages are hard for ordinary users to correct -- the
+developers are slowly making progress at making Tor automatically react
correctly for each situation.
</p>
<p>
-We recommend running at the default, which is "notice". You will hear about
+We recommend running at the default, which is "notice". You will hear about
important things, and you won't hear about unimportant things.
</p>
<p>
-Tor relays in particular should avoid logging at info or debug in normal
-operation, since they might end up recording sensitive information in
-their logs.
+Tor relays in particular should avoid logging at info or debug in normal
+operation, since they might end up recording sensitive information in
+their logs.
</p>
<hr>
@@ -2034,84 +2034,84 @@
<a id="TorCrash"></a>
<h3><a class="anchor" href="#TorCrash">My Tor keeps crashing.</a></h3>
<p>
- We want to hear from you! There are supposed to be zero crash bugs in Tor.
- This FAQ entry describes the best way for you to be helpful to us. But even
- if you can't work out all the details, we still want to hear about it, so
- we can help you track it down.
+ We want to hear from you! There are supposed to be zero crash bugs in Tor.
+ This FAQ entry describes the best way for you to be helpful to us. But even
+ if you can't work out all the details, we still want to hear about it, so
+ we can help you track it down.
</p>
<p>
-First, make sure you're using the latest version of Tor (either the latest
-stable or the latest development version).
+First, make sure you're using the latest version of Tor (either the latest
+stable or the latest development version).
</p>
<p>
-Second, make sure your version of libevent is new enough. We recommend at
-least libevent 1.3a.
+Second, make sure your version of libevent is new enough. We recommend at
+least libevent 1.3a.
</p>
<p>
-Third, see if there's already an entry for your bug in the <a
-href="https://bugs.torproject.org/">Tor bugtracker</a>. If so,
-check if there are any new details that you can add.
+Third, see if there's already an entry for your bug in the <a
+href="https://bugs.torproject.org/">Tor bugtracker</a>. If so,
+check if there are any new details that you can add.
</p>
<p>
-Fourth, is the crash repeatable? Can you cause the crash? Can
-you isolate some of the circumstances or config options that
-make it happen? How quickly or often does the bug show up?
-Can you check if it happens with other versions of Tor, for
-example the latest stable release?
+Fourth, is the crash repeatable? Can you cause the crash? Can
+you isolate some of the circumstances or config options that
+make it happen? How quickly or often does the bug show up?
+Can you check if it happens with other versions of Tor, for
+example the latest stable release?
</p>
<p>
-Fifth, what sort of crash do you get?
+Fifth, what sort of crash do you get?
</p>
<ul>
<li>
-Does your Tor log include an "assert failure"? If so, please
-tell us that line, since it helps us figure out what's going on.
-Tell us the previous couple of log messages as well, especially
-if they seem important.
+Does your Tor log include an "assert failure"? If so, please
+tell us that line, since it helps us figure out what's going on.
+Tell us the previous couple of log messages as well, especially
+if they seem important.
</li>
<li>
-If it says "Segmentation fault - core dumped" then you need to
-do a bit more to track it down. Look for a file like "core" or
-"tor.core" or "core.12345" in your current directory, or in your
-Data Directory. If it's there, run "gdb tor core" and then "bt",
-and include the output. If you can't find a core, run "ulimit -c
-unlimited", restart Tor, and try to make it crash again. (This core
-thing will only work on Unix -- alas, tracking down bugs on Windows
-is harder. If you're on Windows, can you get somebody to duplicate
+If it says "Segmentation fault - core dumped" then you need to
+do a bit more to track it down. Look for a file like "core" or
+"tor.core" or "core.12345" in your current directory, or in your
+Data Directory. If it's there, run "gdb tor core" and then "bt",
+and include the output. If you can't find a core, run "ulimit -c
+unlimited", restart Tor, and try to make it crash again. (This core
+thing will only work on Unix -- alas, tracking down bugs on Windows
+is harder. If you're on Windows, can you get somebody to duplicate
your bug on Unix?)
</li>
<li>
-If Tor simply vanishes mysteriously, it probably is a segmentation
-fault but you're running Tor in the background (as a daemon) so you
-won't notice. Go look at the end of your log file, and look for a
-core file as above. If you don't find any good hints, you should
-consider running Tor in the foreground (from a shell) so you can
-see how it dies. Warning: if you switch to running Tor in the foreground,
-you might start using a different torrc file, with a different default
-Data Directory; see the <a href="#UpgradeOrMove">relay-upgrade FAQ entry</a>
-for details.
+If Tor simply vanishes mysteriously, it probably is a segmentation
+fault but you're running Tor in the background (as a daemon) so you
+won't notice. Go look at the end of your log file, and look for a
+core file as above. If you don't find any good hints, you should
+consider running Tor in the foreground (from a shell) so you can
+see how it dies. Warning: if you switch to running Tor in the foreground,
+you might start using a different torrc file, with a different default
+Data Directory; see the <a href="#UpgradeOrMove">relay-upgrade FAQ entry</a>
+for details.
</li>
<li>
-If it's still vanishing mysteriously, perhaps something else is killing it?
-Do you have resource limits (ulimits) configured that kill off processes
-sometimes? (This is especially common on OpenBSD.) On Linux, try running
-"dmesg" to see if the out-of-memory killer removed your process. (Tor will
-exit cleanly if it notices that it's run out of memory, but in some cases
-it might not have time to notice.) In very rare circumstances, hardware
-problems could also be the culprit.
+If it's still vanishing mysteriously, perhaps something else is killing it?
+Do you have resource limits (ulimits) configured that kill off processes
+sometimes? (This is especially common on OpenBSD.) On Linux, try running
+"dmesg" to see if the out-of-memory killer removed your process. (Tor will
+exit cleanly if it notices that it's run out of memory, but in some cases
+it might not have time to notice.) In very rare circumstances, hardware
+problems could also be the culprit.
</li>
</ul>
<p>
-Sixth, if the above ideas don't point out the bug, consider increasing your
-log level to "loglevel debug". You can look at the log-configuration FAQ
-entry for instructions on what to put in your torrc file. If it usually
-takes a long time for the crash to show up, you will want to reserve a whole
-lot of disk space for the debug log. Alternatively, you could just send
-debug-level logs to the screen (it's called "stdout" in the torrc), and then
-when it crashes you'll see the last couple of log lines it had printed.
-(Note that running with verbose logging like this will slow Tor down
-considerably, and note also that it's generally not a good idea security-wise
-to keep logs like this sitting around.)
+Sixth, if the above ideas don't point out the bug, consider increasing your
+log level to "loglevel debug". You can look at the log-configuration FAQ
+entry for instructions on what to put in your torrc file. If it usually
+takes a long time for the crash to show up, you will want to reserve a whole
+lot of disk space for the debug log. Alternatively, you could just send
+debug-level logs to the screen (it's called "stdout" in the torrc), and then
+when it crashes you'll see the last couple of log lines it had printed.
+(Note that running with verbose logging like this will slow Tor down
+considerably, and note also that it's generally not a good idea security-wise
+to keep logs like this sitting around.)
</p>
<hr />
@@ -2211,12 +2211,12 @@
up your anonymity in ways we don't understand.
</p>
<p>
- Note also that not every circuit is used to deliver traffic outside of
- the Tor network. It is normal to see non-exit circuits (such as those
- used to connect to hidden services, those that do directory fetches,
- those used for relay reachability self-tests, and so on) that end at
- a non-exit node. To keep a node from being used entirely, see
- <tt>ExcludeNodes</tt> and <tt>StrictNodes</tt> in the
+ Note also that not every circuit is used to deliver traffic outside of
+ the Tor network. It is normal to see non-exit circuits (such as those
+ used to connect to hidden services, those that do directory fetches,
+ those used for relay reachability self-tests, and so on) that end at
+ a non-exit node. To keep a node from being used entirely, see
+ <tt>ExcludeNodes</tt> and <tt>StrictNodes</tt> in the
<a href="<page docs/tor-manual>">manual</a>.
</p>
<p>
@@ -2272,13 +2272,13 @@
<hr>
<a id="DefaultExitPorts"></a>
- <h3><a class="anchor" href="#DefaultExitPorts">Is there a list of default exit
+ <h3><a class="anchor" href="#DefaultExitPorts">Is there a list of default exit
ports?</a></h3>
<p>
-The default open ports are listed below but keep in mind that, any port or
-ports can be opened by the relay operator by configuring it in torrc or
-modifying the source code. But the default according to src/or/policies.c
-from the source code release tor-0.2.4.16-rc is:
+The default open ports are listed below but keep in mind that, any port or
+ports can be opened by the relay operator by configuring it in torrc or
+modifying the source code. But the default according to src/or/policies.c
+from the source code release tor-0.2.4.16-rc is:
</p>
<pre>
reject 0.0.0.0/8
@@ -2300,119 +2300,119 @@
accept *:*
</pre>
<p>
- A relay will block access to its own IP address, as well local network
- IP addresses. A relay always blocks itself by default. This prevents
- Tor users from accidentally accessing any of the exit operator's local
- services.
+ A relay will block access to its own IP address, as well local network
+ IP addresses. A relay always blocks itself by default. This prevents
+ Tor users from accidentally accessing any of the exit operator's local
+ services.
</p>
<hr>
<a id="WarningsAboutSOCKSandDNSInformationLeaks"></a>
- <h3><a class="anchor" href="#WarningsAboutSOCKSandDNSInformationLeaks">I
- keep seeing these warnings about SOCKS and DNS information leaks.
+ <h3><a class="anchor" href="#WarningsAboutSOCKSandDNSInformationLeaks">I
+ keep seeing these warnings about SOCKS and DNS information leaks.
Should I worry?</a></h3>
<p>
- The warning is:
+ The warning is:
</p>
<p>
- Your application (using socks5 on port %d) is giving Tor only an IP
- address. Applications that do DNS resolves themselves may leak
- information. Consider using Socks4A (e.g. via Polipo or socat) instead.
+ Your application (using socks5 on port %d) is giving Tor only an IP
+ address. Applications that do DNS resolves themselves may leak
+ information. Consider using Socks4A (e.g. via Polipo or socat) instead.
</p>
<p>
- If you are running Tor to get anonymity, and you are worried about an
- attacker who is even slightly clever, then yes, you should worry. Here's why.
+ If you are running Tor to get anonymity, and you are worried about an
+ attacker who is even slightly clever, then yes, you should worry. Here's why.
</p>
<p>
- <b>The Problem.</b> When your applications connect to servers on the
- Internet, they need to resolve hostnames that you can read (like
- www.torproject.org) into IP addresses that the Internet can use (like
- 209.237.230.66). To do this, your application sends a request to a DNS
- server, telling it the hostname it wants to resolve. The DNS server
- replies by telling your application the IP address.
+ <b>The Problem.</b> When your applications connect to servers on the
+ Internet, they need to resolve hostnames that you can read (like
+ www.torproject.org) into IP addresses that the Internet can use (like
+ 209.237.230.66). To do this, your application sends a request to a DNS
+ server, telling it the hostname it wants to resolve. The DNS server
+ replies by telling your application the IP address.
</p>
<p>
- Clearly, this is a bad idea if you plan to connect to the remote host
- anonymously: when your application sends the request to the DNS server,
- the DNS server (and anybody else who might be watching) can see what
- hostname you are asking for. Even if your application then uses Tor to
- connect to the IP anonymously, it will be pretty obvious that the user
- making the anonymous connection is probably the same person who made
- the DNS request.
+ Clearly, this is a bad idea if you plan to connect to the remote host
+ anonymously: when your application sends the request to the DNS server,
+ the DNS server (and anybody else who might be watching) can see what
+ hostname you are asking for. Even if your application then uses Tor to
+ connect to the IP anonymously, it will be pretty obvious that the user
+ making the anonymous connection is probably the same person who made
+ the DNS request.
</p>
<p>
- <b>Where SOCKS comes in.</b> Your application uses the SOCKS protocol
- to connect to your local Tor client. There are 3 versions of SOCKS you
- are likely to run into: SOCKS 4 (which only uses IP addresses), SOCKS 5
- (which usually uses IP addresses in practice), and SOCKS 4a (which uses
- hostnames).
+ <b>Where SOCKS comes in.</b> Your application uses the SOCKS protocol
+ to connect to your local Tor client. There are 3 versions of SOCKS you
+ are likely to run into: SOCKS 4 (which only uses IP addresses), SOCKS 5
+ (which usually uses IP addresses in practice), and SOCKS 4a (which uses
+ hostnames).
</p>
<p>
- When your application uses SOCKS 4 or SOCKS 5 to give Tor an IP address,
- Tor guesses that it 'probably' got the IP address non-anonymously from a
- DNS server. That's why it gives you a warning message: you probably aren't
- as anonymous as you think.
+ When your application uses SOCKS 4 or SOCKS 5 to give Tor an IP address,
+ Tor guesses that it 'probably' got the IP address non-anonymously from a
+ DNS server. That's why it gives you a warning message: you probably aren't
+ as anonymous as you think.
</p>
<p>
- <b>So what can I do?</b> We describe a few solutions below.
+ <b>So what can I do?</b> We describe a few solutions below.
</p>
<ul>
<li>If your application speaks SOCKS 4a, use it. </li>
- <li>If you only need one or two hosts, or you are good at programming,
- you may be able to get a socks-based port-forwarder like socat to work
- for you; see <a
- href="https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO">the
+ <li>If you only need one or two hosts, or you are good at programming,
+ you may be able to get a socks-based port-forwarder like socat to work
+ for you; see <a
+ href="https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO">the
Torify HOWTO</a> for examples. </li>
- <li>Tor ships with a program called tor-resolve that can use the Tor
- network to look up hostnames remotely; if you resolve hostnames to IPs
- with tor-resolve, then pass the IPs to your applications, you'll be fine.
+ <li>Tor ships with a program called tor-resolve that can use the Tor
+ network to look up hostnames remotely; if you resolve hostnames to IPs
+ with tor-resolve, then pass the IPs to your applications, you'll be fine.
(Tor will still give the warning, but now you know what it means.) </li>
<!-- I'm not sure if this project is still maintained or not
<li>You can use TorDNS as a local DNS server to rectify the DNS leakage. See the Torify HOWTO for info on how to run particular applications anonymously. </li>
!-->
</ul>
- <p>If you think that you applied one of the solutions properly but still
- experience DNS leaks please verify there is no third-party application
- using DNS independently of Tor. Please see <a
- href="#AmITotallyAnonymous">the FAQ entry on whether you're really
- absolutely anonymous using Tor</a> for some examples.
+ <p>If you think that you applied one of the solutions properly but still
+ experience DNS leaks please verify there is no third-party application
+ using DNS independently of Tor. Please see <a
+ href="#AmITotallyAnonymous">the FAQ entry on whether you're really
+ absolutely anonymous using Tor</a> for some examples.
</p>
<hr>
<a id="SocksAndDNS"></a>
- <h3><a class="anchor" href="#SocksAndDNS">How do I check if my application that uses
+ <h3><a class="anchor" href="#SocksAndDNS">How do I check if my application that uses
SOCKS is leaking DNS requests?</a></h3>
<p>
- These are two steps you need to take here. The first is to make sure
- that it's using the correct variant of the SOCKS protocol, and the
- second is to make sure that there aren't other leaks.
+ These are two steps you need to take here. The first is to make sure
+ that it's using the correct variant of the SOCKS protocol, and the
+ second is to make sure that there aren't other leaks.
</p>
<p>
- Step one: add "TestSocks 1" to your torrc file, and then watch your
- logs as you use your application. Tor will then log, for each SOCKS
- connection, whether it was using a 'good' variant or a 'bad' one.
- (If you want to automatically disable all 'bad' variants, set
- "SafeSocks 1" in your <a href="#torrc">torrc</a> file.)
+ Step one: add "TestSocks 1" to your torrc file, and then watch your
+ logs as you use your application. Tor will then log, for each SOCKS
+ connection, whether it was using a 'good' variant or a 'bad' one.
+ (If you want to automatically disable all 'bad' variants, set
+ "SafeSocks 1" in your <a href="#torrc">torrc</a> file.)
</p>
<p>
- Step two: even if your application is using the correct variant of
- the SOCKS protocol, there is still a risk that it could be leaking
- DNS queries. This problem happens in Firefox extensions that resolve
- the destination hostname themselves, for example to show you its IP
- address, what country it's in, etc. These applications may use a safe
- SOCKS variant when actually making connections, but they still do DNS
- resolves locally. If you suspect your application might behave like
- this, you should use a network sniffer like <a
- href="https://www.wireshark.org/">Wireshark</a> and look for
- suspicious outbound DNS requests. I'm afraid the details of how to look
- for these problems are beyond the scope of a FAQ entry though -- find
- a friend to help if you have problems.
+ Step two: even if your application is using the correct variant of
+ the SOCKS protocol, there is still a risk that it could be leaking
+ DNS queries. This problem happens in Firefox extensions that resolve
+ the destination hostname themselves, for example to show you its IP
+ address, what country it's in, etc. These applications may use a safe
+ SOCKS variant when actually making connections, but they still do DNS
+ resolves locally. If you suspect your application might behave like
+ this, you should use a network sniffer like <a
+ href="https://www.wireshark.org/">Wireshark</a> and look for
+ suspicious outbound DNS requests. I'm afraid the details of how to look
+ for these problems are beyond the scope of a FAQ entry though -- find
+ a friend to help if you have problems.
</p>
<hr>
@@ -2421,103 +2421,103 @@
<h2><a class="anchor">Running a Tor relay:</a></h2>
<a id="HowDoIDecide"></a>
- <h3><a class="anchor" href="#HowDoIDecide">How do I decide if I should
+ <h3><a class="anchor" href="#HowDoIDecide">How do I decide if I should
run a relay?</a></h3>
<p>
- We're looking for people with reasonably reliable Internet connections,
- that have at least 20 kilobytes/second each way. If that's you, please
- consider <a href="https://www.torproject.org/docs/tor-relay-debian">helping
- out</a>.
+ We're looking for people with reasonably reliable Internet connections,
+ that have at least 20 kilobytes/second each way. If that's you, please
+ consider <a href="https://www.torproject.org/docs/tor-relay-debian">helping
+ out</a>.
</p>
-
+
<hr>
-
+
<a id="WhyIsntMyRelayBeingUsedMore"></a>
- <h3><a class="anchor" href="#WhyIsntMyRelayBeingUsedMore">Why isn't my
+ <h3><a class="anchor" href="#WhyIsntMyRelayBeingUsedMore">Why isn't my
relay being used more?</a></h3>
<p>
- If your relay is relatively new then give it time. Tor decides which
- relays it uses heuristically based on reports from Bandwidth
- Authorities. These authorities take measurements of your relay's
- capacity and, over time, directs more traffic there until it reaches
- an optimal load. The lifecycle of a new relay is explained in more
+ If your relay is relatively new then give it time. Tor decides which
+ relays it uses heuristically based on reports from Bandwidth
+ Authorities. These authorities take measurements of your relay's
+ capacity and, over time, directs more traffic there until it reaches
+ an optimal load. The lifecycle of a new relay is explained in more
depth in <a href="https://blog.torproject.org/blog/lifecycle-of-a-new-relay">
this blog post</a>.
</p>
<p>
- If you've been running a relay for a while and still having issues
+ If you've been running a relay for a while and still having issues
then try asking on the <a href=
"https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays/">
- tor-relays list</a>.
+ tor-relays list</a>.
</p>
-
+
<hr>
<a id="IDontHaveAStaticIP"></a>
- <h3><a class="anchor" href="#IDontHaveAStaticIP">I don't have a static
+ <h3><a class="anchor" href="#IDontHaveAStaticIP">I don't have a static
IP.</a></h3>
<p>
- Tor can handle relays with dynamic IP addresses just fine. Just leave
- the "Address" line in your torrc blank, and Tor will guess.
+ Tor can handle relays with dynamic IP addresses just fine. Just leave
+ the "Address" line in your torrc blank, and Tor will guess.
</p>
<hr>
<a id="PortscannedMore"></a>
- <h3><a class="anchor" href="#PortscannedMore">Why do I get portscanned
+ <h3><a class="anchor" href="#PortscannedMore">Why do I get portscanned
more often when I run a Tor relay?</a></h3>
<p>
- If you allow exit connections, some services that people connect to
- from your relay will connect back to collect more information about you.
- For example, some IRC servers connect back to your identd port to record
- which user made the connection. (This doesn't really work for them,
- because Tor doesn't know this information, but they try anyway.) Also,
- users exiting from you might attract the attention of other users on the
- IRC server, website, etc. who want to know more about the host they're
- relaying through.
+ If you allow exit connections, some services that people connect to
+ from your relay will connect back to collect more information about you.
+ For example, some IRC servers connect back to your identd port to record
+ which user made the connection. (This doesn't really work for them,
+ because Tor doesn't know this information, but they try anyway.) Also,
+ users exiting from you might attract the attention of other users on the
+ IRC server, website, etc. who want to know more about the host they're
+ relaying through.
</p>
<p>
- Another reason is that groups who scan for open proxies on the Internet
- have learned that sometimes Tor relays expose their socks port to the
- world. We recommend that you bind your socksport to local networks only.
+ Another reason is that groups who scan for open proxies on the Internet
+ have learned that sometimes Tor relays expose their socks port to the
+ world. We recommend that you bind your socksport to local networks only.
</p>
<p>
- In any case, you need to keep up to date with your security. See this <a
- href="https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity">article
- on operational security for Tor relays</a> for more suggestions.
+ In any case, you need to keep up to date with your security. See this <a
+ href="https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity">article
+ on operational security for Tor relays</a> for more suggestions.
</p>
<hr>
<a id="MoreThanOneCPU"></a>
- <h3><a class="anchor" href="#MoreThanOneCPU">I have more than one CPU.
+ <h3><a class="anchor" href="#MoreThanOneCPU">I have more than one CPU.
Does this help?</a></h3>
<p>
- Yes. You can set your NumCpus config option in torrc to the number of
- CPUs you have, and Tor will spawn this many cpuworkers to deal with
- public key operations in parallel.
+ Yes. You can set your NumCpus config option in torrc to the number of
+ CPUs you have, and Tor will spawn this many cpuworkers to deal with
+ public key operations in parallel.
</p>
<p>
- This option has no effect for clients.
+ This option has no effect for clients.
</p>
<hr>
- <a id="HighCapacityConnection"></a>
- <h3><a class="anchor" href="#HighCapacityConnection">How can I get Tor to fully
+ <a id="HighCapacityConnection"></a>
+ <h3><a class="anchor" href="#HighCapacityConnection">How can I get Tor to fully
make use of my high capacity connection?</a></h3>
-
+
<p>
- See <a href="http://archives.seul.org/or/relays/Aug-2010/msg00034.html">this
+ See <a href="http://archives.seul.org/or/relays/Aug-2010/msg00034.html">this
tor-relays thread</a>.
</p>
-
- <hr>
-
+
+ <hr>
+
<a id="RelayFlexible"></a>
<h3><a class="anchor" href="#RelayFlexible">How stable does my relay
need to be?</a></h3>
@@ -2569,161 +2569,161 @@
</ul>
<hr>
-
+
<a id="BandwidthShaping"></a>
- <h3><a class="anchor" href="#BandwidthShaping">What bandwidth shaping
+ <h3><a class="anchor" href="#BandwidthShaping">What bandwidth shaping
options are available to Tor relays?</a></h3>
<p>
- There are two options you can add to your torrc file:
+ There are two options you can add to your torrc file:
</p>
<ul>
<li>
- BandwidthRate is the maximum long-term bandwidth allowed (bytes per
- second). For example, you might want to choose "BandwidthRate 2 MB"
- for 2 megabytes per second (a fast connection), or "BandwidthRate 50
- KB" for 50 kilobytes per second (a medium-speed cable connection).
- The minimum BandwidthRate is 20 kilobytes per second.
+ BandwidthRate is the maximum long-term bandwidth allowed (bytes per
+ second). For example, you might want to choose "BandwidthRate 2 MB"
+ for 2 megabytes per second (a fast connection), or "BandwidthRate 50
+ KB" for 50 kilobytes per second (a medium-speed cable connection).
+ The minimum BandwidthRate is 20 kilobytes per second.
</li>
<li>
- BandwidthBurst is a pool of bytes used to fulfill requests during
- short periods of traffic above BandwidthRate but still keeps the
- average over a long period to BandwidthRate. A low Rate but a high
- Burst enforces a long-term average while still allowing more traffic
- during peak times if the average hasn't been reached lately. For example,
- if you choose "BandwidthBurst 50 KB" and also use that for your
- BandwidthRate, then you will never use more than 50 kilobytes per second;
- but if you choose a higher BandwidthBurst (like 1 MB), it will allow
+ BandwidthBurst is a pool of bytes used to fulfill requests during
+ short periods of traffic above BandwidthRate but still keeps the
+ average over a long period to BandwidthRate. A low Rate but a high
+ Burst enforces a long-term average while still allowing more traffic
+ during peak times if the average hasn't been reached lately. For example,
+ if you choose "BandwidthBurst 50 KB" and also use that for your
+ BandwidthRate, then you will never use more than 50 kilobytes per second;
+ but if you choose a higher BandwidthBurst (like 1 MB), it will allow
more bytes through until the pool is empty.
</li>
</ul>
<p>
- If you have an asymmetric connection (upload less than download) such
- as a cable modem, you should set BandwidthRate to less than your smaller
- bandwidth (Usually that's the upload bandwidth). (Otherwise, you could
- drop many packets during periods of maximum bandwidth usage -- you may
- need to experiment with which values make your connection comfortable.)
- Then set BandwidthBurst to the same as BandwidthRate.
+ If you have an asymmetric connection (upload less than download) such
+ as a cable modem, you should set BandwidthRate to less than your smaller
+ bandwidth (Usually that's the upload bandwidth). (Otherwise, you could
+ drop many packets during periods of maximum bandwidth usage -- you may
+ need to experiment with which values make your connection comfortable.)
+ Then set BandwidthBurst to the same as BandwidthRate.
</p>
<p>
- Linux-based Tor nodes have another option at their disposal: they can
- prioritize Tor traffic below other traffic on their machine, so that
- their own personal traffic is not impacted by Tor load. A <a
+ Linux-based Tor nodes have another option at their disposal: they can
+ prioritize Tor traffic below other traffic on their machine, so that
+ their own personal traffic is not impacted by Tor load. A <a
href="https://gitweb.torproject.org/tor.git/blob/HEAD:/contrib/linux-tor-prio.sh">script
- to do this</a> can be found in the Tor source distribution's contrib
- directory.
+ to do this</a> can be found in the Tor source distribution's contrib
+ directory.
</p>
<p>
- Additionally, there are hibernation options where you can tell Tor to
- only serve a certain amount of bandwidth per time period (such as 100
- GB per month). These are covered in the <a
- href="#LimitTotalBandwidth">hibernation entry</a> below.
+ Additionally, there are hibernation options where you can tell Tor to
+ only serve a certain amount of bandwidth per time period (such as 100
+ GB per month). These are covered in the <a
+ href="#LimitTotalBandwidth">hibernation entry</a> below.
</p>
<p>
- Note that BandwidthRate and BandwidthBurst are in <b>Bytes,</b>not Bits.
+ Note that BandwidthRate and BandwidthBurst are in <b>Bytes,</b>not Bits.
</p>
<hr>
<a id="LimitTotalBandwidth"></a>
- <h3><a class="anchor" href="#LimitTotalBandwidth">How can I limit the
+ <h3><a class="anchor" href="#LimitTotalBandwidth">How can I limit the
total amount of bandwidth used by my Tor relay?</a></h3>
<p>
- The accounting options in the torrc file allow you to specify the maximum
- amount of bytes your relay uses for a time period.
+ The accounting options in the torrc file allow you to specify the maximum
+ amount of bytes your relay uses for a time period.
</p>
<pre>
AccountingStart day week month [day] HH:MM
</pre>
<p>
- This specifies when the accounting should reset. For instance, to setup
- a total amount of bytes served for a week (that resets every Wednesday
- at 10:00am), you would use:
+ This specifies when the accounting should reset. For instance, to setup
+ a total amount of bytes served for a week (that resets every Wednesday
+ at 10:00am), you would use:
</p>
<pre>
AccountingStart week 3 10:00
AccountingMax N bytes KB MB GB TB
</pre>
<p>
- This specifies the maximum amount of data your relay will send during an
- accounting period, and the maximum amount of data your relay will receive
- during an account period. When the accounting period resets (from
+ This specifies the maximum amount of data your relay will send during an
+ accounting period, and the maximum amount of data your relay will receive
+ during an account period. When the accounting period resets (from
AccountingStart), then the counters for AccountingMax are reset to 0.
</p>
<p>
- Example. Let's say you want to allow 1 GB of traffic every day in each
- direction and the accounting should reset at noon each day:
+ Example. Let's say you want to allow 1 GB of traffic every day in each
+ direction and the accounting should reset at noon each day:
</p>
<pre>
AccountingStart day 12:00
AccountingMax 1 GB
</pre>
<p>
- Note that your relay won't wake up exactly at the beginning of each
- accounting period. It will keep track of how quickly it used its
- quota in the last period, and choose a random point in the new interval
- to wake up. This way we avoid having hundreds of relays working at the
- beginning of each month but none still up by the end.
+ Note that your relay won't wake up exactly at the beginning of each
+ accounting period. It will keep track of how quickly it used its
+ quota in the last period, and choose a random point in the new interval
+ to wake up. This way we avoid having hundreds of relays working at the
+ beginning of each month but none still up by the end.
</p>
<p>
- If you have only a small amount of bandwidth to donate compared to your
- connection speed, we recommend you use daily accounting, so you don't
- end up using your entire monthly quota in the first day. Just divide
- your monthly amount by 30. You might also consider rate limiting to
- spread your usefulness over more of the day: if you want to offer X GB
- in each direction, you could set your BandwidthRate to 20*X. For example,
- if you have 10 GB to offer each way, you might set your BandwidthRate to
- 200 KB: this way your relay will always be useful for at least half of
- each day.
+ If you have only a small amount of bandwidth to donate compared to your
+ connection speed, we recommend you use daily accounting, so you don't
+ end up using your entire monthly quota in the first day. Just divide
+ your monthly amount by 30. You might also consider rate limiting to
+ spread your usefulness over more of the day: if you want to offer X GB
+ in each direction, you could set your BandwidthRate to 20*X. For example,
+ if you have 10 GB to offer each way, you might set your BandwidthRate to
+ 200 KB: this way your relay will always be useful for at least half of
+ each day.
</p>
<hr>
<a id="RelayWritesMoreThanItReads"></a>
- <h3><a class="anchor" href="#RelayWritesMoreThanItReads">Why does my relay
+ <h3><a class="anchor" href="#RelayWritesMoreThanItReads">Why does my relay
write more bytes onto the network than it reads?</a></h3>
- <p>You're right, for the most part a byte into your Tor relay means a
+ <p>You're right, for the most part a byte into your Tor relay means a
byte out, and vice versa. But there are a few exceptions:</p>
- <p>If you open your DirPort, then Tor clients will ask you for a copy of
- the directory. The request they make (an HTTP GET) is quite small, and the
- response is sometimes quite large. This probably accounts for most of the
+ <p>If you open your DirPort, then Tor clients will ask you for a copy of
+ the directory. The request they make (an HTTP GET) is quite small, and the
+ response is sometimes quite large. This probably accounts for most of the
difference between your "write" byte count and your "read" byte count.</p>
- <p>Another minor exception shows up when you operate as an exit node, and
- you read a few bytes from an exit connection (for example, an instant
- messaging or ssh connection) and wrap it up into an entire 512 byte cell
+ <p>Another minor exception shows up when you operate as an exit node, and
+ you read a few bytes from an exit connection (for example, an instant
+ messaging or ssh connection) and wrap it up into an entire 512 byte cell
for transport through the Tor network.</p>
<hr>
<a id="Hibernation"></a>
- <h3><a class="anchor" href="#Hibernation">Why can I not browse anymore
+ <h3><a class="anchor" href="#Hibernation">Why can I not browse anymore
after limiting bandwidth on my Tor relay?</a></h3>
- <p>The parameters assigned in the <a
- href="#LimitTotalBandwidth">AccountingMax</a> and <a
- href="#BandwidthShaping">BandwidthRate</a> apply to both client and
- relay functions of the Tor process. Thus you may find that you are unable
- to browse as soon as your Tor goes into hibernation, signaled by this
+ <p>The parameters assigned in the <a
+ href="#LimitTotalBandwidth">AccountingMax</a> and <a
+ href="#BandwidthShaping">BandwidthRate</a> apply to both client and
+ relay functions of the Tor process. Thus you may find that you are unable
+ to browse as soon as your Tor goes into hibernation, signaled by this
entry in the log:</p>
- <pre>Bandwidth soft limit reached; commencing hibernation. No new
+ <pre>Bandwidth soft limit reached; commencing hibernation. No new
connections will be accepted</pre>
- <p>The solution is to run two Tor processes - one relay and one client,
- each with its own config. One way to do this (if you are starting from a
+ <p>The solution is to run two Tor processes - one relay and one client,
+ each with its own config. One way to do this (if you are starting from a
working relay setup) is as follows:</p>
<ul>
<li>In the relay Tor torrc file, simply set the SocksPort to 0.</li>
- <li>Create a new client torrc file from the torrc.sample and ensure
- it uses a different log file from the relay. One naming convention
+ <li>Create a new client torrc file from the torrc.sample and ensure
+ it uses a different log file from the relay. One naming convention
may be torrc.client and torrc.relay.</li>
- <li>Modify the Tor client and relay startup scripts to include
+ <li>Modify the Tor client and relay startup scripts to include
'-f /path/to/correct/torrc'.</li>
- <li>In Linux/BSD/OSX, changing the startup scripts to Tor.client
+ <li>In Linux/BSD/OSX, changing the startup scripts to Tor.client
and Tor.relay may make separation of configs easier.</li>
</ul>
@@ -2831,11 +2831,11 @@
<hr>
<a id="WhatIsTheBadExitFlag"></a>
- <h3><a class="anchor" href="#WhatIsTheBadExitFlag">What is the
+ <h3><a class="anchor" href="#WhatIsTheBadExitFlag">What is the
BadExit flag?</a></h3>
- <p>When an exit is misconfigured or malicious it's assigned the BadExit
- flag. This tells Tor to avoid exiting through that relay. In effect,
+ <p>When an exit is misconfigured or malicious it's assigned the BadExit
+ flag. This tells Tor to avoid exiting through that relay. In effect,
relays with this flag become non-exits.</p>
<hr>
@@ -2844,82 +2844,82 @@
<h3><a class="anchor" href="#IGotTheBadExitFlagWhyDidThatHappen">I got
the BadExit flag why did that happen?</a></h3>
- <p>If you got this flag then we either discovered a problem or suspicious
- activity coming from your exit and weren't able to contact you. The reason
- for most flaggings are documented on the <a
- href="https://trac.torproject.org/projects/tor/wiki/doc/badRelays">bad
- relays wiki</a>. Please <a
- href="https://torproject.org/about/contact.html.en">contact us</a> so
+ <p>If you got this flag then we either discovered a problem or suspicious
+ activity coming from your exit and weren't able to contact you. The reason
+ for most flaggings are documented on the <a
+ href="https://trac.torproject.org/projects/tor/wiki/doc/badRelays">bad
+ relays wiki</a>. Please <a
+ href="https://torproject.org/about/contact.html.en">contact us</a> so
we can sort out the issue.</p>
<hr>
<a id="MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf"></a>
- <h3><a class="anchor" href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf">My
+ <h3><a class="anchor" href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf">My
relay recently got the Guard flag and traffic dropped by half.</a></h3>
<p>
- Since it's now a guard, clients are using it less in other positions, but
- not many clients have rotated their existing guards out to use it as a
- guard yet. Read more details in this <a
- href="https://blog.torproject.org/blog/lifecycle-of-a-new-relay">blog
- post</a> or in <a href="http://freehaven.net/anonbib/#wpes12-cogs">Changing
- of the Guards: A Framework for Understanding and Improving Entry Guard
+ Since it's now a guard, clients are using it less in other positions, but
+ not many clients have rotated their existing guards out to use it as a
+ guard yet. Read more details in this <a
+ href="https://blog.torproject.org/blog/lifecycle-of-a-new-relay">blog
+ post</a> or in <a href="http://freehaven.net/anonbib/#wpes12-cogs">Changing
+ of the Guards: A Framework for Understanding and Improving Entry Guard
Selection in Tor</a>.
</p>
-
+
<hr>
<a id="TorClientOnADifferentComputerThanMyApplications"></a>
- <h3><a class="anchor" href="#TorClientOnADifferentComputerThanMyApplications">I
+ <h3><a class="anchor" href="#TorClientOnADifferentComputerThanMyApplications">I
want to run my Tor client on a different computer than my applications.
</a></h3>
<p>
- By default, your Tor client only listens for applications that
- connect from localhost. Connections from other computers are
- refused. If you want to torify applications on different computers
- than the Tor client, you should edit your torrc to define
- SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you
- want to get more advanced, you can configure your Tor client on a
- firewall to bind to your internal IP but not your external IP.
+ By default, your Tor client only listens for applications that
+ connect from localhost. Connections from other computers are
+ refused. If you want to torify applications on different computers
+ than the Tor client, you should edit your torrc to define
+ SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you
+ want to get more advanced, you can configure your Tor client on a
+ firewall to bind to your internal IP but not your external IP.
</p>
<hr>
<a id="ServerClient"></a>
- <h3><a class="anchor" href="#ServerClient">Can I install Tor on a
+ <h3><a class="anchor" href="#ServerClient">Can I install Tor on a
central server, and have my clients connect to it?</a></h3>
<p>
- Yes. Tor can be configured as a client or a relay on another
- machine, and allow other machines to be able to connect to it
- for anonymity. This is most useful in an environment where many
- computers want a gateway of anonymity to the rest of the world.
- However, be forwarned that with this configuration, anyone within
- your private network (existing between you and the Tor
- client/relay) can see what traffic you are sending in clear text.
- The anonymity doesn't start until you get to the Tor relay.
- Because of this, if you are the controller of your domain and you
- know everything's locked down, you will be OK, but this configuration
- may not be suitable for large private networks where security is
+ Yes. Tor can be configured as a client or a relay on another
+ machine, and allow other machines to be able to connect to it
+ for anonymity. This is most useful in an environment where many
+ computers want a gateway of anonymity to the rest of the world.
+ However, be forwarned that with this configuration, anyone within
+ your private network (existing between you and the Tor
+ client/relay) can see what traffic you are sending in clear text.
+ The anonymity doesn't start until you get to the Tor relay.
+ Because of this, if you are the controller of your domain and you
+ know everything's locked down, you will be OK, but this configuration
+ may not be suitable for large private networks where security is
key all around.
</p>
<p>
-Configuration is simple, editing your torrc file's SocksListenAddress
+Configuration is simple, editing your torrc file's SocksListenAddress
according to the following examples:
</p>
<pre>
- #This provides local interface access only,
+ #This provides local interface access only,
#needs SocksPort to be greater than 0
- SocksListenAddress 127.0.0.1
+ SocksListenAddress 127.0.0.1
#This provides access to Tor on a specified interface
- SocksListenAddress 192.168.x.x:9100
+ SocksListenAddress 192.168.x.x:9100
#Accept from all interfaces
SocksListenAddress 0.0.0.0:9100
</pre>
<p>
-You can state multiple listen addresses, in the case that you are
+You can state multiple listen addresses, in the case that you are
part of several networks or subnets.
</p>
<pre>
@@ -2927,18 +2927,18 @@
SocksListenAddress 10.x.x.x:9100 #eth1
</pre>
<p>
-After this, your clients on their respective networks/subnets would specify
-a socks proxy with the address and port you specified SocksListenAddress
-to be.
+After this, your clients on their respective networks/subnets would specify
+a socks proxy with the address and port you specified SocksListenAddress
+to be.
</p>
<p>
-Please note that the SocksPort configuration option gives the port ONLY for
-localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need
+Please note that the SocksPort configuration option gives the port ONLY for
+localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need
to give the port with the address, as shown above.
<p>
-If you are interested in forcing all outgoing data through the central Tor
-client/relay, instead of the server only being an optional proxy, you may find
-the program iptables (for *nix) useful.
+If you are interested in forcing all outgoing data through the central Tor
+client/relay, instead of the server only being an optional proxy, you may find
+the program iptables (for *nix) useful.
</p>
<hr>
@@ -2987,38 +2987,38 @@
<hr>
<a id="UpgradeOrMove"></a>
-<h3><a class="anchor" href="#UpgradeOrMove">I want to upgrade/move my relay.
+<h3><a class="anchor" href="#UpgradeOrMove">I want to upgrade/move my relay.
How do I keep the same key?</a></h3>
<p>
- When upgrading your Tor relay, or running it on a different computer,
- the important part is to keep the same nickname (defined in your torrc
- file) and the same identity key (stored in "keys/secret_id_key" in
+ When upgrading your Tor relay, or running it on a different computer,
+ the important part is to keep the same nickname (defined in your torrc
+ file) and the same identity key (stored in "keys/secret_id_key" in
your DataDirectory).
</p>
<p>
-This means that if you're upgrading your Tor relay and you keep the same
-torrc and the same DataDirectory, then the upgrade should just work and
-your relay will keep using the same key. If you need to pick a new
-DataDirectory, be sure to copy your old keys/secret_id_key over.
+This means that if you're upgrading your Tor relay and you keep the same
+torrc and the same DataDirectory, then the upgrade should just work and
+your relay will keep using the same key. If you need to pick a new
+DataDirectory, be sure to copy your old keys/secret_id_key over.
</p>
<hr>
<a id="NTService"></a>
-<h3><a class="anchor" href="#NTService">How do I run my Tor relay as an NT
+<h3><a class="anchor" href="#NTService">How do I run my Tor relay as an NT
service?</a></h3>
<p>
- You can run Tor as a service on all versions of Windows except Windows
- 95/98/ME. This way you can run a Tor relay without needing to always have
+ You can run Tor as a service on all versions of Windows except Windows
+ 95/98/ME. This way you can run a Tor relay without needing to always have
Vidalia running.
</p>
<p>
-If you've already configured your Tor to be a relay, please note that when
-you enable Tor as a service, it will use a different DatagDirectory, and
-thus will generate a different key. If you want to keep using the old key,
-see the Upgrading your Tor relay FAQ entry for how to restore the old
+If you've already configured your Tor to be a relay, please note that when
+you enable Tor as a service, it will use a different DatagDirectory, and
+thus will generate a different key. If you want to keep using the old key,
+see the Upgrading your Tor relay FAQ entry for how to restore the old
identity key.
</p>
<p>
@@ -3028,17 +3028,17 @@
tor --service install
</pre>
<p>
-A service called Tor Win32 Service will be installed and started. This
-service will also automatically start every time Windows boots, unless
-you change the Start-up type. An easy way to check the status of Tor,
-start or stop the service, and change the start-up type is by running
-services.msc and finding the Tor service in the list of currently
+A service called Tor Win32 Service will be installed and started. This
+service will also automatically start every time Windows boots, unless
+you change the Start-up type. An easy way to check the status of Tor,
+start or stop the service, and change the start-up type is by running
+services.msc and finding the Tor service in the list of currently
installed services.
</p>
<p>
-Optionally, you can specify additional options for the Tor service using
-the -options argument. For example, if you want Tor to use C:\tor\torrc,
-instead of the default torrc, and open a control port on port 9151, you
+Optionally, you can specify additional options for the Tor service using
+the -options argument. For example, if you want Tor to use C:\tor\torrc,
+instead of the default torrc, and open a control port on port 9151, you
would run:
</p>
<pre>
@@ -3063,27 +3063,27 @@
tor --service remove
</pre>
<p>
-If you are running Tor as a service and you want to uninstall Tor entirely,
-be sure to run the service removal command (shown above) first before
-running the uninstaller from "Add/Remove Programs". The uninstaller is
+If you are running Tor as a service and you want to uninstall Tor entirely,
+be sure to run the service removal command (shown above) first before
+running the uninstaller from "Add/Remove Programs". The uninstaller is
currently not capable of removing the active service.
</p>
<hr>
<a id="VirtualServer"></a>
-<h3><a class="anchor" href="#VirtualServer">Can I run a Tor relay from my
+<h3><a class="anchor" href="#VirtualServer">Can I run a Tor relay from my
virtual server account?</a></h3>
<p>
-Some ISPs are selling "vserver" accounts that provide what they call a
-virtual server -- you can't actually interact with the hardware, and
-they can artificially limit certain resources such as the number of file
-descriptors you can open at once. Competent vserver admins are able to
-configure your server to not hit these limits. For example, in SWSoft's
-Virtuozzo, investigate /proc/user_beancounters. Look for "failcnt" in
-tcpsndbuf, tcprecvbuf, numothersock, and othersockbuf. Ask for these to
-be increased accordingly. Some users have seen settings work well as follows:
+Some ISPs are selling "vserver" accounts that provide what they call a
+virtual server -- you can't actually interact with the hardware, and
+they can artificially limit certain resources such as the number of file
+descriptors you can open at once. Competent vserver admins are able to
+configure your server to not hit these limits. For example, in SWSoft's
+Virtuozzo, investigate /proc/user_beancounters. Look for "failcnt" in
+tcpsndbuf, tcprecvbuf, numothersock, and othersockbuf. Ask for these to
+be increased accordingly. Some users have seen settings work well as follows:
<p>
<table border="1">
<tr>
@@ -3191,22 +3191,22 @@
Xen, Virtual Box and VMware virtual servers have no such limits normally.
</p>
<p>
-If the vserver admin will not increase system limits another option is
-to reduce the memory allocated to the send and receive buffers on TCP
-connections Tor uses. An experimental feature to constrain socket buffers
-has recently been added. If your version of Tor supports it, set
-"ConstrainedSockets 1" in your configuration. See the tor man page for
+If the vserver admin will not increase system limits another option is
+to reduce the memory allocated to the send and receive buffers on TCP
+connections Tor uses. An experimental feature to constrain socket buffers
+has recently been added. If your version of Tor supports it, set
+"ConstrainedSockets 1" in your configuration. See the tor man page for
additional details about this option.
</p>
<p>
-Unfortunately, since Tor currently requires you to be able to connect to
-all the other Tor relays, we need you to be able to use at least 1024 file
-descriptors. This means we can't make use of Tor relays that are crippled
+Unfortunately, since Tor currently requires you to be able to connect to
+all the other Tor relays, we need you to be able to use at least 1024 file
+descriptors. This means we can't make use of Tor relays that are crippled
in this way.
</p>
<p>
-We hope to fix this in the future, once we know how to build a Tor network
-with restricted topologies -- that is, where each node connects to only a
+We hope to fix this in the future, once we know how to build a Tor network
+with restricted topologies -- that is, where each node connects to only a
few other nodes. But this is still a long way off.
</p>
@@ -3251,23 +3251,23 @@
<hr>
<a id="WrongIP"></a>
- <h3><a class="anchor" href="#WrongIP">My relay is picking the wrong
+ <h3><a class="anchor" href="#WrongIP">My relay is picking the wrong
IP address.</a></h3>
<p>
- Tor guesses its IP address by asking the computer for its hostname, and
- then resolving that hostname. Often people have old entries in their
+ Tor guesses its IP address by asking the computer for its hostname, and
+ then resolving that hostname. Often people have old entries in their
/etc/hosts file that point to old IP addresses.
</p>
<p>
-If that doesn't fix it, you should use the "Address" config option to
-specify the IP you want it to pick. If your computer is behind a NAT and
-it only has an internal IP address, see the following FAQ entry on <a
+If that doesn't fix it, you should use the "Address" config option to
+specify the IP you want it to pick. If your computer is behind a NAT and
+it only has an internal IP address, see the following FAQ entry on <a
href="#RelayFlexible">dynamic IP addresses</a>.
</p>
<p>
-Also, if you have many addresses, you might also want to set
-"OutboundBindAddress" so external connections come from the IP you intend
-to present to the world.
+Also, if you have many addresses, you might also want to set
+"OutboundBindAddress" so external connections come from the IP you intend
+to present to the world.
</p>
<hr>
@@ -3276,25 +3276,25 @@
<h3><a class="anchor" href="#BehindANAT">I'm behind a NAT/Firewall.</a></h3>
<p>
-See <a>http://portforward.com/</a> for directions on how to port forward with
+See <a>http://portforward.com/</a> for directions on how to port forward with
your NAT/router device.
</p>
<p>
-If your relay is running on a internal net you need to setup port forwarding.
-Forwarding TCP connections is system dependent but the firewalled-clients FAQ
+If your relay is running on a internal net you need to setup port forwarding.
+Forwarding TCP connections is system dependent but the firewalled-clients FAQ
entry offers some examples on how to do this.
</p>
<p>
-Also, here's an example of how you would do this on GNU/Linux if you're using
+Also, here's an example of how you would do this on GNU/Linux if you're using
iptables:
</p>
<pre>
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 9001 -j ACCEPT
</pre>
<p>
-You may have to change "eth0" if you have a different external interface
-(the one connected to the Internet). Chances are you have only one (except
-the loopback) so it shouldn't be too hard to figure out.
+You may have to change "eth0" if you have a different external interface
+(the one connected to the Internet). Chances are you have only one (except
+the loopback) so it shouldn't be too hard to figure out.
</p>
<hr>
@@ -3359,52 +3359,52 @@
<hr>
<a id="BetterAnonymity"></a>
- <h3><a class="anchor" href="#BetterAnonymity">Do I get better anonymity
+ <h3><a class="anchor" href="#BetterAnonymity">Do I get better anonymity
if I run a relay?</a></h3>
<p>
Yes, you do get better anonymity against some attacks.
</p>
<p>
-The simplest example is an attacker who owns a small number of Tor relays.
-He will see a connection from you, but he won't be able to know whether
+The simplest example is an attacker who owns a small number of Tor relays.
+He will see a connection from you, but he won't be able to know whether
the connection originated at your computer or was relayed from somebody else.
</p>
<p>
-There are some cases where it doesn't seem to help: if an attacker can
-watch all of your incoming and outgoing traffic, then it's easy for him
-to learn which connections were relayed and which started at you. (In
-this case he still doesn't know your destinations unless he is watching
+There are some cases where it doesn't seem to help: if an attacker can
+watch all of your incoming and outgoing traffic, then it's easy for him
+to learn which connections were relayed and which started at you. (In
+this case he still doesn't know your destinations unless he is watching
them too, but you're no better off than if you were an ordinary client.)
</p>
<p>
-There are also some downsides to running a Tor relay. First, while we
-only have a few hundred relays, the fact that you're running one might
-signal to an attacker that you place a high value on your anonymity.
-Second, there are some more esoteric attacks that are not as
-well-understood or well-tested that involve making use of the knowledge
-that you're running a relay -- for example, an attacker may be able to
-"observe" whether you're sending traffic even if he can't actually watch
-your network, by relaying traffic through your Tor relay and noticing
+There are also some downsides to running a Tor relay. First, while we
+only have a few hundred relays, the fact that you're running one might
+signal to an attacker that you place a high value on your anonymity.
+Second, there are some more esoteric attacks that are not as
+well-understood or well-tested that involve making use of the knowledge
+that you're running a relay -- for example, an attacker may be able to
+"observe" whether you're sending traffic even if he can't actually watch
+your network, by relaying traffic through your Tor relay and noticing
changes in traffic timing.
</p>
<p>
-It is an open research question whether the benefits outweigh the risks.
-A lot of that depends on the attacks you are most worried about. For
-most users, we think it's a smart move.
+It is an open research question whether the benefits outweigh the risks.
+A lot of that depends on the attacks you are most worried about. For
+most users, we think it's a smart move.
</p>
<hr>
<a id="FacingLegalTrouble"></a>
- <h3><a class="anchor" href="#FacingLegalTrouble">I'm facing legal
- trouble. How do I prove that my server was a Tor relay at a given
+ <h3><a class="anchor" href="#FacingLegalTrouble">I'm facing legal
+ trouble. How do I prove that my server was a Tor relay at a given
time?</a></h3>
<p><a href="https://exonerator.torproject.org/">
- Exonerator</a> is a web service that can check if an IP address was a
- relay at a given time. We can also <a
- href="https://torproject.org/about/contact.html.en">provide a signed
+ Exonerator</a> is a web service that can check if an IP address was a
+ relay at a given time. We can also <a
+ href="https://torproject.org/about/contact.html.en">provide a signed
letter</a> if needed.</p>
<hr>
@@ -3458,180 +3458,180 @@
<h2><a class="anchor">Tor hidden services:</a></h2>
<a id="AccessHiddenServices"></a>
- <h3><a class="anchor" href="#AccessHiddenServices">How do I access
+ <h3><a class="anchor" href="#AccessHiddenServices">How do I access
hidden services?</a></h3>
-
+
<p>
- Tor hidden services are named with a special top-level domain (TLD)
- name in DNS: .onion. Since the .onion TLD is not recognized by the
- official root DNS servers on the Internet, your application will not
- get the response it needs to locate the service. Currently, the Tor
- directory server provides this look-up service; and thus the look-up
- request must get to the Tor network.
+ Tor hidden services are named with a special top-level domain (TLD)
+ name in DNS: .onion. Since the .onion TLD is not recognized by the
+ official root DNS servers on the Internet, your application will not
+ get the response it needs to locate the service. Currently, the Tor
+ directory server provides this look-up service; and thus the look-up
+ request must get to the Tor network.
</p>
<p>
- Therefore, your application <b>needs</b> to pass the .onion hostname to
- Tor directly. You can't try to resolve it to an IP address, since there
- <i>is</i> no corresponding IP address: the server is hidden, after all!
+ Therefore, your application <b>needs</b> to pass the .onion hostname to
+ Tor directly. You can't try to resolve it to an IP address, since there
+ <i>is</i> no corresponding IP address: the server is hidden, after all!
</p>
-
+
<p>
- So, how do you make your application pass the hostname directly to Tor?
- You can't use SOCKS 4, since SOCKS 4 proxies require an IP from the
- client (a web browser is an example of a SOCKS client). Even though
- SOCKS 5 can accept either an IP or a hostname, most applications
- supporting SOCKS 5 try to resolve the name before passing it to the
- SOCKS proxy. SOCKS 4a, however, always accepts a hostname: You'll need
- to use SOCKS 4a.
+ So, how do you make your application pass the hostname directly to Tor?
+ You can't use SOCKS 4, since SOCKS 4 proxies require an IP from the
+ client (a web browser is an example of a SOCKS client). Even though
+ SOCKS 5 can accept either an IP or a hostname, most applications
+ supporting SOCKS 5 try to resolve the name before passing it to the
+ SOCKS proxy. SOCKS 4a, however, always accepts a hostname: You'll need
+ to use SOCKS 4a.
</p>
-
+
<p>
- Some applications, such as the browsers Mozilla Firefox and Apple's
- Safari, support sending DNS queries to Tor's SOCKS 5 proxy. Most web
- browsers don't support SOCKS 4a very well, though. The workaround is
- to point your web browser at an HTTP proxy, and tell the HTTP proxy
+ Some applications, such as the browsers Mozilla Firefox and Apple's
+ Safari, support sending DNS queries to Tor's SOCKS 5 proxy. Most web
+ browsers don't support SOCKS 4a very well, though. The workaround is
+ to point your web browser at an HTTP proxy, and tell the HTTP proxy
to speak to Tor with SOCKS 4a. We recommend Polipo as your HTTP proxy.
</p>
-
+
<p>
- For applications that do not support HTTP proxy, and so cannot use
- Polipo, <a href="http://www.freecap.ru/eng/">FreeCap</a> is an
- alternative. When using FreeCap set proxy protocol to SOCKS 5 and under
- settings set DNS name resolving to remote. This
- will allow you to use almost any program with Tor without leaking DNS
- lookups and allow those same programs to access hidden services.
+ For applications that do not support HTTP proxy, and so cannot use
+ Polipo, <a href="http://www.freecap.ru/eng/">FreeCap</a> is an
+ alternative. When using FreeCap set proxy protocol to SOCKS 5 and under
+ settings set DNS name resolving to remote. This
+ will allow you to use almost any program with Tor without leaking DNS
+ lookups and allow those same programs to access hidden services.
</p>
-
+
<p>
- See also the <a href="#SocksAndDNS">question on DNS</a>.
- </p>
-
+ See also the <a href="#SocksAndDNS">question on DNS</a>.
+ </p>
+
<hr>
<a id="ProvideAHiddenService"></a>
- <h3><a class="anchor" href="#ProvideAHiddenService">How do I provide a
+ <h3><a class="anchor" href="#ProvideAHiddenService">How do I provide a
hidden service?</a></h3>
-
+
<p>
See the <a href="https://www.torproject.org/docs/tor-hidden-service.html.en">
official hidden service configuration instructions</a>.
</p>
<hr>
-
+
<a id="Development"></a>
<h2><a class="anchor">Development:</a></h2>
<a id="VersionNumbers"></a>
- <h3><a class="anchor" href="#VersionNumbers">What do these weird
+ <h3><a class="anchor" href="#VersionNumbers">What do these weird
version numbers mean?</a></h3>
<p>
- Versions of Tor before 0.1.0 used a strange and hard-to-explain
+ Versions of Tor before 0.1.0 used a strange and hard-to-explain
version scheme. Let's forget about those.
</p>
<p>
- Starting with 0.1.0, versions all look like this:
- MAJOR.MINOR.MICRO(.PATCHLEVEL)(-TAG). The stuff in parenthesis is
- optional. MAJOR, MINOR, MICRO, and PATCHLEVEL are all numbers. Only one
- release is ever made with any given set of these version numbers. The
- TAG lets you know how stable we think the release is: "alpha" is pretty
- unstable; "rc" is a release candidate; and no tag at all means that we
- have a final release. If the tag ends with "-cvs", you're looking at
- a development snapshot that came after a given release.
+ Starting with 0.1.0, versions all look like this:
+ MAJOR.MINOR.MICRO(.PATCHLEVEL)(-TAG). The stuff in parenthesis is
+ optional. MAJOR, MINOR, MICRO, and PATCHLEVEL are all numbers. Only one
+ release is ever made with any given set of these version numbers. The
+ TAG lets you know how stable we think the release is: "alpha" is pretty
+ unstable; "rc" is a release candidate; and no tag at all means that we
+ have a final release. If the tag ends with "-cvs", you're looking at
+ a development snapshot that came after a given release.
</p>
<p>
- So for example, we might start a development branch with (say)
- 0.1.1.1-alpha. The patchlevel increments consistently as the status
- tag changes, for example, as in: 0.1.1.2-alpha, 0.1.1.3-alpha,
- 0.1.1.4-rc, 0.1.1.5-rc, etc. Eventually, we would release 0.1.1.6.
+ So for example, we might start a development branch with (say)
+ 0.1.1.1-alpha. The patchlevel increments consistently as the status
+ tag changes, for example, as in: 0.1.1.2-alpha, 0.1.1.3-alpha,
+ 0.1.1.4-rc, 0.1.1.5-rc, etc. Eventually, we would release 0.1.1.6.
The next stable release would be 0.1.1.7.
</p>
<p>
- Why do we do it like this? Because every release has a unique
- version number, it is easy for tools like package manager to tell
- which release is newer than another. The tag makes it easy for users
- to tell how stable the release is likely to be.
+ Why do we do it like this? Because every release has a unique
+ version number, it is easy for tools like package manager to tell
+ which release is newer than another. The tag makes it easy for users
+ to tell how stable the release is likely to be.
</p>
<hr>
<a id="PrivateTorNetwork"></a>
- <h3><a class="anchor" href="#PrivateTorNetwork">How do I set up my
+ <h3><a class="anchor" href="#PrivateTorNetwork">How do I set up my
own private Tor network?</a></h3>
-
+
<p>
- If you want to experiment locally with your own network, or you're
- cut off from the Internet and want to be able to mess with Tor still,
- then you may want to set up your own separate Tor network.
+ If you want to experiment locally with your own network, or you're
+ cut off from the Internet and want to be able to mess with Tor still,
+ then you may want to set up your own separate Tor network.
</p>
<p>
- To set up your own Tor network, you need to run your own authoritative
- directory servers, and your clients and relays must be configured so
- they know about your directory servers rather than the default public
- ones.
+ To set up your own Tor network, you need to run your own authoritative
+ directory servers, and your clients and relays must be configured so
+ they know about your directory servers rather than the default public
+ ones.
</p>
<p>
- Apart from the somewhat tedious method of manually configuring a couple
- of directory authorities, relays and clients there are two separate
- tools that could help. One is Chutney, the other is Shadow.
+ Apart from the somewhat tedious method of manually configuring a couple
+ of directory authorities, relays and clients there are two separate
+ tools that could help. One is Chutney, the other is Shadow.
</p>
<p>
- <a href="https://gitweb.torproject.org/chutney.git">Chutney</a> is a
- tool for configuring, controlling and running tests on a
- testing Tor network. It requires that you have Tor and Python (2.5 or
+ <a href="https://gitweb.torproject.org/chutney.git">Chutney</a> is a
+ tool for configuring, controlling and running tests on a
+ testing Tor network. It requires that you have Tor and Python (2.5 or
later) installed on your system. You can use Chutney to create a testing
- network by generating Tor configuration files (torrc) and necssary keys
+ network by generating Tor configuration files (torrc) and necssary keys
(for the directory authorities). Then you can let Chutney start your Tor
authorities, relays and clients and wait for the network to bootstrap.
- Finally, you can have Chutney run tests on your network to see which
- things work and which do not. Chutney is typically used for running a
- testing network with about 10 instances of Tor. Every instance of Tor
- binds to one or two ports on localhost (127.0.0.1) and all Tor
- communication is done over the loopback interface. The <a
- href="https://gitweb.torproject.org/chutney.git/blob/HEAD:/README">Chutney
- README</a> is a good starting point for getting it up and running.
+ Finally, you can have Chutney run tests on your network to see which
+ things work and which do not. Chutney is typically used for running a
+ testing network with about 10 instances of Tor. Every instance of Tor
+ binds to one or two ports on localhost (127.0.0.1) and all Tor
+ communication is done over the loopback interface. The <a
+ href="https://gitweb.torproject.org/chutney.git/blob/HEAD:/README">Chutney
+ README</a> is a good starting point for getting it up and running.
</p>
<p>
- <a href="https://github.com/shadow/shadow">Shadow</a> is a network
- simulator that can run Tor through its Scallion plug-in. Although
- it's typically used for running load and performance tests on
- substantially larger Tor test networks than what's feasible with
- Chutney, it also makes for an excellent debugging tool since you can
- run completely deterministic experiments. A large Shadow network is on
- the size of thousands of instances of Tor, and you can run experiments
- out of the box using one of Shadow's several included scallion experiment
- configurations. Shadow can be run on any linux machine without root,
- and can also run on EC2 using a pre-configured image. Also, Shadow
- controls the time of the simulation with the effect that
- time-consuming tests can be done more efficiently than in an
- ordinary testing network. The <a
- href="https://github.com/shadow/shadow/wiki">Shadow wiki</a> and
- <a href="http://shadow.github.io/">Shadow website</a> are
- good places to get started.
+ <a href="https://github.com/shadow/shadow">Shadow</a> is a network
+ simulator that can run Tor through its Scallion plug-in. Although
+ it's typically used for running load and performance tests on
+ substantially larger Tor test networks than what's feasible with
+ Chutney, it also makes for an excellent debugging tool since you can
+ run completely deterministic experiments. A large Shadow network is on
+ the size of thousands of instances of Tor, and you can run experiments
+ out of the box using one of Shadow's several included scallion experiment
+ configurations. Shadow can be run on any linux machine without root,
+ and can also run on EC2 using a pre-configured image. Also, Shadow
+ controls the time of the simulation with the effect that
+ time-consuming tests can be done more efficiently than in an
+ ordinary testing network. The <a
+ href="https://github.com/shadow/shadow/wiki">Shadow wiki</a> and
+ <a href="http://shadow.github.io/">Shadow website</a> are
+ good places to get started.
</p>
<hr>
<a id="UseTorWithJava"></a>
- <h3><a class="anchor" href="#UseTorWithJava">How can I make my Java
+ <h3><a class="anchor" href="#UseTorWithJava">How can I make my Java
program use the Tor Network?</a></h3>
<p>
- The newest versions of Java now have SOCKS4/5 support built in.
- Unfortunately, the SOCKS interface is not very well documented and
- may still leak your DNS lookups. The safest way to use Tor is to
- interface the SOCKS protocol directly or go through an application-level
- proxy that speaks SOCKS4a. For an example and libraries that implement
- the SOCKS4a connection, go to Joe Foley's TorLib in the <a
- href="http://web.mit.edu/foley/www/TinFoil/">TinFoil Project</a>.
+ The newest versions of Java now have SOCKS4/5 support built in.
+ Unfortunately, the SOCKS interface is not very well documented and
+ may still leak your DNS lookups. The safest way to use Tor is to
+ interface the SOCKS protocol directly or go through an application-level
+ proxy that speaks SOCKS4a. For an example and libraries that implement
+ the SOCKS4a connection, go to Joe Foley's TorLib in the <a
+ href="http://web.mit.edu/foley/www/TinFoil/">TinFoil Project</a>.
</p>
<p>
- A fully Java implementation of the Tor client is now available as <a
- href="http://www.subgraph.com/orchid.html">Orchid</a>. We still consider
- Orchid to be experimental, so use with care.
+ A fully Java implementation of the Tor client is now available as <a
+ href="http://www.subgraph.com/orchid.html">Orchid</a>. We still consider
+ Orchid to be experimental, so use with care.
</p>
<hr>
@@ -3639,61 +3639,61 @@
<a id="WhatIsLibevent"></a>
<h3><a class="anchor" href="#WhatIsLibevent">What is Libevent?</a></h3>
-
+
<p>
- When you want to deal with a bunch of net connections at once, you
- have a few options:
+ When you want to deal with a bunch of net connections at once, you
+ have a few options:
</p>
<p>
- One is multithreading: you have a separate micro-program inside the
- main program for each net connection that reads and writes to the
- connection as needed.This, performance-wise, sucks.
+ One is multithreading: you have a separate micro-program inside the
+ main program for each net connection that reads and writes to the
+ connection as needed.This, performance-wise, sucks.
</p>
<p>
- Another is asynchronous network programming: you have a single main
- program that finds out when various net connections are ready to
+ Another is asynchronous network programming: you have a single main
+ program that finds out when various net connections are ready to
read/write, and acts accordingly.
</p>
<p>
- The problem is that the oldest ways to find out when net connections
- are ready to read/write, suck. And the newest ways are finally fast,
- but are not available on all platforms.
+ The problem is that the oldest ways to find out when net connections
+ are ready to read/write, suck. And the newest ways are finally fast,
+ but are not available on all platforms.
</p>
<p>
- This is where Libevent comes in and wraps all these ways to find
- out whether net connections are ready to read/write, so that Tor
- (and other programs) can use the fastest one that your platform
- supports, but can still work on older platforms (these methods are
- all different depending on the platorm) So Libevent presents a
- consistent and fast interface to select, poll, kqueue, epoll,
- /dev/poll, and windows select.
+ This is where Libevent comes in and wraps all these ways to find
+ out whether net connections are ready to read/write, so that Tor
+ (and other programs) can use the fastest one that your platform
+ supports, but can still work on older platforms (these methods are
+ all different depending on the platorm) So Libevent presents a
+ consistent and fast interface to select, poll, kqueue, epoll,
+ /dev/poll, and windows select.
</p>
<p>
- However, On the the Win32 platform (by Microsoft) the only good
- way to do fast IO on windows with hundreds of sockets is using
- overlapped IO, which is grossly unlike every other BSD sockets
- interface.
+ However, On the the Win32 platform (by Microsoft) the only good
+ way to do fast IO on windows with hundreds of sockets is using
+ overlapped IO, which is grossly unlike every other BSD sockets
+ interface.
</p>
- <p>Libevent has <a href="http://www.monkey.org/~provos/libevent/">its
+ <p>Libevent has <a href="http://www.monkey.org/~provos/libevent/">its
own website</a>.
</p>
<hr>
<a id="MyNewFeature"></a>
- <h3><a class="anchor" href="#MyNewFeature">What do I need to do to get
+ <h3><a class="anchor" href="#MyNewFeature">What do I need to do to get
a new feature into Tor?</a></h3>
-
+
<p>
- For a new feature to go into Tor, it needs to be designed (explain what
- you think Tor should do), argued to be secure (explain why it's better
- or at least as good as what Tor does now), specified (explained at the
- byte level at approximately the level of detail in tor-spec.txt), and
- implemented (done in software).
+ For a new feature to go into Tor, it needs to be designed (explain what
+ you think Tor should do), argued to be secure (explain why it's better
+ or at least as good as what Tor does now), specified (explained at the
+ byte level at approximately the level of detail in tor-spec.txt), and
+ implemented (done in software).
</p>
<p>
- You probably shouldn't count on other people doing all of these steps
- for you: people who are skilled enough to do this stuff generally
+ You probably shouldn't count on other people doing all of these steps
+ for you: people who are skilled enough to do this stuff generally
have their own favorite feature requests.
</p>
@@ -3703,169 +3703,169 @@
<h2><a class="anchor">Anonymity And Security:</a></h2>
<a id="WhatProtectionsDoesTorProvide"></a>
- <h3><a class="anchor" href="#WhatProtectionsDoesTorProvide">What
+ <h3><a class="anchor" href="#WhatProtectionsDoesTorProvide">What
protections does Tor provide?</a></h3>
-
+
<p>
- Internet communication is based on a store-and-forward model that
- can be understood in analogy to postal mail: Data is transmitted in
- blocks called IP datagrams or packets. Every packet includes a source
- IP address (of the sender) and a destination IP address (of the
- receiver), just as ordinary letters contain postal addresses of sender
- and receiver. The way from sender to receiver involves multiple hops of
- routers, where each router inspects the destination IP address and
- forwards the packet closer to its destination. Thus, every router
- between sender and receiver learns that the sender is communicating
- with the receiver. In particular, your local ISP is in the position to
- build a complete profile of your Internet usage. In addition, every
- server in the Internet that can see any of the packets can profile your
- behaviour.
+ Internet communication is based on a store-and-forward model that
+ can be understood in analogy to postal mail: Data is transmitted in
+ blocks called IP datagrams or packets. Every packet includes a source
+ IP address (of the sender) and a destination IP address (of the
+ receiver), just as ordinary letters contain postal addresses of sender
+ and receiver. The way from sender to receiver involves multiple hops of
+ routers, where each router inspects the destination IP address and
+ forwards the packet closer to its destination. Thus, every router
+ between sender and receiver learns that the sender is communicating
+ with the receiver. In particular, your local ISP is in the position to
+ build a complete profile of your Internet usage. In addition, every
+ server in the Internet that can see any of the packets can profile your
+ behaviour.
</p>
-
+
<p>
- The aim of Tor is to improve your privacy by sending your traffic through
- a series of proxies. Your communication is encrypted in multiple layers
- and routed via multiple hops through the Tor network to the final
- receiver. More details on this process can be found in the <a
- href="https://www.torproject.org/about/overview">Tor overview</a>.
- Note that all your local ISP can observe now is that you are
- communicating with Tor nodes. Similarly, servers in the Internet just
+ The aim of Tor is to improve your privacy by sending your traffic through
+ a series of proxies. Your communication is encrypted in multiple layers
+ and routed via multiple hops through the Tor network to the final
+ receiver. More details on this process can be found in the <a
+ href="https://www.torproject.org/about/overview">Tor overview</a>.
+ Note that all your local ISP can observe now is that you are
+ communicating with Tor nodes. Similarly, servers in the Internet just
see that they are being contacted by Tor nodes.
</p>
-
+
<p>
- Generally speaking, Tor aims to solve three privacy problems:
+ Generally speaking, Tor aims to solve three privacy problems:
</p>
-
+
<p>
- First, Tor prevents websites and other services from learning
- your location, which they can use to build databases about your
- habits and interests. With Tor, your Internet connections don't
- give you away by default -- now you can have the ability to choose,
- for each connection, how much information to reveal.
+ First, Tor prevents websites and other services from learning
+ your location, which they can use to build databases about your
+ habits and interests. With Tor, your Internet connections don't
+ give you away by default -- now you can have the ability to choose,
+ for each connection, how much information to reveal.
</p>
-
+
<p>
- Second, Tor prevents people watching your traffic locally (such as
- your ISP) from learning what information you're fetching and where
- you're fetching it from. It also stops them from deciding what you're
- allowed to learn and publish -- if you can get to any part of the Tor
- network, you can reach any site on the Internet.
+ Second, Tor prevents people watching your traffic locally (such as
+ your ISP) from learning what information you're fetching and where
+ you're fetching it from. It also stops them from deciding what you're
+ allowed to learn and publish -- if you can get to any part of the Tor
+ network, you can reach any site on the Internet.
</p>
<p>
- Third, Tor routes your connection through more than one Tor relay
- so no single relay can learn what you're up to. Because these relays
- are run by different individuals or organizations, distributing trust
+ Third, Tor routes your connection through more than one Tor relay
+ so no single relay can learn what you're up to. Because these relays
+ are run by different individuals or organizations, distributing trust
provides more security than the old <a href="#Torisdifferent">one hop proxy
- </a> approach.
+ </a> approach.
</p>
-
+
<p>
- Note, however, that there are situations where Tor fails to solve these
- privacy problems entirely: see the entry below on <a
- href="#AttacksOnOnionRouting">remaining attacks</a>.
+ Note, however, that there are situations where Tor fails to solve these
+ privacy problems entirely: see the entry below on <a
+ href="#AttacksOnOnionRouting">remaining attacks</a>.
</p>
-
+
<hr>
-
+
<a id="CanExitNodesEavesdrop"></a>
- <h3><a class="anchor" href="#CanExitNodesEavesdrop">Can exit nodes eavesdrop
+ <h3><a class="anchor" href="#CanExitNodesEavesdrop">Can exit nodes eavesdrop
on communications? Isn't that bad?</a></h3>
-
+
<p>
- Yes, the guy running the exit node can read the bytes that come in and
- out there. Tor anonymizes the origin of your traffic, and it makes sure
- to encrypt everything inside the Tor network, but it does not magically
- encrypt all traffic throughout the Internet.
+ Yes, the guy running the exit node can read the bytes that come in and
+ out there. Tor anonymizes the origin of your traffic, and it makes sure
+ to encrypt everything inside the Tor network, but it does not magically
+ encrypt all traffic throughout the Internet.
</p>
-
+
<p>
- This is why you should always use end-to-end encryption such as SSL for
- sensitive Internet connections. (The corollary to this answer is that if
- you are worried about somebody intercepting your traffic and you're
- *not* using end-to-end encryption at the application layer, then something
- has already gone wrong and you shouldn't be thinking that Tor is the problem.)
+ This is why you should always use end-to-end encryption such as SSL for
+ sensitive Internet connections. (The corollary to this answer is that if
+ you are worried about somebody intercepting your traffic and you're
+ *not* using end-to-end encryption at the application layer, then something
+ has already gone wrong and you shouldn't be thinking that Tor is the problem.)
</p>
-
+
<p>
- Tor does provide a partial solution in a very specific situation, though.
- When you make a connection to a destination that also runs a Tor relay,
- Tor will automatically extend your circuit so you exit from that circuit.
- So for example if Indymedia ran a Tor relay on the same IP address as
- their website, people using Tor to get to the Indymedia website would
- automatically exit from their Tor relay, thus getting *better* encryption
- and authentication properties than just browsing there the normal way.
+ Tor does provide a partial solution in a very specific situation, though.
+ When you make a connection to a destination that also runs a Tor relay,
+ Tor will automatically extend your circuit so you exit from that circuit.
+ So for example if Indymedia ran a Tor relay on the same IP address as
+ their website, people using Tor to get to the Indymedia website would
+ automatically exit from their Tor relay, thus getting *better* encryption
+ and authentication properties than just browsing there the normal way.
</p>
<p>
- We'd like to make it still work even if the service is nearby the Tor
- relay but not on the same IP address. But there are a variety of
- technical problems we need to overcome first (the main one being "how
- does the Tor client learn which relays are associated with which
- websites in a decentralized yet non-gamable way?").
+ We'd like to make it still work even if the service is nearby the Tor
+ relay but not on the same IP address. But there are a variety of
+ technical problems we need to overcome first (the main one being "how
+ does the Tor client learn which relays are associated with which
+ websites in a decentralized yet non-gamable way?").
</p>
-
+
<hr>
-
+
<a id="AmITotallyAnonymous"></a>
- <h3><a class="anchor" href="#AmITotallyAnonymous">So I'm totally anonymous
+ <h3><a class="anchor" href="#AmITotallyAnonymous">So I'm totally anonymous
if I use Tor?</a></h3>
<p>
<b>No.</b>
</p>
<p>
- First, Tor protects the network communications. It separates where you
- are from where you are going on the Internet. What content and data you
- transmit over Tor is controlled by you. If you login to Google or
- Facebook via Tor, the local ISP or network provider doesn't know you
- are visiting Google or Facebook. Google and Facebook don't know where
- you are in the world. However, since you have logged into their sites,
- they know who you are. If you don't want to share information, you are
- in control.
+ First, Tor protects the network communications. It separates where you
+ are from where you are going on the Internet. What content and data you
+ transmit over Tor is controlled by you. If you login to Google or
+ Facebook via Tor, the local ISP or network provider doesn't know you
+ are visiting Google or Facebook. Google and Facebook don't know where
+ you are in the world. However, since you have logged into their sites,
+ they know who you are. If you don't want to share information, you are
+ in control.
</p>
<p>
- Second, active content, such as Java, Javascript, Adobe Flash, Adobe
- Shockwave, QuickTime, RealAudio, ActiveX controls, and VBScript, are
- binary applications. These binary applications run as your user account
- with your permissions in your operating system. This means these
- applications can access anything that your user account can access. Some
- of these technologies, such as Java and Adobe Flash for instance, run in
- what is known as a virtual machine. This virtual machine may have the
- ability to ignore your configured proxy settings, and therefore bypass
- Tor and share information directly to other sites on the Internet. The
- virtual machine may be able to store data, such as cookies, completely
- separate from your browser or operating system data stores. Therefore,
+ Second, active content, such as Java, Javascript, Adobe Flash, Adobe
+ Shockwave, QuickTime, RealAudio, ActiveX controls, and VBScript, are
+ binary applications. These binary applications run as your user account
+ with your permissions in your operating system. This means these
+ applications can access anything that your user account can access. Some
+ of these technologies, such as Java and Adobe Flash for instance, run in
+ what is known as a virtual machine. This virtual machine may have the
+ ability to ignore your configured proxy settings, and therefore bypass
+ Tor and share information directly to other sites on the Internet. The
+ virtual machine may be able to store data, such as cookies, completely
+ separate from your browser or operating system data stores. Therefore,
these technologies must be disabled in your browser to use Tor safely.
</p>
<p>
- That's where the <a
- href="https://torproject.org/projects/torbrowser.html.en">Tor Browser
- Bundle</a> comes in. We produce a web browser that is preconfigured to
- help you control the risks to your privacy and anonymity while browsing
- the Internet. Not only are the above technologies disabled to prevent
- identity leaks, the Tor Browser also includes browser extensions like
+ That's where the <a
+ href="https://torproject.org/projects/torbrowser.html.en">Tor Browser
+ Bundle</a> comes in. We produce a web browser that is preconfigured to
+ help you control the risks to your privacy and anonymity while browsing
+ the Internet. Not only are the above technologies disabled to prevent
+ identity leaks, the Tor Browser also includes browser extensions like
NoScript and Torbutton, as well as patches to the Firefox source
- code. The full design of the Tor Browser can be read <a
- href="https://www.torproject.org/projects/torbrowser/design/">here</a>.
- In designing a safe, secure solution for browsing the web with Tor,
- we've discovered that configuring <a href="#TBBOtherBrowser">other
+ code. The full design of the Tor Browser can be read <a
+ href="https://www.torproject.org/projects/torbrowser/design/">here</a>.
+ In designing a safe, secure solution for browsing the web with Tor,
+ we've discovered that configuring <a href="#TBBOtherBrowser">other
browsers</a> to use Tor is unsafe.
</p>
<p>
- Alternatively, you may find a Live CD or USB operating system more to
- your liking. The Tails team has created an <a
- href="https://tails.boum.org/">entire bootable operating system</a>
- configured for anonymity and privacy on the Internet.
+ Alternatively, you may find a Live CD or USB operating system more to
+ your liking. The Tails team has created an <a
+ href="https://tails.boum.org/">entire bootable operating system</a>
+ configured for anonymity and privacy on the Internet.
</p>
<p>
- Tor is a work in progress. There is still <a
- href="https://www.torproject.org/getinvolved/volunteer">plenty of work
- left to do</a> for a strong, secure, and complete solution.
+ Tor is a work in progress. There is still <a
+ href="https://www.torproject.org/getinvolved/volunteer">plenty of work
+ left to do</a> for a strong, secure, and complete solution.
</p>
<hr>
@@ -3875,39 +3875,39 @@
</h3>
<p>
- When a machine that runs a Tor relay also runs a public service, such as
- a webserver, you can configure Tor to offer Exit Enclaving to that
- service. Running an Exit Enclave for all of your services you wish to
- be accessible via Tor provides your users the assurance that they will
- exit through your server, rather than exiting from a randomly selected
- exit node that could be watched. Normally, a tor circuit would end at
- an exit node and then that node would make a connection to your service.
- Anyone watching that exit node could see the connection to your service,
- and be able to snoop on the contents if it were an unencrypted
- connection. If you run an Exit Enclave for your service, then the exit
- from the Tor network happens on the machine that runs your service,
- rather than on an untrusted random node. This works when Tor clients
- wishing to connect to this public service extend their circuit
- to exit from the Tor relay running on that same host. For example, if
- the server at 1.2.3.4 runs a web server on port 80 and also acts as a
- Tor relay configured for Exit Enclaving, then Tor clients wishing to
- connect to the webserver will extend their circuit a fourth hop to exit
- to port 80 on the Tor relay running on 1.2.3.4.
+ When a machine that runs a Tor relay also runs a public service, such as
+ a webserver, you can configure Tor to offer Exit Enclaving to that
+ service. Running an Exit Enclave for all of your services you wish to
+ be accessible via Tor provides your users the assurance that they will
+ exit through your server, rather than exiting from a randomly selected
+ exit node that could be watched. Normally, a tor circuit would end at
+ an exit node and then that node would make a connection to your service.
+ Anyone watching that exit node could see the connection to your service,
+ and be able to snoop on the contents if it were an unencrypted
+ connection. If you run an Exit Enclave for your service, then the exit
+ from the Tor network happens on the machine that runs your service,
+ rather than on an untrusted random node. This works when Tor clients
+ wishing to connect to this public service extend their circuit
+ to exit from the Tor relay running on that same host. For example, if
+ the server at 1.2.3.4 runs a web server on port 80 and also acts as a
+ Tor relay configured for Exit Enclaving, then Tor clients wishing to
+ connect to the webserver will extend their circuit a fourth hop to exit
+ to port 80 on the Tor relay running on 1.2.3.4.
</p>
<p>
- Exit Enclaving is disabled by default to prevent attackers from
- exploiting trust relationships with locally bound services. For
- example, often 127.0.0.1 will run services that are not designed to
- be shared with the entire world. Sometimes these services will also
- be bound to the public IP address, but will only allow connections if
- the source address is something trusted, such as 127.0.0.1.
+ Exit Enclaving is disabled by default to prevent attackers from
+ exploiting trust relationships with locally bound services. For
+ example, often 127.0.0.1 will run services that are not designed to
+ be shared with the entire world. Sometimes these services will also
+ be bound to the public IP address, but will only allow connections if
+ the source address is something trusted, such as 127.0.0.1.
</p>
<p>
- As a result of possible trust issues, relay operators must configure
- their exit policy to allow connections to themselves, but they should
- do so only when they are certain that this is a feature that they would
- like. Once certain, turning off the ExitPolicyRejectPrivate option will
- enable Exit Enclaving. An example configuration would be as follows:
+ As a result of possible trust issues, relay operators must configure
+ their exit policy to allow connections to themselves, but they should
+ do so only when they are certain that this is a feature that they would
+ like. Once certain, turning off the ExitPolicyRejectPrivate option will
+ enable Exit Enclaving. An example configuration would be as follows:
</p>
<pre>
ExitPolicy accept 1.2.3.4:80
@@ -3915,24 +3915,24 @@
ExitPolicyRejectPrivate 0
</pre>
<p>
- This option should be used with care as it may expose internal network
- blocks that are not meant to be accessible from the outside world or
- the Tor network. Please tailor your ExitPolicy to reflect all netblocks
- that you want to prohibit access.
+ This option should be used with care as it may expose internal network
+ blocks that are not meant to be accessible from the outside world or
+ the Tor network. Please tailor your ExitPolicy to reflect all netblocks
+ that you want to prohibit access.
</p>
<p>
- This option should be used with care as it may expose internal network
- blocks that are not meant to be accessible from the outside world or
- the Tor network. Please tailor your ExitPolicy to reflect all netblocks
- that you want to prohibit access.
+ This option should be used with care as it may expose internal network
+ blocks that are not meant to be accessible from the outside world or
+ the Tor network. Please tailor your ExitPolicy to reflect all netblocks
+ that you want to prohibit access.
</p>
<p>
- While useful, this behavior may go away in the future because it is
- imperfect. A great idea but not such a great implementation.
+ While useful, this behavior may go away in the future because it is
+ imperfect. A great idea but not such a great implementation.
</p>
<hr>
-
+
<a id="KeyManagement"></a>
<h3><a class="anchor" href="#KeyManagement">Tell me about all the
keys Tor uses.</a></h3>
@@ -4091,225 +4091,225 @@
<a id="ChangePaths"></a>
<h3><a class="anchor" href="#ChangePaths">How often does Tor change its paths?</a></h3>
<p>
- Tor will reuse the same circuit for new TCP streams for 10 minutes,
- as long as the circuit is working fine. (If the circuit fails, Tor
+ Tor will reuse the same circuit for new TCP streams for 10 minutes,
+ as long as the circuit is working fine. (If the circuit fails, Tor
will switch to a new circuit immediately.)
</p>
<p>
-But note that a single TCP stream (e.g. a long IRC connection) will stay on
-the same circuit forever -- we don't rotate individual streams from one
-circuit to the next. Otherwise an adversary with a partial view of the
-network would be given many chances over time to link you to your
+But note that a single TCP stream (e.g. a long IRC connection) will stay on
+the same circuit forever -- we don't rotate individual streams from one
+circuit to the next. Otherwise an adversary with a partial view of the
+network would be given many chances over time to link you to your
destination, rather than just one chance.
</p>
<hr>
<a id="CellSize"></a>
- <h3><a class="anchor" href="#CellSize">Tor uses hundreds of bytes for
+ <h3><a class="anchor" href="#CellSize">Tor uses hundreds of bytes for
every IRC line. I can't afford that!</a></h3>
<p>
- Tor sends data in chunks of 512 bytes (called "cells"), to make it
- harder for intermediaries to guess exactly how many bytes you're
- communicating at each step. This is unlikely to change in the near
- future -- if this increased bandwidth use is prohibitive for you, I'm
+ Tor sends data in chunks of 512 bytes (called "cells"), to make it
+ harder for intermediaries to guess exactly how many bytes you're
+ communicating at each step. This is unlikely to change in the near
+ future -- if this increased bandwidth use is prohibitive for you, I'm
afraid Tor is not useful for you right now.
</p>
<p>
-The actual content of these fixed size cells is
+The actual content of these fixed size cells is
<a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt">
documented in the main Tor spec</a>, section 3.
</p>
<p>
-We have been considering one day adding two classes of cells -- maybe a 64
-byte cell and a 1024 byte cell. This would allow less overhead for
-interactive streams while still allowing good throughput for bulk streams.
-But since we want to do a lot of work on quality-of-service and better
-queuing approaches first, you shouldn't expect this change anytime soon
-(if ever). However if you are keen, there are a couple of
+We have been considering one day adding two classes of cells -- maybe a 64
+byte cell and a 1024 byte cell. This would allow less overhead for
+interactive streams while still allowing good throughput for bulk streams.
+But since we want to do a lot of work on quality-of-service and better
+queuing approaches first, you shouldn't expect this change anytime soon
+(if ever). However if you are keen, there are a couple of
<a href="https://www.torproject.org/getinvolved/volunteer.html.en#Research">
-research ideas</a> that may involve changing the cell size.
+research ideas</a> that may involve changing the cell size.
</p>
<hr>
<a id="OutboundConnections"></a>
- <h3><a class="anchor" href="#OutboundConnections">Why does netstat show
+ <h3><a class="anchor" href="#OutboundConnections">Why does netstat show
these outbound connections?</a></h3>
<p>
- Because that's how Tor works. It holds open a handful of connections
- so there will be one available when you need one.
+ Because that's how Tor works. It holds open a handful of connections
+ so there will be one available when you need one.
</p>
<hr>
<a id="PowerfulBlockers"></a>
- <h3><a class="anchor" href="#PowerfulBlockers">What about powerful blocking
+ <h3><a class="anchor" href="#PowerfulBlockers">What about powerful blocking
mechanisms?</a></h3>
<p>
- An adversary with a great deal of manpower and money, and severe
- real-world penalties to discourage people from trying to evade detection,
+ An adversary with a great deal of manpower and money, and severe
+ real-world penalties to discourage people from trying to evade detection,
is a difficult test for an anonymity and anti-censorship system.
</p>
<p>
-The original Tor design was easy to block if the attacker controls Alice's
-connection to the Tor network --- by blocking the directory authorities, by
-blocking all the relay IP addresses in the directory, or by filtering based
-on the fingerprint of the Tor TLS handshake. After seeing these attacks and
-others first-hand, more effort was put into researching new circumvention
-techniques. Pluggable transports are protocols designed to allow users behind
+The original Tor design was easy to block if the attacker controls Alice's
+connection to the Tor network --- by blocking the directory authorities, by
+blocking all the relay IP addresses in the directory, or by filtering based
+on the fingerprint of the Tor TLS handshake. After seeing these attacks and
+others first-hand, more effort was put into researching new circumvention
+techniques. Pluggable transports are protocols designed to allow users behind
government firewalls to access the Tor network.
</p>
<p>
-We've made quite a bit of progress on this problem lately. You can read more
+We've made quite a bit of progress on this problem lately. You can read more
details on the <a href="https://www.torproject.org/docs/pluggable-transports.html.en">
-pluggable transports page</a>. You may also be interested in
-<a href="https://www.youtube.com/watch?v=GwMr8Xl7JMQ">Roger and Jake's talk at
-28C3</a>, or <a href="https://www.youtube.com/watch?v=JZg1nqs793M">Runa's
+pluggable transports page</a>. You may also be interested in
+<a href="https://www.youtube.com/watch?v=GwMr8Xl7JMQ">Roger and Jake's talk at
+28C3</a>, or <a href="https://www.youtube.com/watch?v=JZg1nqs793M">Runa's
talk at 44con</a>.
</p>
<hr>
-
+
<a id="RemotePhysicalDeviceFingerprinting"></a>
- <h3><a class="anchor" href="#RemotePhysicalDeviceFingerprinting">Does Tor
+ <h3><a class="anchor" href="#RemotePhysicalDeviceFingerprinting">Does Tor
resist "remote physical device fingerprinting"?</a></h3>
<p>
Yes, we resist all of these attacks as far as we know.
</p>
<p>
-These attacks come from examining characteristics of the IP headers or TCP
-headers and looking for information leaks based on individual hardware
-signatures. One example is the
+These attacks come from examining characteristics of the IP headers or TCP
+headers and looking for information leaks based on individual hardware
+signatures. One example is the
<a href="http://www.caida.org/outreach/papers/2005/fingerprinting/">
-Oakland 2005 paper</a> that lets you learn if two packet streams originated
+Oakland 2005 paper</a> that lets you learn if two packet streams originated
from the same hardware, but only if you can see the original TCP timestamps.
</p>
<p>
-Tor transports TCP streams, not IP packets, so we end up automatically
-scrubbing a lot of the potential information leaks. Because Tor relays use
-their own (new) IP and TCP headers at each hop, this information isn't
-relayed from hop to hop. Of course, this also means that we're limited in
-the protocols we can transport (only correctly-formed TCP, not all IP like
-ZKS's Freedom network could) -- but maybe that's a good thing at this stage.
+Tor transports TCP streams, not IP packets, so we end up automatically
+scrubbing a lot of the potential information leaks. Because Tor relays use
+their own (new) IP and TCP headers at each hop, this information isn't
+relayed from hop to hop. Of course, this also means that we're limited in
+the protocols we can transport (only correctly-formed TCP, not all IP like
+ZKS's Freedom network could) -- but maybe that's a good thing at this stage.
</p>
<hr>
<a id="IsTorLikeAVPN"></a>
<h3><a class="anchor" href="#IsTorLikeAVPN">Is Tor like a VPN?</a></h3>
-
+
<p>
- Some people use Virtual Private Networks (VPNs) as a privacy solution.
- VPNs encrypt the traffic between the user and the VPN provider,
- and they can act as a proxy between a user and an online destination.
- However, VPNs have a single point of failure: the VPN provider.
- A technically proficient attacker or a number of employees could
- retrieve the full identity information associated with a VPN user.
- It is also possible to use coercion or other means to convince a
- VPN provider to reveal their users' identities. Identities can be
- discovered by following a money trail (using Bitcoin does not solve
- this problem because Bitcoin is not anonymous), or by persuading the
- VPN provider to hand over logs. Even
- if a VPN provider says they don't keep logs, users have to take their
- word for it---and trust that the VPN provider won't buckle to outside
- pressures that might want them to start keeping logs.
+ Some people use Virtual Private Networks (VPNs) as a privacy solution.
+ VPNs encrypt the traffic between the user and the VPN provider,
+ and they can act as a proxy between a user and an online destination.
+ However, VPNs have a single point of failure: the VPN provider.
+ A technically proficient attacker or a number of employees could
+ retrieve the full identity information associated with a VPN user.
+ It is also possible to use coercion or other means to convince a
+ VPN provider to reveal their users' identities. Identities can be
+ discovered by following a money trail (using Bitcoin does not solve
+ this problem because Bitcoin is not anonymous), or by persuading the
+ VPN provider to hand over logs. Even
+ if a VPN provider says they don't keep logs, users have to take their
+ word for it---and trust that the VPN provider won't buckle to outside
+ pressures that might want them to start keeping logs.
</p>
<p>
- When you use a VPN, websites can still build up a persistent profile of
- your usage over time. Even though sites you visit won't automatically
- get your originating IP address, they still know how to profile you
- based on your browsing history.
+ When you use a VPN, websites can still build up a persistent profile of
+ your usage over time. Even though sites you visit won't automatically
+ get your originating IP address, they still know how to profile you
+ based on your browsing history.
</p>
<p>
- When you use Tor the IP address you connect to changes at most every 10
- minutes, and often more frequently than that. This makes it extremely
- dificult for websites to create any sort of persistent profile of Tor
- users (assuming you did not <a
- href="https://torproject.org/download/download.html.en#warning">identify
- yourself in other ways</a>). No one Tor relay can know enough
- information to compromise any Tor user because of Tor's <a
- href="https://www.torproject.org/about/overview.html.en#thesolution">encrypted
+ When you use Tor the IP address you connect to changes at most every 10
+ minutes, and often more frequently than that. This makes it extremely
+ dificult for websites to create any sort of persistent profile of Tor
+ users (assuming you did not <a
+ href="https://torproject.org/download/download.html.en#warning">identify
+ yourself in other ways</a>). No one Tor relay can know enough
+ information to compromise any Tor user because of Tor's <a
+ href="https://www.torproject.org/about/overview.html.en#thesolution">encrypted
three-hop circuit</a> design.
</p>
<hr>
<a id="ShouldIUseTorWithAVPN"></a>
- <h3><a class="anchor" href="#ShouldIUseTorWithAVPN">Should I use Tor
+ <h3><a class="anchor" href="#ShouldIUseTorWithAVPN">Should I use Tor
with a VPN?</a></h3>
<p>
- This <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN">wiki
- page</a> discusses costs and benefits. However, if you're looking
- for a trusted entry into the Tor network, <a
- href="https://www.torproject.org/docs/bridges#RunningABridge">setting up
+ This <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN">wiki
+ page</a> discusses costs and benefits. However, if you're looking
+ for a trusted entry into the Tor network, <a
+ href="https://www.torproject.org/docs/bridges#RunningABridge">setting up
a private Tor server as a bridge</a> is a great option.
</p>
<hr>
<a id="Proxychains"></a>
- <h3><a class="anchor" href="#Proxychains">Aren't 10 proxies
+ <h3><a class="anchor" href="#Proxychains">Aren't 10 proxies
(proxychains) better than Tor with only 3 hops?</a></h3>
-
+
<p>
- Proxychains is a program that sends your traffic through a series of
- open web proxies that you supply before sending it on to your final
- destination. <a href="#KeyManagement">Unlike Tor</a>, proxychains
- does not encrypt the connections between each proxy server. An open proxy
- that wanted to monitor your connection could see all the other proxy
- servers you wanted to use between itself and your final destination,
- as well as the IP address that proxy hop received traffic from.
+ Proxychains is a program that sends your traffic through a series of
+ open web proxies that you supply before sending it on to your final
+ destination. <a href="#KeyManagement">Unlike Tor</a>, proxychains
+ does not encrypt the connections between each proxy server. An open proxy
+ that wanted to monitor your connection could see all the other proxy
+ servers you wanted to use between itself and your final destination,
+ as well as the IP address that proxy hop received traffic from.
</p>
<p>
- Because the <a
+ Because the <a
href="https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt">
- Tor protocol</a> requires encrypted relay-to-relay connections, not
- even a misbehaving relay can see the entire path of any Tor user.
+ Tor protocol</a> requires encrypted relay-to-relay connections, not
+ even a misbehaving relay can see the entire path of any Tor user.
</p>
<p>
- While Tor relays are run by volunteers and checked periodically for
- suspicious behavior, many open proxies that can be found with a search
- engine are compromised machines, misconfigured private proxies
- not intended for public use, or honeypots set up to exploit users.
+ While Tor relays are run by volunteers and checked periodically for
+ suspicious behavior, many open proxies that can be found with a search
+ engine are compromised machines, misconfigured private proxies
+ not intended for public use, or honeypots set up to exploit users.
</p>
-
+
<hr>
-
+
<a id="AttacksOnOnionRouting"></a>
- <h3><a class="anchor" href="#AttacksOnOnionRouting">What attacks remain
+ <h3><a class="anchor" href="#AttacksOnOnionRouting">What attacks remain
against onion routing?</a></h3>
<p>
-As mentioned above, it is possible for an observer who can view both you and
-either the destination website or your Tor exit node to correlate timings of
-your traffic as it enters the Tor network and also as it exits. Tor does not
+As mentioned above, it is possible for an observer who can view both you and
+either the destination website or your Tor exit node to correlate timings of
+your traffic as it enters the Tor network and also as it exits. Tor does not
defend against such a threat model.
</p>
<p>
-In a more limited sense, note that if a censor or law enforcement agency has
-the ability to obtain specific observation of parts of the network, it is
-possible for them to verify a suspicion that you talk regularly to your friend
-by observing traffic at both ends and correlating the timing of only that
-traffic. Again, this is only useful to verify that parties already suspected
-of communicating with one another are doing so. In most countries, the
-suspicion required to obtain a warrant already carries more weight than
+In a more limited sense, note that if a censor or law enforcement agency has
+the ability to obtain specific observation of parts of the network, it is
+possible for them to verify a suspicion that you talk regularly to your friend
+by observing traffic at both ends and correlating the timing of only that
+traffic. Again, this is only useful to verify that parties already suspected
+of communicating with one another are doing so. In most countries, the
+suspicion required to obtain a warrant already carries more weight than
timing correlation would provide.
</p>
<p>
-Furthermore, since Tor reuses circuits for multiple TCP connections, it is
-possible to associate non anonymous and anonymous traffic at a given exit
-node, so be careful about what applications you run concurrently over Tor.
-Perhaps even run separate Tor clients for these applications.
+Furthermore, since Tor reuses circuits for multiple TCP connections, it is
+possible to associate non anonymous and anonymous traffic at a given exit
+node, so be careful about what applications you run concurrently over Tor.
+Perhaps even run separate Tor clients for these applications.
</p>
<hr>
<a id="LearnMoreAboutAnonymity"></a>
- <h3><a class="anchor" href="#LearnMoreAboutAnonymity">Where can I
+ <h3><a class="anchor" href="#LearnMoreAboutAnonymity">Where can I
learn more about anonymity?</a></h3>
<p>
@@ -4365,7 +4365,7 @@
<p>
First, we need to make Tor stable as a relay on all common
operating systems. The main remaining platform is Windows,
- and we're mostly there. See Section 4.1 of <a
+ and we're mostly there. See Section 4.1 of <a
href="https://www.torproject.org/press/2008-12-19-roadmap-press-release"
>our
development roadmap</a>.
@@ -4538,254 +4538,254 @@
<hr>
<a id="ChoosePathLength"></a>
-<h3><a class="anchor" href="#ChoosePathLength">You should let people choose
+<h3><a class="anchor" href="#ChoosePathLength">You should let people choose
their path length.</a></h3>
<p>
- Right now the path length is hard-coded at 3 plus the number of nodes in
- your path that are sensitive. That is, in normal cases it's 3, but for
+ Right now the path length is hard-coded at 3 plus the number of nodes in
+ your path that are sensitive. That is, in normal cases it's 3, but for
example if you're accessing a hidden service or a ".exit" address it could be 4.
</p>
<p>
- We don't want to encourage people to use paths longer than this -- it
- increases load on the network without (as far as we can tell) providing
- any more security. Remember that <a
+ We don't want to encourage people to use paths longer than this -- it
+ increases load on the network without (as far as we can tell) providing
+ any more security. Remember that <a
href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/tor-design.html#subsec:threat-model">
- the best way to attack Tor is to attack the endpoints and ignore the middle
+ the best way to attack Tor is to attack the endpoints and ignore the middle
of the path
</a>.
</p>
<p>
- And we don't want to encourage people to use paths of length 1 either.
- Currently there is no reason to suspect that investigating a single
- relay will yield user-destination pairs, but if many people are using
- only a single hop, we make it more likely that attackers will seize or
- break into relays in hopes
+ And we don't want to encourage people to use paths of length 1 either.
+ Currently there is no reason to suspect that investigating a single
+ relay will yield user-destination pairs, but if many people are using
+ only a single hop, we make it more likely that attackers will seize or
+ break into relays in hopes
of tracing users.
</p>
<p>
- Now, there is a good argument for making the number of hops in a path
- unpredictable. For example, somebody who happens to control the last
- two hops in your path still doesn't know who you are, but they know
- for sure which entry node you used. Choosing path length from, say,
- a geometric distribution will turn this into a statistical attack,
- which seems to be an improvement. On the other hand, a longer path
- length is bad for usability. We're not sure of the right trade-offs
- here. Please write a research paper that tells us what to do.
+ Now, there is a good argument for making the number of hops in a path
+ unpredictable. For example, somebody who happens to control the last
+ two hops in your path still doesn't know who you are, but they know
+ for sure which entry node you used. Choosing path length from, say,
+ a geometric distribution will turn this into a statistical attack,
+ which seems to be an improvement. On the other hand, a longer path
+ length is bad for usability. We're not sure of the right trade-offs
+ here. Please write a research paper that tells us what to do.
</p>
<hr>
<a id="SplitEachConnection"></a>
- <h3><a class="anchor" href="#SplitEachConnection">You should split
+ <h3><a class="anchor" href="#SplitEachConnection">You should split
each connection over many paths.</a></h3>
<p>
- We don't currently think this is a good idea. You see, the attacks we're
- worried about are at the endpoints: the adversary watches Alice (or the
- first hop in the path) and Bob (or the last hop in the path) and learns
+ We don't currently think this is a good idea. You see, the attacks we're
+ worried about are at the endpoints: the adversary watches Alice (or the
+ first hop in the path) and Bob (or the last hop in the path) and learns
that they are communicating.
</p>
<p>
-If we make the assumption that timing attacks work well on even a few packets
-end-to-end, then having *more* possible ways for the adversary to observe the
+If we make the assumption that timing attacks work well on even a few packets
+end-to-end, then having *more* possible ways for the adversary to observe the
connection seems to hurt anonymity, not help it.
</p>
<p>
-Now, it's possible that we could make ourselves more resistant to end-to-end
-attacks with a little bit of padding and by making each circuit send and
-receive a fixed number of cells. This approach is more well-understood in
-the context of high-latency systems. See e.g.
+Now, it's possible that we could make ourselves more resistant to end-to-end
+attacks with a little bit of padding and by making each circuit send and
+receive a fixed number of cells. This approach is more well-understood in
+the context of high-latency systems. See e.g.
<a href="http://freehaven.net/anonbib/#pet05-serjantov">
-Message Splitting Against the Partial Adversary by Andrei Serjantov and
+Message Splitting Against the Partial Adversary by Andrei Serjantov and
Steven J. Murdoch</a>.
</p>
<p>
-But since we don't currently understand what network and padding
-parameters, if any, could provide increased end-to-end security, our
-current strategy is to minimize the number of places that the adversary
+But since we don't currently understand what network and padding
+parameters, if any, could provide increased end-to-end security, our
+current strategy is to minimize the number of places that the adversary
could possibly see.
</p>
<hr>
<a id="MigrateApplicationStreamsAcrossCircuits"></a>
- <h3><a class="anchor" href="#MigrateApplicationStreamsAcrossCircuits">You
+ <h3><a class="anchor" href="#MigrateApplicationStreamsAcrossCircuits">You
should migrate application streams across circuits.</a></h3>
- <p>This would be great for two reasons. First, if a circuit breaks, we
- would be able to shift its active streams onto a new circuit, so they
- don't have to break. Second, it is conceivable that we could get
- increased security against certain attacks by migrating streams
- periodically, since leaving a stream on a given circuit for many hours
+ <p>This would be great for two reasons. First, if a circuit breaks, we
+ would be able to shift its active streams onto a new circuit, so they
+ don't have to break. Second, it is conceivable that we could get
+ increased security against certain attacks by migrating streams
+ periodically, since leaving a stream on a given circuit for many hours
might make it more vulnerable to certain adversaries.</p>
- <p>There are two problems though. First, Tor would need a much more
- bulky protocol. Right now each end of the Tor circuit just sends the
- cells, and lets TCP provide the in-order guaranteed delivery. If we
- can move streams across circuits, though, we would need to add queues
- at each end of the circuit, add sequence numbers so we can send and
- receive acknowledgements for cells, and so forth. These changes would
- increase the complexity of the Tor protocol considerably. Which leads
- to the second problem: if the exit node goes away, there's nothing we
- can do to save the TCP connection. Circuits are typically three hops
+ <p>There are two problems though. First, Tor would need a much more
+ bulky protocol. Right now each end of the Tor circuit just sends the
+ cells, and lets TCP provide the in-order guaranteed delivery. If we
+ can move streams across circuits, though, we would need to add queues
+ at each end of the circuit, add sequence numbers so we can send and
+ receive acknowledgements for cells, and so forth. These changes would
+ increase the complexity of the Tor protocol considerably. Which leads
+ to the second problem: if the exit node goes away, there's nothing we
+ can do to save the TCP connection. Circuits are typically three hops
long, so in about a third of the cases we just lose.</p>
- <p>Thus our current answer is that since we can only improve things by
- at best 2/3, it's not worth the added code and complexity. If somebody
- writes a protocol specification for it and it turns out to be pretty
+ <p>Thus our current answer is that since we can only improve things by
+ at best 2/3, it's not worth the added code and complexity. If somebody
+ writes a protocol specification for it and it turns out to be pretty
simple, we'd love to add it.</p>
- <p>But there are still some approaches we can take to improve the
- reliability of streams. The main approach we have now is to specify
- that streams using certain application ports prefer circuits to be
- made up of stable nodes. These ports are specified in the "LongLivedPorts"
+ <p>But there are still some approaches we can take to improve the
+ reliability of streams. The main approach we have now is to specify
+ that streams using certain application ports prefer circuits to be
+ made up of stable nodes. These ports are specified in the "LongLivedPorts"
<a href="#torrc">torrc</a> option, and they default to</p>
<pre>21,22,706,1863,5050,5190,5222,5223,6667,6697,8300</pre>
- <p>The definition of "stable" is an open research question, since we
- can only guess future stability based on past performance. Right now
- we judge that a node is stable if it advertises that it has been up
- for more than a day. Down the road we plan to refine this so it takes into
+ <p>The definition of "stable" is an open research question, since we
+ can only guess future stability based on past performance. Right now
+ we judge that a node is stable if it advertises that it has been up
+ for more than a day. Down the road we plan to refine this so it takes into
account the average stability of the other nodes in the Tor network.</p>
<hr>
<a id="LetTheNetworkPickThePath"></a>
- <h3><a class="anchor" href="#LetTheNetworkPickThePath">You should
+ <h3><a class="anchor" href="#LetTheNetworkPickThePath">You should
let the network pick the path, not the client</a></h3>
- <p>No. You cannot trust the network to pick the path for relays could
- collude and route you through their colluding friends. This would give
+ <p>No. You cannot trust the network to pick the path for relays could
+ collude and route you through their colluding friends. This would give
an adversary the ability to watch all of your traffic end to end.</p>
<hr>
<a id="UnallocatedNetBlocks"></a>
- <h3><a class="anchor" href="#UnallocatedNetBlocks">Your default exit
+ <h3><a class="anchor" href="#UnallocatedNetBlocks">Your default exit
policy should block unallocated net blocks too.</a></h3>
<p>
- No, it shouldn't. The default exit policy blocks certain private net blocks,
- like 10.0.0.0/8, because they might actively be in use by Tor relays and we
- don't want to cause any surprises by bridging to internal networks. Some
- overzealous firewall configs suggest that you also block all the parts of
- the Internet that IANA has not currently allocated. First, this turns into
- a problem for them when those addresses *are* allocated. Second, why should
+ No, it shouldn't. The default exit policy blocks certain private net blocks,
+ like 10.0.0.0/8, because they might actively be in use by Tor relays and we
+ don't want to cause any surprises by bridging to internal networks. Some
+ overzealous firewall configs suggest that you also block all the parts of
+ the Internet that IANA has not currently allocated. First, this turns into
+ a problem for them when those addresses *are* allocated. Second, why should
we default-reject something that might one day be useful?
</p>
<p>
-Tor's default exit policy is chosen to be flexible and useful in the future:
-we allow everything except the specific addresses and ports that we
-anticipate will lead to problems.
+Tor's default exit policy is chosen to be flexible and useful in the future:
+we allow everything except the specific addresses and ports that we
+anticipate will lead to problems.
</p>
<hr>
<a id="BlockWebsites"></a>
- <h3><a class="anchor" href="#BlockWebsites">Exit policies should be
+ <h3><a class="anchor" href="#BlockWebsites">Exit policies should be
able to block websites, not just IP addresses.</a></h3>
<p>
- It would be nice to let relay operators say things like "reject
- www.slashdot.org" in their exit policies, rather than requiring
- them to learn all the IP address space that could be covered by the site
+ It would be nice to let relay operators say things like "reject
+ www.slashdot.org" in their exit policies, rather than requiring
+ them to learn all the IP address space that could be covered by the site
(and then also blocking other sites at those IP addresses).
</p>
<p>
-There are two problems, though. First, users could still get around these
-blocks. For example, they could request the IP address rather than the
-hostname when they exit from the Tor network. This means operators would
+There are two problems, though. First, users could still get around these
+blocks. For example, they could request the IP address rather than the
+hostname when they exit from the Tor network. This means operators would
still need to learn all the IP addresses for the destinations in question.
</p>
<p>
-The second problem is that it would allow remote attackers to censor
-arbitrary sites. For example, if a Tor operator blocks www1.slashdot.org,
-and then some attacker poisons the Tor relay's DNS or otherwise changes
-that hostname to resolve to the IP address for a major news site, then
-suddenly that Tor relay is blocking the news site.
+The second problem is that it would allow remote attackers to censor
+arbitrary sites. For example, if a Tor operator blocks www1.slashdot.org,
+and then some attacker poisons the Tor relay's DNS or otherwise changes
+that hostname to resolve to the IP address for a major news site, then
+suddenly that Tor relay is blocking the news site.
</p>
<hr>
<a id="BlockContent"></a>
- <h3><a class="anchor" href="#BlockContent">You should change Tor to
+ <h3><a class="anchor" href="#BlockContent">You should change Tor to
prevent users from posting certain content.</a></h3>
- <p> Tor only transports data, it does not inspect the contents of the
- connections which are sent over it. In general it's a very hard problem
- for a computer to determine what is objectionable content with good true
- positive/false positive rates and we are not interested in addressing
+ <p> Tor only transports data, it does not inspect the contents of the
+ connections which are sent over it. In general it's a very hard problem
+ for a computer to determine what is objectionable content with good true
+ positive/false positive rates and we are not interested in addressing
this problem.
</p>
<p>
-Further, and more importantly, which definition of "certain content" could we
-use? Every choice would lead to a quagmire of conflicting personal morals. The
-only solution is to have no opinion.
+Further, and more importantly, which definition of "certain content" could we
+use? Every choice would lead to a quagmire of conflicting personal morals. The
+only solution is to have no opinion.
</p>
<hr>
<a id="SendPadding"></a>
- <h3><a class="anchor" href="#SendPadding">You should send padding so it's
+ <h3><a class="anchor" href="#SendPadding">You should send padding so it's
more secure.</a></h3>
-
+
<p>
- Like all anonymous communication networks that are fast enough for web
- browsing, Tor is vulnerable to statistical "traffic confirmation"
- attacks, where the adversary watches traffic at both ends of a circuit
- and confirms his guess that they're communicating. It would be really
- nice if we could use cover traffic to confuse this attack. But there
+ Like all anonymous communication networks that are fast enough for web
+ browsing, Tor is vulnerable to statistical "traffic confirmation"
+ attacks, where the adversary watches traffic at both ends of a circuit
+ and confirms his guess that they're communicating. It would be really
+ nice if we could use cover traffic to confuse this attack. But there
are three problems here:
</p>
-
+
<ul>
<li>
- Cover traffic is really expensive. And *every* user needs to be doing
- it. This adds up to a lot of extra bandwidth cost for our volunteer
+ Cover traffic is really expensive. And *every* user needs to be doing
+ it. This adds up to a lot of extra bandwidth cost for our volunteer
operators, and they're already pushed to the limit.
</li>
<li>
- You'd need to always be sending traffic, meaning you'd need to always
- be online. Otherwise, you'd need to be sending end-to-end cover
- traffic -- not just to the first hop, but all the way to your final
- destination -- to prevent the adversary from correlating presence of
- traffic at the destination to times when you're online. What does it
- mean to send cover traffic to -- and from -- a web server? That is not
- supported in most protocols.
+ You'd need to always be sending traffic, meaning you'd need to always
+ be online. Otherwise, you'd need to be sending end-to-end cover
+ traffic -- not just to the first hop, but all the way to your final
+ destination -- to prevent the adversary from correlating presence of
+ traffic at the destination to times when you're online. What does it
+ mean to send cover traffic to -- and from -- a web server? That is not
+ supported in most protocols.
</li>
<li>
- Even if you *could* send full end-to-end padding between all users and
- all destinations all the time, you're *still* vulnerable to active
- attacks that block the padding for a short time at one end and look for
- patterns later in the path.
+ Even if you *could* send full end-to-end padding between all users and
+ all destinations all the time, you're *still* vulnerable to active
+ attacks that block the padding for a short time at one end and look for
+ patterns later in the path.
</li>
</ul>
-
+
<p>
- In short, for a system like Tor that aims to be fast, we don't see any
- use for padding, and it would definitely be a serious usability problem.
- We hope that one day somebody will prove us wrong, but we are not
- optimistic.
+ In short, for a system like Tor that aims to be fast, we don't see any
+ use for padding, and it would definitely be a serious usability problem.
+ We hope that one day somebody will prove us wrong, but we are not
+ optimistic.
</p>
-
+
<hr>
<a id="Steganography"></a>
- <h3><a class="anchor" href="#Steganography">You should use steganography to hide Tor
+ <h3><a class="anchor" href="#Steganography">You should use steganography to hide Tor
traffic.</a></h3>
-
+
<p>
- Many people suggest that we should use steganography to make it hard
- to notice Tor connections on the Internet. There are a few problems
- with this idea though:
+ Many people suggest that we should use steganography to make it hard
+ to notice Tor connections on the Internet. There are a few problems
+ with this idea though:
</p>
-
+
<p>
- First, in the current network topology, the Tor relays list <a
- href="#HideExits">is public</a> and can be accessed by attackers.
- An attacker who wants to detect or block anonymous users could
- always just notice <b>any connection</b> to or from a Tor relay's
- IP address.
+ First, in the current network topology, the Tor relays list <a
+ href="#HideExits">is public</a> and can be accessed by attackers.
+ An attacker who wants to detect or block anonymous users could
+ always just notice <b>any connection</b> to or from a Tor relay's
+ IP address.
</p>
-
+
<hr>
<a id="Abuse"></a>
@@ -4817,24 +4817,24 @@
<a id="HelpPoliceOrLawyers"></a>
<h3><a class="anchor" href="#HelpPoliceOrLawyers">I have questions about
a Tor IP address for a legal case.</a></h3>
-
+
<p>
- Please read the <a
- href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written
- by EFF lawyers</a>. There's a growing <a
- href="https://blog.torproject.org/blog/start-tor-legal-support-directory">legal
+ Please read the <a
+ href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written
+ by EFF lawyers</a>. There's a growing <a
+ href="https://blog.torproject.org/blog/start-tor-legal-support-directory">legal
directory</a> of people who may be able to help you.
</p>
-
+
<p>
- If you need to check if a certain IP address was acting as a Tor exit
- node at a certain date and time, you can use the <a
+ If you need to check if a certain IP address was acting as a Tor exit
+ node at a certain date and time, you can use the <a
href="https://exonerator.torproject.org/">ExoneraTor tool</a> to query the
historic Tor relay lists and get an answer.
</p>
-
+
<hr>
-
+
</div>
<!-- END MAINCOL -->
<div id = "sidecol">
More information about the tor-commits
mailing list