git.schokokeks.org
Repositories
Help
Report an Issue
tor-webwml.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
5cb97e3fc
Branches
Tags
bridges
docs-debian
jobs
master
press-clips
tor-webwml.git
en
overview.wml
Get hidden services explanation page started.
Karsten Loesing
commited
5cb97e3fc
at 2008-03-29 00:42:46
overview.wml
Blame
History
Raw
## translation metadata # Revision: $Revision$ # Translation-Priority: 2-medium #include "head.wmi" TITLE="Tor: Overview" <div class="main-column"> <h2>Tor: Overview</h2> <hr /> <p> Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. </p> <p> Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's <a href="<page docs/tor-hidden-service>">hidden services</a> let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses. </p> <p> Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization. </p> <p> Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers? </p> <p> A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations. </p> <p> The variety of people who use Tor is actually <a href="http://freehaven.net/doc/fc03/econymics.pdf">part of what makes it so secure</a>. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected. </p> <h3>Why we need Tor</h3> <p> Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted. </p> <p> How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on. </p> <p> A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers. </p> <p> But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers. </p> <h3>The solution: a distributed, anonymous network</h3> <p> Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going. </p> <img alt="Tor circuit step one" src="$(IMGROOT)/htw1.png" /> <p> To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through. </p> <img alt="Tor circuit step two" src="$(IMGROOT)/htw2.png" /> <p> Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination. Tor only works for TCP streams and can be used by any application with SOCKS support. </p> <p> For efficiency, the Tor software uses the same circuit for connections that happen within the same ten minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones. </p> <img alt="Tor circuit step three" src="$(IMGROOT)/htw3.png" /> <h3>Hidden services</h3> <p> Tor also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these <a href="<page docs/tor-hidden-service>">hidden services</a>, each without knowing the other's network identity. This hidden service functionality could allow Tor users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it. </p> <!-- TO TRANSLATORS: this section might still need some review and corrections! better wait at least one week from today (2008-03-29) before starting translation --> <p> A hidden service needs to advertise its existence in the Tor network before clients will be able to contact it. Therefore, the service randomly picks some relays, builds circuits to them, and asks them to act as introduction points telling them its public key. Note that in the following figures the green links are circuits rather than direct connections. This makes it impossible for anyone to associate the introduction points with the hidden service's IP address. This is important, because although the introduction points and others are told the hidden service's identity (public key), they must not learn about the hidden server's identity (IP address). </p> <img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png" /> <!-- maybe add a speech bubble containing "PK" to Bob, because that's what Bob tells to his introduction points --> <p> In a second step, the hidden service assembles a hidden service descriptor containing the introduction points' addresses and its public key and signs it with its private key. It stores that descriptor on a set of directory servers, again using a circuit that hides the link between storing the descriptor with the hidden service's IP address. The descriptor will be found by clients requesting XYZ.onion where XYZ is uniquely derived from the service's public key. After this step, the hidden service is set up. </p> <img alt="Tor hidden service step two" src="$(IMGROOT)/THS-2.png" /> <!-- maybe replace "database" with "directory servers"; further: how incorrect is it to *not* add DB to the Tor cloud, now that begin dir cells are in use? --> <p> A client that wants to contact a hidden service needs to learn about its onion address first. After that, the client can initiate connection establishment by downloading the descriptor from the directory servers. If there is a descriptor for XYZ.onion (the hidden service could also be offline or have left long ago, or there could be a typo in the onion address), the client creates a circuit to another randomly picked relay and asks it to act as rendezvous point, telling it a one-time secret. </p> <img alt="Tor hidden service step three" src="$(IMGROOT)/THS-3.png" /> <!-- maybe add "cookie" to speech bubble, separated from the surrounded "IP1-3" and "PK" --> <p> Upon setting up the rendezvous point, the client assembles an introduce message (encrypted to the hidden service's public key) including the address of the rendezvous point and the one-time secret. The client sends this message to one of the introduction points, requesting it to deliver it to the hidden service. Again, communication takes place via a circuit, so that nobody can relate sending the introduce message to the client's IP address, ensuring the client's anonymity. </p> <img alt="Tor hidden service step four" src="$(IMGROOT)/THS-4.png" /> <p> The hidden service decrypts the client's introduce message and finds the address of the rendezvous point and the one-time secret in it. The service creates a circuit to the rendezvous point and sends the one-time secret to it in a rendezvous message. </p> <img alt="Tor hidden service step five" src="$(IMGROOT)/THS-5.png" /> <!-- it should say "Bob connects to Alice's ..." --> <p> In the last step, the rendezvous point notifies the client about successful connection establishment. After that, both, client and hidden service can use their circuits to the rendezvous point for communicating with each other. The rendezvous point simply relays (end-to-end encrypted) messages from client to service and vice versa. </p> <img alt="Tor hidden service step six" src="$(IMGROOT)/THS-6.png" /> <h3>Staying anonymous</h3> <p> Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy while web browsing to block cookies and withhold information about your browser type. </p> <p> Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit. </p> <h3>The future of Tor</h3> <p> Providing a usable anonymizing network on the Internet today is an ongoing challenge. We want software that meets users' needs. We also want to keep the network up and running in a way that handles as many users as possible. Security and usability don't have to be at odds: As Tor's usability increases, it will attract more users, which will increase the possible sources and destinations of each communication, thus increasing security for everyone. We're making progress, but we need your help. Please consider <a href="<page docs/tor-doc-relay>">running a relay</a> or <a href="<page volunteer>">volunteering</a> as a <a href="<page documentation>#Developers">developer</a>. </p> <p> Ongoing trends in law, policy, and technology threaten anonymity as never before, undermining our ability to speak and read freely online. These trends also undermine national security and critical infrastructure by making communication among individuals, organizations, corporations, and governments more vulnerable to analysis. Each new user and relay provides additional diversity, enhancing Tor's ability to put control over your security and privacy back into your hands. </p> </div><!-- #main --> #include <foot.wmi>