traumschule commited on 2018-08-21 22:20:53
Zeige 1 geänderte Dateien mit 862 Einfügungen und 971 Löschungen.
... | ... |
@@ -15,13 +15,14 @@ |
15 | 15 |
<hr> |
16 | 16 |
|
17 | 17 |
<a id="general"></a> |
18 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#general">General questions:</a></h4> |
|
18 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#general">General |
|
19 |
+ questions:</a></h4> |
|
19 | 20 |
<ul> |
20 | 21 |
<li><a href="#WhatIsTor">What is Tor?</a></li> |
21 |
- <li><a href="#Torisdifferent">How is Tor different from other |
|
22 |
-proxies?</a></li> |
|
23 |
- <li><a href="#CompatibleApplications">What programs can I use with |
|
24 |
- Tor?</a></li> |
|
22 |
+ <li><a href="#Torisdifferent">How is Tor different from other proxies? |
|
23 |
+ </a></li> |
|
24 |
+ <li><a href="#CompatibleApplications">What programs can I use with Tor? |
|
25 |
+ </a></li> |
|
25 | 26 |
<li><a href="#WhyCalledTor">Why is it called Tor?</a></li> |
26 | 27 |
<li><a href="#Backdoor">Is there a backdoor in Tor?</a></li> |
27 | 28 |
<li><a href="#DistributingTor">Can I distribute Tor?</a></li> |
... | ... |
@@ -30,22 +31,23 @@ proxies?</a></li> |
30 | 31 |
<li><a href="#WhySlow">Why is Tor so slow?</a></li> |
31 | 32 |
<li><a href="#FileSharing">How can I share files anonymously through Tor? |
32 | 33 |
</a></li> |
33 |
- <li><a href="#Funding">What would The Tor Project do with more |
|
34 |
- funding?</a></li> |
|
34 |
+ <li><a href="#Funding">What would The Tor Project do with more funding? |
|
35 |
+ </a></li> |
|
35 | 36 |
<li><a href="#IsItWorking">How can I tell if Tor is working, and that my |
36 | 37 |
connections really are anonymized?</a></li> |
37 | 38 |
<li><a href="#Mobile">Can I use Tor on my phone or mobile device?</a></li> |
38 |
- <li><a href="#OutboundPorts">Which outbound ports must be open when |
|
39 |
- using Tor as a client?</a></li> |
|
39 |
+ <li><a href="#OutboundPorts">Which outbound ports must be open when using |
|
40 |
+ Tor as a client?</a></li> |
|
40 | 41 |
<li><a href="#FTP">How do I use my browser for ftp with Tor?</a></li> |
41 |
- <li><a href="#NoDataScrubbing">Does Tor remove personal information |
|
42 |
- from the data my application sends?</a></li> |
|
43 |
- <li><a href="#Metrics">How many people use Tor? How many relays or |
|
44 |
- exit nodes are there?</a></li> |
|
42 |
+ <li><a href="#NoDataScrubbing">Does Tor remove personal information from |
|
43 |
+ the data my application sends?</a></li> |
|
44 |
+ <li><a href="#Metrics">How many people use Tor? How many relays or exit |
|
45 |
+ nodes are there?</a></li> |
|
45 | 46 |
</ul> |
46 | 47 |
|
47 | 48 |
<a id="comp-install"></a> |
48 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#comp-install">Compilation and Installation:</a></h4> |
|
49 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#comp-install"> |
|
50 |
+ Compilation and Installation:</a></h4> |
|
49 | 51 |
|
50 | 52 |
<ul> |
51 | 53 |
<li><a href="#HowUninstallTor">How do I uninstall Tor?</a></li> |
... | ... |
@@ -56,12 +58,13 @@ proxies?</a></li> |
56 | 58 |
<li><a href="#VirusFalsePositives">Why does my Tor executable appear to |
57 | 59 |
have a virus or spyware?</a></li> |
58 | 60 |
<li><a href="#tarballs">How do I open a .tar.gz or .tar.xz file?</a></li> |
59 |
- <li><a href="#LiveCD">Is there a LiveCD or other bundle that |
|
60 |
-includes Tor?</a></li> |
|
61 |
+ <li><a href="#LiveCD">Is there a LiveCD or other bundle that includes Tor? |
|
62 |
+ </a></li> |
|
61 | 63 |
</ul> |
62 | 64 |
|
63 | 65 |
<a id="tbb"></a> |
64 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#tbb">Tor Browser (general):</a></h4> |
|
66 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#tbb">Tor Browser |
|
67 |
+ (general):</a></h4> |
|
65 | 68 |
<ul> |
66 | 69 |
|
67 | 70 |
<li><a href="#TBBFlash">Why can't I view videos on YouTube and other |
... | ... |
@@ -70,13 +73,12 @@ includes Tor?</a></li> |
70 | 73 |
</a></li> |
71 | 74 |
<li><a href="#SophosOnMac">I'm using the Sophos anti-virus |
72 | 75 |
software on my Mac, and Tor starts but I can't browse anywhere.</a></li> |
73 |
- <li><a href="#XPCOMError">When I start Tor Browser I get an |
|
74 |
-error message: "Cannot load XPCOM".</a></li> |
|
76 |
+ <li><a href="#XPCOMError">When I start Tor Browser I get an error message: |
|
77 |
+ "Cannot load XPCOM".</a></li> |
|
75 | 78 |
<li><a href="#TBBOtherExtensions">Can I install other Firefox |
76 | 79 |
extensions? Which extensions should I avoid using?</a></li> |
77 |
- <li><a href="#TBBJavaScriptEnabled">Why is NoScript configured to |
|
78 |
-allow JavaScript by default in Tor Browser? Isn't that |
|
79 |
-unsafe?</a></li> |
|
80 |
+ <li><a href="#TBBJavaScriptEnabled">Why is NoScript configured to allow |
|
81 |
+ JavaScript by default in Tor Browser? Isn't that unsafe?</a></li> |
|
80 | 82 |
<li><a href="#TBBOtherBrowser">I want to use Chrome/IE/Opera/etc |
81 | 83 |
with Tor.</a></li> |
82 | 84 |
<li><a href="#GoogleCAPTCHA">Google makes me solve a CAPTCHA or tells |
... | ... |
@@ -94,7 +96,8 @@ unsafe?</a></li> |
94 | 96 |
</ul> |
95 | 97 |
|
96 | 98 |
<a id="tbb-3plus"></a> |
97 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#tbb-3plus">Tor Browser (3.x and later):</a></h4> |
|
99 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#tbb-3plus">Tor |
|
100 |
+ Browser (3.x and later):</a></h4> |
|
98 | 101 |
|
99 | 102 |
<ul> |
100 | 103 |
<li><a href="#DisableJS">How do I disable JavaScript?</a></li> |
... | ... |
@@ -110,7 +113,8 @@ unsafe?</a></li> |
110 | 113 |
</ul> |
111 | 114 |
|
112 | 115 |
<a id="advanced"></a> |
113 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#advanced">Advanced Tor usage:</a></h4> |
|
116 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#advanced">Advanced |
|
117 |
+ Tor usage:</a></h4> |
|
114 | 118 |
|
115 | 119 |
<ul> |
116 | 120 |
<li><a href="#torrc">I'm supposed to "edit my torrc". What does |
... | ... |
@@ -121,40 +125,43 @@ unsafe?</a></li> |
121 | 125 |
<li><a href="#DoesntWork">Tor is running, but it's not working |
122 | 126 |
correctly.</a></li> |
123 | 127 |
<li><a href="#TorCrash">My Tor keeps crashing.</a></li> |
124 |
- <li><a href="#ChooseEntryExit">Can I control which nodes (or |
|
125 |
-country) |
|
128 |
+ <li><a href="#ChooseEntryExit">Can I control which nodes (or country) |
|
126 | 129 |
are used for entry/exit?</a></li> |
127 | 130 |
<li><a href="#FirewallPorts">My firewall only allows a few outgoing |
128 | 131 |
ports.</a></li> |
129 |
- <li><a href="#DefaultExitPorts">Is there a list of default exit ports?</a></li> |
|
132 |
+ <li><a href="#DefaultExitPorts">Is there a list of default exit ports? |
|
133 |
+ </a></li> |
|
130 | 134 |
<li><a href="#WarningsAboutSOCKSandDNSInformationLeaks">I keep seeing |
131 | 135 |
these warnings about SOCKS and DNS information leaks. Should I |
132 | 136 |
worry?</a></li> |
133 | 137 |
<li><a href="#SocksAndDNS">How do I check if my application that uses |
134 | 138 |
SOCKS is leaking DNS requests?</a></li> |
135 |
- <li><a href="#TorClientOnADifferentComputerThanMyApplications">I want to run my Tor client on a |
|
139 |
+ <li><a href="#TorClientOnADifferentComputerThanMyApplications">I want to |
|
140 |
+ run my Tor client on a |
|
136 | 141 |
different computer than my applications.</a></li> |
137 | 142 |
<li><a href="#ServerClient">Can I install Tor on a central server, and |
138 | 143 |
have my clients connect to it?</a></li> |
139 | 144 |
</ul> |
140 | 145 |
|
141 | 146 |
<a id="relay"></a> |
142 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#relay">Running a Tor relay:</a></h4> |
|
147 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#relay">Running a |
|
148 |
+ Tor relay:</a></h4> |
|
143 | 149 |
<ul> |
144 | 150 |
|
145 | 151 |
<li><a href="#HowDoIDecide">How do I decide if I should run a relay? |
146 | 152 |
</a></li> |
147 |
- <li><a href="#MostNeededRelayType">What type of relays are most needed?</a></li> |
|
153 |
+ <li><a href="#MostNeededRelayType">What type of relays are most needed? |
|
154 |
+ </a></li> |
|
148 | 155 |
<li><a href="#WhyIsntMyRelayBeingUsedMore">Why isn't my relay being |
149 | 156 |
used more?</a></li> |
150 |
- <li><a href="#IDontHaveAStaticIP">Can I run a Tor relay using a dynamic IP address?</a></li> |
|
157 |
+ <li><a href="#IDontHaveAStaticIP">Can I run a Tor relay using a dynamic IP |
|
158 |
+ address?</a></li> |
|
151 | 159 |
<li><a href="#IPv6Relay">Can I use IPv6 on my relay?</a></li> |
152 | 160 |
<li><a href="#PortscannedMore">Why do I get portscanned more often |
153 | 161 |
when I run a Tor relay?</a></li> |
154 | 162 |
<li><a href="#HighCapacityConnection">How can I get Tor to fully |
155 | 163 |
make use of my high capacity connection?</a></li> |
156 |
- <li><a href="#RelayFlexible">How stable does my relay need to |
|
157 |
-be?</a></li> |
|
164 |
+ <li><a href="#RelayFlexible">How stable does my relay need to be?</a></li> |
|
158 | 165 |
<li><a href="#BandwidthShaping">What bandwidth shaping options are |
159 | 166 |
available to Tor relays?</a></li> |
160 | 167 |
<li><a href="#LimitTotalBandwidth">How can I limit the total amount |
... | ... |
@@ -180,15 +187,15 @@ be?</a></li> |
180 | 187 |
keep the same key?</a></li> |
181 | 188 |
<li><a href="#OfflineED25519">How do offline ed25519 identity keys work? |
182 | 189 |
What do I need to know?</a></li> |
183 |
- <li><a href="#MultipleRelays">I want to run more than one |
|
184 |
-relay.</a></li> |
|
190 |
+ <li><a href="#MultipleRelays">I want to run more than one relay.</a></li> |
|
185 | 191 |
<li><a href="#NTService">How do I run my Tor relay as an NT service? |
186 | 192 |
</a></li> |
187 | 193 |
<li><a href="#VirtualServer">Can I run a Tor relay from my virtual server |
188 | 194 |
account?</a></li> |
189 | 195 |
<li><a href="#WrongIP">My relay is picking the wrong IP address.</a></li> |
190 | 196 |
<li><a href="#BehindANAT">I'm behind a NAT/Firewall</a></li> |
191 |
- <li><a href="#OutgoingFirewall">How should I configure the outgoing filters on my relay?</a></li> |
|
197 |
+ <li><a href="#OutgoingFirewall">How should I configure the outgoing filters |
|
198 |
+ on my relay?</a></li> |
|
192 | 199 |
<li><a href="#RelayMemory">Why is my Tor relay using so much memory? |
193 | 200 |
</a></li> |
194 | 201 |
<li><a href="#BetterAnonymity">Do I get better anonymity if I run a relay? |
... | ... |
@@ -200,15 +207,18 @@ relay.</a></li> |
200 | 207 |
</ul> |
201 | 208 |
|
202 | 209 |
<a id="onion-services"></a> |
203 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#onion-services">Tor onion services:</a></h4> |
|
210 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#onion-services"> |
|
211 |
+ Tor onion services:</a></h4> |
|
204 | 212 |
|
205 | 213 |
<ul> |
206 | 214 |
<li><a href="#AccessOnionServices">How do I access onion services?</a></li> |
207 |
- <li><a href="#ProvideAnOnionService">How do I provide an onion service?</a></li> |
|
215 |
+ <li><a href="#ProvideAnOnionService">How do I provide an onion service? |
|
216 |
+ </a></li> |
|
208 | 217 |
</ul> |
209 | 218 |
|
210 | 219 |
<a id="dev"></a> |
211 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#dev">Development:</a></h4> |
|
220 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#dev">Development: |
|
221 |
+ </a></h4> |
|
212 | 222 |
|
213 | 223 |
<ul> |
214 | 224 |
<li><a href="#VersionNumbers">What do these weird version numbers |
... | ... |
@@ -223,7 +233,8 @@ relay.</a></li> |
223 | 233 |
</ul> |
224 | 234 |
|
225 | 235 |
<a id="anonsec"></a> |
226 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#anonsec">Anonymity and Security:</a></h4> |
|
236 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#anonsec">Anonymity |
|
237 |
+ and Security:</a></h4> |
|
227 | 238 |
<ul> |
228 | 239 |
<li><a href="#WhatProtectionsDoesTorProvide">What protections does Tor |
229 | 240 |
provide?</a></li> |
... | ... |
@@ -231,8 +242,7 @@ relay.</a></li> |
231 | 242 |
communications? Isn't that bad? </a></li> |
232 | 243 |
<li><a href="#AmITotallyAnonymous">So I'm totally anonymous if I use |
233 | 244 |
Tor?</a></li> |
234 |
- <li><a href="#KeyManagement">Tell me about all the keys Tor |
|
235 |
-uses.</a></li> |
|
245 |
+ <li><a href="#KeyManagement">Tell me about all the keys Tor uses.</a></li> |
|
236 | 246 |
<li><a href="#EntryGuards">What are Entry Guards?</a></li> |
237 | 247 |
<li><a href="#ChangePaths">How often does Tor change its paths?</a></li> |
238 | 248 |
<li><a href="#CellSize">Tor uses hundreds of bytes for every IRC line. I |
... | ... |
@@ -248,17 +258,18 @@ uses.</a></li> |
248 | 258 |
Tor with only 3 hops?</a></li> |
249 | 259 |
<li><a href="#AttacksOnOnionRouting">What attacks remain against onion |
250 | 260 |
routing?</a></li> |
251 |
- <li><a href="#LearnMoreAboutAnonymity">Where can I learn more about anonymity?</a></li> |
|
261 |
+ <li><a href="#LearnMoreAboutAnonymity">Where can I learn more about |
|
262 |
+ anonymity?</a></li> |
|
252 | 263 |
</ul> |
253 | 264 |
|
254 | 265 |
<a id="altdesigns"></a> |
255 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#altdesigns">Alternate designs that we don't do (yet):</a></h4> |
|
266 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#altdesigns"> |
|
267 |
+ Alternate designs that we don't do (yet):</a></h4> |
|
256 | 268 |
|
257 | 269 |
<ul> |
258 | 270 |
<li><a href="#EverybodyARelay">You should make every Tor user be a |
259 | 271 |
relay.</a></li> |
260 |
- <li><a href="#TransportIPnotTCP">You should transport all IP |
|
261 |
-packets, |
|
272 |
+ <li><a href="#TransportIPnotTCP">You should transport all IP packets, |
|
262 | 273 |
not just TCP packets.</a></li> |
263 | 274 |
<li><a href="#HideExits">You should hide the list of Tor relays, |
264 | 275 |
so people can't block the exits.</a></li> |
... | ... |
@@ -283,19 +294,20 @@ packets, |
283 | 294 |
</ul> |
284 | 295 |
|
285 | 296 |
<a id="abuse"></a> |
286 |
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#abuse">Abuse:</a></h4> |
|
297 |
+ <h4 style="margin-bottom: 18px"><a class="anchor" href="#abuse">Abuse: |
|
298 |
+ </a></h4> |
|
287 | 299 |
<ul> |
288 |
- <li><a href="#Criminals">Doesn't Tor enable criminals to do bad |
|
289 |
-things?</a></li> |
|
300 |
+ <li><a href="#Criminals">Doesn't Tor enable criminals to do bad things? |
|
301 |
+ </a></li> |
|
290 | 302 |
<li><a href="#RespondISP">How do I respond to my ISP about my exit |
291 | 303 |
relay?</a></li> |
292 |
- <li><a href="#HelpPoliceOrLawyers">I have questions about |
|
293 |
- a Tor IP address for a legal case.</a></li> |
|
304 |
+ <li><a href="#HelpPoliceOrLawyers">I have questions about a Tor IP address |
|
305 |
+ for a legal case.</a></li> |
|
294 | 306 |
</ul> |
295 | 307 |
|
296 | 308 |
<p>For other questions not yet on this version of the FAQ, see the |
297 |
-<a |
|
298 |
- href="<wikifaq>">wiki FAQ</a> for now.</p> |
|
309 |
+ <a href="<wikifaq>">wiki FAQ</a> for now. |
|
310 |
+ </p> |
|
299 | 311 |
|
300 | 312 |
<hr> |
301 | 313 |
|
... | ... |
@@ -331,86 +343,65 @@ things?</a></li> |
331 | 343 |
<hr> |
332 | 344 |
|
333 | 345 |
<a id="Torisdifferent"></a> |
334 |
- <h3><a class="anchor" href="#Torisdifferent">How is Tor different |
|
335 |
-from other proxies?</a></h3> |
|
336 |
- <p> |
|
337 |
- A typical proxy provider sets up a server somewhere on the Internet |
|
338 |
-and |
|
339 |
-allows you to use it to relay your traffic. This creates a simple, easy |
|
340 |
-to |
|
341 |
-maintain architecture. The users all enter and leave through the same |
|
342 |
-server. |
|
343 |
-The provider may charge for use of the proxy, or fund their costs |
|
344 |
-through |
|
345 |
-advertisements on the server. In the simplest configuration, you don't |
|
346 |
-have to |
|
347 |
-install anything. You just have to point your browser at their proxy |
|
346 |
+ <h3><a class="anchor" href="#Torisdifferent">How is Tor different from other |
|
347 |
+ proxies?</a></h3> |
|
348 |
+ <p> |
|
349 |
+ A typical proxy provider sets up a server somewhere on the Internet and |
|
350 |
+ allows you to use it to relay your traffic. This creates a simple, easy to |
|
351 |
+ maintain architecture. The users all enter and leave through the same server. |
|
352 |
+ The provider may charge for use of the proxy, or fund their costs through |
|
353 |
+ advertisements on the server. In the simplest configuration, you don't have |
|
354 |
+ to install anything. You just have to point your browser at their proxy |
|
348 | 355 |
server. |
349 |
-Simple proxy providers are fine solutions if you do not want protections |
|
350 |
-for |
|
351 |
-your privacy and anonymity online and you trust the provider to not do |
|
352 |
-bad |
|
356 |
+ Simple proxy providers are fine solutions if you do not want protections for |
|
357 |
+ your privacy and anonymity online and you trust the provider to not do bad |
|
353 | 358 |
things. Some simple proxy providers use SSL to secure your connection |
354 | 359 |
to them, which protects you against local eavesdroppers, such as those at a |
355 | 360 |
cafe with free wifi Internet. |
356 | 361 |
</p> |
357 | 362 |
<p> |
358 |
- Simple proxy providers also create a single point of failure. The |
|
359 |
-provider |
|
363 |
+ Simple proxy providers also create a single point of failure. The provider |
|
360 | 364 |
knows both who you are and what you browse on the Internet. They can see |
361 |
-your |
|
362 |
-traffic as it passes through their server. In some cases, they can even |
|
363 |
-see |
|
364 |
-inside your |
|
365 |
-encrypted traffic as they relay it to your banking site or to ecommerce |
|
366 |
-stores. |
|
367 |
-You have to trust the provider isn't |
|
368 |
-watching your traffic, injecting their own advertisements into your |
|
369 |
-traffic |
|
370 |
-stream, or recording your personal details. |
|
371 |
- </p> |
|
372 |
- <p> |
|
373 |
- Tor passes your traffic through at least 3 different servers before |
|
374 |
-sending |
|
375 |
-it on to the destination. Because there's a separate layer of encryption |
|
376 |
-for |
|
377 |
-each of the three relays, somebody watching your Internet connection |
|
378 |
-can't modify, or read, what you are |
|
379 |
-sending into the Tor network. Your traffic is encrypted between the Tor |
|
380 |
-client (on your computer) and where it pops out somewhere else in the |
|
381 |
-world. |
|
365 |
+ your traffic as it passes through their server. In some cases, they can |
|
366 |
+ even see inside your encrypted traffic as they relay it to your banking |
|
367 |
+ site or to ecommerce stores. |
|
368 |
+ You have to trust the provider isn't watching your traffic, injecting their |
|
369 |
+ own advertisements into your traffic stream, or recording your personal |
|
370 |
+ details. |
|
371 |
+ </p> |
|
372 |
+ <p> |
|
373 |
+ Tor passes your traffic through at least 3 different servers before sending |
|
374 |
+ it on to the destination. Because there's a separate layer of encryption for |
|
375 |
+ each of the three relays, somebody watching your Internet connection can't |
|
376 |
+ modify, or read, what you are sending into the Tor network. Your traffic is |
|
377 |
+ encrypted between the Tor client (on your computer) and where it pops out |
|
378 |
+ somewhere else in the world. |
|
382 | 379 |
</p> |
383 | 380 |
<p> |
384 | 381 |
<dl> |
385 |
- <dt>Doesn't the first server see who I am?</dt><dd>Possibly. A bad |
|
386 |
-first of |
|
387 |
-three servers can see encrypted Tor traffic coming from your computer. |
|
388 |
-It |
|
389 |
-still doesn't know who you are and what you are doing over Tor. It |
|
390 |
-merely sees |
|
391 |
-"This IP address is using Tor". Tor is not illegal anywhere in the |
|
392 |
-world, so |
|
393 |
-using Tor by itself is fine. You are still protected from this node |
|
394 |
-figuring |
|
395 |
-out both who you are and where you are going on the Internet.</dd> |
|
396 |
- <dt>Can't the third server see my traffic?</dt><dd>Possibly. A bad |
|
397 |
-third |
|
398 |
-of three servers can see the traffic you sent into Tor. It won't know |
|
399 |
-who sent |
|
400 |
-this traffic. If you're using encryption (like |
|
401 |
-HTTPS), it will only know the destination. See <a |
|
402 |
-href="https://www.eff.org/pages/tor-and-https">this visualization of |
|
403 |
-Tor and HTTPS</a> to understand how Tor and HTTPS interact. |
|
382 |
+ <dt>Doesn't the first server see who I am?</dt> |
|
383 |
+ <dd>Possibly. A bad first of three servers can see encrypted Tor traffic |
|
384 |
+ coming from your computer. It still doesn't know who you are and what you |
|
385 |
+ are doing over Tor. It merely sees "This IP address is using Tor". Tor is |
|
386 |
+ not illegal anywhere in the world, so using Tor by itself is fine. You are |
|
387 |
+ still protected from this node figuring out both who you are and where you |
|
388 |
+ are going on the Internet. |
|
389 |
+ </dd> |
|
390 |
+ <dt>Can't the third server see my traffic?</dt> |
|
391 |
+ <dd>Possibly. A bad third of three servers can see the traffic you sent |
|
392 |
+ into Tor. It won't know who sent this traffic. If you're using encryption |
|
393 |
+ (like HTTPS), it will only know the destination. See |
|
394 |
+ <a href="https://www.eff.org/pages/tor-and-https">this visualization of Tor |
|
395 |
+ and HTTPS</a> to understand how Tor and HTTPS interact. |
|
404 | 396 |
</dd> |
405 | 397 |
</dl> |
406 | 398 |
</p> |
407 | 399 |
|
408 | 400 |
<hr> |
409 | 401 |
|
410 |
- |
|
411 | 402 |
<a id="CompatibleApplications"></a> |
412 |
- <h3><a class="anchor" href="#CompatibleApplications">What programs |
|
413 |
-can I use with Tor?</a></h3> |
|
403 |
+ <h3><a class="anchor" href="#CompatibleApplications">What programs can I |
|
404 |
+ use with Tor?</a></h3> |
|
414 | 405 |
|
415 | 406 |
<p> |
416 | 407 |
Most people use Tor Browser, |
... | ... |
@@ -432,8 +423,7 @@ can I use with Tor?</a></h3> |
432 | 423 |
<hr> |
433 | 424 |
|
434 | 425 |
<a id="WhyCalledTor"></a> |
435 |
- <h3><a class="anchor" href="#WhyCalledTor">Why is it called |
|
436 |
-Tor?</a></h3> |
|
426 |
+ <h3><a class="anchor" href="#WhyCalledTor">Why is it called Tor?</a></h3> |
|
437 | 427 |
|
438 | 428 |
<p> |
439 | 429 |
Because Tor is the onion routing network. When we were starting the |
... | ... |
@@ -450,21 +440,17 @@ Tor?</a></h3> |
450 | 440 |
</p> |
451 | 441 |
|
452 | 442 |
<p> |
453 |
- Note: even though it originally came from an acronym, Tor is not |
|
454 |
-spelled |
|
443 |
+ Note: even though it originally came from an acronym, Tor is not spelled |
|
455 | 444 |
"TOR". Only the first letter is capitalized. In fact, we can usually |
456 |
- spot people who haven't read any of our website (and have instead |
|
457 |
-learned |
|
458 |
- everything they know about Tor from news articles) by the fact that |
|
459 |
-they |
|
445 |
+ spot people who haven't read any of our website (and have instead learned |
|
446 |
+ everything they know about Tor from news articles) by the fact that they |
|
460 | 447 |
spell it wrong. |
461 | 448 |
</p> |
462 | 449 |
|
463 | 450 |
<hr> |
464 | 451 |
|
465 | 452 |
<a id="Backdoor"></a> |
466 |
- <h3><a class="anchor" href="#Backdoor">Is there a backdoor in |
|
467 |
-Tor?</a></h3> |
|
453 |
+ <h3><a class="anchor" href="#Backdoor">Is there a backdoor in Tor?</a></h3> |
|
468 | 454 |
|
469 | 455 |
<p> |
470 | 456 |
There is absolutely no backdoor in Tor. We know some smart lawyers |
... | ... |
@@ -474,27 +460,25 @@ Tor?</a></h3> |
474 | 460 |
</p> |
475 | 461 |
|
476 | 462 |
<p> |
477 |
- We will <a |
|
478 |
- href="https://media.ccc.de/v/31c3_-_6251_-_en_-_saal_1_-_201412301400_-_state_of_the_onion_-_jacob_-_arma">never</a> |
|
479 |
- put a backdoor in Tor. |
|
480 |
- We think that putting a backdoor in Tor would be tremendously |
|
481 |
- irresponsible to our users, and a bad precedent for security |
|
482 |
- software in general. If we ever put a deliberate backdoor in our |
|
483 |
- security software, it would ruin our professional reputations. |
|
484 |
- Nobody would trust our software ever again — for excellent |
|
485 |
- reason! |
|
463 |
+ We will |
|
464 |
+ <a href="https://media.ccc.de/v/31c3_-_6251_-_en_-_saal_1_-_201412301400_-_state_of_the_onion_-_jacob_-_arma"> |
|
465 |
+ never</a> put a backdoor in Tor. |
|
466 |
+ We think that putting a backdoor in Tor would be tremendously irresponsible |
|
467 |
+ to our users, and a bad precedent for security software in general. If we |
|
468 |
+ ever put a deliberate backdoor in our security software, it would ruin our |
|
469 |
+ professional reputations. |
|
470 |
+ Nobody would trust our software ever again — for excellent reason! |
|
486 | 471 |
</p> |
487 | 472 |
|
488 | 473 |
<p> |
489 |
- But that said, there are still plenty of subtle attacks |
|
490 |
- people might try. Somebody might impersonate us, or break into our |
|
491 |
- computers, or something like that. Tor is open source, and you |
|
492 |
- should always check the source (or at least the diffs since the last |
|
493 |
- release) for suspicious things. If we (or the distributors) don't |
|
494 |
- give you source, that's a sure sign something funny might be going |
|
495 |
- on. You should also check the <a href="<page |
|
496 |
- docs/verifying-signatures>">PGP signatures</a> on the releases, to |
|
497 |
- make sure nobody messed with the distribution sites. |
|
474 |
+ But that said, there are still plenty of subtle attacks people might try. |
|
475 |
+ Somebody might impersonate us, or break into our computers, or something |
|
476 |
+ like that. Tor is open source, and you should always check the source (or |
|
477 |
+ at least the diffs since the last release) for suspicious things. If we (or |
|
478 |
+ the distributors) don't give you source, that's a sure sign something funny |
|
479 |
+ might be going on. You should also check the |
|
480 |
+ <a href="<page docs/verifying-signatures>">PGP signatures</a> on the |
|
481 |
+ releases, to make sure nobody messed with the distribution sites. |
|
498 | 482 |
</p> |
499 | 483 |
|
500 | 484 |
<p> |
... | ... |
@@ -506,8 +490,7 @@ Tor?</a></h3> |
506 | 490 |
<hr> |
507 | 491 |
|
508 | 492 |
<a id="DistributingTor"></a> |
509 |
- <h3><a class="anchor" href="#DistributingTor">Can I distribute |
|
510 |
-Tor?</a></h3> |
|
493 |
+ <h3><a class="anchor" href="#DistributingTor">Can I distribute Tor?</a></h3> |
|
511 | 494 |
|
512 | 495 |
<p> |
513 | 496 |
Yes. |
... | ... |
@@ -550,8 +533,7 @@ Tor?</a></h3> |
550 | 533 |
<hr> |
551 | 534 |
|
552 | 535 |
<a id="SupportMail"></a> |
553 |
- <h3><a class="anchor" href="#SupportMail">How can I get |
|
554 |
-support?</a></h3> |
|
536 |
+ <h3><a class="anchor" href="#SupportMail">How can I get support?</a></h3> |
|
555 | 537 |
|
556 | 538 |
<p>See the <a href="<page about/contact>#support">Support section |
557 | 539 |
on the contact page</a>. |
... | ... |
@@ -575,32 +557,24 @@ support?</a></h3> |
575 | 557 |
</p> |
576 | 558 |
|
577 | 559 |
<p> |
578 |
- Before we answer, though, you should realize that Tor is never going |
|
579 |
-to |
|
580 |
- be blazing fast. Your traffic is bouncing through volunteers' |
|
581 |
-computers |
|
582 |
- in various parts of the world, and some bottlenecks and network |
|
583 |
-latency |
|
560 |
+ Before we answer, though, you should realize that Tor is never going to |
|
561 |
+ be blazing fast. Your traffic is bouncing through volunteers' computers |
|
562 |
+ in various parts of the world, and some bottlenecks and network latency |
|
584 | 563 |
will always be present. You shouldn't expect to see university-style |
585 | 564 |
bandwidth through Tor. |
586 | 565 |
</p> |
587 | 566 |
|
588 | 567 |
<p> |
589 |
- But that doesn't mean that it can't be improved. The current Tor |
|
590 |
-network |
|
591 |
- is quite small compared to the number of people trying to use it, |
|
592 |
-and |
|
593 |
- many of these users don't understand or care that Tor can't |
|
594 |
-currently |
|
568 |
+ But that doesn't mean that it can't be improved. The current Tor network |
|
569 |
+ is quite small compared to the number of people trying to use it, and |
|
570 |
+ many of these users don't understand or care that Tor can't currently |
|
595 | 571 |
handle file-sharing traffic load. |
596 | 572 |
</p> |
597 | 573 |
|
598 | 574 |
<p> |
599 |
- For the much more in-depth answer, see <a |
|
600 |
- href="<blog>why-tor-is-slow">Roger's blog |
|
601 |
- post on the topic</a>, which includes both a detailed PDF and a |
|
602 |
-video |
|
603 |
- to go with it. |
|
575 |
+ For the much more in-depth answer, see |
|
576 |
+ <a href="<blog>why-tor-is-slow">Roger's blog post on the topic</a>, |
|
577 |
+ which includes both a detailed PDF and a video to go with it. |
|
604 | 578 |
</p> |
605 | 579 |
|
606 | 580 |
<p> |
... | ... |
@@ -610,10 +584,8 @@ video |
610 | 584 |
<ul> |
611 | 585 |
|
612 | 586 |
<li> |
613 |
- <a href="<page docs/tor-doc-relay>">Configure your Tor to relay |
|
614 |
-traffic |
|
615 |
- for others</a>. Help make the Tor network large enough that we can |
|
616 |
-handle |
|
587 |
+ <a href="<page docs/tor-doc-relay>">Configure your Tor to relay traffic |
|
588 |
+ for others</a>. Help make the Tor network large enough that we can handle |
|
617 | 589 |
all the users who want privacy and security on the Internet. |
618 | 590 |
</li> |
619 | 591 |
|
... | ... |
@@ -625,49 +597,37 @@ handle |
625 | 597 |
</li> |
626 | 598 |
|
627 | 599 |
<li> |
628 |
- There are some bottlenecks in the current Tor network. Help us |
|
629 |
-design |
|
630 |
- experiments to track down and demonstrate where the problems are, |
|
631 |
-and |
|
600 |
+ There are some bottlenecks in the current Tor network. Help us design |
|
601 |
+ experiments to track down and demonstrate where the problems are, and |
|
632 | 602 |
then we can focus better on fixing them. |
633 | 603 |
</li> |
634 | 604 |
|
635 | 605 |
<li> |
636 | 606 |
Tor needs some architectural changes too. One important change is to |
637 |
- start providing <a href="#EverybodyARelay">better service to people |
|
638 |
-who |
|
639 |
- relay traffic</a>. We're working on this, and we'll finish faster if |
|
640 |
-we |
|
607 |
+ start providing <a href="#EverybodyARelay">better service to people who |
|
608 |
+ relay traffic</a>. We're working on this, and we'll finish faster if we |
|
641 | 609 |
get to spend more time on it. |
642 | 610 |
</li> |
643 | 611 |
|
644 | 612 |
<li> |
645 |
- Help do other things so we can do the hard stuff. Please take a |
|
646 |
-moment |
|
647 |
- to figure out what your skills and interests are, and then <a |
|
648 |
-href="<page |
|
649 |
- getinvolved/volunteer>">look at our volunteer page</a>. |
|
613 |
+ Help do other things so we can do the hard stuff. Please take a moment |
|
614 |
+ to figure out what your skills and interests are, and then |
|
615 |
+ <a href="<page getinvolved/volunteer>">look at our volunteer page</a>. |
|
650 | 616 |
</li> |
651 | 617 |
|
652 | 618 |
<li> |
653 |
- Help find sponsors for Tor. Do you work at a company or government |
|
654 |
-agency |
|
619 |
+ Help find sponsors for Tor. Do you work at a company or government agency |
|
655 | 620 |
that uses Tor or has a use for Internet privacy, e.g. to browse the |
656 |
- competition's websites discreetly, or to connect back to the home |
|
657 |
-servers |
|
658 |
- when on the road without revealing affiliations? If your |
|
659 |
-organization has |
|
660 |
- an interest in keeping the Tor network working, please contact them |
|
661 |
-about |
|
662 |
- supporting Tor. Without sponsors, Tor is going to become even |
|
663 |
-slower. |
|
621 |
+ competition's websites discreetly, or to connect back to the home servers |
|
622 |
+ when on the road without revealing affiliations? If your organization has |
|
623 |
+ an interest in keeping the Tor network working, please contact them about |
|
624 |
+ supporting Tor. Without sponsors, Tor is going to become even slower. |
|
664 | 625 |
</li> |
665 | 626 |
|
666 | 627 |
<li> |
667 | 628 |
If you can't help out with any of the above, you can still help out |
668 |
- individually by <a href="<page donate/donate>">donating a bit of |
|
669 |
-money to the |
|
670 |
- cause</a>. It adds up! |
|
629 |
+ individually by <a href="<page donate/donate>">donating a bit of money to |
|
630 |
+ the cause</a>. It adds up! |
|
671 | 631 |
</li> |
672 | 632 |
|
673 | 633 |
</ul> |
... | ... |
@@ -682,71 +642,58 @@ money to the |
682 | 642 |
File sharing (peer-to-peer/P2P) is widely unwanted in the Tor network, |
683 | 643 |
and exit nodes are configured to block file sharing traffic by default. |
684 | 644 |
Tor is not really designed for it, and file sharing through Tor slows |
685 |
- down everyone's browsing. Also, Bittorrent over Tor <a |
|
686 |
- href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea"> |
|
645 |
+ down everyone's browsing. Also, Bittorrent over Tor |
|
646 |
+ <a href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea"> |
|
687 | 647 |
is not anonymous</a>! |
688 | 648 |
</p> |
689 | 649 |
|
690 | 650 |
<hr> |
691 | 651 |
|
692 | 652 |
<a id="Funding"></a> |
693 |
- <h3><a class="anchor" href="#Funding">What would The Tor Project do |
|
694 |
-with more funding?</a></h3> |
|
653 |
+ <h3><a class="anchor" href="#Funding">What would The Tor Project do with |
|
654 |
+ more funding?</a></h3> |
|
695 | 655 |
|
696 | 656 |
<p> |
697 |
- The Tor network's <a |
|
698 |
-href="https://metrics.torproject.org/networksize.html">several thousand</a> |
|
699 |
- relays push <a |
|
700 |
-href="https://metrics.torproject.org/bandwidth.html">around 100 Gbps on |
|
701 |
-average</a>. We have <a |
|
702 |
-href="https://metrics.torproject.org/userstats-relay-country.html">millions of |
|
703 |
- daily users</a>. But the Tor network is not yet self-sustaining. |
|
657 |
+ The Tor network's |
|
658 |
+ <a href="https://metrics.torproject.org/networksize.html">several thousand |
|
659 |
+ </a> relays push <a href="https://metrics.torproject.org/bandwidth.html"> |
|
660 |
+ around 100 Gbps on average</a>. We have |
|
661 |
+ <a href="https://metrics.torproject.org/userstats-relay-country.html"> |
|
662 |
+ millions of daily users</a>. But the Tor network is not yet self-sustaining. |
|
704 | 663 |
</p> |
705 | 664 |
|
706 | 665 |
<p> |
707 |
- There are six main development/maintenance pushes that need |
|
708 |
-attention: |
|
666 |
+ There are six main development/maintenance pushes that need attention: |
|
709 | 667 |
</p> |
710 | 668 |
|
711 | 669 |
<ul> |
712 | 670 |
|
713 | 671 |
<li> |
714 |
- Scalability: We need to keep scaling and decentralizing the Tor |
|
715 |
- architecture so it can handle thousands of relays and millions of |
|
716 |
- users. The upcoming stable release is a major improvement, but |
|
717 |
-there's |
|
718 |
- lots more to be done next in terms of keeping Tor fast and stable. |
|
672 |
+ Scalability: We need to keep scaling and decentralizing the Tor architecture |
|
673 |
+ so it can handle thousands of relays and millions of users. The upcoming |
|
674 |
+ stable release is a major improvement, but there's lots more to be done next |
|
675 |
+ in terms of keeping Tor fast and stable. |
|
719 | 676 |
</li> |
720 | 677 |
|
721 | 678 |
<li> |
722 |
- User support: With this many users, a lot of people are asking |
|
723 |
-questions |
|
724 |
- all the time, offering to help out with things, and so on. We need |
|
725 |
-good |
|
726 |
- clean docs, and we need to spend some effort coordinating |
|
727 |
-volunteers. |
|
679 |
+ User support: With this many users, a lot of people are asking questions |
|
680 |
+ all the time, offering to help out with things, and so on. We need good |
|
681 |
+ clean docs, and we need to spend some effort coordinating volunteers. |
|
728 | 682 |
</li> |
729 | 683 |
|
730 | 684 |
<li> |
731 |
- Relay support: the Tor network is run by volunteers, but they still |
|
732 |
-need |
|
685 |
+ Relay support: the Tor network is run by volunteers, but they still need |
|
733 | 686 |
attention with prompt bug fixes, explanations when things go wrong, |
734 |
- reminders to upgrade, and so on. The network itself is a commons, |
|
735 |
-and |
|
736 |
- somebody needs to spend some energy making sure the relay operators |
|
737 |
-stay |
|
738 |
- happy. We also need to work on stability on some platforms — |
|
739 |
-e.g., |
|
687 |
+ reminders to upgrade, and so on. The network itself is a commons, and |
|
688 |
+ somebody needs to spend some energy making sure the relay operators stay |
|
689 |
+ happy. We also need to work on stability on some platforms — e.g., |
|
740 | 690 |
Tor relays have problems on Win XP currently. |
741 | 691 |
</li> |
742 | 692 |
|
743 | 693 |
<li> |
744 |
- Usability: Beyond documentation, we also need to work on usability |
|
745 |
-of the |
|
746 |
- software itself. This includes installers, clean GUIs, easy |
|
747 |
-configuration |
|
748 |
- to interface with other applications, and generally automating all |
|
749 |
-of |
|
694 |
+ Usability: Beyond documentation, we also need to work on usability of the |
|
695 |
+ software itself. This includes installers, clean GUIs, easy configuration |
|
696 |
+ to interface with other applications, and generally automating all of |
|
750 | 697 |
the difficult and confusing steps inside Tor. |
751 | 698 |
Usability for privacy software has never been easy. |
752 | 699 |
</li> |
... | ... |
@@ -754,22 +701,18 @@ of |
754 | 701 |
<li> |
755 | 702 |
Incentives: We need to work on ways to encourage people to configure |
756 | 703 |
their Tors as relays and exit nodes rather than just clients. |
757 |
- <a href="#EverybodyARelay">We need to make it easy to become a |
|
758 |
-relay, |
|
704 |
+ <a href="#EverybodyARelay">We need to make it easy to become a relay, |
|
759 | 705 |
and we need to give people incentives to do it.</a> |
760 | 706 |
</li> |
761 | 707 |
|
762 | 708 |
<li> |
763 |
- Research: The anonymous communications field is full |
|
764 |
- of surprises and gotchas. In our copious free time, we |
|
765 |
- also help run top anonymity and privacy conferences like <a |
|
766 |
- href="http://petsymposium.org/">PETS</a>. We've identified a set of |
|
767 |
- critical <a href="<page getinvolved/volunteer>#Research">Tor |
|
768 |
-research questions</a> |
|
769 |
- that will help us figure out how to make Tor secure against the |
|
770 |
-variety of |
|
771 |
- attacks out there. Of course, there are more research questions |
|
772 |
-waiting |
|
709 |
+ Research: The anonymous communications field is full of surprises and |
|
710 |
+ gotchas. In our copious free time, we also help run top anonymity and |
|
711 |
+ privacy conferences like <a href="http://petsymposium.org/">PETS</a>. |
|
712 |
+ We've identified a set of critical |
|
713 |
+ <a href="<page getinvolved/volunteer>#Research">Tor research questions</a> |
|
714 |
+ that will help us figure out how to make Tor secure against the variety of |
|
715 |
+ attacks out there. Of course, there are more research questions waiting |
|
773 | 716 |
behind these. |
774 | 717 |
</li> |
775 | 718 |
|
... | ... |
@@ -777,11 +720,9 @@ waiting |
777 | 720 |
|
778 | 721 |
<p> |
779 | 722 |
We're continuing to move forward on all of these, but at this rate |
780 |
- <a href="#WhySlow">the Tor network is growing faster than the |
|
781 |
-developers |
|
723 |
+ <a href="#WhySlow">the Tor network is growing faster than the developers |
|
782 | 724 |
can keep up</a>. |
783 |
- Now would be an excellent time to add a few more developers to the |
|
784 |
-effort |
|
725 |
+ Now would be an excellent time to add a few more developers to the effort |
|
785 | 726 |
so we can continue to grow the network. |
786 | 727 |
</p> |
787 | 728 |
|
... | ... |
@@ -791,22 +732,17 @@ effort |
791 | 732 |
</p> |
792 | 733 |
|
793 | 734 |
<p> |
794 |
- We are proud to have <a href="<page about/sponsors>">sponsorship and |
|
795 |
-support</a> |
|
796 |
- from the Omidyar Network, the International Broadcasting Bureau, |
|
797 |
-Bell |
|
798 |
- Security Solutions, the Electronic Frontier Foundation, several |
|
799 |
-government |
|
800 |
- agencies and research groups, and hundreds of private contributors. |
|
735 |
+ We are proud to have |
|
736 |
+ <a href="<page about/sponsors>">sponsorship and support</a> from the Omidyar |
|
737 |
+ Network, the International Broadcasting Bureau, Bell Security Solutions, |
|
738 |
+ the Electronic Frontier Foundation, several government agencies and research |
|
739 |
+ groups, and hundreds of private contributors. |
|
801 | 740 |
</p> |
802 | 741 |
|
803 | 742 |
<p> |
804 |
- However, this support is not enough to keep Tor abreast of changes |
|
805 |
-in the |
|
806 |
- Internet privacy landscape. Please <a href="<page |
|
807 |
-donate/donate>">donate</a> |
|
808 |
- to the project, or <a href="<page about/contact>">contact</a> our |
|
809 |
-executive |
|
743 |
+ However, this support is not enough to keep Tor abreast of changes in the |
|
744 |
+ Internet privacy landscape. Please <a href="<page donate/donate>">donate</a> |
|
745 |
+ to the project, or <a href="<page about/contact>">contact</a> our executive |
|
810 | 746 |
director for information on making grants or major donations. |
811 | 747 |
</p> |
812 | 748 |
|
... | ... |
@@ -827,8 +763,8 @@ executive |
827 | 763 |
<hr> |
828 | 764 |
|
829 | 765 |
<a id="OutboundPorts"></a> |
830 |
- <h3><a class="anchor" href="#OutboundPorts">Which outbound ports must be open when |
|
831 |
- using Tor as a client?</a></h3> |
|
766 |
+ <h3><a class="anchor" href="#OutboundPorts">Which outbound ports must be |
|
767 |
+ open when using Tor as a client?</a></h3> |
|
832 | 768 |
<p> |
833 | 769 |
Tor may attempt to connect to any port that is advertised in the |
834 | 770 |
directory as an ORPort (for making Tor connections) or a DirPort (for |
... | ... |
@@ -837,11 +773,11 @@ executive |
837 | 773 |
ports too. |
838 | 774 |
</p> |
839 | 775 |
<p> |
840 |
- When using Tor as a client, you could probably get away with opening only those four |
|
841 |
- ports. Since Tor does all its connections in the background, it will retry |
|
842 |
- ones that fail, and hopefully you'll never have to know that it failed, as |
|
843 |
- long as it finds a working one often enough. However, to get the most |
|
844 |
- diversity in your entry nodes — and thus the most security |
|
776 |
+ When using Tor as a client, you could probably get away with opening only |
|
777 |
+ those four ports. Since Tor does all its connections in the background, it |
|
778 |
+ will retry ones that fail, and hopefully you'll never have to know that it |
|
779 |
+ failed, as long as it finds a working one often enough. However, to get the |
|
780 |
+ most diversity in your entry nodes — and thus the most security |
|
845 | 781 |
— as well as the most robustness in your connectivity, you'll |
846 | 782 |
want to let it connect to all of them. |
847 | 783 |
See the FAQ entry on <a href="#FirewallPorts">firewalled ports</a> if |
... | ... |
@@ -857,8 +793,9 @@ executive |
857 | 793 |
|
858 | 794 |
<p> |
859 | 795 |
There are sites you can visit that will tell you if you appear to be |
860 |
- coming through the Tor network. Try the <a href="https://check.torproject.org"> |
|
861 |
- Tor Check</a> site and see whether it thinks you are using Tor or not. |
|
796 |
+ coming through the Tor network. Try the |
|
797 |
+ <a href="https://check.torproject.org">Tor Check</a> site and see whether |
|
798 |
+ it thinks you are using Tor or not. |
|
862 | 799 |
</p> |
863 | 800 |
|
864 | 801 |
<hr> |
... | ... |
@@ -902,94 +839,88 @@ executive |
902 | 839 |
<hr> |
903 | 840 |
|
904 | 841 |
<a id="CompilationAndInstallation"></a> |
905 |
- <h2><a class="anchor" href="#CompilationAndInstallation">Compilation And Installation:</a></h2> |
|
842 |
+ <h2><a class="anchor" href="#CompilationAndInstallation">Compilation And |
|
843 |
+ Installation:</a></h2> |
|
906 | 844 |
|
907 | 845 |
<a id="HowUninstallTor"></a> |
908 |
- <h3><a class="anchor" href="#HowUninstallTor">How do I uninstall |
|
909 |
-Tor?</a></h3> |
|
846 |
+ <h3><a class="anchor" href="#HowUninstallTor">How do I uninstall Tor? |
|
847 |
+ </a></h3> |
|
910 | 848 |
|
911 | 849 |
<p> |
912 |
- Tor Browser does not install itself in the classic sense of |
|
913 |
-applications. You just simply delete the folder or directory named "Tor |
|
914 |
-Browser" and it is removed from your system. |
|
850 |
+ Tor Browser does not install itself in the classic sense of applications. |
|
851 |
+ You just simply delete the folder or directory named "Tor Browser" and it |
|
852 |
+ is removed from your system. |
|
915 | 853 |
</p> |
916 | 854 |
|
917 | 855 |
<p> |
918 |
- If this is not related to Tor Browser, uninstallation depends |
|
919 |
-entirely on how you installed it and which operating system you |
|
920 |
- have. If you installed a package, then hopefully your package has a |
|
921 |
-way to |
|
922 |
- uninstall itself. The Windows packages include uninstallers. |
|
856 |
+ If this is not related to Tor Browser, uninstallation depends entirely on |
|
857 |
+ how you installed it and which operating system you have. If you installed |
|
858 |
+ a package, then hopefully your package has a way to uninstall itself. |
|
859 |
+ The Windows packages include uninstallers. |
|
923 | 860 |
</p> |
924 | 861 |
|
925 | 862 |
<p> |
926 |
- For Mac OS X, follow the <a |
|
927 |
- href="<page docs/tor-doc-osx>#uninstall">uninstall directions</a>. |
|
863 |
+ For Mac OS X, follow the |
|
864 |
+ <a href="<page docs/tor-doc-osx>#uninstall">uninstall directions</a>. |
|
928 | 865 |
</p> |
929 | 866 |
|
930 | 867 |
<p> |
931 |
- If you installed by source, I'm afraid there is no easy uninstall |
|
932 |
-method. But |
|
933 |
- on the bright side, by default it only installs into /usr/local/ and |
|
934 |
-it should |
|
935 |
- be pretty easy to notice things there. |
|
868 |
+ If you installed by source, I'm afraid there is no easy uninstall method. |
|
869 |
+ But on the bright side, by default it only installs into /usr/local/ and it |
|
870 |
+ should be pretty easy to notice things there. |
|
936 | 871 |
</p> |
937 | 872 |
|
938 | 873 |
<hr> |
939 | 874 |
|
940 | 875 |
<a id="PGPSigs"></a> |
941 |
- <h3><a class="anchor" href="#PGPSigs">What are these "sig" files on |
|
942 |
-the download page?</a></h3> |
|
876 |
+ <h3><a class="anchor" href="#PGPSigs">What are these "sig" files on the |
|
877 |
+ download page?</a></h3> |
|
943 | 878 |
|
944 | 879 |
<p> |
945 |
- These are PGP signatures, so you can verify that the file you've |
|
946 |
-downloaded is |
|
947 |
- exactly the one that we intended you to get. |
|
880 |
+ These are PGP signatures, so you can verify that the file you've downloaded |
|
881 |
+ is exactly the one that we intended you to get. |
|
948 | 882 |
</p> |
949 | 883 |
|
950 | 884 |
<p> |
951 |
- Please read the <a |
|
952 |
- href="<page docs/verifying-signatures>">verifying signatures</a> |
|
885 |
+ Please read the |
|
886 |
+ <a href="<page docs/verifying-signatures>">verifying signatures</a> |
|
953 | 887 |
page for details. |
954 | 888 |
</p> |
955 | 889 |
|
956 | 890 |
<hr> |
957 | 891 |
|
958 | 892 |
<a id="GetTor"></a> |
959 |
-<h3><a class="anchor" href="#GetTor">Your website is blocked in my |
|
960 |
-country. How do I download Tor?</a></h3> |
|
961 |
- |
|
962 |
-<p> |
|
963 |
-Some government or corporate firewalls censor connections to Tor's |
|
964 |
-website. In those cases, you have three options. First, get it from |
|
965 |
-a friend — <a href="<page projects/torbrowser>">Tor Browser</a> |
|
966 |
-fits nicely on a USB key. Second, find the <a |
|
967 |
-href="https://encrypted.google.com/search?q=tor+mirrors">google |
|
968 |
-cache</a> |
|
969 |
-for the <a href="<page getinvolved/mirrors>">Tor mirrors</a> page |
|
970 |
-and see if any of those copies of our website work for you. Third, |
|
971 |
-you can download Tor Browser via email: log in to your email account |
|
972 |
-and send an email to '<tt>gettor@torproject.org</tt>' with one of the |
|
973 |
-following words in the body of the message: <tt>windows</tt>, |
|
974 |
-<tt>osx</tt> or <tt>linux</tt> (case insensitive). |
|
975 |
-You will receive a reply with links from popular cloud services to |
|
976 |
-download Tor Browser for Windows, Mac OS X or Linux, depending on the |
|
977 |
-option you chose. Currently, the only cloud service supported is |
|
978 |
-Dropbox. If you send a blank message or anything different from the |
|
979 |
-options mentioned, you will receive a help message with detailed |
|
980 |
-instructions to ask for Tor Browser via email. Please note that you |
|
981 |
-can use this service from any email address: gmail, yahoo, hotmail, |
|
982 |
-riseup, etc. The only restriction is that you can do a maximum of |
|
983 |
-three requests in a row, after that you'll have to wait 20 minutes to |
|
984 |
-use it again. See the <a href="../projects/gettor.html">GetTor</a> |
|
985 |
-section for more information. |
|
893 |
+ <h3><a class="anchor" href="#GetTor">Your website is blocked in my country. |
|
894 |
+ How do I download Tor?</a></h3> |
|
895 |
+ |
|
896 |
+ <p> |
|
897 |
+ Some government or corporate firewalls censor connections to Tor's website. |
|
898 |
+ In those cases, you have three options. First, get it from a friend — |
|
899 |
+ <a href="<page projects/torbrowser>">Tor Browser</a> fits nicely on a USB |
|
900 |
+ key. Second, find the |
|
901 |
+ <a href="https://encrypted.google.com/search?q=tor+mirrors">google cache</a> |
|
902 |
+ for the <a href="<page getinvolved/mirrors>">Tor mirrors</a> page and see if |
|
903 |
+ any of those copies of our website work for you. Third, you can download Tor |
|
904 |
+ Browser via email: log in to your email account and send an email to |
|
905 |
+ '<tt>gettor@torproject.org</tt>' with one of the following words in the |
|
906 |
+ body of the message: <tt>windows</tt>, <tt>osx</tt> or <tt>linux</tt> |
|
907 |
+ (case insensitive). |
|
908 |
+ You will receive a reply with links from popular cloud services to download |
|
909 |
+ Tor Browser for Windows, Mac OS X or Linux, depending on the option you |
|
910 |
+ chose. Currently, the only cloud service supported is Dropbox. If you send |
|
911 |
+ a blank message or anything different from the options mentioned, you will |
|
912 |
+ receive a help message with detailed instructions to ask for Tor Browser |
|
913 |
+ via email. Please note that you can use this service from any email address: |
|
914 |
+ gmail, yahoo, hotmail, riseup, etc. The only restriction is that you can do |
|
915 |
+ a maximum of three requests in a row, after that you'll have to wait 20 |
|
916 |
+ minutes to use it again. See the |
|
917 |
+ <a href="../projects/gettor.html">GetTor</a> section for more information. |
|
986 | 918 |
</p> |
987 | 919 |
|
988 | 920 |
<p> |
989 | 921 |
Be sure to <a href="<page docs/verifying-signatures>">verify the |
990 |
-signature</a> |
|
991 |
-of any package you download, especially when you get it from somewhere |
|
992 |
-other than our official HTTPS website. |
|
922 |
+ signature</a> of any package you download, especially when you get it from |
|
923 |
+ somewhere other than our official HTTPS website. |
|
993 | 924 |
</p> |
994 | 925 |
|
995 | 926 |
<hr> |
... | ... |
@@ -1019,7 +951,11 @@ other than our official HTTPS website. |
1019 | 951 |
Tar is a common archive utility for Unix and Linux systems. If your |
1020 | 952 |
system has a mouse, you can usually open them by double clicking. |
1021 | 953 |
Otherwise open a command prompt and execute</p> |
1022 |
- <pre>tar xzf <FILENAME>.tar.gz</pre> or <pre>tar xJf <FILENAME>.tar.xz</pre> |
|
954 |
+ |
|
955 |
+ <pre>tar xzf <FILENAME>.tar.gz</pre> |
|
956 |
+ or |
|
957 |
+ <pre>tar xJf <FILENAME>.tar.xz</pre> |
|
958 |
+ |
|
1023 | 959 |
<p> |
1024 | 960 |
as documented on tar's man page. |
1025 | 961 |
</p> |
... | ... |
@@ -1027,8 +963,8 @@ other than our official HTTPS website. |
1027 | 963 |
<hr> |
1028 | 964 |
|
1029 | 965 |
<a id="LiveCD"></a> |
1030 |
- <h3><a class="anchor" href="#LiveCD">Is there a LiveCD or other |
|
1031 |
-bundle that includes Tor?</a></h3> |
|
966 |
+ <h3><a class="anchor" href="#LiveCD">Is there a LiveCD or other bundle that |
|
967 |
+ includes Tor?</a></h3> |
|
1032 | 968 |
|
1033 | 969 |
<p> |
1034 | 970 |
Yes. Use <a href="https://tails.boum.org/">The Amnesic Incognito |
... | ... |
@@ -1041,20 +977,19 @@ bundle that includes Tor?</a></h3> |
1041 | 977 |
<h2><a class="anchor" href="#TBBGeneral">Tor Browser (general):</a></h2> |
1042 | 978 |
|
1043 | 979 |
<a id="TBBFlash"></a> |
1044 |
-<h3><a class="anchor" href="#TBBFlash">Why can't I view videos on |
|
1045 |
-some Flash-based sites?</a></h3> |
|
980 |
+ <h3><a class="anchor" href="#TBBFlash">Why can't I view videos on some |
|
981 |
+ Flash-based sites?</a></h3> |
|
1046 | 982 |
|
1047 | 983 |
<p> |
1048 | 984 |
Some sites require third party browser plugins such as Flash. |
1049 |
-Plugins operate independently from Firefox and can perform |
|
1050 |
-activity on your computer that ruins your anonymity. This includes |
|
1051 |
-but is not limited to: completely disregarding |
|
1052 |
-proxy settings, querying your <a |
|
1053 |
-href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376"> |
|
1054 |
-local IP address</a>, and <a |
|
1055 |
-href="http://epic.org/privacy/cookies/flash.html">storing their own |
|
1056 |
-cookies</a>. It is possible to use a LiveCD solution such as |
|
1057 |
-or <a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> |
|
985 |
+ Plugins operate independently from Firefox and can perform activity on your |
|
986 |
+ computer that ruins your anonymity. This includes but is not limited to: |
|
987 |
+ completely disregarding proxy settings, querying your |
|
988 |
+ <a href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376"> |
|
989 |
+ local IP address</a>, and |
|
990 |
+ <a href="http://epic.org/privacy/cookies/flash.html">storing their |
|
991 |
+ owncookies</a>. It is possible to use a LiveCD solution such as or |
|
992 |
+ <a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> |
|
1058 | 993 |
that creates a secure, transparent proxy to protect you from proxy bypass, |
1059 | 994 |
however issues with local IP address discovery and Flash cookies still remain. |
1060 | 995 |
</p> |
... | ... |
@@ -1062,11 +997,11 @@ however issues with local IP address discovery and Flash cookies still remain. |
1062 | 997 |
<hr> |
1063 | 998 |
|
1064 | 999 |
<a id="Ubuntu"></a> |
1065 |
-<h3><a class="anchor" href="#Ubuntu"> |
|
1066 |
-I'm using Ubuntu and I can't start Tor Browser.</a></h3> |
|
1000 |
+ <h3><a class="anchor" href="#Ubuntu">I'm using Ubuntu and I can't start Tor |
|
1001 |
+ Browser.</a></h3> |
|
1067 | 1002 |
<p> |
1068 |
-You'll need to tell Ubuntu that you want the ability to execute shell scripts |
|
1069 |
-from the graphical interface. Open "Files" (Unity's explorer), open |
|
1003 |
+ You'll need to tell Ubuntu that you want the ability to execute shell |
|
1004 |
+ scripts from the graphical interface. Open "Files" (Unity's explorer), open |
|
1070 | 1005 |
Preferences-> Behavior Tab -> Set "Run executable text files when they are |
1071 | 1006 |
opened" to "Ask every time", then OK. |
1072 | 1007 |
</p> |
... | ... |
@@ -1098,9 +1038,9 @@ this issue. |
1098 | 1038 |
error message: "Cannot load XPCOM".</a></h3> |
1099 | 1039 |
|
1100 | 1040 |
<p> |
1101 |
-This <a |
|
1102 |
-href="https://trac.torproject.org/projects/tor/ticket/10789">problem</a> is |
|
1103 |
-specifically caused by the Webroot SecureAnywhere Antivirus software. |
|
1041 |
+ This <a href="https://trac.torproject.org/projects/tor/ticket/10789"> |
|
1042 |
+ problem</a> is specifically caused by the Webroot SecureAnywhere Antivirus |
|
1043 |
+ software. |
|
1104 | 1044 |
From the Webroot control panel, go to Identity Protection → Application |
1105 | 1045 |
Protection, and set all the files in your Tor Browser folder to 'Allow'. |
1106 | 1046 |
We encourage affected Webroot users to contact Webroot support about this |
... | ... |
@@ -1120,16 +1060,17 @@ additional Firefox add-ons with Tor Browser. Add-ons can break |
1120 | 1060 |
your anonymity in a number of ways, including browser fingerprinting and |
1121 | 1061 |
bypassing proxy settings. |
1122 | 1062 |
</p> |
1063 |
+ |
|
1123 | 1064 |
<p> |
1124 |
-Some people have suggested we include ad-blocking software or |
|
1125 |
-anti-tracking software with Tor Browser. Right now, we do not |
|
1126 |
-think that's such a good idea. Tor Browser aims to provide |
|
1127 |
-sufficient privacy that additional add-ons to stop ads and trackers are |
|
1128 |
-not necessary. Using add-ons like these may cause some sites to break, which |
|
1065 |
+ Some people have suggested we include ad-blocking software or anti-tracking |
|
1066 |
+ software with Tor Browser. Right now, we do not think that's such a good |
|
1067 |
+ idea. Tor Browser aims to provide sufficient privacy that additional add-ons |
|
1068 |
+ to stop ads and trackers are not necessary. Using add-ons like these may |
|
1069 |
+ cause some sites to break, which |
|
1129 | 1070 |
<a href="https://www.torproject.org/projects/torbrowser/design/#philosophy"> |
1130 |
-we don't want to do</a>. Additionally, maintaining a list of "bad" sites that |
|
1131 |
-should be black-listed provides another opportunity to uniquely fingerprint |
|
1132 |
-users. |
|
1071 |
+ we don't want to do</a>. Additionally, maintaining a list of "bad" sites |
|
1072 |
+ that should be black-listed provides another opportunity to uniquely |
|
1073 |
+ fingerprint users. |
|
1133 | 1074 |
</p> |
1134 | 1075 |
|
1135 | 1076 |
<hr> |
... | ... |
@@ -1141,36 +1082,34 @@ configured to allow JavaScript by default in Tor Browser? |
1141 | 1082 |
Isn't that unsafe?</a></h3> |
1142 | 1083 |
|
1143 | 1084 |
<p> |
1144 |
-We configure NoScript to allow JavaScript by default in Tor |
|
1145 |
-Browser because many websites will not work with JavaScript |
|
1146 |
-disabled. Most users would give up on Tor entirely if a website |
|
1147 |
-they want to use requires JavaScript, because they would not know |
|
1148 |
-how to allow a website to use JavaScript (or that enabling |
|
1149 |
-JavaScript might make a website work). |
|
1085 |
+ We configure NoScript to allow JavaScript by default in Tor Browser because |
|
1086 |
+ many websites will not work with JavaScript disabled. Most users would give |
|
1087 |
+ up on Tor entirely if a website they want to use requires JavaScript, |
|
1088 |
+ because they would not know how to allow a website to use JavaScript |
|
1089 |
+ (or that enabling JavaScript might make a website work). |
|
1150 | 1090 |
</p> |
1151 | 1091 |
|
1152 | 1092 |
<p> |
1153 |
-There's a tradeoff here. On the one hand, we should leave |
|
1154 |
-JavaScript enabled by default so websites work the way |
|
1155 |
-users expect. On the other hand, we should disable JavaScript |
|
1156 |
-by default to better protect against browser vulnerabilities (<a |
|
1157 |
-href="https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable"> |
|
1093 |
+ There's a tradeoff here. On the one hand, we should leave JavaScript |
|
1094 |
+ enabled by default so websites work the way users expect. On the other hand, |
|
1095 |
+ we should disable JavaScript by default to better protect against browser |
|
1096 |
+ vulnerabilities ( |
|
1097 |
+ <a href="https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable"> |
|
1158 | 1098 |
not just a theoretical concern!</a>). But there's a third issue: websites |
1159 |
-can easily determine whether you have allowed JavaScript for them, |
|
1160 |
-and if you disable JavaScript by default but then allow a few websites |
|
1161 |
-to run scripts (the way most people use NoScript), then your choice of |
|
1162 |
-whitelisted websites acts as a sort of cookie that makes you recognizable |
|
1163 |
-(and distinguishable), thus harming your anonymity. |
|
1099 |
+ can easily determine whether you have allowed JavaScript for them, and if |
|
1100 |
+ you disable JavaScript by default but then allow a few websites to run |
|
1101 |
+ scripts (the way most people use NoScript), then your choice of whitelisted |
|
1102 |
+ websites acts as a sort of cookie that makes you recognizable (and |
|
1103 |
+ distinguishable), thus harming your anonymity. |
|
1164 | 1104 |
</p> |
1165 | 1105 |
|
1166 | 1106 |
<p> |
1167 |
-Ultimately, we want the default Tor bundles to use |
|
1168 |
-a combination of firewalls (like the iptables rules |
|
1169 |
-in <a href="https://tails.boum.org/">Tails</a>) and <a |
|
1170 |
-href="https://trac.torproject.org/projects/tor/ticket/7680">sandboxes</a> |
|
1171 |
-to make JavaScript not so scary. In |
|
1172 |
-the shorter term, TBB 3.0 will hopefully <a |
|
1173 |
-href="https://trac.torproject.org/projects/tor/ticket/9387">allow users |
|
1107 |
+ Ultimately, we want the default Tor bundles to use a combination of |
|
1108 |
+ firewalls (like the iptables rules in |
|
1109 |
+ <a href="https://tails.boum.org/">Tails</a>) and |
|
1110 |
+ <a href="https://trac.torproject.org/projects/tor/ticket/7680">sandboxes</a> |
|
1111 |
+ to make JavaScript not so scary. In the shorter term, TBB 3.0 will hopefully |
|
1112 |
+ <a href="https://trac.torproject.org/projects/tor/ticket/9387">allow users |
|
1174 | 1113 |
to choose their JavaScript settings more easily</a> — but the |
1175 | 1114 |
partitioning concern will remain. |
1176 | 1115 |
</p> |
... | ... |
@@ -1187,23 +1126,22 @@ on your security, anonymity, and usability priorities. |
1187 | 1126 |
Chrome/IE/Opera/etc with Tor.</a></h3> |
1188 | 1127 |
|
1189 | 1128 |
<p> |
1190 |
-In short, using any browser besides Tor Browser with Tor is a |
|
1191 |
-really bad idea. |
|
1129 |
+ In short, using any browser besides Tor Browser with Tor is a really bad idea. |
|
1192 | 1130 |
</p> |
1193 | 1131 |
|
1194 | 1132 |
<p> |
1195 |
-Our efforts to work with the Chrome team to <a |
|
1196 |
-href="https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting">add |
|
1197 |
-missing APIs</a> were unsuccessful, unfortunately. Currently, it is impossible |
|
1198 |
-to use other browsers and get the same level of protections as when using |
|
1199 |
-Tor Browser. |
|
1133 |
+ Our efforts to work with the Chrome team to |
|
1134 |
+ <a href="https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting"> |
|
1135 |
+ add missing APIs</a> were unsuccessful, unfortunately. Currently, it is |
|
1136 |
+ impossible to use other browsers and get the same level of protections as |
|
1137 |
+ when using Tor Browser. |
|
1200 | 1138 |
</p> |
1201 | 1139 |
|
1202 | 1140 |
<hr> |
1203 | 1141 |
|
1204 | 1142 |
<a id="GoogleCAPTCHA"></a> |
1205 |
-<h3><a class="anchor" href="#GoogleCAPTCHA">Google makes me solve a |
|
1206 |
-CAPTCHA or tells me I have spyware installed.</a></h3> |
|
1143 |
+ <h3><a class="anchor" href="#GoogleCAPTCHA">Google makes me solve a CAPTCHA |
|
1144 |
+ or tells me I have spyware installed.</a></h3> |
|
1207 | 1145 |
|
1208 | 1146 |
<p> |
1209 | 1147 |
This is a known and intermittent problem; it does not mean that Google |
... | ... |
@@ -1218,13 +1156,13 @@ Google interprets the high volume of traffic from a single IP address |
1218 | 1156 |
(the exit relay you happened to pick) as somebody trying to "crawl" their |
1219 | 1157 |
website, so it slows down traffic from that IP address for a short time. |
1220 | 1158 |
</p> |
1159 |
+ |
|
1221 | 1160 |
<p> |
1222 |
-An alternate explanation is that Google tries to detect certain |
|
1223 |
-kinds of spyware or viruses that send distinctive queries to Google |
|
1224 |
-Search. It notes the IP addresses from which those queries are received |
|
1225 |
-(not realizing that they are Tor exit relays), and tries to warn any |
|
1226 |
-connections coming from those IP addresses that recent queries indicate |
|
1227 |
-an infection. |
|
1161 |
+ An alternate explanation is that Google tries to detect certain kinds of |
|
1162 |
+ spyware or viruses that send distinctive queries to Google Search. It notes |
|
1163 |
+ the IP addresses from which those queries are received (not realizing that |
|
1164 |
+ they are Tor exit relays), and tries to warn any connections coming from |
|
1165 |
+ those IP addresses that recent queries indicate an infection. |
|
1228 | 1166 |
</p> |
1229 | 1167 |
|
1230 | 1168 |
<p> |
... | ... |
@@ -1262,51 +1204,51 @@ sent to. On a query this looks like: |
1262 | 1204 |
Another method is to simply use your country code for accessing Google. |
1263 | 1205 |
This can be google.be, google.de, google.us and so on. |
1264 | 1206 |
</p> |
1207 |
+ |
|
1265 | 1208 |
<hr /> |
1209 |
+ |
|
1266 | 1210 |
<a id="GmailWarning"></a> |
1267 |
-<h3><a class="anchor" href="#GmailWarning">Gmail warns me that my |
|
1268 |
-account may have been compromised.</a></h3> |
|
1211 |
+ <h3><a class="anchor" href="#GmailWarning">Gmail warns me that my account |
|
1212 |
+ may have been compromised.</a></h3> |
|
1269 | 1213 |
|
1270 | 1214 |
<p> |
1271 |
-Sometimes, after you've used Gmail over Tor, Google presents a |
|
1272 |
-pop-up notification that your account may have been compromised. |
|
1215 |
+ Sometimes, after you've used Gmail over Tor, Google presents a pop-up |
|
1216 |
+ notification that your account may have been compromised. |
|
1273 | 1217 |
The notification window lists a series of IP addresses and locations |
1274 | 1218 |
throughout the world recently used to access your account. |
1275 | 1219 |
</p> |
1276 | 1220 |
|
1277 | 1221 |
<p> |
1278 | 1222 |
In general this is a false alarm: Google saw a bunch of logins from |
1279 |
-different places, as a result of running the service via Tor, and |
|
1280 |
-decided |
|
1223 |
+ different places, as a result of running the service via Tor, and decided |
|
1281 | 1224 |
it was a good idea to confirm the account was being accessed by it's |
1282 | 1225 |
rightful owner. |
1283 | 1226 |
</p> |
1284 | 1227 |
|
1285 | 1228 |
<p> |
1286 |
-Even though this may be a biproduct of using the service via tor, |
|
1287 |
-that doesn't mean you can entirely ignore the warning. It is |
|
1288 |
-<i>probably</i> a false positive, but it might not be since it is |
|
1289 |
-possible for someone to hijack your Google cookie. |
|
1229 |
+ Even though this may be a biproduct of using the service via tor, that |
|
1230 |
+ doesn't mean you can entirely ignore the warning. It is <i>probably</i> a |
|
1231 |
+ false positive, but it might not be since it is possible for someone to |
|
1232 |
+ hijack your Google cookie. |
|
1290 | 1233 |
</p> |
1291 | 1234 |
|
1292 | 1235 |
<p> |
1293 |
-Cookie hijacking is possible by either physical access to your computer |
|
1294 |
-or by watching your network traffic. In theory only physical access |
|
1295 |
-should compromise your system because Gmail and similar services |
|
1296 |
-should only send the cookie over an SSL link. In practice, alas, it's <a |
|
1297 |
-href="http://fscked.org/blog/fully-automated-active-https-cookie- |
|
1298 |
-hijacking"> |
|
1236 |
+ Cookie hijacking is possible by either physical access to your computer or |
|
1237 |
+ by watching your network traffic. In theory only physical access should |
|
1238 |
+ compromise your system because Gmail and similar services should only send |
|
1239 |
+ the cookie over an SSL link. In practice, alas, it's |
|
1240 |
+ <a href="http://fscked.org/blog/fully-automated-active-https-cookie-hijacking"> |
|
1299 | 1241 |
way more complex than that</a>. |
1300 | 1242 |
</p> |
1301 | 1243 |
|
1302 | 1244 |
<p> |
1303 |
-And if somebody <i>did</i> steal your google cookie, they might end |
|
1304 |
-up logging in from unusual places (though of course they also might |
|
1305 |
-not). So the summary is that since you're using Tor, this security |
|
1306 |
-measure that Google uses isn't so useful for you, because it's full of |
|
1307 |
-false positives. You'll have to use other approaches, like seeing if |
|
1308 |
-anything looks weird on the account, or looking at the timestamps for |
|
1309 |
-recent logins and wondering if you actually logged in at those times. |
|
1245 |
+ And if somebody <i>did</i> steal your google cookie, they might end up |
|
1246 |
+ logging in from unusual places (though of course they also might not). So |
|
1247 |
+ the summary is that since you're using Tor, this security measure that |
|
1248 |
+ Google uses isn't so useful for you, because it's full of false positives. |
|
1249 |
+ You'll have to use other approaches, like seeing if anything looks weird on |
|
1250 |
+ the account, or looking at the timestamps for recent logins and wondering |
|
1251 |
+ if you actually logged in at those times. |
|
1310 | 1252 |
</p> |
1311 | 1253 |
|
1312 | 1254 |
<hr> |
... | ... |
@@ -1317,22 +1259,23 @@ requires an HTTP or SOCKS Proxy</a></h3> |
1317 | 1259 |
|
1318 | 1260 |
<p> |
1319 | 1261 |
You can set Proxy IP address, port, and authentication information in |
1320 |
-Tor Browser's Network Settings. If you're using Tor another way, check |
|
1321 |
-out the HTTPProxy and HTTPSProxy config options in the <a |
|
1322 |
-href="<page docs/tor-manual>">man page</a>, |
|
1323 |
-and modify your torrc file accordingly. You will need an HTTP proxy for |
|
1324 |
-doing GET requests to fetch the Tor directory, and you will need an |
|
1325 |
-HTTPS proxy for doing CONNECT requests to get to Tor relays. (It's fine |
|
1326 |
-if they're the same proxy.) Tor also recognizes the torrc options |
|
1327 |
-Socks4Proxy and Socks5Proxy. |
|
1262 |
+ Tor Browser's Network Settings. If you're using Tor another way, check out |
|
1263 |
+ the HTTPProxy and HTTPSProxy config options in the |
|
1264 |
+ <a href="<page docs/tor-manual>">man page</a>, and modify your torrc file |
|
1265 |
+ accordingly. You will need an HTTP proxy for doing GET requests to fetch |
|
1266 |
+ the Tor directory, and you will need an HTTPS proxy for doing CONNECT |
|
1267 |
+ requests to get to Tor relays. (It's fine if they're the same proxy.) |
|
1268 |
+ Tor also recognizes the torrc options Socks4Proxy and Socks5Proxy. |
|
1328 | 1269 |
</p> |
1270 |
+ |
|
1329 | 1271 |
<p> |
1330 | 1272 |
Also read up on the HTTPProxyAuthenticator and HTTPSProxyAuthenticator |
1331 | 1273 |
options if your proxy requires auth. We only support basic auth currently, |
1332 |
-but if you need NTLM authentication, you may find <a |
|
1333 |
-href="http://archives.seul.org/or/talk/Jun-2005/msg00223.html">this post |
|
1274 |
+ but if you need NTLM authentication, you may find |
|
1275 |
+ <a href="http://archives.seul.org/or/talk/Jun-2005/msg00223.html">this post |
|
1334 | 1276 |
in the archives</a> useful. |
1335 | 1277 |
</p> |
1278 |
+ |
|
1336 | 1279 |
<p> |
1337 | 1280 |
If your proxies only allow you to connect to certain ports, look at the |
1338 | 1281 |
entry on <a href="#FirewallPorts">Firewalled clients</a> for how |
... | ... |
@@ -1341,27 +1284,26 @@ to restrict what ports your Tor will try to access. |
1341 | 1284 |
|
1342 | 1285 |
<hr> |
1343 | 1286 |
|
1344 |
- |
|
1345 | 1287 |
<a id="TBBSocksPort"></a> |
1346 |
-<h3><a class="anchor" href="#TBBSocksPort"> |
|
1347 |
-I want to run another application through Tor.</a></h3> |
|
1288 |
+ <h3><a class="anchor" href="#TBBSocksPort">I want to run another |
|
1289 |
+ application through Tor.</a></h3> |
|
1348 | 1290 |
|
1349 | 1291 |
<p> |
1350 | 1292 |
If you are trying to use some external application with Tor, step zero |
1351 | 1293 |
should be to <a href="<page download/download>#warning">reread the set |
1352 | 1294 |
of warnings</a> for ways you can screw up. Step one should be to try |
1353 | 1295 |
to use a SOCKS proxy rather than an HTTP proxy. |
1354 |
-Typically Tor listens for SOCKS connections on port 9050. Tor Browser listens |
|
1355 |
-on port 9150. |
|
1296 |
+ Typically Tor listens for SOCKS connections on port 9050. Tor Browser |
|
1297 |
+ listens on port 9150. |
|
1356 | 1298 |
</p> |
1357 | 1299 |
|
1358 | 1300 |
<p> |
1359 |
-If your application doesn't support SOCKS proxies, feel free to install <a |
|
1360 |
-href="http://www.privoxy.org/">privoxy</a>. |
|
1301 |
+ If your application doesn't support SOCKS proxies, feel free to install |
|
1302 |
+ <a href="http://www.privoxy.org/">privoxy</a>. |
|
1361 | 1303 |
However, please realize that this approach is not recommended for novice |
1362 |
-users. Privoxy has an <a |
|
1363 |
-href="http://www.privoxy.org/faq/misc.html#TOR">example |
|
1364 |
-configuration</a> of Tor and Privoxy. |
|
1304 |
+ users. Privoxy has an |
|
1305 |
+ <a href="http://www.privoxy.org/faq/misc.html#TOR"> |
|
1306 |
+ example configuration</a> of Tor and Privoxy. |
|
1365 | 1307 |
</p> |
1366 | 1308 |
|
1367 | 1309 |
<p> |
... | ... |
@@ -1376,18 +1318,19 @@ not lost. See <a href="#CantSetProxy">below</a>. |
1376 | 1318 |
set a proxy with my application?</a></h3> |
1377 | 1319 |
|
1378 | 1320 |
<p> |
1379 |
-On Unix, we recommend you give <a |
|
1380 |
-href="https://github.com/dgoulet/torsocks/">torsocks</a> a try. |
|
1381 |
-Alternative proxifying tools like <a |
|
1382 |
-href="http://www.dest-unreach.org/socat/">socat</a> and <a |
|
1383 |
-href="http://proxychains.sourceforge.net/">proxychains</a> are also |
|
1321 |
+ On Unix, we recommend you give |
|
1322 |
+ <a href="https://github.com/dgoulet/torsocks/">torsocks</a> a try. |
|
1323 |
+ Alternative proxifying tools like |
|
1324 |
+ <a href="http://www.dest-unreach.org/socat/">socat</a> and |
|
1325 |
+ <a href="http://proxychains.sourceforge.net/">proxychains</a> are also |
|
1384 | 1326 |
available.</p> |
1327 |
+ |
|
1385 | 1328 |
<p> |
1386 |
-The Windows way to force applications through Tor is less clear. <a |
|
1387 |
-href="http://freecap.ru/eng/">Some</a> <a |
|
1388 |
-href="http://www.freehaven.net/~aphex/torcap/">tools</a> have been <a |
|
1389 |
-href="http://www.crowdstrike.com/community-tools/index.html#tool-79">proposed |
|
1390 |
-</a>, but we'd also like to see further testing done here. |
|
1329 |
+ The Windows way to force applications through Tor is less clear. |
|
1330 |
+ <a href="http://freecap.ru/eng/">Some</a> |
|
1331 |
+ <a href="http://www.freehaven.net/~aphex/torcap/">tools</a> have been |
|
1332 |
+ <a href="http://www.crowdstrike.com/community-tools/index.html#tool-79"> |
|
1333 |
+ proposed</a>, but we'd also like to see further testing done here. |
|
1391 | 1334 |
</p> |
1392 | 1335 |
|
1393 | 1336 |
<hr> |
... | ... |
@@ -1456,17 +1399,18 @@ href="http://www.crowdstrike.com/community-tools/index.html#tool-79">proposed |
1456 | 1399 |
|
1457 | 1400 |
<p> |
1458 | 1401 |
We're working on ways to make the behavior less surprising, e.g. a popup |
1459 |
- warning or auto restoring tabs. See ticket <a |
|
1460 |
- href="https://trac.torproject.org/projects/tor/ticket/9906">#9906</a> and |
|
1461 |
- ticket <a |
|
1462 |
- href="https://trac.torproject.org/projects/tor/ticket/10400">#10400</a> |
|
1402 |
+ warning or auto restoring tabs. See ticket |
|
1403 |
+ <a href="https://trac.torproject.org/projects/tor/ticket/9906">#9906</a> |
|
1404 |
+ and ticket |
|
1405 |
+ <a href="https://trac.torproject.org/projects/tor/ticket/10400">#10400</a> |
|
1463 | 1406 |
to follow progress there. |
1464 | 1407 |
</p> |
1465 | 1408 |
|
1466 | 1409 |
<hr> |
1467 | 1410 |
|
1468 | 1411 |
<a id="ConfigureRelayOrBridge"></a> |
1469 |
- <h3><a class="anchor" href="#ConfigureRelayOrBridge">How do I configure Tor as a relay or bridge?</a></h3> |
|
1412 |
+ <h3><a class="anchor" href="#ConfigureRelayOrBridge">How do I configure Tor |
|
1413 |
+ as a relay or bridge?</a></h3> |
|
1470 | 1414 |
|
1471 | 1415 |
<p> |
1472 | 1416 |
You've got three options. |
... | ... |
@@ -1475,8 +1419,8 @@ href="http://www.crowdstrike.com/community-tools/index.html#tool-79">proposed |
1475 | 1419 |
<p> |
1476 | 1420 |
First (best option), if you're on Linux, you can install the system |
1477 | 1421 |
Tor package (e.g. apt-get install tor) and then set it up to be a relay |
1478 |
- (<a href="https://www.torproject.org/docs/tor-relay-debian">instructions</a>). |
|
1479 |
- You can then use TBB independent of that. |
|
1422 |
+ (<a href="https://www.torproject.org/docs/tor-relay-debian"> |
|
1423 |
+ instructions</a>). You can then use TBB independent of that. |
|
1480 | 1424 |
</p> |
1481 | 1425 |
|
1482 | 1426 |
|
... | ... |
@@ -1497,12 +1442,12 @@ href="http://www.crowdstrike.com/community-tools/index.html#tool-79">proposed |
1497 | 1442 |
from 2000?</a></h3> |
1498 | 1443 |
|
1499 | 1444 |
<p>One of the huge new features in TBB 3.x is the "deterministic build" |
1500 |
- process, which allows many people to build Tor Browser and |
|
1501 |
- verify that they all make exactly the same package. See Mike's <a |
|
1502 |
- href="https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise">first |
|
1503 |
- blog</a> post for the motivation, and his <a |
|
1504 |
- href="https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details">second |
|
1505 |
- blog post</a> for the technical details of how we do it. |
|
1445 |
+ process, which allows many people to build Tor Browser and verify that they |
|
1446 |
+ all make exactly the same package. See Mike's |
|
1447 |
+ <a href="https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise"> |
|
1448 |
+ first blog</a> post for the motivation, and his |
|
1449 |
+ <a href="https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details"> |
|
1450 |
+ second blog post</a> for the technical details of how we do it. |
|
1506 | 1451 |
</p> |
1507 | 1452 |
|
1508 | 1453 |
<p>Part of creating identical builds is having everybody use the same |
... | ... |
@@ -1516,10 +1461,16 @@ href="http://www.crowdstrike.com/community-tools/index.html#tool-79">proposed |
1516 | 1461 |
Tor Browser? How do I verify a build?</a></h3> |
1517 | 1462 |
|
1518 | 1463 |
<p> |
1519 |
- Tor Browser is built from the <a href="https://gitweb.torproject.org/builders/tor-browser-build.git/">tor-browser-build.git git repository</a>. You can have a look at the <a href="https://gitweb.torproject.org/builders/tor-browser-build.git/tree/README">README file</a> for the build instructions. There is also some informations in the <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking">Tor Browser Hacking Guide</a>. |
|
1464 |
+ Tor Browser is built from the |
|
1465 |
+ <a href="https://gitweb.torproject.org/builders/tor-browser-build.git/"> |
|
1466 |
+ tor-browser-build.git git repository</a>. You can have a look at the |
|
1467 |
+ <a href="https://gitweb.torproject.org/builders/tor-browser-build.git/tree/README"> |
|
1468 |
+ README file</a> for the build instructions. |
|
1469 |
+ There is also some informations in the |
|
1470 |
+ <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking"> |
|
1471 |
+ Tor Browser Hacking Guide</a>. |
|
1520 | 1472 |
</p> |
1521 | 1473 |
|
1522 |
- |
|
1523 | 1474 |
<hr> |
1524 | 1475 |
|
1525 | 1476 |
<a id="AdvancedTorUsage"></a> |
... | ... |
@@ -1538,10 +1490,12 @@ configuration should work fine for most Tor users. |
1538 | 1490 |
If you installed Tor Browser on Windows or Linux, look for |
1539 | 1491 |
<code>Browser/TorBrowser/Data/Tor/torrc</code> inside your Tor Browser |
1540 | 1492 |
directory. |
1541 |
-If you're on macOS, the torrc is in <code>~/Library/Application Support/TorBrowser-Data/Tor</code> . |
|
1542 |
-To get to it, press cmd-shift-g while in Finder and copy/paste that directory |
|
1543 |
-into the box that appears. |
|
1493 |
+ If you're on macOS, the torrc is in |
|
1494 |
+ <code>~/Library/Application Support/TorBrowser-Data/Tor</code>. |
|
1495 |
+ To get to it, press cmd-shift-g while in Finder and copy/paste that |
|
1496 |
+ directory into the box that appears. |
|
1544 | 1497 |
</p> |
1498 |
+ |
|
1545 | 1499 |
<p> |
1546 | 1500 |
Otherwise, if you are using Tor without Tor Browser, it looks for the |
1547 | 1501 |
torrc file in <code>/usr/local/etc/tor/torrc</code> if you compiled tor |
... | ... |
@@ -1552,20 +1506,13 @@ if you installed a pre-built package. |
1552 | 1506 |
<p> |
1553 | 1507 |
Once you've created or changed your torrc file, you will need to restart |
1554 | 1508 |
tor for the changes to take effect. (For advanced users, note that |
1555 |
-you actually only need to send Tor a HUP signal, not actually restart |
|
1556 |
-it.) |
|
1557 |
-</p> |
|
1558 |
- |
|
1559 |
-<p> |
|
1560 |
-If you are looking for Tor's data directory: for TBB it's <var>Data/Tor/</var>, |
|
1561 |
-and for most system packages it's <var>/var/lib/tor/</var>. Run as user tor |
|
1562 |
-stores things in <var>$HOME/.tor</var> on Unix. |
|
1509 |
+ you actually only need to send Tor a HUP signal, not actually restart it.) |
|
1563 | 1510 |
</p> |
1564 | 1511 |
|
1565 | 1512 |
<p> |
1566 |
-For other configuration options you can use, see the <a href="<page |
|
1567 |
-docs/tor-manual>">Tor manual page</a>. Have a look at <a |
|
1568 |
-href="https://gitweb.torproject.org/tor.git/tree/src/config/torrc.sample.in"> |
|
1513 |
+ For other configuration options you can use, see the |
|
1514 |
+ <a href="<page docs/tor-manual>">Tor manual page</a>. Have a look at |
|
1515 |
+ <a href="https://gitweb.torproject.org/tor.git/tree/src/config/torrc.sample.in"> |
|
1569 | 1516 |
the sample torrc file</a> for hints on common configurations. Remember, all |
1570 | 1517 |
lines beginning with # in torrc are treated as comments and have no effect |
1571 | 1518 |
on Tor's configuration. |
... | ... |
@@ -1589,8 +1536,8 @@ hand. Here are some likely places for your logs to be: |
1589 | 1536 |
logs in your torrc file, they default to <code>\username\Application |
1590 | 1537 |
Data\tor\log\</code> or <code>\Application Data\tor\log\</code> |
1591 | 1538 |
</li> |
1592 |
-<li>If you compiled Tor from source, by default your Tor logs to <a |
|
1593 |
-href="http://en.wikipedia.org/wiki/Standard_streams">"stdout"</a> |
|
1539 |
+ <li>If you compiled Tor from source, by default your Tor logs to |
|
1540 |
+ <a href="http://en.wikipedia.org/wiki/Standard_streams">"stdout"</a> |
|
1594 | 1541 |
at log-level notice. If you enable logs in your torrc file, they |
1595 | 1542 |
default to <code>/usr/local/var/log/tor/</code>. |
1596 | 1543 |
</li> |
... | ... |
@@ -1648,8 +1596,8 @@ Tor's logs: |
1648 | 1596 |
</ul> |
1649 | 1597 |
|
1650 | 1598 |
<p> |
1651 |
-Alas, some of the warn messages are hard for ordinary users to correct -- the |
|
1652 |
-developers are slowly making progress at making Tor automatically react |
|
1599 |
+ Alas, some of the warn messages are hard for ordinary users to correct -- |
|
1600 |
+ the developers are slowly making progress at making Tor automatically react |
|
1653 | 1601 |
correctly for each situation. |
1654 | 1602 |
</p> |
1655 | 1603 |
|
... | ... |
@@ -1671,14 +1619,13 @@ their logs. |
1671 | 1619 |
working.</a></h3> |
1672 | 1620 |
|
1673 | 1621 |
<p> |
1674 |
-Once you've got Tor Browser up and running, the first question to |
|
1675 |
-ask is whether your Tor client is able to establish a circuit. |
|
1622 |
+ Once you've got Tor Browser up and running, the first question to ask is |
|
1623 |
+ whether your Tor client is able to establish a circuit. |
|
1676 | 1624 |
</p> |
1677 | 1625 |
|
1678 |
-<p>If Tor can establish a circuit, Tor Browser will |
|
1679 |
-automatically launch the browser for you. You can also check in the |
|
1680 |
-<a href="#Logs">Tor logs</a> for |
|
1681 |
-a line saying that Tor "has successfully opened a circuit. Looks like |
|
1626 |
+ <p>If Tor can establish a circuit, Tor Browser will automatically launch |
|
1627 |
+ the browser for you. You can also check in the <a href="#Logs">Tor logs</a> |
|
1628 |
+ for a line saying that Tor "has successfully opened a circuit. Looks like |
|
1682 | 1629 |
client functionality is working." |
1683 | 1630 |
</p> |
1684 | 1631 |
|
... | ... |
@@ -1693,18 +1641,18 @@ clock under the clock -> Internet time tab. In addition, correct the |
1693 | 1641 |
day and date under the 'Date & Time' Tab. Also make sure your time |
1694 | 1642 |
zone is correct.</li> |
1695 | 1643 |
<li>Is your Internet connection <a href="#FirewallPorts">firewalled |
1696 |
-by port</a>, or do you normally need to use a <a |
|
1697 |
-href="<#NeedToUseAProxy">proxy</a>? |
|
1644 |
+ by port</a>, or do you normally need to use a |
|
1645 |
+ <a href="<#NeedToUseAProxy">proxy</a>? |
|
1698 | 1646 |
</li> |
1699 |
-<li>Are you running programs like Norton Internet Security or SELinux |
|
1700 |
-that |
|
1647 |
+ <li>Are you running programs like Norton Internet Security or SELinux that |
|
1701 | 1648 |
block certain connections, even though you don't realize they do? They |
1702 | 1649 |
could be preventing Tor from making network connections.</li> |
1703 | 1650 |
<li>Are you in China, or behind a restrictive corporate network firewall |
1704 |
-that blocks the public Tor relays? If so, you should learn about <a |
|
1705 |
-href="<page docs/bridges>">Tor bridges</a>.</li> |
|
1651 |
+ that blocks the public Tor relays? If so, you should learn about |
|
1652 |
+ <a href="<page docs/bridges>">Tor bridges</a>.</li> |
|
1706 | 1653 |
<li>Check your <a href="#Logs">Tor logs</a>. Do they give you any hints |
1707 | 1654 |
about what's going wrong?</li> |
1655 |
+ |
|
1708 | 1656 |
</ol> |
1709 | 1657 |
|
1710 | 1658 |
<hr /> |
... | ... |
@@ -1725,78 +1674,83 @@ stable or the latest development version). |
1725 | 1674 |
Second, make sure your version of libevent is new enough. We recommend at |
1726 | 1675 |
least libevent 1.3a. |
1727 | 1676 |
</p> |
1677 |
+ |
|
1728 | 1678 |
<p> |
1729 |
-Third, see if there's already an entry for your bug in the <a |
|
1730 |
-href="https://bugs.torproject.org/">Tor bugtracker</a>. If so, |
|
1731 |
-check if there are any new details that you can add. |
|
1679 |
+ Third, see if there's already an entry for your bug in the |
|
1680 |
+ <a href="https://bugs.torproject.org/">Tor bugtracker</a>. If so, check if |
|
1681 |
+ there are any new details that you can add. |
|
1732 | 1682 |
</p> |
1683 |
+ |
|
1733 | 1684 |
<p> |
1734 |
-Fourth, is the crash repeatable? Can you cause the crash? Can |
|
1735 |
-you isolate some of the circumstances or config options that |
|
1736 |
-make it happen? How quickly or often does the bug show up? |
|
1737 |
-Can you check if it happens with other versions of Tor, for |
|
1738 |
-example the latest stable release? |
|
1685 |
+ Fourth, is the crash repeatable? Can you cause the crash? Can you isolate |
|
1686 |
+ some of the circumstances or config options that make it happen? How |
|
1687 |
+ quickly or often does the bug show up? |
|
1688 |
+ Can you check if it happens with other versions of Tor, for example the |
|
1689 |
+ latest stable release? |
|
1739 | 1690 |
</p> |
1691 |
+ |
|
1740 | 1692 |
<p> |
1741 | 1693 |
Fifth, what sort of crash do you get? |
1742 | 1694 |
</p> |
1695 |
+ |
|
1743 | 1696 |
<ul> |
1697 |
+ |
|
1744 | 1698 |
<li> |
1745 |
-Does your Tor log include an "assert failure"? If so, please |
|
1746 |
-tell us that line, since it helps us figure out what's going on. |
|
1747 |
-Tell us the previous couple of log messages as well, especially |
|
1748 |
-if they seem important. |
|
1699 |
+ Does your Tor log include an "assert failure"? If so, please tell us that |
|
1700 |
+ line, since it helps us figure out what's going on. Tell us the previous |
|
1701 |
+ couple of log messages as well, especially if they seem important. |
|
1749 | 1702 |
</li> |
1750 | 1703 |
<li> |
1751 |
-If it says "Segmentation fault - core dumped" then you need to |
|
1752 |
-do a bit more to track it down. Look for a file like "core" or |
|
1753 |
-"tor.core" or "core.12345" in your current directory, or in your |
|
1754 |
-Data Directory. If it's there, run "gdb tor core" and then "bt", |
|
1755 |
-and include the output. If you can't find a core, run "ulimit -c |
|
1756 |
-unlimited", restart Tor, and try to make it crash again. (This core |
|
1757 |
-thing will only work on Unix -- alas, tracking down bugs on Windows |
|
1758 |
-is harder. If you're on Windows, can you get somebody to duplicate |
|
1759 |
-your bug on Unix?) |
|
1704 |
+ If it says "Segmentation fault - core dumped" then you need to do a bit |
|
1705 |
+ more to track it down. Look for a file like "core" or "tor.core" or |
|
1706 |
+ "core.12345" in your current directory, or in your Data Directory. |
|
1707 |
+ If it's there, run "gdb tor core" and then "bt", and include the output. |
|
1708 |
+ If you can't find a core, run "ulimit -c unlimited", restart Tor, and try |
|
1709 |
+ to make it crash again. (This core thing will only work on Unix -- alas, |
|
1710 |
+ tracking down bugs on Windows is harder. If you're on Windows, can you get |
|
1711 |
+ somebody to duplicate your bug on Unix?) |
|
1760 | 1712 |
</li> |
1713 |
+ |
|
1761 | 1714 |
<li> |
1762 |
-If Tor simply vanishes mysteriously, it probably is a segmentation |
|
1763 |
-fault but you're running Tor in the background (as a daemon) so you |
|
1764 |
-won't notice. Go look at the end of your log file, and look for a |
|
1765 |
-core file as above. If you don't find any good hints, you should |
|
1766 |
-consider running Tor in the foreground (from a shell) so you can |
|
1767 |
-see how it dies. Warning: if you switch to running Tor in the foreground, |
|
1768 |
-you might start using a different torrc file, with a different default |
|
1769 |
-Data Directory; see the <a href="#UpgradeOrMove">relay-upgrade FAQ entry</a> |
|
1715 |
+ If Tor simply vanishes mysteriously, it probably is a segmentation fault |
|
1716 |
+ but you're running Tor in the background (as a daemon) so you won't notice. |
|
1717 |
+ Go look at the end of your log file, and look for a core file as above. |
|
1718 |
+ If you don't find any good hints, you should consider running Tor in the |
|
1719 |
+ foreground (from a shell) so you can see how it dies. Warning: if you |
|
1720 |
+ switch to running Tor in the foreground, you might start using a different |
|
1721 |
+ torrc file, with a different default Data Directory; see the |
|
1722 |
+ <a href="#UpgradeOrMove">relay-upgrade FAQ entry</a> |
|
1770 | 1723 |
for details. |
1771 | 1724 |
</li> |
1772 | 1725 |
<li> |
1773 | 1726 |
If it's still vanishing mysteriously, perhaps something else is killing it? |
1774 | 1727 |
Do you have resource limits (ulimits) configured that kill off processes |
1775 |
-sometimes? On Linux, try running |
|
1776 |
-"dmesg" to see if the out-of-memory killer removed your process. (Tor will |
|
1777 |
-exit cleanly if it notices that it's run out of memory, but in some cases |
|
1778 |
-it might not have time to notice.) In very rare circumstances, hardware |
|
1779 |
-problems could also be the culprit. |
|
1728 |
+ sometimes? On Linux, try running "dmesg" to see if the out-of-memory killer |
|
1729 |
+ removed your process. (Tor will exit cleanly if it notices that it's run |
|
1730 |
+ out of memory, but in some cases it might not have time to notice.) In very |
|
1731 |
+ rare circumstances, hardware problems could also be the culprit. |
|
1780 | 1732 |
</li> |
1781 | 1733 |
</ul> |
1734 |
+ |
|
1782 | 1735 |
<p> |
1783 | 1736 |
Sixth, if the above ideas don't point out the bug, consider increasing your |
1784 | 1737 |
log level to "loglevel debug". You can look at the log-configuration FAQ |
1785 | 1738 |
entry for instructions on what to put in your torrc file. If it usually |
1786 |
-takes a long time for the crash to show up, you will want to reserve a whole |
|
1787 |
-lot of disk space for the debug log. Alternatively, you could just send |
|
1788 |
-debug-level logs to the screen (it's called "stdout" in the torrc), and then |
|
1789 |
-when it crashes you'll see the last couple of log lines it had printed. |
|
1739 |
+ takes a long time for the crash to show up, you will want to reserve a |
|
1740 |
+ whole lot of disk space for the debug log. Alternatively, you could just |
|
1741 |
+ send debug-level logs to the screen (it's called "stdout" in the torrc), |
|
1742 |
+ and then when it crashes you'll see the last couple of log lines it had |
|
1743 |
+ printed. |
|
1790 | 1744 |
(Note that running with verbose logging like this will slow Tor down |
1791 |
-considerably, and note also that it's generally not a good idea security-wise |
|
1792 |
-to keep logs like this sitting around.) |
|
1745 |
+ considerably, and note also that it's generally not a good idea |
|
1746 |
+ security-wise to keep logs like this sitting around.) |
|
1793 | 1747 |
</p> |
1794 | 1748 |
|
1795 | 1749 |
<hr /> |
1796 | 1750 |
|
1797 | 1751 |
<a id="ChooseEntryExit"></a> |
1798 |
- <h3><a class="anchor" href="#ChooseEntryExit">Can I control which |
|
1799 |
-nodes (or country) are used for entry/exit?</a></h3> |
|
1752 |
+ <h3><a class="anchor" href="#ChooseEntryExit">Can I control which nodes |
|
1753 |
+ (or country) are used for entry/exit?</a></h3> |
|
1800 | 1754 |
|
1801 | 1755 |
<p> |
1802 | 1756 |
Yes. You can set preferred entry and exit nodes as well as |
... | ... |
@@ -1840,21 +1794,17 @@ versions. |
1840 | 1794 |
<a href="<page docs/tor-manual>">manual</a>. |
1841 | 1795 |
</p> |
1842 | 1796 |
<p> |
1843 |
- Instead of <tt>$fingerprint</tt> you can also specify a <a |
|
1844 |
- |
|
1845 |
-href="https://secure.wikimedia.org/wikipedia/en/wiki/ISO_3166-1_alpha-2" |
|
1846 |
->2 |
|
1847 |
- letter ISO3166 country code</a> in curly braces (for example <tt>{de}</tt>), |
|
1848 |
- or an ip address pattern (for example 255.254.0.0/8). |
|
1849 |
- Make sure there are no spaces between the commas and the |
|
1850 |
- list items. |
|
1797 |
+ Instead of <tt>$fingerprint</tt> you can also specify a |
|
1798 |
+ <a href="https://secure.wikimedia.org/wikipedia/en/wiki/ISO_3166-1_alpha-2"> |
|
1799 |
+ 2 letter ISO3166 country code</a> in curly braces (for example |
|
1800 |
+ <tt>{de}</tt>), or an ip address pattern (for example 255.254.0.0/8). |
|
1801 |
+ Make sure there are no spaces between the commas and the list items. |
|
1851 | 1802 |
</p> |
1803 |
+ |
|
1852 | 1804 |
<p> |
1853 |
- If you want to access a service directly through Tor's Socks |
|
1854 |
-interface |
|
1855 |
- (eg. using ssh via connect.c), another option is to set up an |
|
1856 |
- internal mapping in your configuration file using |
|
1857 |
-<tt>MapAddress</tt>. |
|
1805 |
+ If you want to access a service directly through Tor's Socks interface |
|
1806 |
+ (eg. using ssh via connect.c), another option is to set up an internal |
|
1807 |
+ mapping in your configuration file using <tt>MapAddress</tt>. |
|
1858 | 1808 |
See the manual page for details. |
1859 | 1809 |
</p> |
1860 | 1810 |
|
... | ... |
@@ -1867,10 +1817,8 @@ few outgoing ports.</a></h3> |
1867 | 1817 |
<p> |
1868 | 1818 |
If your firewall works by blocking ports, then you can tell Tor to only |
1869 | 1819 |
use the ports when you start your Tor Browser. Or you can add the ports |
1870 |
-that your firewall permits by adding "FascistFirewall 1" |
|
1871 |
-to |
|
1872 |
-your <a href="<page docs/faq>#torrc">torrc |
|
1873 |
-configuration file</a>. |
|
1820 |
+ that your firewall permits by adding "FascistFirewall 1" to your |
|
1821 |
+ <a href="<page docs/faq>#torrc">torrc configuration file</a>. |
|
1874 | 1822 |
By default, when you set this Tor assumes that your firewall allows only |
1875 | 1823 |
port 80 and port 443 (HTTP and HTTPS respectively). You can select a |
1876 | 1824 |
different set of ports with the FirewallPorts torrc option. |
... | ... |
@@ -1985,11 +1933,14 @@ from the source code release tor-0.2.4.16-rc is: |
1985 | 1933 |
network to look up hostnames remotely; if you resolve hostnames to IPs |
1986 | 1934 |
with tor-resolve, then pass the IPs to your applications, you'll be fine. |
1987 | 1935 |
(Tor will still give the warning, but now you know what it means.) </li> |
1988 |
-<!-- I'm not sure if this project is still maintained or not |
|
1989 | 1936 |
|
1990 |
-<li>You can use TorDNS as a local DNS server to rectify the DNS leakage. See the Torify HOWTO for info on how to run particular applications anonymously. </li> |
|
1937 |
+ <!-- I'm not sure if this project is still maintained or not |
|
1938 |
+ <li>You can use TorDNS as a local DNS server to rectify the DNS leakage. |
|
1939 |
+ See the Torify HOWTO for info on how to run particular applications |
|
1940 |
+ anonymously.</li> |
|
1991 | 1941 |
!--> |
1992 | 1942 |
</ul> |
1943 |
+ |
|
1993 | 1944 |
<p>If you think that you applied one of the solutions properly but still |
1994 | 1945 |
experience DNS leaks please verify there is no third-party application |
1995 | 1946 |
using DNS independently of Tor. Please see <a |
... | ... |
@@ -2000,8 +1951,8 @@ from the source code release tor-0.2.4.16-rc is: |
2000 | 1951 |
<hr> |
2001 | 1952 |
|
2002 | 1953 |
<a id="SocksAndDNS"></a> |
2003 |
- <h3><a class="anchor" href="#SocksAndDNS">How do I check if my application that uses |
|
2004 |
- SOCKS is leaking DNS requests?</a></h3> |
|
1954 |
+ <h3><a class="anchor" href="#SocksAndDNS">How do I check if my application |
|
1955 |
+ that uses SOCKS is leaking DNS requests?</a></h3> |
|
2005 | 1956 |
|
2006 | 1957 |
<p> |
2007 | 1958 |
These are two steps you need to take here. The first is to make sure |
... | ... |
@@ -2035,8 +1986,8 @@ from the source code release tor-0.2.4.16-rc is: |
2035 | 1986 |
<hr> |
2036 | 1987 |
|
2037 | 1988 |
<a id="TorClientOnADifferentComputerThanMyApplications"></a> |
2038 |
- <h3><a class="anchor" href="#TorClientOnADifferentComputerThanMyApplications">I |
|
2039 |
- want to run my Tor client on a different computer than my applications. |
|
1989 |
+ <h3><a class="anchor" href="#TorClientOnADifferentComputerThanMyApplications"> |
|
1990 |
+ I want to run my Tor client on a different computer than my applications. |
|
2040 | 1991 |
</a></h3> |
2041 | 1992 |
<p> |
2042 | 1993 |
By default, your Tor client only listens for applications that |
... | ... |
@@ -2071,8 +2022,8 @@ from the source code release tor-0.2.4.16-rc is: |
2071 | 2022 |
Configuration is simple, editing your torrc file's SocksListenAddress |
2072 | 2023 |
according to the following examples: |
2073 | 2024 |
</p> |
2074 |
- <pre> |
|
2075 | 2025 |
|
2026 |
+ <pre> |
|
2076 | 2027 |
#This provides local interface access only, |
2077 | 2028 |
#needs SocksPort to be greater than 0 |
2078 | 2029 |
SocksListenAddress 127.0.0.1 |
... | ... |
@@ -2100,10 +2055,12 @@ to be. |
2100 | 2055 |
Please note that the SocksPort configuration option gives the port ONLY for |
2101 | 2056 |
localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need |
2102 | 2057 |
to give the port with the address, as shown above. |
2058 |
+ </p> |
|
2059 |
+ |
|
2103 | 2060 |
<p> |
2104 | 2061 |
If you are interested in forcing all outgoing data through the central Tor |
2105 |
-client/relay, instead of the server only being an optional proxy, you may find |
|
2106 |
-the program iptables (for *nix) useful. |
|
2062 |
+ client/relay, instead of the server only being an optional proxy, you may |
|
2063 |
+ find the program iptables (for *nix) useful. |
|
2107 | 2064 |
</p> |
2108 | 2065 |
|
2109 | 2066 |
<hr> |
... | ... |
@@ -2116,22 +2073,31 @@ the program iptables (for *nix) useful. |
2116 | 2073 |
run a relay?</a></h3> |
2117 | 2074 |
<p> |
2118 | 2075 |
We're looking for people with reasonably reliable Internet connections, |
2119 |
- that have at least 1 MByte/second (that is 8 MBit/second) available bandwidth each way. If that's you, please |
|
2120 |
- consider <a href="<wiki>TorRelayGuide">running a Tor relay</a>. |
|
2076 |
+ that have at least 1 MByte/second (that is 8 MBit/second) available |
|
2077 |
+ bandwidth each way. If that's you, please consider |
|
2078 |
+ <a href="<wiki>TorRelayGuide">running a Tor relay</a>. |
|
2121 | 2079 |
</p> |
2080 |
+ |
|
2122 | 2081 |
<p> |
2123 |
- Even if you do not have at least 8 MBit/s of available bandwidth you can still help the Tor network by running a <a href="<page docs/pluggable-transports>#operator">Tor bridge with obfs4 support</a>. In that case you should have at least 1 MBit/s of available bandwidth. |
|
2082 |
+ Even if you do not have at least 8 MBit/s of available bandwidth you can |
|
2083 |
+ still help the Tor network by running a |
|
2084 |
+ <a href="<page docs/pluggable-transports>#operator">Tor bridge with obfs4 |
|
2085 |
+ support</a>. |
|
2086 |
+ In that case you should have at least 1 MBit/s of available bandwidth. |
|
2124 | 2087 |
</p> |
2125 | 2088 |
|
2126 | 2089 |
<hr> |
2127 | 2090 |
|
2128 | 2091 |
<a id="MostNeededRelayType"></a> |
2129 |
- <h3><a class="anchor" href="#MostNeededRelayType">What type of relays are most needed?</a></h3> |
|
2092 |
+ <h3><a class="anchor" href="#MostNeededRelayType">What type of relays are |
|
2093 |
+ most needed?</a></h3> |
|
2130 | 2094 |
<p> |
2131 | 2095 |
<ul> |
2132 |
- <li>The exit relay is the most needed relay type but it also comes with the highest legal exposure and risk (and you |
|
2133 |
- should NOT run them from your home).</li> |
|
2134 |
- <li>If you are looking to run a relay with minimal effort, fast guard relays are also very useful</li> |
|
2096 |
+ <li>The exit relay is the most needed relay type but it also comes with the |
|
2097 |
+ highest legal exposure and risk (and you should NOT run them from your |
|
2098 |
+ home).</li> |
|
2099 |
+ <li>If you are looking to run a relay with minimal effort, fast guard |
|
2100 |
+ relays are also very useful</li> |
|
2135 | 2101 |
<li>followed by bridges.</li> |
2136 | 2102 |
</ul> |
2137 | 2103 |
</p> |
... | ... |
@@ -2160,8 +2126,8 @@ the program iptables (for *nix) useful. |
2160 | 2126 |
<hr> |
2161 | 2127 |
|
2162 | 2128 |
<a id="IDontHaveAStaticIP"></a> |
2163 |
- <h3><a class="anchor" href="#IDontHaveAStaticIP">Can I run a Tor relay using a |
|
2164 |
- dynamic IP address?</a></h3> |
|
2129 |
+ <h3><a class="anchor" href="#IDontHaveAStaticIP">Can I run a Tor relay |
|
2130 |
+ using a dynamic IP address?</a></h3> |
|
2165 | 2131 |
|
2166 | 2132 |
<p> |
2167 | 2133 |
Tor can handle relays with dynamic IP addresses just fine. Just leave |
... | ... |
@@ -2174,11 +2140,12 @@ the program iptables (for *nix) useful. |
2174 | 2140 |
<h3><a class="anchor" href="#IPv6Relay">Can I use IPv6 on my relay?</a></h3> |
2175 | 2141 |
|
2176 | 2142 |
<p> |
2177 |
- Tor has <a href="<wiki>org/roadmaps/Tor/IPv6Features">partial</a> support for IPv6 and we |
|
2178 |
- encourage every relay operator to <a href="<wiki>TorRelayGuide#IPv6">enable IPv6 functionality |
|
2179 |
- </a> in their torrc configuration files when IPv6 connectivity is available. |
|
2180 |
- For the time being Tor will require IPv4 addresses on relays, you can not run a Tor relay |
|
2181 |
- on a host with IPv6 addresses only. |
|
2143 |
+ Tor has <a href="<wiki>org/roadmaps/Tor/IPv6Features">partial</a> support |
|
2144 |
+ for IPv6 and we encourage every relay operator to |
|
2145 |
+ <a href="<wiki>TorRelayGuide#IPv6">enable IPv6 functionality</a> in their |
|
2146 |
+ torrc configuration files when IPv6 connectivity is available. |
|
2147 |
+ For the time being Tor will require IPv4 addresses on relays, you can not |
|
2148 |
+ run a Tor relay on a host with IPv6 addresses only. |
|
2182 | 2149 |
</p> |
2183 | 2150 |
|
2184 | 2151 |
<hr> |
... | ... |
@@ -2202,27 +2169,27 @@ the program iptables (for *nix) useful. |
2202 | 2169 |
world. We recommend that you bind your socksport to local networks only. |
2203 | 2170 |
</p> |
2204 | 2171 |
<p> |
2205 |
- In any case, you need to keep up to date with your security. See this <a |
|
2206 |
- href="https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity">article |
|
2207 |
- on operational security for Tor relays</a> for more suggestions. |
|
2172 |
+ In any case, you need to keep up to date with your security. See this |
|
2173 |
+ <a href="https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity"> |
|
2174 |
+ article on operational security for Tor relays</a> for more suggestions. |
|
2208 | 2175 |
</p> |
2209 | 2176 |
|
2210 | 2177 |
<hr> |
2211 | 2178 |
|
2212 | 2179 |
<a id="HighCapacityConnection"></a> |
2213 |
- <h3><a class="anchor" href="#HighCapacityConnection">How can I get Tor to fully |
|
2214 |
- make use of my high capacity connection?</a></h3> |
|
2180 |
+ <h3><a class="anchor" href="#HighCapacityConnection">How can I get Tor to |
|
2181 |
+ fully make use of my high capacity connection?</a></h3> |
|
2215 | 2182 |
|
2216 | 2183 |
<p> |
2217 |
- See <a href="http://archives.seul.org/or/relays/Aug-2010/msg00034.html">this |
|
2218 |
- tor-relays thread</a>. |
|
2184 |
+ See <a href="http://archives.seul.org/or/relays/Aug-2010/msg00034.html"> |
|
2185 |
+ this tor-relays thread</a>. |
|
2219 | 2186 |
</p> |
2220 | 2187 |
|
2221 | 2188 |
<hr> |
2222 | 2189 |
|
2223 | 2190 |
<a id="RelayFlexible"></a> |
2224 |
- <h3><a class="anchor" href="#RelayFlexible">How stable does my relay |
|
2225 |
-need to be?</a></h3> |
|
2191 |
+ <h3><a class="anchor" href="#RelayFlexible">How stable does my relay need |
|
2192 |
+ to be?</a></h3> |
|
2226 | 2193 |
|
2227 | 2194 |
<p> |
2228 | 2195 |
We aim to make setting up a Tor relay easy and convenient: |
... | ... |
@@ -2234,20 +2201,14 @@ need to be?</a></h3> |
2234 | 2201 |
sure it's not too often, since connections using the relay when it |
2235 | 2202 |
disconnects will break. |
2236 | 2203 |
</li> |
2237 |
- <li>Each Tor relay has an <a href="#ExitPolicies">exit policy</a> |
|
2238 |
-that |
|
2239 |
- specifies what sort of outbound connections are allowed or refused |
|
2240 |
-from |
|
2241 |
- that relay. If you are uncomfortable allowing people to exit from |
|
2242 |
-your |
|
2243 |
- relay, you can set it up to only allow connections to other Tor |
|
2244 |
-relays. |
|
2204 |
+ <li>Each Tor relay has an <a href="#ExitPolicies">exit policy</a> that |
|
2205 |
+ specifies what sort of outbound connections are allowed or refused from |
|
2206 |
+ that relay. If you are uncomfortable allowing people to exit from your |
|
2207 |
+ relay, you can set it up to only allow connections to other Tor relays. |
|
2245 | 2208 |
</li> |
2246 | 2209 |
<li>Your relay will passively estimate and advertise its recent |
2247 |
- bandwidth capacity, so high-bandwidth relays will attract more users |
|
2248 |
-than |
|
2249 |
- low-bandwidth ones. Therefore having low-bandwidth relays is useful |
|
2250 |
-too. |
|
2210 |
+ bandwidth capacity, so high-bandwidth relays will attract more users than |
|
2211 |
+ low-bandwidth ones. Therefore having low-bandwidth relays is useful too. |
|
2251 | 2212 |
</li> |
2252 | 2213 |
</ul> |
2253 | 2214 |
|
... | ... |
@@ -2316,9 +2277,9 @@ too. |
2316 | 2277 |
<p> |
2317 | 2278 |
Linux-based Tor nodes have another option at their disposal: they can |
2318 | 2279 |
prioritize Tor traffic below other traffic on their machine, so that |
2319 |
- their own personal traffic is not impacted by Tor load. A <a |
|
2320 |
- href="https://gitweb.torproject.org/tor.git/tree/contrib/operator-tools/linux-tor-prio.sh">script |
|
2321 |
- to do this</a> can be found in the Tor source distribution's contrib |
|
2280 |
+ their own personal traffic is not impacted by Tor load. A |
|
2281 |
+ <a href="https://gitweb.torproject.org/tor.git/tree/contrib/operator-tools/linux-tor-prio.sh"> |
|
2282 |
+ script to do this</a> can be found in the Tor source distribution's contrib |
|
2322 | 2283 |
directory. |
2323 | 2284 |
</p> |
2324 | 2285 |
<p> |
... | ... |
@@ -2381,10 +2342,11 @@ too. |
2381 | 2342 |
spread your usefulness over more of the day: if you want to offer X GB |
2382 | 2343 |
in each direction, you could set your RelayBandwidthRate to 20*X KBytes. |
2383 | 2344 |
For example, |
2384 |
- if you have 50 GB to offer each way, you might set your RelayBandwidthRate to |
|
2385 |
- 1000 KBytes: this way your relay will always be useful for at least half of |
|
2386 |
- each day. |
|
2345 |
+ if you have 50 GB to offer each way, you might set your RelayBandwidthRate |
|
2346 |
+ to 1000 KBytes: this way your relay will always be useful for at least half |
|
2347 |
+ of each day. |
|
2387 | 2348 |
</p> |
2349 |
+ |
|
2388 | 2350 |
<pre> |
2389 | 2351 |
AccountingStart day 0:00 |
2390 | 2352 |
AccountingMax 50 GBytes |
... | ... |
@@ -2454,16 +2416,13 @@ don't want to deal with abuse issues.</a></h3> |
2454 | 2416 |
|
2455 | 2417 |
<p> |
2456 | 2418 |
Each Tor relay has an exit policy that specifies what sort of |
2457 |
- outbound connections are allowed or refused from that relay. The |
|
2458 |
-exit |
|
2419 |
+ outbound connections are allowed or refused from that relay. The exit |
|
2459 | 2420 |
policies are propagated to Tor clients via the directory, so clients |
2460 | 2421 |
will automatically avoid picking exit relays that would refuse to |
2461 | 2422 |
exit to their intended destination. This way each relay can decide |
2462 | 2423 |
the services, hosts, and networks it wants to allow connections to, |
2463 |
- based on abuse potential and its own situation. Read the FAQ entry |
|
2464 |
-on |
|
2465 |
- <a href="<page docs/faq-abuse>#TypicalAbuses">issues you might |
|
2466 |
-encounter</a> |
|
2424 |
+ based on abuse potential and its own situation. Read the FAQ entry on |
|
2425 |
+ <a href="<page docs/faq-abuse>#TypicalAbuses">issues you might encounter</a> |
|
2467 | 2426 |
if you use the default exit policy, and then read Mike Perry's |
2468 | 2427 |
<a href="<blog>tips-running-exit-node">tips |
2469 | 2428 |
for running an exit node with minimal harassment</a>. |
... | ... |
@@ -2471,31 +2430,22 @@ encounter</a> |
2471 | 2430 |
|
2472 | 2431 |
<p> |
2473 | 2432 |
The default exit policy allows access to many popular services |
2474 |
- (e.g. web browsing), but <a |
|
2475 |
-href="#DefaultExitPorts">restricts</a> |
|
2476 |
- some due to abuse potential (e.g. mail) and some since |
|
2477 |
- the Tor network can't handle the load (e.g. default |
|
2478 |
- file-sharing ports). You can change your exit policy |
|
2479 |
- by editing your |
|
2480 |
- <a href="<page docs/faq>#torrc">torrc</a> |
|
2481 |
- file. If you want to avoid most if not all abuse potential, set it |
|
2482 |
-to |
|
2483 |
- "reject *:*". This setting |
|
2484 |
-means |
|
2485 |
- that your relay will be used for relaying traffic inside the Tor |
|
2486 |
-network, |
|
2487 |
- but not for connections to external websites or other services. |
|
2488 |
- </p> |
|
2489 |
- |
|
2490 |
- <p> |
|
2491 |
- If you do allow any exit connections, make sure name resolution |
|
2492 |
-works |
|
2433 |
+ (e.g. web browsing), but <a href="#DefaultExitPorts">restricts</a> some due |
|
2434 |
+ to abuse potential (e.g. mail) and some since the Tor network can't handle |
|
2435 |
+ the load (e.g. default file-sharing ports). You can change your exit policy |
|
2436 |
+ by editing your <a href="<page docs/faq>#torrc">torrc</a> file. If you want |
|
2437 |
+ to avoid most if not all abuse potential, set it to <var>"reject *:*"</var>. |
|
2438 |
+ This setting means that your relay will be used for relaying traffic inside |
|
2439 |
+ the Tor network, but not for connections to external websites or other |
|
2440 |
+ services. |
|
2441 |
+ </p> |
|
2442 |
+ |
|
2443 |
+ <p> |
|
2444 |
+ If you do allow any exit connections, make sure name resolution works |
|
2493 | 2445 |
(that is, your computer can resolve Internet addresses correctly). |
2494 |
- If there are any resources that your computer can't reach (for |
|
2495 |
-example, |
|
2446 |
+ If there are any resources that your computer can't reach (for example, |
|
2496 | 2447 |
you are behind a restrictive firewall or content filter), please |
2497 |
- explicitly reject them in your exit policy — otherwise Tor |
|
2498 |
-users |
|
2448 |
+ explicitly reject them in your exit policy — otherwise Tor users |
|
2499 | 2449 |
will be impacted too. |
2500 | 2450 |
</p> |
2501 | 2451 |
|
... | ... |
@@ -2547,16 +2497,17 @@ users |
2547 | 2497 |
the BadExit flag why did that happen?</a></h3> |
2548 | 2498 |
|
2549 | 2499 |
<p>If you got this flag then we either discovered a problem or suspicious |
2550 |
- activity when routing traffic through your exit and weren't able to contact you. |
|
2551 |
- Please reach out to the <a href="mailto:bad-relays@lists.torproject.org">bad-relays team</a> |
|
2500 |
+ activity when routing traffic through your exit and weren't able to contact |
|
2501 |
+ you. Please reach out to the |
|
2502 |
+ <a href="mailto:bad-relays@lists.torproject.org">bad-relays team</a> |
|
2552 | 2503 |
so we can sort out the issue. |
2553 | 2504 |
</p> |
2554 | 2505 |
|
2555 | 2506 |
<hr> |
2556 | 2507 |
|
2557 | 2508 |
<a id="MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf"></a> |
2558 |
- <h3><a class="anchor" href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf">My |
|
2559 |
- relay recently got the Guard flag and traffic dropped by half.</a></h3> |
|
2509 |
+ <h3><a class="anchor" href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf"> |
|
2510 |
+ My relay recently got the Guard flag and traffic dropped by half.</a></h3> |
|
2560 | 2511 |
<p> |
2561 | 2512 |
Since it's now a guard, clients are using it less in other positions, but |
2562 | 2513 |
not many clients have rotated their existing guards out to use it as a |
... | ... |
@@ -2570,43 +2521,38 @@ users |
2570 | 2521 |
<hr> |
2571 | 2522 |
|
2572 | 2523 |
<a id="RelayOrBridge"></a> |
2573 |
- <h3><a class="anchor" href="#RelayOrBridge">Should I be a normal |
|
2574 |
-relay or bridge relay?</a></h3> |
|
2524 |
+ <h3><a class="anchor" href="#RelayOrBridge">Should I be a normal relay or |
|
2525 |
+ bridge relay?</a></h3> |
|
2575 | 2526 |
|
2576 |
- <p><a href="<page docs/bridges>">Bridge relays</a> (or "bridges" for |
|
2577 |
-short) |
|
2578 |
- are <a href="<wiki>TorRelayGuide">Tor relays</a> that aren't |
|
2579 |
- listed in the public Tor directory. |
|
2580 |
- That means that ISPs or governments trying to block access to the |
|
2581 |
- Tor network can't simply block all bridges. |
|
2527 |
+ <p><a href="<page docs/bridges>">Bridge relays</a> (or "bridges" for short) |
|
2528 |
+ are <a href="<wiki>TorRelayGuide">Tor relays</a> that aren't listed in the |
|
2529 |
+ public Tor directory. That means that ISPs or governments trying to block |
|
2530 |
+ access to the Tor network can't simply block all bridges. |
|
2582 | 2531 |
</p> |
2583 | 2532 |
|
2584 | 2533 |
<p>Being a normal relay vs being a bridge relay is almost the same |
2585 |
- configuration: it's just a matter of whether your relay is listed |
|
2586 |
- publicly or not. |
|
2534 |
+ configuration: it's just a matter of whether your relay is listed publicly |
|
2535 |
+ or not. |
|
2587 | 2536 |
</p> |
2588 | 2537 |
|
2589 | 2538 |
<p> |
2590 |
- So bridges are useful a) for Tor users in oppressive regimes, |
|
2591 |
- and b) for people who want an extra layer of security |
|
2592 |
- because they're worried somebody will recognize that it's a public |
|
2593 |
- Tor relay IP address they're contacting. |
|
2539 |
+ So bridges are useful a) for Tor users in oppressive regimes, and b) for |
|
2540 |
+ people who want an extra layer of security because they're worried somebody |
|
2541 |
+ will recognize that it's a public Tor relay IP address they're contacting. |
|
2594 | 2542 |
</p> |
2595 | 2543 |
|
2596 | 2544 |
<p> |
2597 |
- Several countries, including China and Iran, have found ways to |
|
2598 |
- detect and block connections to Tor bridges. |
|
2545 |
+ Several countries, including China and Iran, have found ways to detect and |
|
2546 |
+ block connections to Tor bridges. |
|
2599 | 2547 |
<a href="<page docs/pluggable-transports>">Obfsproxy</a> bridges address |
2600 | 2548 |
this by adding another layer of obfuscation. |
2601 | 2549 |
</p> |
2602 | 2550 |
|
2603 |
- <p>So should you run a normal relay or bridge relay? If you have |
|
2604 |
-lots |
|
2605 |
- of bandwidth, you should definitely run a normal relay. |
|
2606 |
- If you're willing |
|
2607 |
- to <a href="#ExitPolicies">be an exit</a>, you should definitely |
|
2608 |
- run an exit relay, since we need more exits. If you can't be an |
|
2609 |
- exit and only have a little bit of bandwidth, setup an |
|
2551 |
+ <p>So should you run a normal relay or bridge relay? If you have lots |
|
2552 |
+ of bandwidth, you should definitely run a normal relay. If you're willing |
|
2553 |
+ to <a href="#ExitPolicies">be an exit</a>, you should definitely run an |
|
2554 |
+ exit relay, since we need more exits. If you can't be an exit and only have |
|
2555 |
+ a little bit of bandwidth, setup an |
|
2610 | 2556 |
<a href="<page docs/pluggable-transports>#operator">obfs4 bridge</a>. |
2611 | 2557 |
Thanks for volunteering! |
2612 | 2558 |
</p> |
... | ... |
@@ -2654,7 +2599,10 @@ relay on a new computer. |
2654 | 2599 |
identity keys work? What do I need to know?</a></h3> |
2655 | 2600 |
|
2656 | 2601 |
<p> |
2657 |
-As of Tor 0.2.7 offline ed25519 identity keys are supported. In simple words, it works like this: |
|
2602 |
+ As of Tor 0.2.7 offline ed25519 identity keys are supported. In simple |
|
2603 |
+ words, it works like this: |
|
2604 |
+ </p> |
|
2605 |
+ |
|
2658 | 2606 |
<ul> |
2659 | 2607 |
<li>there is a master ed25519 identity secret key file named |
2660 | 2608 |
"ed25519_master_id_secret_key". This is the most important one, so make |
... | ... |
@@ -2674,6 +2621,8 @@ torrc.</li> |
2674 | 2621 |
advertised in the network. This one is not sensitive and can be easily |
2675 | 2622 |
computed from "ed5519_master_id_secret_key".</li> |
2676 | 2623 |
</ul> |
2624 |
+ |
|
2625 |
+ <p> |
|
2677 | 2626 |
Tor will only need access to the medium term signing key and certificate |
2678 | 2627 |
as long as they are valid, so the master identity secret key can be kept |
2679 | 2628 |
outside DataDirectory/keys, on a storage media or a different computer. |
... | ... |
@@ -2688,9 +2637,9 @@ If you want your relay to run unattended for longer time without having |
2688 | 2637 |
to manually do the medium term signing key renewal on regular basis, |
2689 | 2638 |
best to leave the master identity secret key in DataDirectory/keys, just |
2690 | 2639 |
make a backup in case you'll need to reinstall it. If you want to use |
2691 |
-this feature, you can consult our <a |
|
2692 |
-href="https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys">more |
|
2693 |
-detailed guide</a> on the topic. |
|
2640 |
+ this feature, you can consult our |
|
2641 |
+ <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys"> |
|
2642 |
+ more detailed guide</a> on the topic. |
|
2694 | 2643 |
</p> |
2695 | 2644 |
|
2696 | 2645 |
<hr> |
... | ... |
@@ -2772,8 +2734,10 @@ descriptors you can open at once. Competent vserver admins are able to |
2772 | 2734 |
configure your server to not hit these limits. For example, in SWSoft's |
2773 | 2735 |
Virtuozzo, investigate /proc/user_beancounters. Look for "failcnt" in |
2774 | 2736 |
tcpsndbuf, tcprecvbuf, numothersock, and othersockbuf. Ask for these to |
2775 |
-be increased accordingly. Xen, Virtual Box and VMware virtual servers have no such limits normally. |
|
2737 |
+ be increased accordingly. Xen, Virtual Box and VMware virtual servers have |
|
2738 |
+ no such limits normally. |
|
2776 | 2739 |
</p> |
2740 |
+ |
|
2777 | 2741 |
<p> |
2778 | 2742 |
If the vserver admin will not increase system limits another option is |
2779 | 2743 |
to reduce the memory allocated to the send and receive buffers on TCP |
... | ... |
@@ -2837,14 +2803,16 @@ the same geographic location. |
2837 | 2803 |
<p> |
2838 | 2804 |
Tor guesses its IP address by asking the computer for its hostname, and |
2839 | 2805 |
then resolving that hostname. Often people have old entries in their |
2840 |
- /etc/hosts file that point to old IP addresses. |
|
2806 |
+ <var>/etc/hosts</var> file that point to old IP addresses. |
|
2841 | 2807 |
</p> |
2808 |
+ |
|
2842 | 2809 |
<p> |
2843 | 2810 |
If that doesn't fix it, you should use the "Address" config option to |
2844 | 2811 |
specify the IP you want it to pick. If your computer is behind a NAT and |
2845 |
-it only has an internal IP address, see the following FAQ entry on <a |
|
2846 |
-href="#RelayFlexible">dynamic IP addresses</a>. |
|
2812 |
+ it only has an internal IP address, see the following FAQ entry on |
|
2813 |
+ <a href="#RelayFlexible">dynamic IP addresses</a>. |
|
2847 | 2814 |
</p> |
2815 |
+ |
|
2848 | 2816 |
<p> |
2849 | 2817 |
Also, if you have many addresses, you might also want to set |
2850 | 2818 |
"OutboundBindAddress" so external connections come from the IP you intend |
... | ... |
@@ -2857,18 +2825,21 @@ to present to the world. |
2857 | 2825 |
<h3><a class="anchor" href="#BehindANAT">I'm behind a NAT/Firewall.</a></h3> |
2858 | 2826 |
|
2859 | 2827 |
<p> |
2860 |
-See <a>http://portforward.com/</a> for directions on how to port forward with |
|
2861 |
-your NAT/router device. |
|
2828 |
+ See <a href="http://portforward.com/">portforward.com</a> for directions on |
|
2829 |
+ how to port forward with your NAT/router device. |
|
2862 | 2830 |
</p> |
2831 |
+ |
|
2863 | 2832 |
<p> |
2864 |
-If your relay is running on a internal net you need to setup port forwarding. |
|
2865 |
-Forwarding TCP connections is system dependent but the firewalled-clients FAQ |
|
2866 |
-entry offers some examples on how to do this. |
|
2833 |
+ If your relay is running on a internal net you need to setup port |
|
2834 |
+ forwarding. Forwarding TCP connections is system dependent but the |
|
2835 |
+ firewalled-clients FAQ entry offers some examples on how to do this. |
|
2867 | 2836 |
</p> |
2837 |
+ |
|
2868 | 2838 |
<p> |
2869 |
-Also, here's an example of how you would do this on GNU/Linux if you're using |
|
2870 |
-iptables: |
|
2839 |
+ Also, here's an example of how you would do this on GNU/Linux if you're |
|
2840 |
+ using iptables: |
|
2871 | 2841 |
</p> |
2842 |
+ |
|
2872 | 2843 |
<pre> |
2873 | 2844 |
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 9001 -j ACCEPT |
2874 | 2845 |
</pre> |
... | ... |
@@ -2880,49 +2852,40 @@ the loopback) so it shouldn't be too hard to figure out. |
2880 | 2852 |
<hr> |
2881 | 2853 |
|
2882 | 2854 |
<a id="RelayMemory"></a> |
2883 |
- <h3><a class="anchor" href="#RelayMemory">Why is my Tor relay using |
|
2884 |
-so much memory?</a></h3> |
|
2855 |
+ <h3><a class="anchor" href="#RelayMemory">Why is my Tor relay using so much |
|
2856 |
+ memory?</a></h3> |
|
2885 | 2857 |
|
2886 |
- <p>If your Tor relay is using more memory than you'd like, here are |
|
2887 |
-some |
|
2858 |
+ <p>If your Tor relay is using more memory than you'd like, here are some |
|
2888 | 2859 |
tips for reducing its footprint: |
2889 | 2860 |
</p> |
2890 | 2861 |
|
2891 | 2862 |
<ol> |
2892 | 2863 |
<li>If you're on Linux, you may be encountering memory fragmentation |
2893 |
- bugs in glibc's malloc implementation. That is, when Tor releases |
|
2894 |
-memory |
|
2895 |
- back to the system, the pieces of memory are fragmented so they're |
|
2896 |
-hard |
|
2897 |
- to reuse. The Tor tarball ships with OpenBSD's malloc |
|
2898 |
-implementation, |
|
2899 |
- which doesn't have as many fragmentation bugs (but the tradeoff is |
|
2900 |
-higher |
|
2901 |
- CPU load). You can tell Tor to use this malloc implementation |
|
2902 |
-instead: |
|
2903 |
- <tt>./configure --enable-openbsd-malloc</tt></li> |
|
2904 |
- |
|
2905 |
- <li>If you're running a fast relay, meaning you have many TLS |
|
2906 |
-connections |
|
2864 |
+ bugs in glibc's malloc implementation. That is, when Tor releases memory |
|
2865 |
+ back to the system, the pieces of memory are fragmented so they're hard |
|
2866 |
+ to reuse. The Tor tarball ships with OpenBSD's malloc implementation, |
|
2867 |
+ which doesn't have as many fragmentation bugs (but the tradeoff is higher |
|
2868 |
+ CPU load). You can tell Tor to use this malloc implementation instead: |
|
2869 |
+ <tt>./configure --enable-openbsd-malloc</tt> |
|
2870 |
+ </li> |
|
2871 |
+ <li>If you're running a fast relay, meaning you have many TLS connections |
|
2907 | 2872 |
open, you are probably losing a lot of memory to OpenSSL's internal |
2908 |
- buffers (38KB+ per socket). We've patched OpenSSL to <a href="https://lists.torproject.org/pipermail/tor-dev/2008-June/001519.html">release |
|
2909 |
- unused buffer memory more aggressively</a>. If you update to OpenSSL |
|
2910 |
- 1.0.0 or newer, Tor's build process will automatically recognize and |
|
2911 |
-use |
|
2912 |
- this feature.</li> |
|
2913 |
- |
|
2873 |
+ buffers (38KB+ per socket). We've patched OpenSSL to |
|
2874 |
+ <a href="https://lists.torproject.org/pipermail/tor-dev/2008-June/001519.html"> |
|
2875 |
+ release unused buffer memory more aggressively</a>. If you update to |
|
2876 |
+ OpenSSL 1.0.0 or newer, Tor's build process will automatically recognize |
|
2877 |
+ and use this feature. |
|
2878 |
+ </li> |
|
2914 | 2879 |
<li>If you still can't handle the memory load, consider reducing the |
2915 |
- amount of bandwidth your relay advertises. Advertising less |
|
2916 |
-bandwidth |
|
2880 |
+ amount of bandwidth your relay advertises. Advertising less bandwidth |
|
2917 | 2881 |
means you will attract fewer users, so your relay shouldn't grow |
2918 | 2882 |
as large. See the <tt>MaxAdvertisedBandwidth</tt> option in the man |
2919 |
- page.</li> |
|
2920 |
- |
|
2883 |
+ page. |
|
2884 |
+ </li> |
|
2921 | 2885 |
</ol> |
2922 | 2886 |
|
2923 | 2887 |
<p> |
2924 |
- All of this said, fast Tor relays do use a lot of ram. It is not |
|
2925 |
-unusual |
|
2888 |
+ All of this said, fast Tor relays do use a lot of ram. It is not unusual |
|
2926 | 2889 |
for a fast exit relay to use 500-1000 MB of memory. |
2927 | 2890 |
</p> |
2928 | 2891 |
|
... | ... |
@@ -2938,8 +2902,10 @@ Yes, you do get better anonymity against some attacks. |
2938 | 2902 |
<p> |
2939 | 2903 |
The simplest example is an attacker who owns a small number of Tor relays. |
2940 | 2904 |
They will see a connection from you, but they won't be able to know whether |
2941 |
-the connection originated at your computer or was relayed from somebody else. |
|
2905 |
+ the connection originated at your computer or was relayed from somebody |
|
2906 |
+ else. |
|
2942 | 2907 |
</p> |
2908 |
+ |
|
2943 | 2909 |
<p> |
2944 | 2910 |
There are some cases where it doesn't seem to help: if an attacker can |
2945 | 2911 |
watch all of your incoming and outgoing traffic, then it's easy for them |
... | ... |
@@ -2973,9 +2941,8 @@ most users, we think it's a smart move. |
2973 | 2941 |
|
2974 | 2942 |
<p><a href="https://exonerator.torproject.org/"> |
2975 | 2943 |
Exonerator</a> is a web service that can check if an IP address was a |
2976 |
- relay at a given time. We can also <a |
|
2977 |
- href="<page about/contact>">provide a signed |
|
2978 |
- letter</a> if needed.</p> |
|
2944 |
+ relay at a given time. We can also <a href="<page about/contact>">provide a |
|
2945 |
+ signed letter</a> if needed.</p> |
|
2979 | 2946 |
|
2980 | 2947 |
<hr> |
2981 | 2948 |
|
... | ... |
@@ -3004,15 +2972,13 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a> |
3004 | 2972 |
|
3005 | 2973 |
<p> |
3006 | 2974 |
These organizations are not the same as <a href="<page |
3007 |
- donate/donate>">The Tor Project, Inc</a>, but we consider that a |
|
3008 |
- good thing. They're run by nice people who are part of the |
|
3009 |
- Tor community. |
|
2975 |
+ donate/donate>">The Tor Project, Inc</a>, but we consider that a good thing. |
|
2976 |
+ They're run by nice people who are part of the Tor community. |
|
3010 | 2977 |
</p> |
3011 | 2978 |
|
3012 | 2979 |
<p> |
3013 | 2980 |
Note that there can be a tradeoff here between anonymity and |
3014 |
- performance. The Tor network's anonymity comes in part from |
|
3015 |
-diversity, |
|
2981 |
+ performance. The Tor network's anonymity comes in part from diversity, |
|
3016 | 2982 |
so if you are in a position to run your own relay, you will be |
3017 | 2983 |
improving Tor's anonymity more than by donating. At the same time |
3018 | 2984 |
though, economies |
... | ... |
@@ -3024,7 +2990,7 @@ diversity, |
3024 | 2990 |
|
3025 | 2991 |
<hr> |
3026 | 2992 |
|
3027 |
-# Leaving in old ids to accomodate incoming links. |
|
2993 |
+ <!-- Leaving in old id to accomodate incoming links. --> |
|
3028 | 2994 |
<a id="TorOnionServices"></a><a id="TorHiddenServices"></a> |
3029 | 2995 |
<h2><a class="anchor" href="#TorOnionServices">Tor onion services:</a></h2> |
3030 | 2996 |
|
... | ... |
@@ -3271,7 +3237,8 @@ diversity, |
3271 | 3237 |
<hr> |
3272 | 3238 |
|
3273 | 3239 |
<a id="AnonymityAndSecurity"></a> |
3274 |
- <h2><a class="anchor" href="#AnonymityAndSecurity">Anonymity And Security:</a></h2> |
|
3240 |
+ <h2><a class="anchor" href="#AnonymityAndSecurity">Anonymity And Security: |
|
3241 |
+ </a></h2> |
|
3275 | 3242 |
|
3276 | 3243 |
<a id="WhatProtectionsDoesTorProvide"></a> |
3277 | 3244 |
<h3><a class="anchor" href="#WhatProtectionsDoesTorProvide">What |
... | ... |
@@ -3342,8 +3309,8 @@ diversity, |
3342 | 3309 |
<hr> |
3343 | 3310 |
|
3344 | 3311 |
<a id="CanExitNodesEavesdrop"></a> |
3345 |
- <h3><a class="anchor" href="#CanExitNodesEavesdrop">Can exit nodes eavesdrop |
|
3346 |
- on communications? Isn't that bad?</a></h3> |
|
3312 |
+ <h3><a class="anchor" href="#CanExitNodesEavesdrop">Can exit nodes |
|
3313 |
+ eavesdrop on communications? Isn't that bad?</a></h3> |
|
3347 | 3314 |
|
3348 | 3315 |
<p> |
3349 | 3316 |
Yes, the guy running the exit node can read the bytes that come in and |
... | ... |
@@ -3356,8 +3323,9 @@ diversity, |
3356 | 3323 |
This is why you should always use end-to-end encryption such as SSL for |
3357 | 3324 |
sensitive Internet connections. (The corollary to this answer is that if |
3358 | 3325 |
you are worried about somebody intercepting your traffic and you're |
3359 |
- *not* using end-to-end encryption at the application layer, then something |
|
3360 |
- has already gone wrong and you shouldn't be thinking that Tor is the problem.) |
|
3326 |
+ *not* using end-to-end encryption at the application layer, then |
|
3327 |
+ something has already gone wrong and you shouldn't be thinking that Tor is |
|
3328 |
+ the problem.) |
|
3361 | 3329 |
</p> |
3362 | 3330 |
|
3363 | 3331 |
<hr> |
... | ... |
@@ -3425,24 +3393,21 @@ diversity, |
3425 | 3393 |
<hr> |
3426 | 3394 |
|
3427 | 3395 |
<a id="KeyManagement"></a> |
3428 |
- <h3><a class="anchor" href="#KeyManagement">Tell me about all the |
|
3429 |
-keys Tor uses.</a></h3> |
|
3396 |
+ <h3><a class="anchor" href="#KeyManagement">Tell me about all the keys Tor |
|
3397 |
+ uses.</a></h3> |
|
3430 | 3398 |
|
3431 | 3399 |
<p> |
3432 | 3400 |
Tor uses a variety of different keys, with three goals in mind: 1) |
3433 | 3401 |
encryption to ensure privacy of data within the Tor network, 2) |
3434 | 3402 |
authentication so clients know they're |
3435 |
- talking to the relays they meant to talk to, and 3) signatures to |
|
3436 |
-make |
|
3403 |
+ talking to the relays they meant to talk to, and 3) signatures to make |
|
3437 | 3404 |
sure all clients know the same set of relays. |
3438 | 3405 |
</p> |
3439 | 3406 |
|
3440 | 3407 |
<p> |
3441 |
- <b>Encryption</b>: first, all connections in Tor use TLS link |
|
3442 |
-encryption, |
|
3408 |
+ <b>Encryption</b>: first, all connections in Tor use TLS link encryption, |
|
3443 | 3409 |
so observers can't look inside to see which circuit a given cell is |
3444 |
- intended for. Further, the Tor client establishes an ephemeral |
|
3445 |
-encryption |
|
3410 |
+ intended for. Further, the Tor client establishes an ephemeral encryption |
|
3446 | 3411 |
key with each relay in the circuit; these extra layers of encryption |
3447 | 3412 |
mean that only the exit relay can read |
3448 | 3413 |
the cells. Both sides discard the circuit key when the circuit ends, |
... | ... |
@@ -3454,118 +3419,97 @@ encryption |
3454 | 3419 |
<b>Authentication</b>: |
3455 | 3420 |
Every Tor relay has a public decryption key called the "onion key". |
3456 | 3421 |
Each relay rotates its onion key once a week. |
3457 |
- When the Tor client establishes circuits, at each step it <a |
|
3458 |
- |
|
3459 |
-href="<svnprojects>design-paper/tor-design.html#subsec:circuits">demands |
|
3460 |
- that the Tor relay prove knowledge of its onion key</a>. That way |
|
3461 |
- the first node in the path can't just spoof the rest of the path. |
|
3462 |
- Because the Tor client chooses the path, it can make sure to get |
|
3463 |
- Tor's "distributed trust" property: no single relay in the path can |
|
3464 |
- know about both the client and what the client is doing. |
|
3422 |
+ When the Tor client establishes circuits, at each step it |
|
3423 |
+ <a href="<svnprojects>design-paper/tor-design.html#subsec:circuits">demands |
|
3424 |
+ that the Tor relay prove knowledge of its onion key</a>. That way the first |
|
3425 |
+ node in the path can't just spoof the rest of the path. |
|
3426 |
+ Because the Tor client chooses the path, it can make sure to get Tor's |
|
3427 |
+ "distributed trust" property: no single relay in the path can know about |
|
3428 |
+ both the client and what the client is doing. |
|
3465 | 3429 |
</p> |
3466 | 3430 |
|
3467 | 3431 |
<p> |
3468 | 3432 |
<b>Coordination</b>: |
3469 |
- How do clients know what the relays are, and how do they know that |
|
3470 |
-they |
|
3471 |
- have the right keys for them? Each relay has a long-term public |
|
3472 |
-signing |
|
3473 |
- key called the "identity key". Each directory authority additionally |
|
3474 |
-has a |
|
3475 |
- "directory signing key". The directory authorities <a |
|
3476 |
- href="<specblob>dir-spec.txt">provide a signed list</a> |
|
3477 |
- of all the known relays, and in that list are a set of certificates |
|
3478 |
-from |
|
3479 |
- each relay (self-signed by their identity key) specifying their |
|
3480 |
-keys, |
|
3481 |
- locations, exit policies, and so on. So unless the adversary can |
|
3482 |
-control |
|
3483 |
- a majority of the directory authorities (as of 2012 there are 8 |
|
3484 |
- directory authorities), they can't trick the Tor client into using |
|
3485 |
- other Tor relays. |
|
3486 |
- </p> |
|
3487 |
- |
|
3488 |
- <p> |
|
3489 |
- How do clients know what the directory authorities are? The Tor |
|
3490 |
-software |
|
3491 |
- comes with a built-in list of location and public key for each |
|
3492 |
-directory |
|
3493 |
- authority. So the only way to trick users into using a fake Tor |
|
3494 |
-network |
|
3433 |
+ How do clients know what the relays are, and how do they know that they |
|
3434 |
+ have the right keys for them? Each relay has a long-term public signing |
|
3435 |
+ key called the "identity key". Each directory authority additionally has a |
|
3436 |
+ "directory signing key". The directory authorities |
|
3437 |
+ <a href="<specblob>dir-spec.txt">provide a signed list</a> |
|
3438 |
+ of all the known relays, and in that list are a set of certificates from |
|
3439 |
+ each relay (self-signed by their identity key) specifying their keys, |
|
3440 |
+ locations, exit policies, and so on. So unless the adversary can control |
|
3441 |
+ a majority of the directory authorities (as of 2012 there are 8 directory |
|
3442 |
+ authorities), they can't trick the Tor client into using other Tor relays. |
|
3443 |
+ </p> |
|
3444 |
+ |
|
3445 |
+ <p> |
|
3446 |
+ How do clients know what the directory authorities are? The Tor software |
|
3447 |
+ comes with a built-in list of location and public key for each directory |
|
3448 |
+ authority. So the only way to trick users into using a fake Tor network |
|
3495 | 3449 |
is to give them a specially modified version of the software. |
3496 | 3450 |
</p> |
3497 | 3451 |
|
3498 | 3452 |
<p> |
3499 |
- How do users know they've got the right software? When we distribute |
|
3500 |
- the source code or a package, we digitally sign it with <a |
|
3501 |
- href="http://www.gnupg.org/">GNU Privacy Guard</a>. See the <a |
|
3502 |
- href="<page docs/verifying-signatures>">instructions |
|
3503 |
- on how to check Tor's signatures</a>. |
|
3453 |
+ How do users know they've got the right software? When we distribute the |
|
3454 |
+ source code or a package, we digitally sign it with |
|
3455 |
+ <a href="http://www.gnupg.org/">GNU Privacy Guard</a>. See the |
|
3456 |
+ <a href="<page docs/verifying-signatures>">instructions on how to check |
|
3457 |
+ Tor's signatures</a>. |
|
3504 | 3458 |
</p> |
3505 | 3459 |
|
3506 | 3460 |
<p> |
3507 |
- In order to be certain that it's really signed by us, you need to |
|
3508 |
-have |
|
3509 |
- met us in person and gotten a copy of our GPG key fingerprint, or |
|
3510 |
-you |
|
3511 |
- need to know somebody who has. If you're concerned about an attack |
|
3512 |
-on |
|
3513 |
- this level, we recommend you get involved with the security |
|
3514 |
-community |
|
3461 |
+ In order to be certain that it's really signed by us, you need to have |
|
3462 |
+ met us in person and gotten a copy of our GPG key fingerprint, or you |
|
3463 |
+ need to know somebody who has. If you're concerned about an attack on |
|
3464 |
+ this level, we recommend you get involved with the security community |
|
3515 | 3465 |
and start meeting people. |
3516 | 3466 |
</p> |
3517 | 3467 |
|
3518 | 3468 |
<hr> |
3519 | 3469 |
|
3520 | 3470 |
<a id="EntryGuards"></a> |
3521 |
-<h3><a class="anchor" href="#EntryGuards">What are Entry |
|
3522 |
-Guards?</a></h3> |
|
3471 |
+ <h3><a class="anchor" href="#EntryGuards">What are Entry Guards?</a></h3> |
|
3523 | 3472 |
|
3524 | 3473 |
<p> |
3525 | 3474 |
Tor (like all current practical low-latency anonymity designs) fails |
3526 | 3475 |
when the attacker can see both ends of the communications channel. For |
3527 | 3476 |
example, suppose the attacker controls or watches the Tor relay you |
3528 |
-choose |
|
3529 |
-to enter the network, and also controls or watches the website you |
|
3530 |
-visit. In |
|
3531 |
-this case, the research community knows no practical low-latency design |
|
3532 |
-that can reliably stop the attacker from correlating volume and timing |
|
3533 |
-information on the two sides. |
|
3477 |
+ choose to enter the network, and also controls or watches the website you |
|
3478 |
+ visit. In this case, the research community knows no practical low-latency |
|
3479 |
+ design that can reliably stop the attacker from correlating volume and |
|
3480 |
+ timing information on the two sides. |
|
3534 | 3481 |
</p> |
3535 | 3482 |
|
3536 | 3483 |
<p> |
3537 | 3484 |
So, what should we do? Suppose the attacker controls, or can observe, |
3538 |
-<i>C</i> relays. Suppose there are <i>N</i> relays total. If you select |
|
3539 |
-new entry and exit relays each time you use the network, the attacker |
|
3540 |
-will be able to correlate all traffic you send with probability around |
|
3541 |
-<i>(c/n)<sup>2</sup></i>. But profiling is, for most users, as bad |
|
3542 |
-as being traced all the time: they want to do something often without |
|
3543 |
-an attacker noticing, and the attacker noticing once is as bad as the |
|
3544 |
-attacker noticing more often. Thus, choosing many random entries and |
|
3545 |
-exits |
|
3546 |
-gives the user no chance of escaping profiling by this kind of attacker. |
|
3485 |
+ <i>C</i> relays. Suppose there are <i>N</i> relays total. If you select new |
|
3486 |
+ entry and exit relays each time you use the network, the attacker will be |
|
3487 |
+ able to correlate all traffic you send with probability around |
|
3488 |
+ <i>(c/n)<sup>2</sup></i>. But profiling is, for most users, as bad as being |
|
3489 |
+ traced all the time: they want to do something often without an attacker |
|
3490 |
+ noticing, and the attacker noticing once is as bad as the attacker noticing |
|
3491 |
+ more often. Thus, choosing many random entries and exits gives the user no |
|
3492 |
+ chance of escaping profiling by this kind of attacker. |
|
3547 | 3493 |
</p> |
3548 | 3494 |
|
3549 | 3495 |
<p> |
3550 | 3496 |
The solution is "entry guards": each Tor client selects a few relays at |
3551 |
-random |
|
3552 |
-to use as entry points, and uses only those relays for her first hop. If |
|
3553 |
-those relays are not controlled or observed, the attacker can't win, |
|
3497 |
+ random to use as entry points, and uses only those relays for her first hop. |
|
3498 |
+ If those relays are not controlled or observed, the attacker can't win, |
|
3554 | 3499 |
ever, and the user is secure. If those relays <i>are</i> observed or |
3555 | 3500 |
controlled by the attacker, the attacker sees a larger <i>fraction</i> |
3556 |
-of the user's traffic — but still the user is no more profiled |
|
3557 |
-than |
|
3501 |
+ of the user's traffic — but still the user is no more profiled than |
|
3558 | 3502 |
before. Thus, the user has some chance (on the order of <i>(n-c)/n</i>) |
3559 | 3503 |
of avoiding profiling, whereas she had none before. |
3560 | 3504 |
</p> |
3561 | 3505 |
|
3562 | 3506 |
<p> |
3563 |
-You can read more at <a href="http://freehaven.net/anonbib/#wright02">An |
|
3564 |
-Analysis of the Degradation of Anonymous Protocols</a>, <a |
|
3565 |
-href="http://freehaven.net/anonbib/#wright03">Defending Anonymous |
|
3507 |
+ You can read more at <a href="http://freehaven.net/anonbib/#wright02"> |
|
3508 |
+ An Analysis of the Degradation of Anonymous Protocols</a>, |
|
3509 |
+ <a href="http://freehaven.net/anonbib/#wright03">Defending Anonymous |
|
3566 | 3510 |
Communication Against Passive Logging Attacks</a>, and especially |
3567 |
-<a href="http://freehaven.net/anonbib/#hs-attack06">Locating Hidden |
|
3568 |
-Servers</a>. |
|
3511 |
+ <a href="http://freehaven.net/anonbib/#hs-attack06"> |
|
3512 |
+ Locating Hidden Servers</a>. |
|
3569 | 3513 |
</p> |
3570 | 3514 |
|
3571 | 3515 |
<p> |
... | ... |
@@ -3580,7 +3524,8 @@ we move to a "directory guard" design as well. |
3580 | 3524 |
<hr> |
3581 | 3525 |
|
3582 | 3526 |
<a id="ChangePaths"></a> |
3583 |
- <h3><a class="anchor" href="#ChangePaths">How often does Tor change its paths?</a></h3> |
|
3527 |
+ <h3><a class="anchor" href="#ChangePaths">How often does Tor change its |
|
3528 |
+ paths?</a></h3> |
|
3584 | 3529 |
<p> |
3585 | 3530 |
Tor will reuse the same circuit for new TCP streams for 10 minutes, |
3586 | 3531 |
as long as the circuit is working fine. (If the circuit fails, Tor |
... | ... |
@@ -3618,8 +3566,8 @@ interactive streams while still allowing good throughput for bulk streams. |
3618 | 3566 |
But since we want to do a lot of work on quality-of-service and better |
3619 | 3567 |
queuing approaches first, you shouldn't expect this change anytime soon |
3620 | 3568 |
(if ever). However if you are keen, there are a couple of |
3621 |
-<a href="<page getinvolved/volunteer>#Research"> |
|
3622 |
-research ideas</a> that may involve changing the cell size. |
|
3569 |
+ <a href="<page getinvolved/volunteer>#Research"> research ideas</a> |
|
3570 |
+ that may involve changing the cell size. |
|
3623 | 3571 |
</p> |
3624 | 3572 |
|
3625 | 3573 |
<hr> |
... | ... |
@@ -3648,16 +3597,17 @@ connection to the Tor network --- by blocking the directory authorities, by |
3648 | 3597 |
blocking all the relay IP addresses in the directory, or by filtering based |
3649 | 3598 |
on the fingerprint of the Tor TLS handshake. After seeing these attacks and |
3650 | 3599 |
others first-hand, more effort was put into researching new circumvention |
3651 |
-techniques. Pluggable transports are protocols designed to allow users behind |
|
3652 |
-government firewalls to access the Tor network. |
|
3600 |
+ techniques. Pluggable transports are protocols designed to allow users |
|
3601 |
+ behind government firewalls to access the Tor network. |
|
3653 | 3602 |
</p> |
3603 |
+ |
|
3654 | 3604 |
<p> |
3655 |
-We've made quite a bit of progress on this problem lately. You can read more |
|
3656 |
-details on the <a href="<page docs/pluggable-transports>"> |
|
3605 |
+ We've made quite a bit of progress on this problem lately. You can read |
|
3606 |
+ more details on the <a href="<page docs/pluggable-transports>"> |
|
3657 | 3607 |
pluggable transports page</a>. You may also be interested in |
3658 |
-<a href="https://www.youtube.com/watch?v=GwMr8Xl7JMQ">Roger and Jake's talk at |
|
3659 |
-28C3</a>, or <a href="https://www.youtube.com/watch?v=JZg1nqs793M">Runa's |
|
3660 |
-talk at 44con</a>. |
|
3608 |
+ <a href="https://www.youtube.com/watch?v=GwMr8Xl7JMQ">Roger and Jake's talk |
|
3609 |
+ at 28C3</a>, or <a href="https://www.youtube.com/watch?v=JZg1nqs793M"> |
|
3610 |
+ Runa's talk at 44con</a>. |
|
3661 | 3611 |
</p> |
3662 | 3612 |
|
3663 | 3613 |
<hr> |
... | ... |
@@ -3691,10 +3644,12 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage. |
3691 | 3644 |
<h3><a class="anchor" href="#IsTorLikeAVPN">Is Tor like a VPN?</a></h3> |
3692 | 3645 |
|
3693 | 3646 |
<p> |
3694 |
- <b>Do not use a VPN as an <a href="http://www.nbcnews.com/news/investigations/war-anonymous-british-spies-attacked-hackers-snowden-docs-show-n21361">anonymity solution</a>.</b> |
|
3647 |
+ <b>Do not use a VPN as an |
|
3648 |
+ <a href="http://www.nbcnews.com/news/investigations/war-anonymous-british-spies-attacked-hackers-snowden-docs-show-n21361"> |
|
3649 |
+ anonymity solution</a>.</b> |
|
3695 | 3650 |
If you're looking for a trusted entry into the Tor network, or if you want |
3696 |
- to obscure the fact that you're using Tor, <a |
|
3697 |
- href="https://www.torproject.org/docs/bridges#RunningABridge">setting up |
|
3651 |
+ to obscure the fact that you're using Tor, |
|
3652 |
+ <a href="https://www.torproject.org/docs/bridges#RunningABridge">setting up |
|
3698 | 3653 |
a private server as a bridge</a> works quite well. |
3699 | 3654 |
</p> |
3700 | 3655 |
|
... | ... |
@@ -3725,12 +3680,12 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage. |
3725 | 3680 |
When you use Tor the IP address you connect to changes at most every 10 |
3726 | 3681 |
minutes, and often more frequently than that. This makes it extremely |
3727 | 3682 |
dificult for websites to create any sort of persistent profile of Tor |
3728 |
- users (assuming you did not <a |
|
3729 |
- href="<page download/download>#warning">identify |
|
3730 |
- yourself in other ways</a>). No one Tor relay can know enough |
|
3731 |
- information to compromise any Tor user because of Tor's <a |
|
3732 |
- href="<page about/overview>#thesolution">encrypted |
|
3733 |
- three-hop circuit</a> design. |
|
3683 |
+ users (assuming you did not |
|
3684 |
+ <a href="<page download/download>#warning">identify yourself in other |
|
3685 |
+ ways</a>). No one Tor relay can know enough information to compromise any |
|
3686 |
+ Tor user because of Tor's |
|
3687 |
+ <a href="<page about/overview>#thesolution">encrypted three-hop circuit</a> |
|
3688 |
+ design. |
|
3734 | 3689 |
</p> |
3735 | 3690 |
|
3736 | 3691 |
<hr> |
... | ... |
@@ -3749,8 +3704,8 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage. |
3749 | 3704 |
as well as the IP address that proxy hop received traffic from. |
3750 | 3705 |
</p> |
3751 | 3706 |
<p> |
3752 |
- Because the <a |
|
3753 |
- href="https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt"> |
|
3707 |
+ Because the |
|
3708 |
+ <a href="https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt"> |
|
3754 | 3709 |
Tor protocol</a> requires encrypted relay-to-relay connections, not |
3755 | 3710 |
even a misbehaving relay can see the entire path of any Tor user. |
3756 | 3711 |
</p> |
... | ... |
@@ -3776,13 +3732,14 @@ defend against such a threat model. |
3776 | 3732 |
<p> |
3777 | 3733 |
In a more limited sense, note that if a censor or law enforcement agency has |
3778 | 3734 |
the ability to obtain specific observation of parts of the network, it is |
3779 |
-possible for them to verify a suspicion that you talk regularly to your friend |
|
3780 |
-by observing traffic at both ends and correlating the timing of only that |
|
3781 |
-traffic. Again, this is only useful to verify that parties already suspected |
|
3782 |
-of communicating with one another are doing so. In most countries, the |
|
3783 |
-suspicion required to obtain a warrant already carries more weight than |
|
3735 |
+ possible for them to verify a suspicion that you talk regularly to your |
|
3736 |
+ friend by observing traffic at both ends and correlating the timing of only |
|
3737 |
+ that traffic. Again, this is only useful to verify that parties already |
|
3738 |
+ suspected of communicating with one another are doing so. In most countries, |
|
3739 |
+ the suspicion required to obtain a warrant already carries more weight than |
|
3784 | 3740 |
timing correlation would provide. |
3785 | 3741 |
</p> |
3742 |
+ |
|
3786 | 3743 |
<p> |
3787 | 3744 |
Furthermore, since Tor reuses circuits for multiple TCP connections, it is |
3788 | 3745 |
possible to associate non anonymous and anonymous traffic at a given exit |
... | ... |
@@ -3793,11 +3750,13 @@ Perhaps even run separate Tor clients for these applications. |
3793 | 3750 |
<hr> |
3794 | 3751 |
|
3795 | 3752 |
<a id="LearnMoreAboutAnonymity"></a> |
3796 |
- <h3><a class="anchor" href="#LearnMoreAboutAnonymity">Where can I |
|
3797 |
- learn more about anonymity?</a></h3> |
|
3753 |
+ <h3><a class="anchor" href="#LearnMoreAboutAnonymity">Where can I learn |
|
3754 |
+ more about anonymity?</a></h3> |
|
3798 | 3755 |
|
3799 | 3756 |
<p> |
3800 |
- <a href="http://freehaven.net/anonbib/topic.html#Anonymous_20communication">Read these papers</a> (especially the ones in boxes) to get up to speed on anonymous communication systems. |
|
3757 |
+ <a href="http://freehaven.net/anonbib/topic.html#Anonymous_20communication"> |
|
3758 |
+ Read these papers</a> (especially the ones in boxes) to get up to speed on |
|
3759 |
+ anonymous communication systems. |
|
3801 | 3760 |
</p> |
3802 | 3761 |
|
3803 | 3762 |
<hr> |
... | ... |
@@ -3806,65 +3765,50 @@ Perhaps even run separate Tor clients for these applications. |
3806 | 3765 |
<h2><a class="anchor" href="#AlternateDesigns">Alternate designs:</a></h2> |
3807 | 3766 |
|
3808 | 3767 |
<a id="EverybodyARelay"></a> |
3809 |
- <h3><a class="anchor" href="#EverybodyARelay">You should make every |
|
3810 |
-Tor user be a relay.</a></h3> |
|
3811 |
- |
|
3812 |
- <p> |
|
3813 |
- Requiring every Tor user to be a relay would help with scaling the |
|
3814 |
- network to handle all our users, and <a |
|
3815 |
- href="#BetterAnonymity">running a Tor |
|
3816 |
- relay may help your anonymity</a>. However, many Tor users cannot be |
|
3817 |
-good |
|
3818 |
- relays — for example, some Tor clients operate from behind |
|
3819 |
-restrictive |
|
3820 |
- firewalls, connect via modem, or otherwise aren't in a position |
|
3821 |
-where they |
|
3822 |
- can relay traffic. Providing service to these clients is a critical |
|
3823 |
- part of providing effective anonymity for everyone, since many Tor |
|
3824 |
-users |
|
3825 |
- are subject to these or similar constraints and including these |
|
3826 |
-clients |
|
3768 |
+ <h3><a class="anchor" href="#EverybodyARelay">You should make every Tor |
|
3769 |
+ user be a relay.</a></h3> |
|
3770 |
+ |
|
3771 |
+ <p> |
|
3772 |
+ Requiring every Tor user to be a relay would help with scaling the network |
|
3773 |
+ to handle all our users, and <a href="#BetterAnonymity">running a Tor relay |
|
3774 |
+ may help your anonymity</a>. However, many Tor users cannot be good relays |
|
3775 |
+ — for example, some Tor clients operate from behind restrictive |
|
3776 |
+ firewalls, connect via modem, or otherwise aren't in a position where they |
|
3777 |
+ can relay traffic. Providing service to these clients is a critical part of |
|
3778 |
+ providing effective anonymity for everyone, since many Tor users are |
|
3779 |
+ subject to these or similar constraints and including these clients |
|
3827 | 3780 |
increases the size of the anonymity set. |
3828 | 3781 |
</p> |
3829 | 3782 |
|
3830 | 3783 |
<p> |
3831 |
- That said, we do want to encourage Tor users to run relays, so what |
|
3832 |
-we |
|
3833 |
- really want to do is simplify the process of setting up and |
|
3834 |
-maintaining |
|
3835 |
- a relay. We've made a lot of progress with easy configuration in the |
|
3836 |
-past |
|
3837 |
- few years: |
|
3838 |
- Tor is good at automatically detecting whether it's |
|
3839 |
-reachable and |
|
3840 |
- how much bandwidth it can offer. |
|
3784 |
+ That said, we do want to encourage Tor users to run relays, so what we |
|
3785 |
+ really want to do is simplify the process of setting up and maintaining |
|
3786 |
+ a relay. We've made a lot of progress with easy configuration in the past |
|
3787 |
+ few years: Tor is good at automatically detecting whether it's reachable |
|
3788 |
+ and how much bandwidth it can offer. |
|
3841 | 3789 |
</p> |
3842 | 3790 |
|
3843 | 3791 |
<p> |
3844 |
- There are five steps we need to address before we can do this |
|
3845 |
-though: |
|
3792 |
+ There are five steps we need to address before we can do this though: |
|
3846 | 3793 |
</p> |
3847 | 3794 |
|
3848 | 3795 |
<p> |
3849 |
- First, we need to make Tor stable as a relay on all common |
|
3850 |
- operating systems. The main remaining platform is Windows, |
|
3851 |
- and we're mostly there. See Section 4.1 of <a |
|
3852 |
- href="https://www.torproject.org/press/2008-12-19-roadmap-press-release" |
|
3853 |
->our |
|
3854 |
- development roadmap</a>. |
|
3796 |
+ First, we need to make Tor stable as a relay on all common operating |
|
3797 |
+ systems. The main remaining platform is Windows, and we're mostly there. |
|
3798 |
+ See Section 4.1 of |
|
3799 |
+ <a href="https://www.torproject.org/press/2008-12-19-roadmap-press-release"> |
|
3800 |
+ our development roadmap</a>. |
|
3855 | 3801 |
</p> |
3856 | 3802 |
|
3857 | 3803 |
<p> |
3858 |
- Second, we still need to get better at automatically estimating |
|
3859 |
- the right amount of bandwidth to allow. See item #7 on the |
|
3860 |
- <a href="<page getinvolved/volunteer>#Research">research section of |
|
3861 |
-the |
|
3862 |
- volunteer page</a>: "Tor doesn't work very well when relays |
|
3863 |
- have asymmetric bandwidth (e.g. cable or DSL)". It might be that <a |
|
3864 |
- href="<page docs/faq>#TransportIPnotTCP">switching |
|
3865 |
- to UDP transport</a> is the simplest answer here — which alas |
|
3866 |
-is |
|
3867 |
- not a very simple answer at all. |
|
3804 |
+ Second, we still need to get better at automatically estimating the right |
|
3805 |
+ amount of bandwidth to allow. See item #7 on the |
|
3806 |
+ <a href="<page getinvolved/volunteer>#Research">research section of the |
|
3807 |
+ volunteer page</a>: "Tor doesn't work very well when relays have asymmetric |
|
3808 |
+ bandwidth (e.g. cable or DSL)". It might be that |
|
3809 |
+ <a href="<page docs/faq>#TransportIPnotTCP">switching to UDP transport</a> |
|
3810 |
+ is the simplest answer here — which alas is not a very simple answer |
|
3811 |
+ at all. |
|
3868 | 3812 |
</p> |
3869 | 3813 |
|
3870 | 3814 |
<p> |
... | ... |
@@ -3885,27 +3829,19 @@ is |
3885 | 3829 |
href="http://freehaven.net/anonbib/#clog-the-queue">different</a> |
3886 | 3830 |
<a href="http://freehaven.net/anonbib/#torta05">research</a> papers |
3887 | 3831 |
describe ways to identify the relays in a circuit by running traffic |
3888 |
- through candidate relays and looking for dips in the traffic while |
|
3889 |
-the |
|
3890 |
- circuit is active. These clogging attacks are not that scary in the |
|
3891 |
-Tor |
|
3892 |
- context so long as relays are never clients too. But if we're trying |
|
3893 |
-to |
|
3894 |
- encourage more clients to turn on relay functionality too (whether |
|
3895 |
-as |
|
3896 |
- <a href="<page docs/bridges>">bridge relays</a> or as normal |
|
3897 |
-relays), then |
|
3898 |
- we need to understand this threat better and learn how to mitigate |
|
3899 |
-it. |
|
3832 |
+ through candidate relays and looking for dips in the traffic while the |
|
3833 |
+ circuit is active. These clogging attacks are not that scary in the Tor |
|
3834 |
+ context so long as relays are never clients too. But if we're trying to |
|
3835 |
+ encourage more clients to turn on relay functionality too (whether as |
|
3836 |
+ <a href="<page docs/bridges>">bridge relays</a> or as normal relays), then |
|
3837 |
+ we need to understand this threat better and learn how to mitigate it. |
|
3900 | 3838 |
</p> |
3901 | 3839 |
|
3902 | 3840 |
<p> |
3903 |
- Fifth, we might need some sort of incentive scheme to encourage |
|
3904 |
-people |
|
3905 |
- to relay traffic for others, and/or to become exit nodes. Here are |
|
3906 |
-our |
|
3907 |
- <a href="<blog>two-incentive-designs-tor">current |
|
3908 |
- thoughts on Tor incentives</a>. |
|
3841 |
+ Fifth, we might need some sort of incentive scheme to encourage people |
|
3842 |
+ to relay traffic for others, and/or to become exit nodes. Here are our |
|
3843 |
+ <a href="<blog>two-incentive-designs-tor">current thoughts on Tor |
|
3844 |
+ incentives</a>. |
|
3909 | 3845 |
</p> |
3910 | 3846 |
|
3911 | 3847 |
<p> |
... | ... |
@@ -3927,19 +3863,19 @@ connections. |
3927 | 3863 |
</p> |
3928 | 3864 |
|
3929 | 3865 |
<p> |
3930 |
-We're heading in this direction: see <a |
|
3931 |
-href="https://trac.torproject.org/projects/tor/ticket/1855">this trac |
|
3932 |
-ticket</a> for directions we should investigate. Some of the hard |
|
3933 |
-problems are: |
|
3866 |
+ We're heading in this direction: see |
|
3867 |
+ <a href="https://trac.torproject.org/projects/tor/ticket/1855">this trac |
|
3868 |
+ ticket</a> for directions we should investigate. Some of the hard problems |
|
3869 |
+ are: |
|
3934 | 3870 |
</p> |
3935 | 3871 |
|
3936 | 3872 |
<ol> |
3937 | 3873 |
<li>IP packets reveal OS characteristics. We would still need to do |
3938 | 3874 |
IP-level packet normalization, to stop things like TCP fingerprinting |
3939 |
-attacks. Given the diversity and complexity of TCP stacks, along with <a |
|
3940 |
-href="#RemotePhysicalDeviceFingerprinting">device |
|
3941 |
-fingerprinting attacks</a>, it looks like our best bet is shipping our |
|
3942 |
-own user-space TCP stack. |
|
3875 |
+ attacks. Given the diversity and complexity of TCP stacks, along with |
|
3876 |
+ <a href="#RemotePhysicalDeviceFingerprinting">device fingerprinting |
|
3877 |
+ attacks</a>, it looks like our best bet is shipping our own user-space TCP |
|
3878 |
+ stack. |
|
3943 | 3879 |
</li> |
3944 | 3880 |
<li>Application-level streams still need scrubbing. We will still need |
3945 | 3881 |
user-side applications like Torbutton. So it won't become just a matter |
... | ... |
@@ -3950,34 +3886,30 @@ rewrite DNS requests so they are delivered to an unlinkable DNS server |
3950 | 3886 |
rather than the DNS server at a user's ISP; thus, we must understand |
3951 | 3887 |
the protocols we are transporting. |
3952 | 3888 |
</li> |
3953 |
-<li><a |
|
3954 |
-href="http://crypto.stanford.edu/~nagendra/projects/dtls/dtls.html">DTLS |
|
3955 |
-</a> |
|
3956 |
-(datagram TLS) basically has no users, and IPsec sure is big. Once we've |
|
3957 |
-picked a transport mechanism, we need to design a new end-to-end Tor |
|
3889 |
+ <li><a href="http://crypto.stanford.edu/~nagendra/projects/dtls/dtls.html"> |
|
3890 |
+ DTLS</a> (datagram TLS) basically has no users, and IPsec sure is big. Once |
|
3891 |
+ we've picked a transport mechanism, we need to design a new end-to-end Tor |
|
3958 | 3892 |
protocol for avoiding tagging attacks and other potential anonymity and |
3959 | 3893 |
integrity issues now that we allow drops, resends, et cetera. |
3960 | 3894 |
</li> |
3961 |
-<li>Exit policies for arbitrary IP packets mean building a secure |
|
3962 |
-IDS. Our node operators tell us that exit policies are one of the main |
|
3963 |
-reasons they're willing to run Tor. Adding an Intrusion Detection System |
|
3964 |
-to handle exit policies would increase the security complexity of Tor, |
|
3965 |
-and would likely not work anyway, as evidenced by the entire field of |
|
3966 |
-IDS |
|
3967 |
-and counter-IDS papers. Many potential abuse issues are resolved by the |
|
3968 |
-fact that Tor only transports valid TCP streams (as opposed to arbitrary |
|
3969 |
-IP including malformed packets and IP floods), so exit policies become |
|
3970 |
-even <i>more</i> important as we become able to transport IP packets. We |
|
3971 |
-also need to compactly describe exit policies in the Tor directory, |
|
3972 |
-so clients can predict which nodes will allow their packets to exit |
|
3973 |
-— |
|
3974 |
-and clients need to predict all the packets they will want to send in |
|
3975 |
-a session before picking their exit node! |
|
3895 |
+ <li>Exit policies for arbitrary IP packets mean building a secure IDS. Our |
|
3896 |
+ node operators tell us that exit policies are one of the main reasons |
|
3897 |
+ they're willing to run Tor. Adding an Intrusion Detection System to handle |
|
3898 |
+ exit policies would increase the security complexity of Tor, and would |
|
3899 |
+ likely not work anyway, as evidenced by the entire field of IDS and |
|
3900 |
+ counter-IDS papers. Many potential abuse issues are resolved by the fact |
|
3901 |
+ that Tor only transports valid TCP streams (as opposed to arbitrary IP |
|
3902 |
+ including malformed packets and IP floods), so exit policies become even |
|
3903 |
+ <i>more</i> important as we become able to transport IP packets. We also |
|
3904 |
+ need to compactly describe exit policies in the Tor directory, so clients |
|
3905 |
+ can predict which nodes will allow their packets to exit — and |
|
3906 |
+ clients need to predict all the packets they will want to send in a session |
|
3907 |
+ before picking their exit node! |
|
3976 | 3908 |
</li> |
3977 | 3909 |
<li>The Tor-internal name spaces would need to be redesigned. We support |
3978 |
-onion service ".onion" addresses by intercepting the addresses when |
|
3979 |
-they are passed to the Tor client. Doing so at the IP level will require |
|
3980 |
-a more complex interface between Tor and the local DNS resolver. |
|
3910 |
+ onion service ".onion" addresses by intercepting the addresses when they |
|
3911 |
+ are passed to the Tor client. Doing so at the IP level will require a more |
|
3912 |
+ complex interface between Tor and the local DNS resolver. |
|
3981 | 3913 |
</li> |
3982 | 3914 |
</ol> |
3983 | 3915 |
|
... | ... |
@@ -3999,12 +3931,10 @@ list of relays directly, somebody could still make a lot of connections |
3999 | 3931 |
through Tor to a test site and build a list of the addresses they see. |
4000 | 3932 |
</li> |
4001 | 3933 |
|
4002 |
-<li>If people want to block us, we believe that they should be allowed |
|
4003 |
-to |
|
3934 |
+ <li>If people want to block us, we believe that they should be allowed to |
|
4004 | 3935 |
do so. Obviously, we would prefer for everybody to allow Tor users to |
4005 | 3936 |
connect to them, but people have the right to decide who their services |
4006 |
-should allow connections from, and if they want to block anonymous |
|
4007 |
-users, |
|
3937 |
+ should allow connections from, and if they want to block anonymous users, |
|
4008 | 3938 |
they can. |
4009 | 3939 |
</li> |
4010 | 3940 |
|
... | ... |
@@ -4026,28 +3956,32 @@ their path length.</a></h3> |
4026 | 3956 |
<p> |
4027 | 3957 |
Right now the path length is hard-coded at 3 plus the number of nodes in |
4028 | 3958 |
your path that are sensitive. That is, in normal cases it's 3, but for |
4029 |
- example if you're accessing an onion service or a ".exit" address it could be 4. |
|
3959 |
+ example if you're accessing an onion service or a ".exit" address it could |
|
3960 |
+ be 4. |
|
4030 | 3961 |
</p> |
3962 |
+ |
|
4031 | 3963 |
<p> |
4032 | 3964 |
We don't want to encourage people to use paths longer than this — it |
4033 | 3965 |
increases load on the network without (as far as we can tell) providing |
4034 | 3966 |
any more security. Remember that |
4035 |
-<a href="https://svn.torproject.org/svn/projects/design-paper/tor-design.html#subsec:threat-model">the |
|
4036 |
-best way to attack Tor is to attack the endpoints and ignore the middle |
|
3967 |
+ <a href="https://svn.torproject.org/svn/projects/design-paper/tor-design.html#subsec:threat-model"> |
|
3968 |
+ the best way to attack Tor is to attack the endpoints and ignore the middle |
|
4037 | 3969 |
of the path</a>. |
4038 |
- Also, using paths longer than 3 could harm anonymity, first because |
|
4039 |
- it makes <a href="http://freehaven.net/anonbib/#ccs07-doa">"denial of |
|
4040 |
- security"</a> attacks easier, and second because it could act as an |
|
4041 |
- identifier if only a few people do it ("Oh, there's that person who |
|
4042 |
- changed her path length again"). |
|
3970 |
+ Also, using paths longer than 3 could harm anonymity, first because it makes |
|
3971 |
+ <a href="http://freehaven.net/anonbib/#ccs07-doa">"denial of security"</a> |
|
3972 |
+ attacks easier, and second because it could act as an identifier if only a |
|
3973 |
+ few people do it ("Oh, there's that person who changed her path length |
|
3974 |
+ again"). |
|
4043 | 3975 |
</p> |
3976 |
+ |
|
4044 | 3977 |
<p> |
4045 | 3978 |
And we don't want to encourage people to use paths of length 1 either. |
4046 |
- Currently there is no reason to suspect that investigating a single |
|
4047 |
- relay will yield user-destination pairs, but if many people are using |
|
4048 |
- only a single hop, we make it more likely that attackers will seize or |
|
4049 |
- break into relays in hopes of tracing users. |
|
3979 |
+ Currently there is no reason to suspect that investigating a single relay |
|
3980 |
+ will yield user-destination pairs, but if many people are using only a |
|
3981 |
+ single hop, we make it more likely that attackers will seize or break into |
|
3982 |
+ relays in hopes of tracing users. |
|
4050 | 3983 |
</p> |
3984 |
+ |
|
4051 | 3985 |
<p> |
4052 | 3986 |
Now, there is a good argument for making the number of hops in a path |
4053 | 3987 |
unpredictable. For example, somebody who happens to control the last |
... | ... |
@@ -4073,16 +4007,18 @@ best way to attack Tor is to attack the endpoints and ignore the middle |
4073 | 4007 |
first hop in the path) and Bob (or the last hop in the path) and learns |
4074 | 4008 |
that they are communicating. |
4075 | 4009 |
</p> |
4010 |
+ |
|
4076 | 4011 |
<p> |
4077 |
-If we make the assumption that timing attacks work well on even a few packets |
|
4078 |
-end-to-end, then having *more* possible ways for the adversary to observe the |
|
4079 |
-connection seems to hurt anonymity, not help it. |
|
4012 |
+ If we make the assumption that timing attacks work well on even a few |
|
4013 |
+ packets end-to-end, then having *more* possible ways for the adversary to |
|
4014 |
+ observe the connection seems to hurt anonymity, not help it. |
|
4080 | 4015 |
</p> |
4016 |
+ |
|
4081 | 4017 |
<p> |
4082 |
-Now, it's possible that we could make ourselves more resistant to end-to-end |
|
4083 |
-attacks with a little bit of padding and by making each circuit send and |
|
4084 |
-receive a fixed number of cells. This approach is more well-understood in |
|
4085 |
-the context of high-latency systems. See e.g. |
|
4018 |
+ Now, it's possible that we could make ourselves more resistant to |
|
4019 |
+ end-to-end attacks with a little bit of padding and by making each circuit |
|
4020 |
+ send and receive a fixed number of cells. This approach is more |
|
4021 |
+ well-understood in the context of high-latency systems. See e.g. |
|
4086 | 4022 |
<a href="http://freehaven.net/anonbib/#pet05-serjantov"> |
4087 | 4023 |
Message Splitting Against the Partial Adversary by Andrei Serjantov and |
4088 | 4024 |
Steven J. Murdoch</a>. |
... | ... |
@@ -4203,10 +4143,11 @@ suddenly that Tor relay is blocking the news site. |
4203 | 4143 |
positive/false positive rates and we are not interested in addressing |
4204 | 4144 |
this problem. |
4205 | 4145 |
</p> |
4146 |
+ |
|
4206 | 4147 |
<p> |
4207 |
-Further, and more importantly, which definition of "certain content" could we |
|
4208 |
-use? Every choice would lead to a quagmire of conflicting personal morals. The |
|
4209 |
-only solution is to have no opinion. |
|
4148 |
+ Further, and more importantly, which definition of "certain content" could |
|
4149 |
+ we use? Every choice would lead to a quagmire of conflicting personal |
|
4150 |
+ morals. The only solution is to have no opinion. |
|
4210 | 4151 |
</p> |
4211 | 4152 |
|
4212 | 4153 |
<hr> |
... | ... |
@@ -4219,9 +4160,9 @@ only solution is to have no opinion. |
4219 | 4160 |
Like all anonymous communication networks that are fast enough for web |
4220 | 4161 |
browsing, Tor is vulnerable to statistical "traffic confirmation" |
4221 | 4162 |
attacks, where the adversary watches traffic at both ends of a circuit |
4222 |
- and confirms their guess that those endpoints are communicating. It would be really |
|
4223 |
- nice if we could use cover traffic to confuse this attack. But there |
|
4224 |
- are three problems here: |
|
4163 |
+ and confirms their guess that those endpoints are communicating. It would |
|
4164 |
+ be really nice if we could use cover traffic to confuse this attack. But |
|
4165 |
+ there are three problems here: |
|
4225 | 4166 |
</p> |
4226 | 4167 |
|
4227 | 4168 |
<ul> |
... | ... |
@@ -4257,8 +4198,8 @@ only solution is to have no opinion. |
4257 | 4198 |
<hr> |
4258 | 4199 |
|
4259 | 4200 |
<a id="Steganography"></a> |
4260 |
- <h3><a class="anchor" href="#Steganography">You should use steganography to hide Tor |
|
4261 |
- traffic.</a></h3> |
|
4201 |
+ <h3><a class="anchor" href="#Steganography">You should use steganography to |
|
4202 |
+ hide Tor traffic.</a></h3> |
|
4262 | 4203 |
|
4263 | 4204 |
<p> |
4264 | 4205 |
Many people suggest that we should use steganography to make it hard |
... | ... |
@@ -4280,24 +4221,23 @@ only solution is to have no opinion. |
4280 | 4221 |
<h2><a class="anchor" href="#Abuse">Abuse:</a></h2> |
4281 | 4222 |
|
4282 | 4223 |
<a id="Criminals"></a> |
4283 |
- <h3><a class="anchor" href="#Criminals">Doesn't Tor enable criminals |
|
4284 |
-to do bad things?</a></h3> |
|
4224 |
+ <h3><a class="anchor" href="#Criminals">Doesn't Tor enable criminals to do |
|
4225 |
+ bad things?</a></h3> |
|
4285 | 4226 |
|
4286 | 4227 |
<p> |
4287 |
- For the answer to this question and others, please see our <a |
|
4288 |
- href="<page docs/faq-abuse>">Tor Abuse FAQ</a>. |
|
4228 |
+ For the answer to this question and others, please see our |
|
4229 |
+ <a href="<page docs/faq-abuse>">Tor Abuse FAQ</a>. |
|
4289 | 4230 |
</p> |
4290 | 4231 |
|
4291 | 4232 |
<hr> |
4292 | 4233 |
|
4293 | 4234 |
<a id="RespondISP"></a> |
4294 |
- <h3><a class="anchor" href="#RespondISP">How do I respond to my ISP |
|
4295 |
-about my exit relay?</a></h3> |
|
4235 |
+ <h3><a class="anchor" href="#RespondISP">How do I respond to my ISP about |
|
4236 |
+ my exit relay?</a></h3> |
|
4296 | 4237 |
|
4297 | 4238 |
<p> |
4298 |
- A collection of templates for successfully responding to ISPs is <a |
|
4299 |
- href="<wiki>doc/TorAbuseTemplates">collected |
|
4300 |
- here</a>. |
|
4239 |
+ A collection of templates for successfully responding to ISPs is |
|
4240 |
+ <a href="<wiki>doc/TorAbuseTemplates">collected here</a>. |
|
4301 | 4241 |
</p> |
4302 | 4242 |
|
4303 | 4243 |
<hr> |
... | ... |
@@ -4307,18 +4247,18 @@ about my exit relay?</a></h3> |
4307 | 4247 |
a Tor IP address for a legal case.</a></h3> |
4308 | 4248 |
|
4309 | 4249 |
<p> |
4310 |
- Please read the <a |
|
4311 |
- href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written |
|
4312 |
- by EFF lawyers</a>. There's a growing <a |
|
4313 |
- href="https://blog.torproject.org/blog/start-tor-legal-support-directory">legal |
|
4314 |
- directory</a> of people who may be able to help you. |
|
4250 |
+ Please read the |
|
4251 |
+ <a href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written |
|
4252 |
+ by EFF lawyers</a>. There's a growing |
|
4253 |
+ <a href="https://blog.torproject.org/blog/start-tor-legal-support-directory"> |
|
4254 |
+ legal directory</a> of people who may be able to help you. |
|
4315 | 4255 |
</p> |
4316 | 4256 |
|
4317 | 4257 |
<p> |
4318 |
- If you need to check if a certain IP address was acting as a Tor exit |
|
4319 |
- node at a certain date and time, you can use the <a |
|
4320 |
- href="https://exonerator.torproject.org/">ExoneraTor tool</a> to query the |
|
4321 |
- historic Tor relay lists and get an answer. |
|
4258 |
+ If you need to check if a certain IP address was acting as a Tor exit node |
|
4259 |
+ at a certain date and time, you can use the |
|
4260 |
+ <a href="https://exonerator.torproject.org/">ExoneraTor tool</a> to query |
|
4261 |
+ the historic Tor relay lists and get an answer. |
|
4322 | 4262 |
</p> |
4323 | 4263 |
|
4324 | 4264 |
<hr> |
4325 | 4265 |