Roger Dingledine commited on 2004-12-09 17:32:45
Zeige 1 geänderte Dateien mit 145 Einfügungen und 71 Löschungen.
... | ... |
@@ -24,50 +24,103 @@ |
24 | 24 |
|
25 | 25 |
<h2>Tor: Overview</h2> |
26 | 26 |
|
27 |
-<h3>Traffic analysis</h3> |
|
28 | 27 |
<p> |
29 |
-Traffic analysis can be used to infer who is talking to whom over a |
|
30 |
-public network. For example, Internet packets have a header used for |
|
31 |
-routing, and a payload that carries the data. The header, which must be |
|
32 |
-visible to the network (and to observers of the network), reveals the |
|
33 |
-source and destination of the packet. Even if the header were obscured |
|
34 |
-in some way, the packet could still be tracked as it moves through the |
|
35 |
-network. Encrypting the payload is similarly ineffective, because the |
|
36 |
-routing information is all an observer needs. |
|
28 |
+Tor is a network-within-a-network that allows people and groups to |
|
29 |
+improve their privacy and security on the Internet. It also enables |
|
30 |
+future software developers to create new kinds of communication tools |
|
31 |
+that have built-in privacy features. Tor can provide the foundation for |
|
32 |
+a whole range of applications that allow organizations and individuals |
|
33 |
+to share information over public networks without compromising their |
|
34 |
+privacy. |
|
37 | 35 |
</p> |
38 | 36 |
|
39 | 37 |
<p> |
40 |
-Knowing the source and destination of your Internet traffic allows |
|
41 |
-somebody to track your behavior and interests, impacting your checkbook or |
|
42 |
-even threatening your job or physical safety. |
|
38 |
+Individuals can use Tor to shield themselves and their family members |
|
39 |
+from being tracked by remote websites. They can also use it to connect |
|
40 |
+to resources such as news sites or instant messaging services that are |
|
41 |
+blocked by their local Internet service providers (ISPs). |
|
43 | 42 |
</p> |
44 | 43 |
|
45 | 44 |
<p> |
46 |
-Individuals, corporations, and governments all have an interest in |
|
47 |
-traffic analysis protection. Individuals want to protect themselves and |
|
48 |
-their family members from remote websites, or connect to resources such |
|
49 |
-as news sites or instant messaging services that are blocked locally. |
|
50 |
-User groups such as the German "Diabetes People" organization recommend |
|
51 |
-Tor for their members' online privacy and security. Activist groups such |
|
52 |
-as the Electronic Frontier Foundation are publicizing Tor as a mechanism |
|
53 |
-for maintaining civil liberties online. Corporations such as Google and |
|
54 |
-Wal-Mart are investigating Tor as a safe avenue for competitive analysis |
|
55 |
-or to try out new experimental projects without associating their name |
|
56 |
-with the project. A branch of the U.S. Navy uses Tor for open source |
|
57 |
-intelligence gathering, and one of their teams used Tor while deployed |
|
58 |
-in the Middle East recently. |
|
45 |
+Groups such as the German "Diabetes People" organization recommend Tor |
|
46 |
+for safeguarding their members' online privacy and security. Activist |
|
47 |
+groups like the Electronic Frontier Foundation (EFF) are supporting |
|
48 |
+Tor's development as a mechanism for maintaining civil liberties online. |
|
49 |
+Corporations are investigating Tor as a safe way to conduct competitive |
|
50 |
+analysis, and are considering using Tor to test new experimental projects |
|
51 |
+without associating their names with these projects. A branch of the |
|
52 |
+US Navy uses Tor for open source intelligence gathering, and one of its |
|
53 |
+teams used Tor while deployed in the Middle East recently. |
|
59 | 54 |
</p> |
60 | 55 |
|
61 |
-<h3>Network structure</h3> |
|
62 | 56 |
<p> |
63 |
-Tor helps to reduce the traffic analysis risk by distributing your |
|
64 |
-transactions over several places on the Internet, so no single point can |
|
65 |
-link you to your destination. To make private connections in Tor, a client |
|
66 |
-incrementally builds a path or <em>circuit</em> of encrypted connections |
|
67 |
-through servers on the network, extending it one step at a time so that |
|
68 |
-each server in the circuit only learns which server extended to it and |
|
69 |
-which server it has been asked to extend to. The client negotiates a |
|
70 |
-separate set of encryption keys for each step along the circuit. |
|
57 |
+The variety of people who use Tor is actually part of what makes it |
|
58 |
+so secure. The more populous and diverse the user base for Tor is, |
|
59 |
+the more your anonymity will be protected. |
|
60 |
+</p> |
|
61 |
+ |
|
62 |
+<h3>Why We Need Tor</h3> |
|
63 |
+ |
|
64 |
+<p> |
|
65 |
+Using Tor protects you against a common form of Internet surveillance |
|
66 |
+known as "traffic analysis." Traffic analysis can be used to infer |
|
67 |
+who is talking to whom over a public network. Knowing the source |
|
68 |
+and destination of your Internet traffic allows others to track your |
|
69 |
+behavior and interests. This can impact your checkbook if, for example, |
|
70 |
+an e-commerce site uses price discrimination based on your country or |
|
71 |
+institution of origin. It can even threaten your job and physical safety |
|
72 |
+by revealing who and where you are. |
|
73 |
+</p> |
|
74 |
+ |
|
75 |
+<p> |
|
76 |
+How does traffic analysis work? Internet data packets have two parts: |
|
77 |
+a data payload, and a header used for routing. The data payload is |
|
78 |
+whatever is being sent, whether that's an email message, a web page, or an |
|
79 |
+audio file. Even if you encrypt the data payload of your communications, |
|
80 |
+traffic analysis still reveals a great deal about what you're doing and, |
|
81 |
+possibly, what you're saying. That's because it focuses on the header, |
|
82 |
+which discloses source, destination, size, timing, and so on. |
|
83 |
+</p> |
|
84 |
+ |
|
85 |
+<p> |
|
86 |
+A basic problem, for the privacy minded, is that the recipient of your |
|
87 |
+communications can see who sent them by looking at headers. So can |
|
88 |
+authorized intermediaries like Internet service providers, and sometimes |
|
89 |
+unauthorized intermediaries as well. A very simple form of traffic |
|
90 |
+analysis might involve sitting somewhere between sender and recipient on |
|
91 |
+the network, looking at headers. |
|
92 |
+</p> |
|
93 |
+ |
|
94 |
+<p> |
|
95 |
+But there are also more powerful kinds of traffic analysis. Some |
|
96 |
+attackers spy on multiple parts of the Internet and use sophisticated |
|
97 |
+statistical techniques to track the communications patterns of many |
|
98 |
+different organizations and individuals. |
|
99 |
+</p> |
|
100 |
+ |
|
101 |
+<h3>The Solution: a Distributed, Anonymous Network</h3> |
|
102 |
+ |
|
103 |
+<p> |
|
104 |
+Tor helps to reduce the risks of both simple and sophisticated traffic |
|
105 |
+analysis by distributing your transactions over several places on the |
|
106 |
+Internet, so no single point can link you to your destination. The idea |
|
107 |
+is similar to using a twisty, hard-to-follow route in order to throw off |
|
108 |
+somebody who is tailing you -- and then periodically erasing your |
|
109 |
+footprints. Instead of taking a direct route from source to |
|
110 |
+destination, data packets on the Tor network take a random pathway |
|
111 |
+through several servers that cover your tracks so no observer at any |
|
112 |
+single point can tell where the data came from or where it's going. |
|
113 |
+</p> |
|
114 |
+ |
|
115 |
+<p> |
|
116 |
+To create a private network pathway with Tor, the user's software or |
|
117 |
+client incrementally builds a circuit of encrypted connections through |
|
118 |
+servers on the network. The circuit is extended one hop at a time, and |
|
119 |
+each server along the way knows only which server gave it data and which |
|
120 |
+server it is giving data to. No individual server will ever know the |
|
121 |
+complete path that a data packet has taken. The client negotiates a |
|
122 |
+separate set of encryption keys for each hop along the circuit to ensure |
|
123 |
+that each hop can't see what these connections are as they pass through. |
|
71 | 124 |
</p> |
72 | 125 |
|
73 | 126 |
<p> |
... | ... |
@@ -75,57 +128,78 @@ separate set of encryption keys for each step along the circuit. |
75 | 128 |
</p> |
76 | 129 |
|
77 | 130 |
<p> |
78 |
-Once a circuit has been established, the client software waits for |
|
79 |
-applications to request TCP connections, and directs these application |
|
80 |
-streams along the circuit. Many streams can be multiplexed along a single |
|
81 |
-circuit, so applications don't need to wait for keys to be negotiated |
|
82 |
-every time they open a connection. Because each server sees no |
|
83 |
-more than one end of the connection, a local eavesdropper or a compromised |
|
84 |
-server cannot use traffic analysis to link the connection's source and |
|
85 |
-destination. The Tor client software rotates circuits periodically |
|
86 |
-to prevent long-term linkability between different actions by a |
|
87 |
-single user. |
|
131 |
+Once a circuit has been established, many kinds of data can be exchanged |
|
132 |
+and several different sorts of software applications can be deployed |
|
133 |
+over the Tor network. Because each server sees no more than one hop in |
|
134 |
+the circuit, neither an eavesdropper nor a compromised server can use |
|
135 |
+traffic analysis to link the connection's source and destination. Tor |
|
136 |
+only works for TCP streams and can be used by any application with SOCKS |
|
137 |
+support. |
|
138 |
+</p> |
|
139 |
+ |
|
140 |
+<p> |
|
141 |
+For efficiency, the Tor software uses the same circuit for connections |
|
142 |
+that happen within the same minute or so. Later requests are given a |
|
143 |
+new circuit, to keep people from linking your earlier actions to the new |
|
144 |
+ones. |
|
88 | 145 |
</p> |
89 | 146 |
|
90 |
-<!-- |
|
147 |
+<h3>Hidden Services</h3> |
|
148 |
+ |
|
91 | 149 |
<p> |
92 |
-Many protocols, not just web. |
|
150 |
+Tor also makes it possible for users to hide their locations while |
|
151 |
+offering various kinds of services, such as web publishing or an instant |
|
152 |
+messaging server. Using Tor "rendezvous points," other Tor users can |
|
153 |
+connect to these hidden services, each without knowing the other's |
|
154 |
+network identity. This hidden service functionality could allow Tor |
|
155 |
+users to set up a website where people publish material without worrying |
|
156 |
+about censorship. Nobody would be able to determine who was offering |
|
157 |
+the site, and nobody who offered the site would know who was posting to it. |
|
93 | 158 |
</p> |
94 |
---> |
|
159 |
+ |
|
160 |
+<h3>Staying Anonymous</h3> |
|
95 | 161 |
|
96 | 162 |
<p> |
97 |
-Tor also makes it possible for the clients to be hidden. Using Tor |
|
98 |
-"rendezvous points," other Tor clients can connect to these hidden |
|
99 |
-services, each without knowing the other's network identity. These hidden |
|
100 |
-websites let users publish material without worrying about censorship. |
|
163 |
+Of course, Tor can't solve all anonymity problems. It focuses only on |
|
164 |
+protecting the transport of data. You need to use protocol-specific |
|
165 |
+support software if you don't want the sites you visit to see your |
|
166 |
+identifying information. For example, web proxies such as Privoxy can |
|
167 |
+be used while web browsing to block cookies and withhold information |
|
168 |
+about your browser type. |
|
101 | 169 |
</p> |
102 | 170 |
|
103 |
-<h3>Privacy</h3> |
|
104 | 171 |
<p> |
105 |
-Of course, Tor can't solve all privacy problems itself. Tor focuses on |
|
106 |
-protecting the <em>transport</em>. You need to use other protocol-specific |
|
107 |
-software, such as Privoxy for web browsing, to clean identifying |
|
108 |
-information like browser type and characteristics, and you need |
|
109 |
-to use other common sense: don't provide your name or other |
|
110 |
-revealing information in web forms. Also, like all anonymizing networks |
|
111 |
-that are fast enough for web browsing, Tor does not provide protection |
|
112 |
-against end-to-end timing attacks: if your attacker can watch the traffic |
|
113 |
-coming out of your computer, and also the traffic arriving at your chosen |
|
114 |
-destination, he can use simple statistics to discover that they are part |
|
115 |
-of the same circuit. |
|
172 |
+Also, to protect your anonymity, be smart. Don't provide your name |
|
173 |
+or other revealing information in web forms. Be aware that like all |
|
174 |
+anonymizing networks that are fast enough for web browsing, Tor does not |
|
175 |
+provide protection against end-to-end timing attacks: if your attacker |
|
176 |
+can watch the traffic coming out of your computer, and also the traffic |
|
177 |
+arriving at your chosen destination, he can use statistical analysis to |
|
178 |
+discover that they are part of the same circuit. |
|
179 |
+</p> |
|
180 |
+ |
|
181 |
+<h3>The Future of Tor</h3> |
|
182 |
+ |
|
183 |
+<p> |
|
184 |
+Providing a usable anonymizing network on the Internet today is an |
|
185 |
+ongoing challenge. We want software that meets users' needs. And we |
|
186 |
+also want to keep the network up and running in a way that handles |
|
187 |
+as many users as possible. Security and usability don't have to be at |
|
188 |
+odds: as Tor's usability increases, it will attract more users, which |
|
189 |
+in turn will increase security for everyone. We're making progress, |
|
190 |
+but we need your help. Please consider <a |
|
191 |
+href="cvs/tor/doc/tor-doc.html#installing">installing</a> a <a |
|
192 |
+href="cvs/tor/doc/tor-doc.html#server">server</a> |
|
193 |
+or <a href="contribute.html">volunteering</a> as a <a |
|
194 |
+href="developers.html">developer</a>. |
|
116 | 195 |
</p> |
117 | 196 |
|
118 | 197 |
<p> |
119 | 198 |
Anonymity is threatened as never before by trends in law, policy, and |
120 | 199 |
technology that are undermining our ability to speak and read freely |
121 |
-online without revealing who we are. Rather than trusting to laws to |
|
122 |
-maintain our rights, Tor aims to give people the power to make their own |
|
123 |
-decisions about their privacy. Providing a usable anonymizing network on |
|
124 |
-the Internet today is an ongoing challenge, both in terms of making |
|
125 |
-usable software that meets users' needs, and also in terms of keeping the |
|
126 |
-network up and able to handle all the users; but we're making progress |
|
127 |
-at finding a good balance to provide both usability and security. Please |
|
128 |
-do what you can to help out. |
|
200 |
+online without being forced to reveal who we are. With each new user |
|
201 |
+and server, we enhance Tor's ability to restore people's control over |
|
202 |
+their privacy. |
|
129 | 203 |
</p> |
130 | 204 |
|
131 | 205 |
</div><!-- #main --> |
132 | 206 |