Browse code

Continued cleanup; Added 5 FAQ entries.

How do I check if my application that uses SOCKS is leaking DNS requests?*
How do I provide a hidden service?
How do I access Tor hidden services?
Will ​Torbutton be available for other browsers?
Does Tor remove personal information from the data my application sends?

Matt Pagan authored on 05/12/2013 09:13:08
Showing 1 changed files
... ...
@@ -27,11 +27,14 @@ proxies?</a></li>
27 27
     <li><a href="#SupportMail">How can I get support?</a></li>
28 28
     <li><a href="#Forum">Is there a Tor forum?</a></li>
29 29
     <li><a href="#WhySlow">Why is Tor so slow?</a></li>
30
-    <li><a href="#FileSharing">How can I share files anonymously through Tor?</a></li>
31
-    <li><a href="#OutboundPorts">Do I have to open all these outbound ports on my firewall?</a></li>
30
+    <li><a href="#FileSharing">How can I share files anonymously through Tor?
31
+    </a></li>
32
+    <li><a href="#OutboundPorts">Do I have to open all these outbound ports 
33
+    on my firewall?</a></li>
32 34
     <li><a href="#Funding">What would The Tor Project do with more
33 35
     funding?</a></li>
34
-    <li><a href="#IsItWorking">How can I tell if Tor is working, and that my connections really are anonymized?</a></li>
36
+    <li><a href="#IsItWorking">How can I tell if Tor is working, and that my 
37
+    connections really are anonymized?</a></li>
35 38
     <li><a href="#FTP">How do I use my browser for ftp with Tor?</a></li>
36 39
     <li><a href="#Metrics">How many people use Tor? How many relays or
37 40
     exit nodes are there?</a></li>
... ...
@@ -60,7 +63,8 @@ includes Tor?</a></li>
60 63
 
61 64
     <li><a href="#TBBFlash">Why can't I view videos on YouTube and other
62 65
     Flash-based sites?</a></li>
63
-    <li><a href="#Ubuntu">I'm using Ubuntu and I can't start Tor Browser</a></li>
66
+    <li><a href="#Ubuntu">I'm using Ubuntu and I can't start Tor Browser
67
+    </a></li>
64 68
     <li><a href="#TBBSocksPort">I want to
65 69
     run another application through the Tor launched by Tor Browser
66 70
     Bundle.</a></li>
... ...
@@ -73,13 +77,18 @@ allow JavaScript by default in the Tor Browser Bundle?  Isn't that
73 77
 unsafe?</a></li>
74 78
     <li><a href="#TBBOtherBrowser">I want to use Chrome/IE/Opera/etc
75 79
     with Tor.</a></li>
80
+    <li><a href="#TorbuttonOtherBrowser">Will Torbutton be available 
81
+    for other browsers?</a></li>
82
+    <li><a href="#NoDataScrubbing">Does Tor remove personal information 
83
+    from the data my application sends?</a></li>
76 84
     <li><a href="#TBBCloseBrowser">I want to leave Tor Browser Bundle
77 85
     running but close the browser.</a></li>
78 86
 
79 87
     <li><a href="#GoogleCAPTCHA">Google makes me solve a CAPTCHA or
80 88
 tells
81 89
     me I have spyware installed.</a></li>
82
-    <li><a href="#ForeignLanguages">Why does Google show up in foreign languages?</li></a>
90
+    <li><a href="#ForeignLanguages">Why does Google show up in foreign 
91
+    languages?</li></a>
83 92
     <li><a href="#GmailWarning">Gmail warns me that my account may have
84 93
     been compromised.</a></li>
85 94
     </ul>
... ...
@@ -101,10 +110,14 @@ country)
101 110
     <li><a href="#FirewallPorts">My firewall only allows a few outgoing
102 111
     ports.</a></li>
103 112
     <li><a href="#ExitPorts">Is there a list of default exit ports?</a></li>
104
-    <li><a href="#SocksAndDNS">How do I check if my application that uses SOCKS is leaking DNS requests?</a></li>
105
-    <li><a href="#DifferentComputer">I want to run my Tor client on a different computer than my applications.</a></li>
106
-    <li><a href="#ServerClient">Can I install Tor on a central server, and have my clients connect to it?</a></li>
107
-    <li><a href="#JoinTheNetwork">So I can just configure a nickname and ORPort and join the network?</a></li>
113
+    <li><a href="#SocksAndDNS">How do I check if my application that uses 
114
+    SOCKS is leaking DNS requests?</a></li>
115
+    <li><a href="#DifferentComputer">I want to run my Tor client on a 
116
+    different computer than my applications.</a></li>
117
+    <li><a href="#ServerClient">Can I install Tor on a central server, and 
118
+    have my clients connect to it?</a></li>
119
+    <li><a href="#JoinTheNetwork">So I can just configure a nickname and 
120
+    ORPort and join the network?</a></li>
108 121
     </ul>
109 122
 
110 123
     <p>Running a Tor relay:</p>
... ...
@@ -117,20 +130,29 @@ deal
117 130
     with abuse issues.</a></li>
118 131
     <li><a href="#RelayOrBridge">Should I be a normal relay or bridge
119 132
     relay?</a></li>
120
-    <li><a href="#UpgradeOrMove">I want to upgrade/move my relay. How do I keep the same key?</a></li>
133
+    <li><a href="#UpgradeOrMove">I want to upgrade/move my relay. How do I 
134
+    keep the same key?</a></li>
121 135
     <li><a href="#MultipleRelays">I want to run more than one
122 136
 relay.</a></li>
123
-    <li><a href="#NTService">How do I run my Tor relay as an NT service?</a></li>
124
-    <li><a href="#VirtualServer">Can I run a Tor relay from my virtual server account?</a></li>
137
+    <li><a href="#NTService">How do I run my Tor relay as an NT service?
138
+    </a></li>
139
+    <li><a href="#VirtualServer">Can I run a Tor relay from my virtual server 
140
+    account?</a></li>
125 141
     <li><a href="#WrongIP">My relay is picking the wrong IP address.</a></li>
126 142
     <li><a href="#BehindANAT">I'm behind a NAT/Firewall</a></li>
127
-    <li><a href="#RelayMemory">Why is my Tor relay using so much memory?</a></li>
128
-    <li><a href="#BetterAnonymity">Do I get better anonymity if I run a relay?</a></li>
143
+    <li><a href="#RelayMemory">Why is my Tor relay using so much memory?
144
+    </a></li>
145
+    <li><a href="#BetterAnonymity">Do I get better anonymity if I run a relay?
146
+    </a></li>
129 147
     <li><a href="#RelayDonations">Can I donate for a relay rather than
130 148
     run my own?</a></li>
131 149
     </ul>
132 150
 
133
-    <p>Running a Tor hidden service:</p>
151
+    <p>Tor hidden services:</p>
152
+    <ul>
153
+    <li><a href="#AccessHiddenServices">How do I access hidden services?</a></li>
154
+    <li><a href="#ProvideAHiddenService">How do I provide a hidden service</a></li>
155
+    </ul>
134 156
 
135 157
     <p>Anonymity and Security:</p>
136 158
     <ul>
... ...
@@ -138,11 +160,16 @@ relay.</a></li>
138 160
 uses.</a></li>
139 161
     <li><a href="#EntryGuards">What are Entry Guards?</a></li>
140 162
     <li><a href="#ChangePaths">How often does Tor change its paths?</a></li>
141
-    <li><a href="#CellSize">Tor uses hundreds of bytes for every IRC line. I can't afford that!</a></li>
142
-    <li><a href="#OutboundConnections">Why does netstat show these outbound connections?</a></li>
143
-    <li><a href="#PowerfulBlockers">What about powerful blocking mechanisms</a></li>
144
-    <li><a href="#RemotePhysicalDeviceFingerprinting">Does Tor resist "remote physical device fingerprinting"?</a></li>
145
-    <li><a href="#AttacksOnOnionRouting">What attcks remain against onion routing?</a></li>
163
+    <li><a href="#CellSize">Tor uses hundreds of bytes for every IRC line. I 
164
+    can't afford that!</a></li>
165
+    <li><a href="#OutboundConnections">Why does netstat show these outbound 
166
+    connections?</a></li>
167
+    <li><a href="#PowerfulBlockers">What about powerful blocking mechanisms
168
+    </a></li>
169
+    <li><a href="#RemotePhysicalDeviceFingerprinting">Does Tor resist 
170
+    "remote physical device fingerprinting"?</a></li>
171
+    <li><a href="#AttacksOnOnionRouting">What attacks remain against onion 
172
+    routing?</a></li>
146 173
     </ul>
147 174
 
148 175
     <p>Alternate designs that we don't do (yet):</p>
... ...
@@ -154,11 +181,16 @@ packets,
154 181
     not just TCP packets.</a></li>
155 182
     <li><a href="#HideExits">You should hide the list of Tor relays,
156 183
     so people can't block the exits.</a></li>
157
-    <li><a href="#ChoosePathLength">You should let people choose their path length.</a></li>
158
-    <li><a href="#SplitEachConnection">You should split each connection over many paths.</a></li>
159
-    <li><a href="#UnallocatedNetBlocks">Your default exit policy should block unallocated net blocks too.</a></li>
160
-    <li><a href="#BlockWebsites">Exit policies should be able to block websites, not just IP addresses.</a></li>
161
-    <li><a href="#BlockContent">You should change Tor to prevent users from posting certain content.</a></li>
184
+    <li><a href="#ChoosePathLength">You should let people choose their path 
185
+    length.</a></li>
186
+    <li><a href="#SplitEachConnection">You should split each connection over 
187
+    many paths.</a></li>
188
+    <li><a href="#UnallocatedNetBlocks">Your default exit policy should block 
189
+    unallocated net blocks too.</a></li>
190
+    <li><a href="#BlockWebsites">Exit policies should be able to block 
191
+    websites, not just IP addresses.</a></li>
192
+    <li><a href="#BlockContent">You should change Tor to prevent users from 
193
+    posting certain content.</a></li>
162 194
     <li><a href="#IPv6">Tor should support IPv6.</a></li>
163 195
     </ul>
164 196
 
... ...
@@ -302,7 +334,10 @@ encryption, what data you're sending to the destination.</dd>
302 334
 can I use with Tor?</a></h3>
303 335
 
304 336
     <p>
305
-    If you want to use Tor with a web browser, we provide the Tor Browser Bundle, which includes everything you need to browse the web safely using Tor. If you want to use another web browser with Tor, see <a href="#TBBOtherBrowser">Other web browsers</a>. 
337
+    If you want to use Tor with a web browser, we provide the Tor Browser 
338
+    Bundle, which includes everything you need to browse the web safely using 
339
+    Tor. If you want to use another web browser with Tor, see <a 
340
+    href="#TBBOtherBrowser">Other web browsers</a>. 
306 341
     </p>
307 342
     <p>
308 343
     There are plenty of other programs you can use with Tor,
... ...
@@ -608,10 +643,16 @@ money to the
608 643
     <hr>
609 644
 
610 645
     <a id="FileSharing"></a>
611
-    <h3><a class="anchor" href="#FileSharing">How can I share files anonymously through Tor?</a></h3>
646
+    <h3><a class="anchor" href="#FileSharing">How can I share files 
647
+    anonymously through Tor?</a></h3>
612 648
 
613 649
     <p>
614
-    File sharing (peer-to-peer/P2P) is widely unwanted in the Tor network, and exit nodes are configured to block file sharing traffic by default. Tor is not really designed for it, and file sharing through Tor slows down everyone's browsing. Also, Bittorrent over Tor <a href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">is not anonymous</a>!
650
+    File sharing (peer-to-peer/P2P) is widely unwanted in the Tor network, 
651
+    and exit nodes are configured to block file sharing traffic by default. 
652
+    Tor is not really designed for it, and file sharing through Tor slows 
653
+    down everyone's browsing. Also, Bittorrent over Tor <a 
654
+    href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">
655
+    is not anonymous</a>!
615 656
     </p>
616 657
 
617 658
     <hr>
... ...
@@ -746,37 +787,67 @@ executive
746 787
     <hr>
747 788
 
748 789
      <a id="OutboundPorts"></a>
749
-    <h3><a class="anchor" href="#OutboundPorts">Do I have to open all these outbound ports on my firewall?</a></h3>
790
+    <h3><a class="anchor" href="#OutboundPorts">Do I have to open all these 
791
+    outbound ports on my firewall?</a></h3>
750 792
 
751 793
     <p>
752
-    Tor may attempt to connect to any port that is advertised in the directory as an ORPort (for making Tor connections) or a DirPort (for fetching updates to the directory). There are a variety of these ports, but many of them are running on 80, 443, 9001, and 9030.
794
+    Tor may attempt to connect to any port that is advertised in the 
795
+    directory as an ORPort (for making Tor connections) or a DirPort (for 
796
+    fetching updates to the directory). There are a variety of these ports, 
797
+    but many of them are running on 80, 443, 9001, and 9030.
753 798
     </p>
754 799
     <p>
755
-So as a client, you could probably get away with opening only those four ports. Since Tor does all its connections in the background, it will retry ones that fail, and hopefully you'll never have to know that it failed, as long as it finds a working one often enough. However, to get the most diversity in your entry nodes -- and thus the most security -- as well as the most robustness in your connectivity, you'll want to let it connect to all of them.
800
+    So as a client, you could probably get away with opening only those four 
801
+    ports. Since Tor does all its connections in the background, it will retry 
802
+    ones that fail, and hopefully you'll never have to know that it failed, as 
803
+    long as it finds a working one often enough. However, to get the most 
804
+    diversity in your entry nodes -- and thus the most security -- as well as 
805
+    the most robustness in your connectivity, you'll want to let it connect 
806
+    to all of them.
756 807
     </p>
757 808
     <p>
758
-If you really need to connect to only a small set of ports, see the FAQ entry on firewalled ports.
809
+    If you really need to connect to only a small set of ports, see the FAQ 
810
+    entry on firewalled ports.
759 811
     </p>
760 812
     <p>
761
-Note that if you're running Tor as a relay, you must allow outgoing connections to every other relay and to anywhere your exit policy advertises that you allow. The cleanest way to do that is simply to allow all outgoing connections at your firewall. If you don't, clients will try to use these connections and things won't work. 
813
+    Note that if you're running Tor as a relay, you must allow outgoing 
814
+    connections to every other relay and to anywhere your exit policy 
815
+    advertises that you allow. The cleanest way to do that is simply to allow 
816
+    all outgoing connections at your firewall. If you don't, clients will try 
817
+    to use these connections and things won't work. 
762 818
     </p>
763 819
     
764 820
     <hr>
765 821
     
766 822
     <a id="IsItWorking"></a>
767
-    <h3><a class="anchor" href="#IsItWorking">How can I tell if Tor is working, and that my connections really are anonymized?</a></h3>
823
+    <h3><a class="anchor" href="#IsItWorking">How can I tell if Tor is 
824
+    working, and that my connections really are anonymized?</a></h3>
768 825
 
769 826
     <p>
770
-    There are sites you can visit that will tell you if you appear to be coming through the Tor network. Try the <a href="https://check.torproject.org">Tor Check</a> site and see whether it thinks you are using Tor or not.
827
+    There are sites you can visit that will tell you if you appear to be 
828
+    coming through the Tor network. Try the <a href="https://check.torproject.org">
829
+    Tor Check</a> site and see whether it thinks you are using Tor or not.
771 830
     </p>
772 831
     <p>
773
-If that site is down, you can still test, but it will involve more effort. Sites like <a href="http://ipid.shat.net">http://ipid.shat.net</a> and <a href="http://www.showmyip.com/">http://www.showmyip.com/</a> will tell you what your IP address appears to be, but you'll need to know your current IP address so you can compare and decide whether you're using Tor correctly.
832
+    If that site is down, you can still test, but it will involve more effort. 
833
+    Sites like <a href="http://ipid.shat.net">http://ipid.shat.net</a> and 
834
+    <a href="http://www.showmyip.com/">http://www.showmyip.com/</a> will tell 
835
+    you what your IP address appears to be, but you'll need to know your 
836
+    current IP address so you can compare and decide whether you're using Tor 
837
+    correctly.
774 838
     </p>
775 839
     <p>
776
-To learn your IP address on OS X, Linux, BSD, etc, run "ifconfig". On Windows, go to the Start menu, click Run and enter "cmd". At the command prompt, enter "ipconfig /a".
840
+    To learn your IP address on OS X, Linux, BSD, etc, run "ifconfig". On 
841
+    Windows, go to the Start menu, click Run and enter "cmd". At the command 
842
+    prompt, enter "ipconfig /a".
777 843
     </p>
778 844
     <p>
779
-If you are behind a NAT or firewall, though, your IP address will be within the range of 10.XXX.XXX.XXX, 192.168.XXX.XXX, or 172.16.XXX.XXX - 172.31.XXX.XXX, which is not your public IP address. In this case, you should check your IP address with one of the sites above without using Tor, and then check again using Tor to see whether your IP address has changed. 
845
+    If you are behind a NAT or firewall, though, your IP address will be 
846
+    within the range of 10.XXX.XXX.XXX, 192.168.XXX.XXX, or 172.16.XXX.XXX - 
847
+    172.31.XXX.XXX, which is not your public IP address. In this case, you 
848
+    should check your IP address with one of the sites above without using 
849
+    Tor, and then check again using Tor to see whether your IP address has 
850
+    changed. 
780 851
     </p>
781 852
     
782 853
     <hr>
... ...
@@ -785,12 +856,17 @@ If you are behind a NAT or firewall, though, your IP address will be within the
785 856
     <h3><a class="anchor" href="#FTP">How do I use my browser for ftp with Tor?
786 857
     </a></h3>
787 858
 
788
-    <p>Use the Tor Browser Bundle. If you want a separate application for an ftp client, we've heard good things about  FileZilla for Windows. You can configure it to point to Tor as a "socks4a" proxy on "localhost" port "9050". </p>
859
+    <p>
860
+    Use the Tor Browser Bundle. If you want a separate application for an 
861
+    ftp client, we've heard good things about  FileZilla for Windows. You can 
862
+    configure it to point to Tor as a "socks4a" proxy on "localhost" port 
863
+    "9050". 
864
+    </p>
789 865
     <hr>
790 866
     
791 867
     <a id="Metrics"></a>
792 868
     <h3><a class="anchor" href="#Metrics">How many people use Tor? How
793
-many relays or exit nodes are there?</a></h3>
869
+    many relays or exit nodes are there?</a></h3>
794 870
 
795 871
     <p>
796 872
     All this and more about measuring Tor can be found at the <a
... ...
@@ -798,8 +874,8 @@ many relays or exit nodes are there?</a></h3>
798 874
     <hr>
799 875
 
800 876
     <a id="SSLcertfingerprint"></a>
801
-    <h3><a class="anchor" href="#SSLcertfingerprint">What are the SSL
802
-certificate fingerprints for Tor's various websites?</a></h3>
877
+    <h3><a class="anchor" href="#SSLcertfingerprint">What are the SSL 
878
+    certificate fingerprints for Tor's various websites?</a></h3>
803 879
     <p>
804 880
     <pre>
805 881
     *.torproject.org SSL certificate from Digicert:
... ...
@@ -965,13 +1041,14 @@ Plugins operate independently from Firefox and can perform
965 1041
 activity on your computer that ruins your anonymity. This includes
966 1042
 but is not limited to: <a href="http://decloak.net">completely disregarding
967 1043
 proxy settings</a>, querying your <a
968
-href="http://forums.sun.com/thread.jspa?threadID=5162138&amp;messageID=9618376">local
969
-IP address</a>, and <a
1044
+href="http://forums.sun.com/thread.jspa?threadID=5162138&amp;messageID=9618376">
1045
+local IP address</a>, and <a
970 1046
 href="http://epic.org/privacy/cookies/flash.html">storing their own
971 1047
 cookies</a>. It is possible to use a LiveCD solution such as
972
-or <a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> that creates a
973
-secure, transparent proxy to protect you from proxy bypass, however issues
974
-with local IP address discovery and Flash cookies still remain.  </p>
1048
+or <a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> 
1049
+that creates a secure, transparent proxy to protect you from proxy bypass, 
1050
+however issues with local IP address discovery and Flash cookies still remain. 
1051
+</p>
975 1052
 
976 1053
 <p>
977 1054
 <a href="https://www.youtube.com/html5">YouTube offers experimental HTML5 video
... ...
@@ -985,7 +1062,9 @@ find HTML5 videos.
985 1062
 <h3><a class="anchor" href="#Ubuntu">
986 1063
 I'm using Ubuntu and I can't start Tor Browser</a></h3>
987 1064
 <p>
988
-Ubuntu prevents its users from executing shell scripts by click-clicking them, even when the file permissions are set correctly. For now you need to start the Tor Browser from the command line by running </p>
1065
+Ubuntu prevents its users from executing shell scripts by clicking them, 
1066
+even when the file permissions are set correctly. For now you need to 
1067
+start the Tor Browser from the command line by running </p>
989 1068
 <pre>
990 1069
 ./start-tor-browser
991 1070
 </pre>
... ...
@@ -1049,10 +1128,22 @@ configuration</a> of Tor and Privoxy.
1049 1128
 Firefox extensions?</a></h3>
1050 1129
 
1051 1130
 <p>
1052
-The Tor Browser is free software, so there is nothing preventing you from modifying it any way you like. However, we do not recommend installing any additional Firefox add-ons with the Tor Browser Bundle. Add-ons can break your anonymity in a number of ways, including browser fingerprinting and bypassing proxy settings.
1131
+The Tor Browser is free software, so there is nothing preventing you from 
1132
+modifying it any way you like. However, we do not recommend installing any 
1133
+additional Firefox add-ons with the Tor Browser Bundle. Add-ons can break 
1134
+your anonymity in a number of ways, including browser fingerprinting and 
1135
+bypassing proxy settings.
1053 1136
 </p>
1054 1137
 <p>
1055
-Some people have suggested we include ad-blocking software or anti-tracking software with the Tor Browser Bundle. Right now, we do not think that's such a good idea. The Tor Browser Bundle aims to provide sufficient privacy that additional add-ons to stop ads and trackers are not necessary. Using add-ons like these may cause some sites to break, which <a href="https://www.torproject.org/projects/torbrowser/design/#philosophy">we don't want to do</a>. Additionally, maintaining a list of "bad" sites that should be black-listed provides another opportunity to uniquely fingerprint users. 
1138
+Some people have suggested we include ad-blocking software or 
1139
+anti-tracking software with the Tor Browser Bundle. Right now, we do not 
1140
+think that's such a good idea. The Tor Browser Bundle aims to provide 
1141
+sufficient privacy that additional add-ons to stop ads and trackers are 
1142
+not necessary. Using add-ons like these may cause some sites to break, which 
1143
+<a href="https://www.torproject.org/projects/torbrowser/design/#philosophy">
1144
+we don't want to do</a>. Additionally, maintaining a list of "bad" sites that 
1145
+should be black-listed provides another opportunity to uniquely fingerprint 
1146
+users. 
1056 1147
 </p>
1057 1148
 
1058 1149
 <hr>
... ...
@@ -1077,8 +1168,8 @@ There's a tradeoff here. On the one hand, we should leave
1077 1168
 JavaScript enabled by default so websites work the way
1078 1169
 users expect. On the other hand, we should disable JavaScript
1079 1170
 by default to better protect against browser vulnerabilities (<a
1080
-href="https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable">not
1081
-just a theoretical concern!</a>). But there's a third issue: websites
1171
+href="https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable">
1172
+not just a theoretical concern!</a>). But there's a third issue: websites
1082 1173
 can easily determine whether you have allowed JavaScript for them,
1083 1174
 and if you disable JavaScript by default but then allow a few websites
1084 1175
 to run scripts (the way most people use NoScript), then your choice of
... ...
@@ -1131,6 +1222,38 @@ horizon.
1131 1222
 
1132 1223
 <hr>
1133 1224
 
1225
+<a id="TorbuttonOtherBrowser"></a>
1226
+<h3><a class="anchor" href="#TorbuttonOtherBrowser">
1227
+Will Torbutton be available for other browsers?</a></h3>
1228
+
1229
+<p>
1230
+ We don't support IE, Opera or Safari and never plan to. There are too many 
1231
+ ways that your privacy can go wrong with those browsers, and because of 
1232
+ their closed design it is really hard for us to do anything to change these 
1233
+ privacy problems.
1234
+</p>
1235
+<p>
1236
+We are working with the Chrome people to modify Chrome's internals so that 
1237
+we can eventually support it. But for now, Firefox is the only safe choice. 
1238
+</p>
1239
+
1240
+<hr>
1241
+
1242
+<a id="NoDataScrubbing"></a>
1243
+<h3><a class="anchor" href="#NoDataScrubbing">
1244
+Does Tor remove personal information from the data my application sends?
1245
+</a></h3>
1246
+<p>
1247
+No, it doesn't. You need to use a separate program that understands your 
1248
+application and protocol and knows how to clean or "scrub" the data it 
1249
+sends. Privoxy is an example of this for web browsing. But note that even 
1250
+Privoxy won't protect you completely: you may still fall victim to viruses, 
1251
+Java Script attacks, etc; and Privoxy can't do anything about text that you 
1252
+type into forms. Be careful and be smart. 
1253
+</p>
1254
+
1255
+</hr>
1256
+
1134 1257
 <a id="TBBCloseBrowser"></a>
1135 1258
 <h3><a class="anchor" href="#TBBCloseBrowser">I want to leave Tor
1136 1259
 Browser
... ...
@@ -1191,22 +1314,35 @@ DuckDuckGo, ixquick, or Bing.
1191 1314
 Why does Google show up in foreign languages?</a></h3>
1192 1315
 
1193 1316
 <p>
1194
- Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.
1317
+ Google uses "geolocation" to determine where in the world you are, so it 
1318
+ can give you a personalized experience. This includes using the language 
1319
+ it thinks you prefer, and it also includes giving you different results 
1320
+ on your queries.
1195 1321
 </p>
1196 1322
 <p>
1197
-If you really want to see Google in English you can click the link that provides that. But we consider this a feature with Tor, not a bug --- the Internet is not flat, and it in fact does look different depending on where you are. This feature reminds people of this fact. The easy way to avoid this "feature" is to use <a href="http://google.com/ncr">http://google.com/ncr</a>.
1323
+If you really want to see Google in English you can click the link that 
1324
+provides that. But we consider this a feature with Tor, not a bug --- the 
1325
+Internet is not flat, and it in fact does look different depending on 
1326
+where you are. This feature reminds people of this fact. The easy way to 
1327
+avoid this "feature" is to use 
1328
+<a href="https://google.com/ncr">https://google.com/ncr</a>.
1198 1329
 </p>
1199 1330
 <p>
1200
-Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. On a query this looks like: </p><pre>https://encrypted.google.com/search?q=online%20anonymity&hl=en
1331
+Note that Google search URLs take name/value pairs as arguments and one 
1332
+of those names is "hl". If you set "hl" to "en" then Google will return 
1333
+search results in English regardless of what Google server you have been 
1334
+sent to. On a query this looks like: 
1335
+</p>
1336
+<pre>https://encrypted.google.com/search?q=online%20anonymity&hl=en
1201 1337
 </pre>
1202 1338
 <p>
1203
-Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on. 
1339
+Another method is to simply use your country code for accessing Google. 
1340
+This can be google.be, google.de, google.us and so on. 
1204 1341
 </p>
1205 1342
 <hr />
1206 1343
 <a id="GmailWarning"></a>
1207 1344
 <h3><a class="anchor" href="#GmailWarning">Gmail warns me that my
1208
-account
1209
-may have been compromised.</a></h3>
1345
+account may have been compromised.</a></h3>
1210 1346
 
1211 1347
 <p>
1212 1348
 Sometimes, after you've used Gmail over Tor, Google presents a
... ...
@@ -1389,29 +1525,42 @@ and filename for your Tor log.
1389 1525
 <h3><a class="anchor" href="#LogLevel">What log level should I use?</a></h3>
1390 1526
 
1391 1527
 <p>
1392
-There are five log levels (also called "log severities") you might see in Tor's logs:
1528
+There are five log levels (also called "log severities") you might see in 
1529
+Tor's logs:
1393 1530
 </p>
1394 1531
 
1395 1532
 <ul>
1396
-    <li>"err": something bad just happened, and we can't recover. Tor will exit.</li>
1397
-    <li>"warn": something bad happened, but we're still running. The bad thing might be a bug in the code, some other Tor process doing something unexpected, etc. The operator should examine the message and try to correct the problem.</li>
1533
+    <li>"err": something bad just happened, and we can't recover. Tor will 
1534
+    exit.</li>
1535
+    <li>"warn": something bad happened, but we're still running. The bad 
1536
+    thing might be a bug in the code, some other Tor process doing something 
1537
+    unexpected, etc. The operator should examine the message and try to 
1538
+    correct the problem.</li>
1398 1539
     <li>"notice": something the operator will want to know about.</li>
1399
-    <li>"info": something happened (maybe bad, maybe ok), but there's nothing you need to (or can) do about it.</li>
1540
+    <li>"info": something happened (maybe bad, maybe ok), but there's 
1541
+    nothing you need to (or can) do about it.</li>
1400 1542
     <li>"debug": for everything louder than info. It is quite loud indeed.</li> 
1401 1543
 </ul>
1402 1544
 
1403 1545
 <p>
1404
-Alas, some of the warn messages are hard for ordinary users to correct -- the developers are slowly making progress at making Tor automatically react correctly for each situation.
1546
+Alas, some of the warn messages are hard for ordinary users to correct -- the 
1547
+developers are slowly making progress at making Tor automatically react 
1548
+correctly for each situation.
1405 1549
 </p>
1406 1550
 
1407 1551
 <p>
1408
-We recommend running at the default, which is "notice". You will hear about important things, and you won't hear about unimportant things.
1552
+We recommend running at the default, which is "notice". You will hear about 
1553
+important things, and you won't hear about unimportant things.
1409 1554
 </p>
1410 1555
 
1411 1556
 <p>
1412
-Tor relays in particular should avoid logging at info or debug in normal operation, since they might end up recording sensitive information in their logs. 
1557
+Tor relays in particular should avoid logging at info or debug in normal 
1558
+operation, since they might end up recording sensitive information in 
1559
+their logs. 
1413 1560
 </p>
1414 1561
 
1562
+<hr>
1563
+
1415 1564
 <a id="DoesntWork"></a>
1416 1565
 <h3><a class="anchor" href="#DoesntWork">I installed Tor but it's not
1417 1566
 working.</a></h3>
... ...
@@ -1557,7 +1706,13 @@ versions.
1557 1706
     up your anonymity in ways we don't understand.
1558 1707
     </p>
1559 1708
     <p>
1560
-    Note also that not every circuit is used to deliver traffic outside of the Tor network. It is normal to see non-exit circuits (such as those used to connect to hidden services, those that do directory fetches, those used for relay reachability self-tests, and so on) that end at a non-exit node. To keep a node from being used entirely, see <tt>ExcludeNodes</tt> and <tt>StrictNodes</tt> in the <a href="<page docs/tor-manual>">manual</a>.
1709
+    Note also that not every circuit is used to deliver traffic outside of 
1710
+    the Tor network. It is normal to see non-exit circuits (such as those 
1711
+    used to connect to hidden services, those that do directory fetches, 
1712
+    those used for relay reachability self-tests, and so on) that end at 
1713
+    a non-exit node. To keep a node from being used entirely, see 
1714
+    <tt>ExcludeNodes</tt> and <tt>StrictNodes</tt> in the 
1715
+    <a href="<page docs/tor-manual>">manual</a>.
1561 1716
     </p>
1562 1717
     <p>
1563 1718
     Instead of <tt>$fingerprint</tt> you can also specify a <a
... ...
@@ -1612,9 +1767,13 @@ use the ReachableAddresses config options, e.g.:
1612 1767
 <hr>
1613 1768
 
1614 1769
     <a id="ExitPorts"></a>
1615
-    <h3><a class="anchor" href="#ExitPorts">Is there a list of default exit ports?</a></h3>
1770
+    <h3><a class="anchor" href="#ExitPorts">Is there a list of default exit 
1771
+    ports?</a></h3>
1616 1772
     <p>
1617
-The default open ports are listed below but keep in mind that, any port or ports can be opened by the relay operator by configuring it in torrc or modifying the source code. But the default according to src/or/policies.c from the source code release tor-0.2.4.16-rc is: 
1773
+The default open ports are listed below but keep in mind that, any port or 
1774
+ports can be opened by the relay operator by configuring it in torrc or 
1775
+modifying the source code. But the default according to src/or/policies.c 
1776
+from the source code release tor-0.2.4.16-rc is: 
1618 1777
     </p>
1619 1778
     <pre>
1620 1779
   reject 0.0.0.0/8
... ...
@@ -1636,7 +1795,45 @@ The default open ports are listed below but keep in mind that, any port or ports
1636 1795
   accept *:*
1637 1796
     </pre>
1638 1797
     <p>
1639
-    A relay will block access to its own IP address, as well local network IP addresses. A relay always blocks itself by default. This prevents Tor users from accidentally accessing any of the exit operator's local services. 
1798
+    A relay will block access to its own IP address, as well local network 
1799
+    IP addresses. A relay always blocks itself by default. This prevents 
1800
+    Tor users from accidentally accessing any of the exit operator's local 
1801
+    services. 
1802
+    </p>
1803
+
1804
+    <hr>
1805
+
1806
+    <a id="SocksAndDNS"></a>
1807
+    <h3><a class="anchor" href="#SocksAndDNS">How do I check if my application that uses 
1808
+    SOCKS is leaking DNS requests?</a></h3>
1809
+
1810
+    <p>
1811
+    These are two steps you need to take here. The first is to make sure 
1812
+    that it's using the correct variant of the SOCKS protocol, and the 
1813
+    second is to make sure that there aren't other leaks. 
1814
+    </p>
1815
+
1816
+    <p>
1817
+    Step one: add "TestSocks 1" to your torrc file, and then watch your 
1818
+    logs as you use your application. Tor will then log, for each SOCKS 
1819
+    connection, whether it was using a 'good' variant or a 'bad' one. 
1820
+    (If you want to automatically disable all 'bad' variants, set 
1821
+    "SafeSocks 1" in your <a href="#torrc">torrc</a> file.) 
1822
+    </p>
1823
+
1824
+    <p>
1825
+    Step two: even if your application is using the correct variant of 
1826
+    the SOCKS protocol, there is still a risk that it could be leaking 
1827
+    DNS queries. This problem happens in Firefox extensions that resolve 
1828
+    the destination hostname themselves, for example to show you its IP 
1829
+    address, what country it's in, etc. These applications may use a safe 
1830
+    SOCKS variant when actually making connections, but they still do DNS 
1831
+    resolves locally. If you suspect your application might behave like 
1832
+    this, you should use a network sniffer like <a 
1833
+    href="https://www.wireshark.org/">Wireshark</a> and look for 
1834
+    suspicious outbound DNS requests. I'm afraid the details of how to look 
1835
+    for these problems are beyond the scope of a FAQ entry though -- find 
1836
+    a friend to help if you have problems. 
1640 1837
     </p>
1641 1838
 
1642 1839
     <hr>
... ...
@@ -1693,7 +1890,6 @@ too.
1693 1890
 
1694 1891
     <hr>
1695 1892
 
1696
-       <a id="RunARelayBut"></a>
1697 1893
     <a id="ExitPolicies"></a>
1698 1894
     <h3><a class="anchor" href="#ExitPolicies">I'd run a relay, but I
1699 1895
 don't want to deal with abuse issues.</a></h3>
... ...
@@ -1752,20 +1948,40 @@ users
1752 1948
     <hr>
1753 1949
 
1754 1950
     <a id="DifferentComputer"></a>
1755
-    <h3><a class="anchor" href="#DifferentComputer">I want to run my Tor client on a different computer than my applications.</a></h3>
1951
+    <h3><a class="anchor" href="#DifferentComputer">I want to run my 
1952
+    Tor client on a different computer than my applications.</a></h3>
1756 1953
     <p>
1757
-    By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers than the Tor client, you should edit your torrc to define SocksListenAddress 0.0.0.0 g and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP.  
1954
+    By default, your Tor client only listens for applications that 
1955
+    connect from localhost. Connections from other computers are 
1956
+    refused. If you want to torify applications on different computers 
1957
+    than the Tor client, you should edit your torrc to define 
1958
+    SocksListenAddress 0.0.0.0 g and then restart (or hup) Tor. If you 
1959
+    want to get more advanced, you can configure your Tor client on a 
1960
+    firewall to bind to your internal IP but not your external IP.  
1758 1961
     </p>
1759 1962
 
1760 1963
     <hr>
1761 1964
 
1762 1965
     <a id="ServerClient"></a>
1763
-    <h3><a class="anchor" href="#ServerClient">Can I install Tor on a central server, and have my clients connect to it?</a></h3>
1764
-    <p>
1765
-     Yes. Tor can be configured as a client or a relay on another machine, and allow other machines to be able to connect to it for anonymity. This is most useful in an environment where many computers want a gateway of anonymity to the rest of the world. However, be forwarned that with this configuration, anyone within your private network (existing between you and the Tor client/relay) can see what traffic you are sending in clear text. The anonymity doesn't start until you get to the Tor relay. Because of this, if you are the controller of your domain and you know everything's locked down, you will be OK, but this configuration may not be suitable for large private networks where security is key all around.
1766
-    </p>
1767
-    <p>
1768
-Configuration is simple, editing your torrc file's SocksListenAddress according to the following examples:
1966
+    <h3><a class="anchor" href="#ServerClient">Can I install Tor on a 
1967
+    central server, and have my clients connect to it?</a></h3>
1968
+    <p>
1969
+     Yes. Tor can be configured as a client or a relay on another 
1970
+     machine, and allow other machines to be able to connect to it 
1971
+     for anonymity. This is most useful in an environment where many 
1972
+     computers want a gateway of anonymity to the rest of the world. 
1973
+     However, be forwarned that with this configuration, anyone within 
1974
+     your private network (existing between you and the Tor 
1975
+     client/relay) can see what traffic you are sending in clear text. 
1976
+     The anonymity doesn't start until you get to the Tor relay. 
1977
+     Because of this, if you are the controller of your domain and you 
1978
+     know everything's locked down, you will be OK, but this configuration 
1979
+     may not be suitable for large private networks where security is 
1980
+     key all around.
1981
+    </p>
1982
+    <p>
1983
+Configuration is simple, editing your torrc file's SocksListenAddress 
1984
+according to the following examples:
1769 1985
     </p>
1770 1986
     <pre>
1771 1987
 
... ...
@@ -1780,28 +1996,37 @@ Configuration is simple, editing your torrc file's SocksListenAddress according
1780 1996
   SocksListenAddress 0.0.0.0:9100
1781 1997
    </pre>
1782 1998
     <p>
1783
-You can state multiple listen addresses, in the case that you are part of several networks or subnets.
1999
+You can state multiple listen addresses, in the case that you are 
2000
+part of several networks or subnets.
1784 2001
     </p>
1785 2002
     <pre>
1786 2003
   SocksListenAddress 192.168.x.x:9100 #eth0
1787 2004
   SocksListenAddress 10.x.x.x:9100 #eth1
1788 2005
     </pre>
1789 2006
     <p>
1790
-After this, your clients on their respective networks/subnets would specify a socks proxy with the address and port you specified SocksListenAddress to be. 
2007
+After this, your clients on their respective networks/subnets would specify 
2008
+a socks proxy with the address and port you specified SocksListenAddress 
2009
+to be. 
1791 2010
     </p>
1792 2011
     <p>
1793
-Please note that the SocksPort configuration option gives the port ONLY for localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need to give the port with the address, as shown above.
2012
+Please note that the SocksPort configuration option gives the port ONLY for 
2013
+localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need 
2014
+to give the port with the address, as shown above.
1794 2015
     <p>
1795
-If you are interested in forcing all outgoing data through the central Tor client/relay, instead of the server only being an optional proxy, you may find the program iptables (for *nix) useful. 
2016
+If you are interested in forcing all outgoing data through the central Tor 
2017
+client/relay, instead of the server only being an optional proxy, you may find 
2018
+the program iptables (for *nix) useful. 
1796 2019
     </p>
1797 2020
 
1798 2021
     <hr>
1799 2022
 
1800 2023
     <a id="JoinTheNetwork"></a>
1801
-    <h3><a class="anchor" href="#JoinTheNetwork">So I can just configure a nickname and ORPort and join the network?</a></h3>
2024
+    <h3><a class="anchor" href="#JoinTheNetwork">So I can just configure a 
2025
+    nickname and ORPort and join the network?</a></h3>
1802 2026
 
1803 2027
     <p>
1804
-     Yes. You can join the network and be a useful relay just by configuring your Tor to be a relay and making sure it's reachable from the outside.
2028
+     Yes. You can join the network and be a useful relay just by configuring 
2029
+     your Tor to be a relay and making sure it's reachable from the outside.
1805 2030
     </p>
1806 2031
     <p>
1807 2032
 30 Seconds to a Tor Relay:
... ...
@@ -1826,7 +2051,9 @@ ORPort 9001
1826 2051
 ContactInfo human@…
1827 2052
     </pre>
1828 2053
     <ul><li>
1829
-    Start Tor. Watch the log file for a log entry that states: "Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor."
2054
+    Start Tor. Watch the log file for a log entry that states: "Self-testing 
2055
+    indicates your ORPort is reachable from the outside. Excellent. Publishing 
2056
+    server descriptor."
1830 2057
     </li></ul>
1831 2058
 
1832 2059
     <hr />
... ...
@@ -1875,25 +2102,39 @@ lots
1875 2102
     <hr>
1876 2103
 
1877 2104
 <a id="UpgradeOrMove"></a>
1878
-<h3><a class="anchor" href="#UpgradeOrMove">I want to upgrade/move my relay. How do I keep the same key?</a></h3>
2105
+<h3><a class="anchor" href="#UpgradeOrMove">I want to upgrade/move my relay. 
2106
+How do I keep the same key?</a></h3>
1879 2107
 
1880 2108
 <p>
1881
- When upgrading your Tor relay, or running it on a different computer, the important part is to keep the same nickname (defined in your torrc file) and the same identity key (stored in "keys/secret_id_key" in your DataDirectory).
2109
+ When upgrading your Tor relay, or running it on a different computer, 
2110
+ the important part is to keep the same nickname (defined in your torrc 
2111
+ file) and the same identity key (stored in "keys/secret_id_key" in 
2112
+ your DataDirectory).
1882 2113
 </p>
1883 2114
 <p>
1884
-This means that if you're upgrading your Tor relay and you keep the same torrc and the same DataDirectory, then the upgrade should just work and your relay will keep using the same key. If you need to pick a new DataDirectory, be sure to copy your old keys/secret_id_key over. 
2115
+This means that if you're upgrading your Tor relay and you keep the same 
2116
+torrc and the same DataDirectory, then the upgrade should just work and 
2117
+your relay will keep using the same key. If you need to pick a new 
2118
+DataDirectory, be sure to copy your old keys/secret_id_key over. 
1885 2119
 </p>
1886 2120
 
1887 2121
     <hr>
1888 2122
 
1889 2123
 <a id="NTService"></a>
1890
-<h3><a class="anchor" href="#NTService">How do I run my Tor relay as an NT service?</a></h3>
2124
+<h3><a class="anchor" href="#NTService">How do I run my Tor relay as an NT 
2125
+service?</a></h3>
1891 2126
 
1892 2127
 <p>
1893
- You can run Tor as a service on all versions of Windows except Windows 95/98/ME. This way you can run a Tor relay without needing to always have Vidalia running.
2128
+ You can run Tor as a service on all versions of Windows except Windows 
2129
+ 95/98/ME. This way you can run a Tor relay without needing to always have 
2130
+ Vidalia running.
1894 2131
 </p>
1895 2132
 <p>
1896
-If you've already configured your Tor to be a relay, please note that when you enable Tor as a service, it will use a different DatagDirectory, and thus will generate a different key. If you want to keep using the old key, see the Upgrading your Tor relay FAQ entry for how to restore the old identity key.
2133
+If you've already configured your Tor to be a relay, please note that when 
2134
+you enable Tor as a service, it will use a different DatagDirectory, and 
2135
+thus will generate a different key. If you want to keep using the old key, 
2136
+see the Upgrading your Tor relay FAQ entry for how to restore the old 
2137
+identity key.
1897 2138
 </p>
1898 2139
 <p>
1899 2140
 To install Tor as a service, you can simply run:
... ...
@@ -1902,10 +2143,18 @@ To install Tor as a service, you can simply run:
1902 2143
 tor --service install
1903 2144
 </pre>
1904 2145
 <p>
1905
-A service called Tor Win32 Service will be installed and started. This service will also automatically start every time Windows boots, unless you change the Start-up type. An easy way to check the status of Tor, start or stop the service, and change the start-up type is by running services.msc and finding the Tor service in the list of currently installed services.
2146
+A service called Tor Win32 Service will be installed and started. This 
2147
+service will also automatically start every time Windows boots, unless 
2148
+you change the Start-up type. An easy way to check the status of Tor, 
2149
+start or stop the service, and change the start-up type is by running 
2150
+services.msc and finding the Tor service in the list of currently 
2151
+installed services.
1906 2152
 </p>
1907 2153
 <p>
1908
-Optionally, you can specify additional options for the Tor service using the -options argument. For example, if you want Tor to use C:\tor\torrc, instead of the default torrc, and open a control port on port 9151, you would run:
2154
+Optionally, you can specify additional options for the Tor service using 
2155
+the -options argument. For example, if you want Tor to use C:\tor\torrc, 
2156
+instead of the default torrc, and open a control port on port 9151, you 
2157
+would run:
1909 2158
 </p>
1910 2159
 <pre>
1911 2160
 tor --service install -options -f C:\tor\torrc ControlPort 9151
... ...
@@ -1929,16 +2178,27 @@ To remove the Tor service, you can run the following command:
1929 2178
 tor --service remove
1930 2179
 </pre>
1931 2180
 <p>
1932
-If you are running Tor as a service and you want to uninstall Tor entirely, be sure to run the service removal command (shown above) first before running the uninstaller from "Add/Remove Programs". The uninstaller is currently not capable of removing the active service.
2181
+If you are running Tor as a service and you want to uninstall Tor entirely, 
2182
+be sure to run the service removal command (shown above) first before 
2183
+running the uninstaller from "Add/Remove Programs". The uninstaller is 
2184
+currently not capable of removing the active service.
1933 2185
 </p>
1934 2186
 
1935 2187
 <hr>
1936 2188
 
1937 2189
 <a id="VirtualServer"></a>
1938
-<h3><a class="anchor" href="#VirtualServer">Can I run a Tor relay from my virtual server account?</a></h3>
2190
+<h3><a class="anchor" href="#VirtualServer">Can I run a Tor relay from my 
2191
+virtual server account?</a></h3>
1939 2192
 
1940 2193
 <p>
1941
-Some ISPs are selling "vserver" accounts that provide what they call a virtual server -- you can't actually interact with the hardware, and they can artificially limit certain resources such as the number of file descriptors you can open at once. Competent vserver admins are able to configure your server to not hit these limits. For example, in SWSoft's Virtuozzo, investigate /proc/user_beancounters. Look for "failcnt" in tcpsndbuf, tcprecvbuf, numothersock, and othersockbuf. Ask for these to be increased accordingly. Some users have seen settings work well as follows: 
2194
+Some ISPs are selling "vserver" accounts that provide what they call a 
2195
+virtual server -- you can't actually interact with the hardware, and 
2196
+they can artificially limit certain resources such as the number of file 
2197
+descriptors you can open at once. Competent vserver admins are able to 
2198
+configure your server to not hit these limits. For example, in SWSoft's 
2199
+Virtuozzo, investigate /proc/user_beancounters. Look for "failcnt" in 
2200
+tcpsndbuf, tcprecvbuf, numothersock, and othersockbuf. Ask for these to 
2201
+be increased accordingly. Some users have seen settings work well as follows: 
1942 2202
 <p>
1943 2203
 <table border="1">
1944 2204
 <tr>
... ...
@@ -2046,13 +2306,23 @@ numothersock
2046 2306
  Xen, Virtual Box and VMware virtual servers have no such limits normally.
2047 2307
 </p>
2048 2308
 <p>
2049
-If the vserver admin will not increase system limits another option is to reduce the memory allocated to the send and receive buffers on TCP connections Tor uses. An experimental feature to constrain socket buffers has recently been added. If your version of Tor supports it, set "ConstrainedSockets 1" in your configuration. See the tor man page for additional details about this option.
2309
+If the vserver admin will not increase system limits another option is 
2310
+to reduce the memory allocated to the send and receive buffers on TCP 
2311
+connections Tor uses. An experimental feature to constrain socket buffers 
2312
+has recently been added. If your version of Tor supports it, set 
2313
+"ConstrainedSockets 1" in your configuration. See the tor man page for 
2314
+additional details about this option.
2050 2315
 </p>
2051 2316
 <p>
2052
-Unfortunately, since Tor currently requires you to be able to connect to all the other Tor relays, we need you to be able to use at least 1024 file descriptors. This means we can't make use of Tor relays that are crippled in this way.
2317
+Unfortunately, since Tor currently requires you to be able to connect to 
2318
+all the other Tor relays, we need you to be able to use at least 1024 file 
2319
+descriptors. This means we can't make use of Tor relays that are crippled 
2320
+in this way.
2053 2321
 </p>
2054 2322
 <p>
2055
-We hope to fix this in the future, once we know how to build a Tor network with restricted topologies -- that is, where each node connects to only a few other nodes. But this is still a long way off.
2323
+We hope to fix this in the future, once we know how to build a Tor network 
2324
+with restricted topologies -- that is, where each node connects to only a 
2325
+few other nodes. But this is still a long way off.
2056 2326
 </p>
2057 2327
 
2058 2328
 <hr>
... ...
@@ -2096,15 +2366,24 @@ the same geographic location.
2096 2366
     <hr>
2097 2367
 
2098 2368
     <a id="WrongIP"></a>
2099
-    <h3><a class="anchor" href="#WrongIP">My relay is picking the wrong IP address.</a></h3>
2369
+    <h3><a class="anchor" href="#WrongIP">My relay is picking the wrong 
2370
+    IP address.</a></h3>
2100 2371
     <p>
2101
- Tor guesses its IP address by asking the computer for its hostname, and then resolving that hostname. Often people have old entries in their /etc/hosts file that point to old IP addresses.
2372
+ Tor guesses its IP address by asking the computer for its hostname, and 
2373
+ then resolving that hostname. Often people have old entries in their 
2374
+ /etc/hosts file that point to old IP addresses.
2102 2375
     </p>
2103 2376
     <p>
2104
-If that doesn't fix it, you should use the "Address" config option to specify the IP you want it to pick. If your computer is behind a NAT and it only has an internal IP address, see the following FAQ entry on <a href="https://www.torproject.org/docs/faq.html.en#RelayFlexible">dynamic IP addresses</a>.
2377
+If that doesn't fix it, you should use the "Address" config option to 
2378
+specify the IP you want it to pick. If your computer is behind a NAT and 
2379
+it only has an internal IP address, see the following FAQ entry on <a 
2380
+href="https://www.torproject.org/docs/faq.html.en#RelayFlexible">dynamic 
2381
+IP addresses</a>.
2105 2382
     </p>
2106 2383
     <p>
2107
-Also, if you have many addresses, you might also want to set "OutboundBindAddress" so external connections come from the IP you intend to present to the world. 
2384
+Also, if you have many addresses, you might also want to set 
2385
+"OutboundBindAddress" so external connections come from the IP you intend 
2386
+to present to the world. 
2108 2387
     </p>
2109 2388
 
2110 2389
     <hr>
... ...
@@ -2113,19 +2392,25 @@ Also, if you have many addresses, you might also want to set "OutboundBindAddres
2113 2392
     <h3><a class="anchor" href="#BehindANAT">I'm behind a NAT/Firewall.</a></h3>
2114 2393
 
2115 2394
     <p>
2116
-See <a>​http://portforward.com/</a> for directions on how to port forward with your NAT/router device.
2395
+See <a>​http://portforward.com/</a> for directions on how to port forward with 
2396
+your NAT/router device.
2117 2397
 </p>
2118 2398
 <p>
2119
-If your relay is running on a internal net you need to setup port forwarding. Forwarding TCP connections is system dependent but the firewalled-clients FAQ entry offers some examples on how to do this.
2399
+If your relay is running on a internal net you need to setup port forwarding. 
2400
+Forwarding TCP connections is system dependent but the firewalled-clients FAQ 
2401
+entry offers some examples on how to do this.
2120 2402
 </p>
2121 2403
 <p>
2122
-Also, here's an example of how you would do this on GNU/Linux if you're using iptables:
2404
+Also, here's an example of how you would do this on GNU/Linux if you're using 
2405
+iptables:
2123 2406
 </p>
2124 2407
 <pre>
2125 2408
 /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 9001 -j ACCEPT
2126 2409
 </pre>
2127 2410
 <p>
2128
-You may have to change "eth0" if you have a different external interface (the one connected to the Internet). Chances are you have only one (except the loopback) so it shouldn't be too hard to figure out. 
2411
+You may have to change "eth0" if you have a different external interface 
2412
+(the one connected to the Internet). Chances are you have only one (except 
2413
+the loopback) so it shouldn't be too hard to figure out. 
2129 2414
     </p>
2130 2415
     <hr>
2131 2416
 
... ...
@@ -2188,22 +2473,39 @@ unusual
2188 2473
     <hr>
2189 2474
 
2190 2475
     <a id="BetterAnonymity"></a>
2191
-    <h3><a class="anchor" href="#BetterAnonymity">Do I get better anonymity if I run a relay?</a></h3>
2476
+    <h3><a class="anchor" href="#BetterAnonymity">Do I get better anonymity 
2477
+    if I run a relay?</a></h3>
2192 2478
 
2193 2479
     <p>
2194 2480
 Yes, you do get better anonymity against some attacks.
2195 2481
     </p>
2196 2482
     <p>
2197
-The simplest example is an attacker who owns a small number of Tor relays. He will see a connection from you, but he won't be able to know whether the connection originated at your computer or was relayed from somebody else.
2483
+The simplest example is an attacker who owns a small number of Tor relays. 
2484
+He will see a connection from you, but he won't be able to know whether 
2485
+the connection originated at your computer or was relayed from somebody else.
2198 2486
     </p>
2199 2487
     <p>
2200
-There are some cases where it doesn't seem to help: if an attacker can watch all of your incoming and outgoing traffic, then it's easy for him to learn which connections were relayed and which started at you. (In this case he still doesn't know your destinations unless he is watching them too, but you're no better off than if you were an ordinary client.)
2488
+There are some cases where it doesn't seem to help: if an attacker can 
2489
+watch all of your incoming and outgoing traffic, then it's easy for him 
2490
+to learn which connections were relayed and which started at you. (In 
2491
+this case he still doesn't know your destinations unless he is watching 
2492
+them too, but you're no better off than if you were an ordinary client.)
2201 2493
     </p>
2202 2494
     <p>
2203
-There are also some downsides to running a Tor relay. First, while we only have a few hundred relays, the fact that you're running one might signal to an attacker that you place a high value on your anonymity. Second, there are some more esoteric attacks that are not as well-understood or well-tested that involve making use of the knowledge that you're running a relay -- for example, an attacker may be able to "observe" whether you're sending traffic even if he can't actually watch your network, by relaying traffic through your Tor relay and noticing changes in traffic timing.
2495
+There are also some downsides to running a Tor relay. First, while we 
2496
+only have a few hundred relays, the fact that you're running one might 
2497
+signal to an attacker that you place a high value on your anonymity. 
2498
+Second, there are some more esoteric attacks that are not as 
2499
+well-understood or well-tested that involve making use of the knowledge 
2500
+that you're running a relay -- for example, an attacker may be able to 
2501
+"observe" whether you're sending traffic even if he can't actually watch 
2502
+your network, by relaying traffic through your Tor relay and noticing 
2503
+changes in traffic timing.
2204 2504
     </p>
2205 2505
     <p>
2206
-It is an open research question whether the benefits outweigh the risks. A lot of that depends on the attacks you are most worried about. For most users, we think it's a smart move. 
2506
+It is an open research question whether the benefits outweigh the risks. 
2507
+A lot of that depends on the attacks you are most worried about. For 
2508
+most users, we think it's a smart move. 
2207 2509
     </p>
2208 2510
 
2209 2511
     <hr>
... ...
@@ -2251,6 +2553,69 @@ diversity,
2251 2553
 
2252 2554
     <hr>
2253 2555
 
2556
+    <a id="AccessHiddenServices"></a>
2557
+    <h3><a class="anchor" href="#AccessHiddenServices">How do I access 
2558
+    hidden services?</a></h3>
2559
+    
2560
+    <p>
2561
+    Tor hidden services are named with a special top-level domain (TLD) 
2562
+    name in DNS: .onion. Since the .onion TLD is not recognized by the 
2563
+    official root DNS servers on the Internet, your application will not 
2564
+    get the response it needs to locate the service. Currently, the Tor 
2565
+    directory server provides this look-up service; and thus the look-up 
2566
+    request must get to the Tor network. 
2567
+    </p>
2568
+
2569
+<p>
2570
+ Therefore, your application <b>needs</b> to pass the .onion hostname to 
2571
+ Tor directly. You can't try to resolve it to an IP address, since there 
2572
+ <i>is</i> no corresponding IP address: the server is hidden, after all! 
2573
+</p>
2574
+    
2575
+    <p>
2576
+    So, how do you make your application pass the hostname directly to Tor? 
2577
+    You can't use SOCKS 4, since SOCKS 4 proxies require an IP from the 
2578
+    client (a web browser is an example of a SOCKS client). Even though 
2579
+    SOCKS 5 can accept either an IP or a hostname, most applications 
2580
+    supporting SOCKS 5 try to resolve the name before passing it to the 
2581
+    SOCKS proxy. SOCKS 4a, however, always accepts a hostname: You'll need 
2582
+    to use SOCKS 4a. 
2583
+    </p>
2584
+    
2585
+    <p>
2586
+    Some applications, such as the browsers Mozilla Firefox and Apple's 
2587
+    Safari, support sending DNS queries to Tor's SOCKS 5 proxy. Most web 
2588
+    browsers don't support SOCKS 4a very well, though. The workaround is 
2589
+    to point your web browser at an HTTP proxy, and tell the HTTP proxy 
2590
+    to speak to Tor with SOCKS 4a. We recommend Polipo as your HTTP proxy.
2591
+    </p>
2592
+    
2593
+    <p>
2594
+    For applications that do not support HTTP proxy, and so cannot use 
2595
+    Polipo, <a href="http://www.freecap.ru/eng/">FreeCap</a> is an 
2596
+    alternative. When using FreeCap set proxy protocol  to SOCKS 5 and under 
2597
+    settings set DNS name resolving to remote. This 
2598
+    will allow you to use almost any program with Tor without leaking DNS 
2599
+    lookups and allow those same programs to access hidden services. 
2600
+    </p>
2601
+    
2602
+    <p>
2603
+    See also the <a href="#SocksAndDNS">question on DNS</a>. 
2604
+    </p>    
2605
+    
2606
+    <hr>
2607
+
2608
+    <a id="ProvideAHiddenService"></a>
2609
+    <h3><a class="anchor" href="#ProvideAHiddenService">How do I provide a 
2610
+    hidden service?</a></h3>
2611
+    
2612
+    <p>
2613
+    See the ​<a href="https://www.torproject.org/docs/tor-hidden-service.html.en">
2614
+    official hidden service configuration instructions</a>.
2615
+    </p>
2616
+
2617
+    <hr>
2618
+    
2254 2619
     <a id="KeyManagement"></a>
2255 2620
     <h3><a class="anchor" href="#KeyManagement">Tell me about all the
2256 2621
 keys Tor uses.</a></h3>
... ...
@@ -2274,8 +2639,7 @@ encryption
2274 2639
     mean that only the exit relay can read
2275 2640
     the cells. Both sides discard the circuit key when the circuit ends,
2276 2641
     so logging traffic and then breaking into the relay to discover the
2277
-key
2278
-    won't work.
2642
+    key won't work.
2279 2643
     </p>
2280 2644
 
2281 2645
     <p>
... ...
@@ -2410,71 +2774,135 @@ we move to a "directory guard" design as well.
2410 2774
     <a id="ChangePaths"></a>
2411 2775
     <h3><a class="anchor" href="#ChangePaths">How often does Tor change its paths?</a></h3>
2412 2776
     <p>
2413
-     Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)
2777
+     Tor will reuse the same circuit for new TCP streams for 10 minutes, 
2778
+     as long as the circuit is working fine. (If the circuit fails, Tor 
2779
+     will switch to a new circuit immediately.)
2780
+    </p>
2781
+    <p>
2782
+But note that a single TCP stream (e.g. a long IRC connection) will stay on 
2783
+the same circuit forever -- we don't rotate individual streams from one 
2784
+circuit to the next. Otherwise an adversary with a partial view of the 
2785
+network would be given many chances over time to link you to your 
2786
+destination, rather than just one chance.
2787
+    </p>
2788
+
2789
+    <hr>
2790
+
2791
+    <a id="CellSize"></a>
2792
+    <h3><a class="anchor" href="#CellSize">Tor uses hundreds of bytes for 
2793
+    every IRC line. I can't afford that!</a></h3>
2794
+    <p>
2795
+     Tor sends data in chunks of 512 bytes (called "cells"), to make it 
2796
+     harder for intermediaries to guess exactly how many bytes you're 
2797
+     communicating at each step. This is unlikely to change in the near 
2798
+     future -- if this increased bandwidth use is prohibitive for you, I'm 
2799
+     afraid Tor is not useful for you right now.
2414 2800
     </p>
2415 2801
     <p>
2416
-But note that a single TCP stream (e.g. a long IRC connection) will stay on the same circuit forever -- we don't rotate individual streams from one circuit to the next. Otherwise an adversary with a partial view of the network would be given many chances over time to link you to your destination, rather than just one chance.
2802
+The actual content of these fixed size cells is 
2803
+<a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt">
2804
+documented in the main Tor spec</a>, section 3.
2805
+    </p>
2806
+    <p>
2807
+We have been considering one day adding two classes of cells -- maybe a 64 
2808
+byte cell and a 1024 byte cell. This would allow less overhead for 
2809
+interactive streams while still allowing good throughput for bulk streams. 
2810
+But since we want to do a lot of work on quality-of-service and better 
2811
+queuing approaches first, you shouldn't expect this change anytime soon 
2812
+(if ever). However if you are keen, there are a couple of 
2813
+<a href="https://www.torproject.org/getinvolved/volunteer.html.en#Research">
2814
+research ideas</a> that may involve changing the cell size. 
2417 2815
     </p>
2418 2816
 
2817
+    <hr>
2818
+
2419 2819
     <a id="OutboundConnections"></a>
2420
-    <h3><a class="anchor" href="#OutboundConnections">Why does netstat show these outbound connections?</a></h3>
2820
+    <h3><a class="anchor" href="#OutboundConnections">Why does netstat show 
2821
+    these outbound connections?</a></h3>
2421 2822
     <p>
2422
-    Because that's how Tor works. It holds open a handful of connections so there will be one available when you need one. 
2823
+    Because that's how Tor works. It holds open a handful of connections 
2824
+    so there will be one available when you need one. 
2423 2825
     </p>
2424 2826
 
2425 2827
     <hr>
2426 2828
 
2427 2829
     <a id="PowerfulBlockers"></a>
2428
-    <h3><a class="anchor" href="#PowerfulBlockers">What about powerful blocking mechanisms?</a></h3>
2830
+    <h3><a class="anchor" href="#PowerfulBlockers">What about powerful blocking 
2831
+    mechanisms?</a></h3>
2429 2832
     <p>
2430
- An adversary with a great deal of manpower and money, and severe real-world penalties to discourage people from trying to evade detection, is a difficult test for an anonymity and anti-censorship system.
2833
+ An adversary with a great deal of manpower and money, and severe 
2834
+ real-world penalties to discourage people from trying to evade detection, 
2835
+ is a difficult test for an anonymity and anti-censorship system.
2431 2836
     </p>
2432 2837
     <p>
2433
-The original Tor design was easy to block if the attacker controls Alice's connection to the Tor network --- by blocking the directory authorities, by blocking all the relay IP addresses in the directory, or by filtering based on the fingerprint of the Tor TLS handshake. After seeing these attacks and others first-hand, more effort was put into researching new circumvention techniques. Pluggable transports are protocols designed to allow users behind government firewalls to access the Tor network.
2838
+The original Tor design was easy to block if the attacker controls Alice's 
2839
+connection to the Tor network --- by blocking the directory authorities, by 
2840
+blocking all the relay IP addresses in the directory, or by filtering based 
2841
+on the fingerprint of the Tor TLS handshake. After seeing these attacks and 
2842
+others first-hand, more effort was put into researching new circumvention 
2843
+techniques. Pluggable transports are protocols designed to allow users behind 
2844
+government firewalls to access the Tor network.
2434 2845
     </p>
2435 2846
     <p>
2436
-We've made quite a bit of progress on this problem lately. You can read more details on the <a href="https://www.torproject.org/docs/pluggable-transports.html.en">pluggable transports page</a>. You may also be interested in <a href="https://www.youtube.com/watch?v=GwMr8Xl7JMQ">Roger and Jake's ​talk at 28C3</a>, or <a href="https://www.youtube.com/watch?v=JZg1nqs793M">​Runa's talk at 44con</a>.
2847
+We've made quite a bit of progress on this problem lately. You can read more 
2848
+details on the <a href="https://www.torproject.org/docs/pluggable-transports.html.en">
2849
+pluggable transports page</a>. You may also be interested in 
2850
+<a href="https://www.youtube.com/watch?v=GwMr8Xl7JMQ">Roger and Jake's ​talk at 
2851
+28C3</a>, or <a href="https://www.youtube.com/watch?v=JZg1nqs793M">​Runa's 
2852
+talk at 44con</a>.
2437 2853
     </p>
2438 2854
 
2439 2855
     <hr>
2440 2856
  
2441 2857
     <a id="RemotePhysicalDeviceFingerprinting"></a>
2442
-    <h3><a class="anchor" href="#RemotePhysicalDeviceFingerprinting">Does Tor resist "remote physical device fingerprinting"?</a></h3>
2858
+    <h3><a class="anchor" href="#RemotePhysicalDeviceFingerprinting">Does Tor 
2859
+    resist "remote physical device fingerprinting"?</a></h3>
2443 2860
     <p>
2444 2861
  Yes, we resist all of these attacks as far as we know.
2445 2862
     </p>
2446 2863
     <p>
2447
-These attacks come from examining characteristics of the IP headers or TCP headers and looking for information leaks based on individual hardware signatures. One example is the ​<a href="http://www.caida.org/outreach/papers/2005/fingerprinting/">Oakland 2005 paper</a> that lets you learn if two packet streams originated from the same hardware, but only if you can see the original TCP timestamps.
2864
+These attacks come from examining characteristics of the IP headers or TCP 
2865
+headers and looking for information leaks based on individual hardware 
2866
+signatures. One example is the 
2867
+​<a href="http://www.caida.org/outreach/papers/2005/fingerprinting/">
2868
+Oakland 2005 paper</a> that lets you learn if two packet streams originated 
2869
+from the same hardware, but only if you can see the original TCP timestamps.
2448 2870
 </p>
2449 2871
 <p>
2450
-Tor transports TCP streams, not IP packets, so we end up automatically scrubbing a lot of the potential information leaks. Because Tor relays use their own (new) IP and TCP headers at each hop, this information isn't relayed from hop to hop. Of course, this also means that we're limited in the protocols we can transport (only correctly-formed TCP, not all IP like ZKS's Freedom network could) -- but maybe that's a good thing at this stage. </p>
2872
+Tor transports TCP streams, not IP packets, so we end up automatically 
2873
+scrubbing a lot of the potential information leaks. Because Tor relays use 
2874
+their own (new) IP and TCP headers at each hop, this information isn't 
2875
+relayed from hop to hop. Of course, this also means that we're limited in 
2876
+the protocols we can transport (only correctly-formed TCP, not all IP like 
2877
+ZKS's Freedom network could) -- but maybe that's a good thing at this stage. 
2878
+</p>
2451 2879
 
2452 2880
     <hr>
2453 2881
 
2454 2882
 <a id="AttacksOnOnionRouting"></a>
2455
-    <h3><a class="anchor" href="#AttacksOnOnionRouting">What attacks remain against onion routing?</a></h3>
2456
-    <p>
2457
-As mentioned above, it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model.
2458
-    </p>
2459
-    <p>
2460
-In a more limited sense, note that if a censor or law enforcement agency has the ability to obtain specific observation of parts of the network, it is possible for them to verify a suspicion that you talk regularly to your friend by observing traffic at both ends and correlating the timing of only that traffic. Again, this is only useful to verify that parties already suspected of communicating with one another are doing so. In most countries, the suspicion required to obtain a warrant already carries more weight than timing correlation would provide.
2461
-    </p>
2462
-    <p>
2463
-Furthermore, since Tor reuses circuits for multiple TCP connections, it is possible to ​associate non anonymous and anonymous traffic at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications. 
2464
-    </p>
2465
-
2466
-    <hr>
2467
-
2468
-    <a id="CellSize"></a>
2469
-    <h3><a class="anchor" href="#CellSize">Tor uses hundreds of bytes for every IRC line. I can't afford that!</a></h3>
2883
+    <h3><a class="anchor" href="#AttacksOnOnionRouting">What attacks remain 
2884
+    against onion routing?</a></h3>
2470 2885
     <p>
2471
-     Tor sends data in chunks of 512 bytes (called "cells"), to make it harder for intermediaries to guess exactly how many bytes you're communicating at each step. This is unlikely to change in the near future -- if this increased bandwidth use is prohibitive for you, I'm afraid Tor is not useful for you right now.
2886
+As mentioned above, it is possible for an observer who can view both you and 
2887
+either the destination website or your Tor exit node to correlate timings of 
2888
+your traffic as it enters the Tor network and also as it exits. Tor does not 
2889
+defend against such a threat model.
2472 2890
     </p>
2473 2891
     <p>
2474
-The actual content of these fixed size cells is <a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt">documented in the main Tor spec</a>, section 3.
2892
+In a more limited sense, note that if a censor or law enforcement agency has 
2893
+the ability to obtain specific observation of parts of the network, it is 
2894
+possible for them to verify a suspicion that you talk regularly to your friend 
2895
+by observing traffic at both ends and correlating the timing of only that 
2896
+traffic. Again, this is only useful to verify that parties already suspected 
2897
+of communicating with one another are doing so. In most countries, the 
2898
+suspicion required to obtain a warrant already carries more weight than 
2899
+timing correlation would provide.
2475 2900
     </p>
2476 2901
     <p>
2477
-We have been considering one day adding two classes of cells -- maybe a 64 byte cell and a 1024 byte cell. This would allow less overhead for interactive streams while still allowing good throughput for bulk streams. But since we want to do a lot of work on quality-of-service and better queuing approaches first, you shouldn't expect this change anytime soon (if ever). However if you are keen, there are a couple of <a href="https://www.torproject.org/getinvolved/volunteer.html.en#Research">research ideas</a> that may involve changing the cell size. 
2902
+Furthermore, since Tor reuses circuits for multiple TCP connections, it is 
2903
+possible to ​associate non anonymous and anonymous traffic at a given exit 
2904
+node, so be careful about what applications you run concurrently over Tor. 
2905
+Perhaps even run separate Tor clients for these applications. 
2478 2906
     </p>
2479 2907
 
2480 2908
     <hr>
... ...
@@ -2523,7 +2951,8 @@ though:
2523 2951
     <p>
2524 2952
     First, we need to make Tor stable as a relay on all common
2525 2953
     operating systems. The main remaining platform is Windows,
2526
-    and we're mostly there. See Section 4.1 of <a href="https://www.torproject.org/press/2008-12-19-roadmap-press-release"
2954
+    and we're mostly there. See Section 4.1 of <a 
2955
+    href="https://www.torproject.org/press/2008-12-19-roadmap-press-release"
2527 2956
 >our
2528 2957
     development roadmap</a>.
2529 2958
     </p>
... ...
@@ -2695,74 +3124,137 @@ spend rethinking their overall approach to privacy and anonymity.
2695 3124
     <hr>
2696 3125
 
2697 3126
 <a id="ChoosePathLength"></a>
2698
-<h3><a class="anchor" href="#ChoosePathLength">You should let people choose their path length.</a></h3>
3127
+<h3><a class="anchor" href="#ChoosePathLength">You should let people choose 
3128
+their path length.</a></h3>
2699 3129
 <p>
2700
- Right now the path length is hard-coded at 3 plus the number of nodes in your path that are sensitive. That is, in normal cases it's 3, but for example if you're accessing a hidden service or a ".exit" address it could be 4.
3130
+ Right now the path length is hard-coded at 3 plus the number of nodes in 
3131
+ your path that are sensitive. That is, in normal cases it's 3, but for 
3132
+ example if you're accessing a hidden service or a ".exit" address it could be 4.
2701 3133
 </p>
2702 3134
 <p>
2703
- We don't want to encourage people to use paths longer than this -- it increases load on the network without (as far as we can tell) providing any more security. Remember that <a href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/tor-design.html#subsec:threat-model">the best way to attack Tor is to attack the endpoints and ignore the middle of the path</a>.
3135
+ We don't want to encourage people to use paths longer than this -- it 
3136
+ increases load on the network without (as far as we can tell) providing 
3137
+ any more security. Remember that <a 
3138
+ href="https://svn.torproject.org/svn/tor/trunk/doc/design-paper/tor-design.html#subsec:threat-model">
3139
+ the best way to attack Tor is to attack the endpoints and ignore the middle 
3140
+ of the path
3141
+ </a>.
2704 3142
 </p>
2705 3143
 <p>
2706
- And we don't want to encourage people to use paths of length 1 either. Currently there is no reason to suspect that investigating a single relay will yield user-destination pairs, but if many people are using only a single hop, we make it more likely that attackers will seize or break into relays in hopes of tracing users.
3144
+ And we don't want to encourage people to use paths of length 1 either. 
3145
+ Currently  there is no reason to suspect that investigating a single 
3146
+ relay will yield  user-destination pairs, but if many people are using 
3147
+ only a single hop, we make it more likely that attackers will seize or 
3148
+ break into relays in hopes 
3149
+ of tracing users.
2707 3150
 </p>
2708 3151
 <p>
2709
- Now, there is a good argument for making the number of hops in a path unpredictable. For example, somebody who happens to control the last two hops in your path still doesn't know who you are, but they know for sure which entry node you used. Choosing path length from, say, a geometric distribution will turn this into a statistical attack, which seems to be an improvement. On the other hand, a longer path length is bad for usability. We're not sure of the right trade-offs here. Please write a research paper that tells us what to do. 
3152
+ Now, there is a good argument for making the number of hops in a path 
3153
+ unpredictable. For example, somebody who happens to control the last 
3154
+ two hops in your path still doesn't know who you are, but they know 
3155
+ for sure which entry node you used. Choosing path length from, say, 
3156
+ a geometric distribution will turn this into a statistical attack, 
3157
+ which seems to be an improvement. On the other hand, a longer path 
3158
+ length is bad for usability. We're not sure of the right trade-offs 
3159
+ here. Please write a research paper that tells us what to do. 
2710 3160
 </p>
2711 3161
 
2712 3162
     <hr>
2713 3163
 
2714 3164
 <a id="SplitEachConnection"></a>
2715
-    <h3><a class="anchor" href="#SplitEachConnection">You should split each connection over many paths.</a></h3>
3165
+    <h3><a class="anchor" href="#SplitEachConnection">You should split 
3166
+    each connection over many paths.</a></h3>
2716 3167
 
2717 3168
     <p>
2718
- We don't currently think this is a good idea. You see, the attacks we're worried about are at the endpoints: the adversary watches Alice (or the first hop in the path) and Bob (or the last hop in the path) and learns that they are communicating.
3169
+ We don't currently think this is a good idea. You see, the attacks we're 
3170
+ worried about are at the endpoints: the adversary watches Alice (or the 
3171
+ first hop in the path) and Bob (or the last hop in the path) and learns 
3172
+ that they are communicating.
2719 3173
     </p>
2720 3174
     <p>
2721
-If we make the assumption that timing attacks work well on even a few packets end-to-end, then having *more* possible ways for the adversary to observe the connection seems to hurt anonymity, not help it.
3175
+If we make the assumption that timing attacks work well on even a few packets 
3176
+end-to-end, then having *more* possible ways for the adversary to observe the 
3177
+connection seems to hurt anonymity, not help it.
2722 3178
     </p>
2723 3179
     <p>
2724
-Now, it's possible that we could make ourselves more resistant to end-to-end attacks with a little bit of padding and by making each circuit send and receive a fixed number of cells. This approach is more well-understood in the context of high-latency systems. See e.g. <a href="http://freehaven.net/anonbib/#pet05-serjantov">Message Splitting Against the Partial Adversary by Andrei Serjantov and Steven J. Murdoch</a>.
3180
+Now, it's possible that we could make ourselves more resistant to end-to-end 
3181
+attacks with a little bit of padding and by making each circuit send and 
3182
+receive a fixed number of cells. This approach is more well-understood in 
3183
+the context of high-latency systems. See e.g. 
3184
+<a href="http://freehaven.net/anonbib/#pet05-serjantov">
3185
+Message Splitting Against the Partial Adversary by Andrei Serjantov and 
3186
+Steven J. Murdoch</a>.
2725 3187
     </p>
2726 3188
     <p>
2727
-But since we don't currently understand what network and padding parameters, if any, could provide increased end-to-end security, our current strategy is to minimize the number of places that the adversary could possibly see.
3189
+But since we don't currently understand what network and padding 
3190
+parameters, if any, could provide increased end-to-end security, our 
3191
+current strategy is to minimize the number of places that the adversary 
3192
+could possibly see.
2728 3193
     </p>
2729 3194
 
2730 3195
     <hr>
2731 3196
 
2732 3197
     <a id="UnallocatedNetBlocks"></a>
2733
-    <h3><a class="anchor" href="#UnallocatedNetBlocks">Your default exit policy should block unallocated net blocks too.</a></h3>
3198
+    <h3><a class="anchor" href="#UnallocatedNetBlocks">Your default exit 
3199
+    policy should block unallocated net blocks too.</a></h3>
2734 3200
 
2735 3201
     <p>
2736
- No, it shouldn't. The default exit policy blocks certain private net blocks, like 10.0.0.0/8, because they might actively be in use by Tor relays and we don't want to cause any surprises by bridging to internal networks. Some overzealous firewall configs suggest that you also block all the parts of the Internet that IANA has not currently allocated. First, this turns into a problem for them when those addresses *are* allocated. Second, why should we default-reject something that might one day be useful?
3202
+ No, it shouldn't. The default exit policy blocks certain private net blocks, 
3203
+ like 10.0.0.0/8, because they might actively be in use by Tor relays and we 
3204
+ don't want to cause any surprises by bridging to internal networks. Some 
3205
+ overzealous firewall configs suggest that you also block all the parts of 
3206
+ the Internet that IANA has not currently allocated. First, this turns into 
3207
+ a problem for them when those addresses *are* allocated. Second, why should 
3208
+ we default-reject something that might one day be useful?
2737 3209
     </p>
2738 3210
     <p>
2739
-Tor's default exit policy is chosen to be flexible and useful in the future: we allow everything except the specific addresses and ports that we anticipate will lead to problems. 
3211
+Tor's default exit policy is chosen to be flexible and useful in the future: 
3212
+we allow everything except the specific addresses and ports that we 
3213
+anticipate will lead to problems. 
2740 3214
     </p>
2741 3215
 
2742 3216
     <hr>
2743 3217
 
2744 3218
     <a id="BlockWebsites"></a>
2745
-    <h3><a class="anchor" href="#BlockWebsites">Exit policies should be able to block websites, not just IP addresses.</a></h3>
3219
+    <h3><a class="anchor" href="#BlockWebsites">Exit policies should be 
3220
+    able to block websites, not just IP addresses.</a></h3>
2746 3221
 
2747 3222
     <p>
2748
- It would be nice to let relay operators say things like "reject www.slashdot.org" in their exit policies, rather than requiring them to learn all the IP address space that could be covered by the site (and then also blocking other sites at those IP addresses).
3223
+ It would be nice to let relay operators say things like "reject 
3224
+ www.slashdot.org" in their exit policies, rather than requiring 
3225
+ them to learn all the IP address space that could be covered by the site 
3226
+ (and then also blocking other sites at those IP addresses).
2749 3227
     </p>
2750 3228
     <p>
2751
-There are two problems, though. First, users could still get around these blocks. For example, they could request the IP address rather than the hostname when they exit from the Tor network. This means operators would still need to learn all the IP addresses for the destinations in question.
3229
+There are two problems, though. First, users could still get around these 
3230
+blocks. For example, they could request the IP address rather than the 
3231
+hostname when they exit from the Tor network. This means operators would 
3232
+still need to learn all the IP addresses for the destinations in question.
2752 3233
     </p>
2753 3234
     <p>
2754
-The second problem is that it would allow remote attackers to censor arbitrary sites. For example, if a Tor operator blocks www1.slashdot.org, and then some attacker poisons the Tor relay's DNS or otherwise changes that hostname to resolve to the IP address for a major news site, then suddenly that Tor relay is blocking the news site. 
3235
+The second problem is that it would allow remote attackers to censor 
3236
+arbitrary sites. For example, if a Tor operator blocks www1.slashdot.org, 
3237
+and then some attacker poisons the Tor relay's DNS or otherwise changes 
3238
+that hostname to resolve to the IP address for a major news site, then 
3239
+suddenly that Tor relay is blocking the news site. 
2755 3240
     </p>
2756 3241
 
2757 3242
     <hr>
2758 3243
 
2759 3244
     <a id="BlockContent"></a>
2760
-    <h3><a class="anchor" href="#BlockContent">You should change Tor to prevent users from posting certain content.</a></h3>
3245
+    <h3><a class="anchor" href="#BlockContent">You should change Tor to 
3246
+    prevent users from posting certain content.</a></h3>
2761 3247
 
2762
-    <p> Tor only transports data, it does not inspect the contents of the connections which are sent over it. In general it's a very hard problem for a computer to determine what is objectionable content with good true positive/false positive rates and we are not interested in addressing this problem.
3248
+    <p> Tor only transports data, it does not inspect the contents of the 
3249
+    connections which are sent over it. In general it's a very hard problem 
3250
+    for a computer to determine what is objectionable content with good true 
3251
+    positive/false positive rates and we are not interested in addressing 
3252
+    this problem.
2763 3253
     </p>
2764 3254
     <p>
2765
-Further, and more importantly, which definition of "certain content" could we use? Every choice would lead to a quagmire of conflicting personal morals. The only solution is to have no opinion. 
3255
+Further, and more importantly, which definition of "certain content" could we 
3256
+use? Every choice would lead to a quagmire of conflicting personal morals. The 
3257
+only solution is to have no opinion. 
2766 3258
     </p>
2767 3259
 
2768 3260
     <hr>
... ...
@@ -2771,19 +3263,29 @@ Further, and more importantly, which definition of "certain content" could we us
2771 3263
     <h3><a class="anchor" href="#IPv6">Tor should support IPv6.</a></h3>
2772 3264
 
2773 3265
     <p>
2774
-     That's a great idea! There are two aspects for IPv6 support that Tor needs. First, Tor needs to support exit to hosts that only have IPv6 addresses. Second, Tor needs to support Tor relays that only have IPv6 addresses.
3266
+     That's a great idea! There are two aspects for IPv6 support that Tor needs. 
3267
+     First, Tor needs to support exit to hosts that only have IPv6 addresses. 
3268
+     Second, Tor needs to support Tor relays that only have IPv6 addresses.
2775 3269
     </p>
2776 3270
     <p>
2777
-The first is far easier: the protocol changes are relatively simple and isolated. It would be like another kind of exit policy.
3271
+The first is far easier: the protocol changes are relatively simple and isolated. 
3272
+It would be like another kind of exit policy.
2778 3273
     </p>
2779 3274
     <p>
2780
-The second is a little harder: right now, we assume that (mostly) every Tor relay can connect to every other. This has problems of its own, and adding IPv6-address-only relays adds problems too: it means that only relays with IPv6 abilities can connect to IPv6-address-only relays. This makes it possible for the attacker to make some inferences about client paths that it would not be able to make otherwise.
3275
+The second is a little harder: right now, we assume that (mostly) every 
3276
+Tor relay can connect to every other. This has problems of its own, and 
3277
+adding IPv6-address-only relays adds problems too: it means that only 
3278
+relays with IPv6 abilities can connect to IPv6-address-only relays. This 
3279
+makes it possible for the attacker to make some inferences about client 
3280
+paths that it would not be able to make otherwise.
2781 3281
     </p>
2782 3282
     <p>
2783
-There is an  IPv6 exit proposal to address the first step for anonymous access to IPv6 resources on the Internet.
3283
+There is an  IPv6 exit proposal to address the first step for anonymous 
3284
+access to IPv6 resources on the Internet.
2784 3285
     </p>
2785 3286
     <p>
2786
-Full IPv6 support is definitely on our "someday" list; it will come along faster if somebody who wants it does some of the work.
3287
+Full IPv6 support is definitely on our "someday" list; it will come along 
3288
+faster if somebody who wants it does some of the work.
2787 3289
     </p>
2788 3290
 
2789 3291
     <hr>