Table of Contents
-
General
- What is Tor?
- What programs and applications work with Tor?
- How do I configure Tor with IRC, instant messaging, web browsing, etc?
- How can I help?
- Why is it called Tor?
- Is there a backdoor in Tor?
- Can I distribute Tor on my magazine's CD?
- How can I get an answer to my Tor support mail?
- Why is Tor so slow?
- What would the Tor project do with more funding?
- Compilation and Installation
- Running Tor
-
Running a Tor client
- I installed Tor and Privoxy but it's not working.
- How can I tell if Tor is working, and that my connections really are anonymized? Are there external servers that will test my connection?
- How do I use my browser for ftp with Tor?
- Does Tor remove personal information from the data my application sends?
- I want to run my Tor client on a different computer than my applications.
- How often does Tor change its paths?
- Why does netstat show these outbound connections?
- Tor uses hundreds of bytes for every IRC line. I can't afford that!
- Can I control what nodes I use for entry/exit?
- Google tells me I have spyware installed.
- Why does Google show up in foreign languages?
- How do I access Tor hidden services?
- My Internet connection requires an HTTP proxy.
- My firewall only allows a few outgoing ports.
- Is there a list of default exit ports?
- What should I do if I can't use an http proxy with my application?
- I keep seeing these warnings about SOCKS and DNS and information leaks. Should I worry?
- I try to connect to https://example.com:1234/ through privoxy and it does not work.
- Do you provide Fat/Universal Binaries for OSX?
-
Running a Tor server
- How do I decide if I should run a server?
- I'd run a server, but I don't want to deal with abuse issues.
- Do I get better anonymity if I run a server?
- Why doesn't my Windows (or other OS) Tor server run well?
- So I can just configure a nickname and ORPort and join the network?
- I want to upgrade/move my server. How do I keep the same key?
- How do I run my Tor server as an NT service?
- Can I run a Tor server from my virtual server account?
- I want to run more than one server.
- My server is picking the wrong IP address.
- I don't have a static IP.
- I'm behind a NAT/Firewall
- My cable modem keeps crashing. What's going on?
- Why do I get portscanned more often when I run a Tor server?
- I have more than one CPU. Does this help?
- Why is my Tor server using so much memory?
- What bandwidth shaping options are available to Tor servers?
- Does BandwidthRate really work?
- How can I limit the total amount of bandwidth used by my Tor server?
- Why does my server write more bytes onto the network than it reads?
- Why can I not browse anymore after limiting bandwidth on my Tor server?
- How can I make my server accessible to people stuck behind restrictive firewalls?
- If I change the exit policy or IP address, do I have to send a new mail to tor-ops?
- Can I install Tor on a central server, and have my clients connect to it?
- Development
-
Anonymity and Security
- What protections does Tor provide?
- Can exit nodes eavesdrop on communications? Isn't that bad?
- So I'm totally anonymous if I use Tor?
- Please explain Tor's public key infrastructure.
- Where can I learn more about anonymity?
- What's this about entry guard (formerly known as "helper") nodes?
- What attacks remain against onion routing?
- Does Tor resist "remote physical device fingerprinting"?
-
Alternate designs that we don't do (yet)
- You should send padding so it's more secure.
- You should make every Tor user be a server.
- You should transport all IP packets, not just TCP packets.
- You should hide the list of Tor servers, so people can't block the exits.
- You should let people choose their path length.
- You should split each connection over many paths.
- You should migrate application streams across circuits.
- You should let the network pick the path, not the client.
- You should use steganography to hide Tor traffic.
- Tor should circumvent the Chinese firewall too.
- Your default exit policy should block unallocated net blocks too.
- Exit policies should be able to block websites, not just IP addresses
- You should change Tor to prevent users from posting certain content.
- Tor should support IPv6.
- Abuse
- Comparison to related projects
../FAQUnanswered <-- Add your questions here or better yet answer one and promote it to this page!
1. General
1.1. What is Tor?
Read the ![[WWW]](http://wiki.noreply.org/wiki/modern/img/moin-www.png){kind=small}
Tor overview to learn more about Tor and what it can do for you.
1.2. What programs and applications work with Tor?
Tor presents a SOCKS interface to applications, so any application that supports SOCKS (versions 4, 4a and 5) can be anonymized using Tor. Most web browsers, many instant messaging and IRC clients, SSH clients and email clients already have built-in support for SOCKS.
Since Tor does not anonymize message content, additional software agents should be used to anonymize content. For example, Privoxy is a good HTTP proxy for filtering dangerous web content.
1.3. How do I configure Tor with IRC, instant messaging, web browsing, etc?
We have compiled a list of applications that help you direct your traffic through Tor, and a list of instructions for Torifying specific applications. Please add to these lists and help us keep them accurate!
1.4. How can I help?
We've set up a preliminary "volunteer" page, which lists a few ways to help. If you have something to contribute that we haven't listed there, chances are we still need it.
There are also more answers in the Why is Tor slow? answer and the What we need to work on answer.
1.5. Why is it called Tor?
Because Tor is the onion routing network. I kept telling people I was working on onion routing, and they said "Neat. Which one?" Even if onion routing has become a standard household term, this is the actual onion routing project, started out of the Naval Research Lab.
(Theories about recursive acronyms are ok too. It's also got a fine translation into German.)
Note: even though it comes from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized.
1.6. Is there a backdoor in Tor?
There is absolutely no backdoor in Tor. Nobody has asked us to put one in, and we know some smart lawyers who say that it's unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.
We think that putting a backdoor in Tor would be tremendously irresponsible to our users, and a bad precedent for security software in general. If we ever put a deliberate backdoor in our security software, it would ruin our professional reputations. Nobody would trust our software ever again---for excellent reason!
But that said, there are still plenty of subtle attacks people might try. Somebody might impersonate us, or break into our computers, or something like that. Tor is open source, and you should always check the source (or at least the diffs since the last release) for suspicious things. If we (or the distributors) don't give you source, that's a sure sign something funny might be going on. You should also check the GPG signatures on the releases, to make sure nobody messed with the distribution sites.
Also, there might be accidental bugs in Tor that could affect your anonymity. We don't know of such bugs right now. If we learn of any, we will let you know.
1.7. Can I distribute Tor on my magazine's CD?
Yes.
Tor is free software. This means we give you the rights to redistribute Tor, either modified or unmodified, either for a fee or gratis. You don't have to ask us for specific permission; just do it!
However, if you want to redistribute Tor you must follow our LICENSE. Essentially this means that you need to include our LICENSE file along with whatever part of Tor you're distributing.
Most people who ask us this question don't want to distribute just Tor, though. They want to distribute the Tor bundles, which typically include Privoxy and Vidalia. You will need to follow the licenses for those programs as well. Both of them are distributed under the GNU General Public License. The simplest way to obey their licenses is to include the source code for these programs everywhere you include the bundles themselves. Look for "source" packages on the Vidalia download page and the Privoxy download page.
There is also something else you should consider. We release new versions of Tor frequently, and sometimes we make backward incompatible changes. So if you distribute a particular version of Tor, it may not be supported -- or even work -- six months later. This is a fact of life for all security software under heavy development.
1.8. How can I get an answer to my Tor support mail?
Many people send the Tor developers mail privately, or send mail to our internal aliases like tor-webmaster, with questions about their specific setup -- they can't get their firewall working right, they can't configure Privoxy correctly, or so on. Sometimes our volunteers can answer these mails, but typically they need to spend most of their time on development tasks that will benefit more people. This is especially true if your question is already covered in the documentation or on this FAQ. We don't hate you; we're just busy.
So if we don't answer your mail, first check the documentation (including this FAQ) to make sure your question isn't answered there. Then read "How to ask questions the smart way". If this doesn't help you, note that we have an IRC channel where you can ask your questions (but if they are still open-ended, ill-formed, or not about Tor, you likely won't get much help there either). Lastly, people on the or-talk mailing list may be able to provide some hints for you, if others have experienced your problems too. Be sure to look over the archives first.
Another strategy is to run a Tor server for a while, and/or donate money to the effort. We're more likely to pay attention to people who have demonstrated interest and commitment to giving back to the Tor community.
If you find an answer, please stick around on the IRC channel or the mailing list and answer questions from others.
1.9. Why is Tor so slow?
There are many reasons why the Tor network is currently slow.
Before we answer, though, you should realize that Tor is never going to be blazing fast. Your traffic is bouncing through volunteers' computers in various parts of the world, and some bottlenecks and network latency will always be present. You shouldn't expect to see university-style bandwidth through Tor.
But that doesn't mean that it can't be improved. The current Tor network is quite small compared to the number of people trying to use it, and many of these users don't understand or care that Tor can't currently handle file-sharing traffic load.
What can you do to help?
- Configure your Tor to relay traffic for others. Help make the Tor network large enough that we can handle all the users who want privacy and security on the Internet.
- Help us make Tor more usable. We especially need people to help make it easier to configure your Tor as a server. Also, we need help with clear simple documentation to walk people through setting it up.
There are some bottlenecks in the current Tor network. Help us design experiments to track down and demonstrate where the problems are, and then we can focus better on fixing them.
There are some steps that individuals can take to improve their Tor performance. You can configure your Firefox to handle Tor better,
you can experiment with using Polipo with Tor, or you can try upgrading to the latest version of Tor. If this works well, please help by documenting what you did, and letting us know about it. Tor needs some architectural changes too. One important change is to start providing better service to people who relay traffic. We're working on this, and we'll finish faster if we get to spend more time on it.
Help do other things so we can do the hard stuff. Please take a moment to figure out what your skills and interests are, and then
look at our volunteer page. Help find sponsors for Tor. Do you work at a company or government agency that uses Tor or has a use for Internet privacy, e.g. to browse the competition's websites discreetly, or to connect back to the home servers when on the road without revealing affiliations? If your organization has an interest in keeping the Tor network working, please contact them about supporting Tor. Without sponsors, Tor is going to become even slower.
If you can't help out with any of the above, you can still help out individually by
donating a bit of money to the cause. It adds up!
1.10. What would the Tor project do with more funding?
We have about 800 servers right now, pushing over 90 MB/s average traffic. We have several hundred thousand active users. But the Tor network is not yet self-sustaining.
There are six main development/maintenance pushes that need attention:
Scalability: We need to keep scaling and decentralizing the Tor architecture so it can handle thousands of servers and millions of users. The upcoming stable release is a major improvement, but there's lots more to be done next in terms of keeping Tor fast and stable.
User support: With this many users, a lot of people are asking questions all the time, offering to help out with things, and so on. We need good clean docs, and we need to spend some effort coordinating volunteers.
Server support: the Tor network is run by volunteers, but they still need attention with prompt bug fixes, explanations when things go wrong, reminders to upgrade, and so on. The network itself is a commons, and somebody needs to spend some energy making sure the server operators stay happy. We also need to work on stability on some platforms -- e.g., Tor servers have problems on Win XP currently.
Usability: Beyond documentation, we also need to work on usability of the software itself. This includes installers, clean GUIs, easy configuration to interface with other applications, and generally automating all of the difficult and confusing steps inside Tor. We've got a start on this with the
GUI Contest, but much more work remains -- usability for privacy software has never been easy. Incentives: We need to work on ways to encourage people to configure their Tors as relays and exit nodes rather than just clients. We need to make it easy to become a server, and we need to give people incentives to do it.
Research: The anonymous communications field is full of surprises and gotchas. In our copious free time, we also help run top anonymity and privacy conferences like
PET. We've identified a set of critical Tor research questions that will help us figure out how to make Tor secure against the variety of attacks out there. Of course, there are more research questions waiting behind these.
We're continuing to move forward on all of these, but at this rate the Tor network is growing faster than the developers can keep up. Now would be an excellent time to add a few more developers to the effort so we can continue to grow the network.
We are also excited about tackling related problems, such as censorship-resistance.
We are proud to have sponsorship and support from the Omidyar Network, the International Broadcasting Bureau, Bell Canada, the Electronic Frontier Foundation, several government agencies and research groups, and hundreds of private contributors.
However, this support is not enough to keep Tor abreast of changes in the Internet privacy landscape. Please donate to the project, or contact our executive director for information on making grants or major donations.
Please let us know if you can help.
2. Compilation and Installation
2.1. How do I uninstall Tor?
This depends entirely on how you installed it. If you installed a package, then hopefully your package has a way to uninstall itself.
For Mac OS X, follow the uninstall directions.
If you installed by source, I'm afraid there is no easy uninstall method. But on the bright side, by default it only installs into /usr/local/ and it should be pretty easy to notice things there.
2.2. What are these ".asc" signature files in the dist/ directory?
These are PGP signatures, so you can verify that the file you've downloaded is exactly the one that we intended you to get.
Please read the TheOnionRouter/VerifyingSignatures page for details.
2.3. How do I compile Tor under Windows?
Try following the steps at http://tor.eff.org/svn/trunk/doc/tor-win32-mingw-creation.txt.
You can also try following the (somewhat outdated) instructions at https://tor.addicts.nl/windows/.
2.4. Why does my Tor executable appear to have a virus or spyware?
Sometimes, overzealous Windows virus and spyware detectors trigger on some parts of the Tor Windows binary. Our best guess is that these are false positives --- after all, the anti-virus and anti-spyware business is just a guessing game anyway. You should contact your vendor and explain that you have a program that seems to be triggering false positives. Or pick a better vendor.
In the meantime, we encourage you to not just take our word for it. Our job is to provide the source; please do recompile it yourself.
2.5. Is there a LiveCD or other bundle that includes Tor?
There isn't any official LiveCD at this point. We're still trying to find good solutions and trying to understand the security and anonymity implications of the various options. In the mean time, feel free to check out the list below and use your best judgement:
Maintained:
- JanusVM is a Linux kernel and software running in VMWare that sits between your Windows computer and the Internet, making sure that your Internet traffic is scrubbed and anonymized.
TorPark is a Firefox+Tor package for Win32 that can installed on a USB key. It needs a host Win32 operating system. More information at
http://torpark.nfshost.com/. [add yours here!]
Not currently maintained as far as we know:
- Privacy KNOPPIX was a Linux LiveCD that included Tor, Privoxy, Firefox, etc. It got clobbered by a hard disk crash, but promises to return soon due to popular demand.
ELE is a Linux LiveCD which is focused on privacy related software. It includes Tor and you can download it at
http://www.northernsecurity.net/download/ele/. Virtual Privacy Machine is a Linux LiveCD that includes Firefox, Privoxy, Tor, some IRC and IM applications, and a set of ipchains rules aimed to prevent non-Tor traffic from accidentally leaving your computer. More information at
http://wiki.noreply.org/noreply/VirtualPrivacyMachine. Anonym.OS is a LiveCD similar to the above but is based on OpenBSD rather than Linux for maximum security. It was designed to be anonymous and secure from the ground up, and thus has some features and limitations not found in other LiveCDs (Tor related or otherwise). You can obtain more information and download Anonym.OS from
Kaos.Theory. Phantomix is a LiveCD for anonymous surfing and chatting based on the most recent KNOPPIX release. It comes preconfigured with tor and privoxy. You can get it from the
Phantomix Website.
3. Running Tor
3.1. I'm supposed to "edit my torrc". What does that mean?
Tor installs a text file called torrc that contains configuration instructions for how your Tor program should behave.
The location of your torrc file depends on the way you installed Tor.
On Windows, you can find it in the Start menu under Programs -> Tor, or you can find it by hand in either \Application Data\tor\torrc or \username\Application Data\tor\torrc
On OS X, open your favorite text editor and load /Library/Tor/torrc
On Unix, if you installed a pre-built package, look for /etc/torrc or /etc/tor/torrc or consult your package's documentation.
Finally, if you installed from source, you may not have a torrc installed yet: look in /usr/local/etc/ and note that you may need to manually copy torrc.sample to torrc
The default torrc file should work fine for most Tor users. You will need to edit it if you want to start relaying traffic for others (that is, become a Tor server). For other configuration options you can use, look at the Tor man page.
Once you've changed your torrc, you will need to restart Tor for the changes to take effect. (For advanced users on OS X and Unix, note that you actually only need to send Tor a HUP signal, not actually restart it.)
Remember, all lines beginning with # in torrc are treated as comments and have no effect on Tor's configuration.
3.2. How do I set up logging, or see Tor's logs?
If you installed a Tor bundle with Vidalia, then Vidalia has a window called "Message Log" that will show you Tor's log messages. You can click on "Settings" to see more details, or to save the messages to a file also. You're all set.
If you're not using Vidalia, you'll have to go find the log files by hand as described below.
By default, Tor logs to "standard out" (also knows as "stdout") at log-level notice. However, some Tor packages (notably the ones for OS X, Debian, Red Hat, etc) change the default logging so it logs to a file, and then Tor runs in the background.
If you're using a pre-packaged Tor, here are some likely places for your logs to go by default:
On Windows, there are no default log files currently. If you configure logging to a file in your torrc, they will show up in \username\Application Data\tor\log\ or \Application Data\tor\log\
On OS X, Debian, Red Hat, etc, the logs are in /var/log/tor/
If you compiled Tor from source, your logs will go to /usr/local/var/log/tor/, but only if you enable them in the torrc file.
If you want to change your logging setup, open your torrc in an editor.
Find the section (near the top of the file) which contains the following line:
##Logs go to stdout at level "notice" unless redirected by something else, like one of the below lines.
Now, assuming you want Tor to send complete debug, info, notice, warn, and err level messages to a file, append the following line to the end of the section:
Log debug file c:/program files/tor/debug.log
Replace "c:/program files/tor/debug.log" with a directory/filename for your Tor log.
If you also want Tor to output to stdout, append the following line to the section as well:
Log notice stdout
3.3. What log level should I use?
There are five log levels (also called "log severities") you might see in Tor's logs:
"err": something bad just happened, and we can't recover. Tor will exit.
"warn": something bad happened, but we're still running. The bad thing might be a bug in the code, some other Tor process doing something unexpected, etc. The operator should examine the message and try to correct the problem.
"notice": something the operator will want to know about.
"info": something happened (maybe bad, maybe ok), but there's nothing you need to (or can) do about it.
"debug": for everything louder than info. It is quite loud indeed.
Alas, some of the warn messages are hard for ordinary users to correct -- the developers are slowly making progress at making Tor automatically react correctly for each situation.
We recommend running at the default, which is "notice". You will hear about important things, and you won't hear about unimportant things.
Tor servers in particular should avoid logging at info or debug in normal operation, since they might end up recording sensitive information in their logs.
3.4. Do I have to open all these outbound ports on my firewall?
Tor may attempt to connect to any port that is advertised in the directory as an ORPort (for making Tor connections) or a DirPort (for fetching updates to the directory).
There are a variety of these ports, but many of them are running on 80, 443, 9001, and 9030.
So as a client, you could probably get away with opening only those four ports. Since Tor does all its connections in the background, it will retry ones that fail, and hopefully you'll never have to know that it failed, as long as it finds a working one often enough. However, to get the most diversity in your entry nodes -- and thus the most security -- as well as the most robustness in your connectivity, you'll want to let it connect to all of them.
If you really need to connect to only a small set of ports, see the FAQ entry on firewalled ports.
Note that if you're running as a Tor server, you must allow outgoing connections to every other server, and to anywhere your exit policy advertises that you allow. The cleanest way to do that is to simply allow all outgoing connections at your firewall. If you don't, clients will try to use these connections and things won't work.
3.5. My Tor keeps crashing.
We want to hear from you! There are supposed to be zero crash bugs in Tor. This FAQ entry describes the best way for you to be helpful to us. But even if you can't work out all the details, we still want to hear about it, so we can help you track it down.
First, make sure you're using the latest version of Tor (either the latest stable or the latest development version).
Second, make sure your version of libevent is new enough. We recommend at least libevent 1.1b.
Third, see if there's already an entry for your bug in the Tor bugtracker. If so, check if there are any new details that you can add.
Fourth, is the crash repeatable? Can you cause the crash? Can you isolate some of the circumstances or config options that make it happen? How quickly or often does the bug show up? Can you check if it happens with other versions of Tor, for example the latest stable release?
Fifth, what sort of crash do you get?
Does your Tor log include an "assert failure"? If so, please tell us that line, since it helps us figure out what's going on. Tell us the previous couple of log messages as well, especially if they seem important.
If it says "Segmentation fault - core dumped" then you need to do a bit more to track it down. Look for a file like "core" or "tor.core" or "core.12345" in your current directory, or in your Data Directory. If it's there, run "gdb tor core" and then "bt", and include the output. If you can't find a core, run "ulimit -c unlimited", restart Tor, and try to make it crash again. (This core thing will only work on Unix -- alas, tracking down bugs on Windows is harder. If you're on Windows, can you get somebody to duplicate your bug on Unix?)
If Tor simply vanishes mysteriously, it probably is a segmentation fault but you're running Tor in the background (as a daemon) so you won't notice. Go look at the end of your log file, and look for a core file as above. If you don't find any good hints, you should consider running Tor in the foreground (from a shell) so you can see how it dies. Warning: if you switch to running Tor in the foreground, you might start using a different torrc file, with a different default Data Directory; see the server-upgrade FAQ entry for details.
If it's still vanishing mysteriously, perhaps something else is killing it? Do you have resource limits (ulimits) configured that kill off processes sometimes? (This is especially common on OpenBSD.) On Linux, try running "dmesg" to see if the out-of-memory killer removed your process. (Tor will exit cleanly if it notices that it's run out of memory, but in some cases it might not have time to notice.) In very rare circumstances, hardware problems could also be the culprit.
Sixth, if the above ideas don't point out the bug, consider increasing your log level to "loglevel debug". You can look at the log-configuration FAQ entry for instructions on what to put in your torrc file. If it usually takes a long time for the crash to show up, you will want to reserve a whole lot of disk space for the debug log. Alternatively, you could just send debug-level logs to the screen (it's called "stdout" in the torrc), and then when it crashes you'll see the last couple of log lines it had printed. (Note that running with verbose logging like this will slow Tor down considerably, and note also that it's generally not a good idea security-wise to keep logs like this sitting around.)
4. Running a Tor client
4.1. I installed Tor and Privoxy but it's not working.
Are you sure Tor and Privoxy are both running? If you're using Vidalia, you may have to click on the onion and select "Start" to launch Tor.
Did you configure your web browser to http proxy to port 8118? Most people should do this simply by installing Torbutton and making sure it says "Tor enabled" at the bottom.
Check your Tor logs. Do they give you any hints about what's going wrong?
Check your system clock. If it's more than a few hours off, Tor will refuse to build circuits. For XP users, synchronize your clock under the clock -> Internet time tab. In addition, correct the day and date under the 'Date & Time' Tab.
Is your Internet connection firewalled, or do you normally need to use a proxy? Are you running programs like Norton Internet Security that block certain connections, even though you don't realize they do?
If you installed Privoxy yourself (not from a bundle), did you edit the Privoxy config file as described? Did you remember to put the "." at the end of the Privoxy config line? Did you accidentally comment the config line out? Did you restart Privoxy after this change?
For Red Hat Linux and related systems, do you have SELinux enabled? If so, it might be preventing Privoxy from talking to Tor. We also run across BSD users periodically who have local firewall rules that prevent some connections to localhost.
When it's working, Tor should report that it 'has successfully opened a circuit. Looks like client functionality is working.'
4.2. How can I tell if Tor is working, and that my connections really are anonymized? Are there external servers that will test my connection?
Once you've set up your browser to point to Privoxy, and (if necessary) your Privoxy to point to Tor, there are a few sites you can visit that will tell you if you appear to be coming through the Tor network. Try the NightEffect Tor Network Status site or the Xenobite Tor Node Status site and see whether they think you are using Tor or not.
If those sites are down, you can still test, but it will involve more effort: http://ipid.shat.net and http://www.showmyip.com/ will tell you what your IP address appears to be, but you'll need to know your current IP address so you can compare and decide whether you're using Tor correctly.
To learn your IP address on OS X, Linux, BSD, etc, run "ifconfig". On Windows, go to the Start menu, click Run and enter "cmd". At the command prompt, enter "ipconfig /a".
If you are behind a NAT or firewall, though, your IP address will show up as something like 192.168.1.1 or 10.10.10.10, and this isn't your public IP address. In this case, you should 1) configure your browser to connect directly (that is, stop using Privoxy), 2) check your IP address with one of the sites above, 3) point your browser back to Privoxy, and 4) see whether your IP address has changed.
4.3. How do I use my browser for ftp with Tor?
Unfortunately, Privoxy only proxies http and https. This means you can't use Privoxy to handle ftp traffic. Worse, if you don't specify any proxy for your ftp traffic, then your browser will connect directly to the ftp site. So a web page can use an IMG link to an ftp site in order to trick you into revealing your real location!
Therefore, we recommend that you configure your browser to send all protocols to Privoxy. This means that ftp connections will fail, but at least they won't be dangerous.
Internet Explorer users beware - there is a known bug that causes Explorer to directly send FTP requests without going through the specified proxy. It is documented in this Microsoft article. Make sure you disable Folder View in Internet Explorer if using Tor with Privoxy, or you might get a false sense of security.
If you want a separate application for an ftp client, we've heard good things about FileZilla for Windows. You can configure it to point to Tor as a "socks4a" proxy on "localhost" port "9050".
One thing you can try is copy the FTP URL, paste it into your browser's address bar, and manually change " ftp://" to " http://" in it.
4.4. Does Tor remove personal information from the data my application sends?
No, it doesn't. You need to use a separate program that understands your application and protocol and knows how to clean or "scrub" the data it sends. Privoxy is an example of this for web browsing. But note that even Privoxy won't protect you completely: you may still fall victim to viruses, Java Script attacks, etc; and Privoxy can't do anything about text that you type into forms. Be careful and be smart.
4.5. I want to run my Tor client on a different computer than my applications.
By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers than the Tor client, you should edit your torrc to define SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP. (For a complete example of this, see Tor through SSH tunnel using a web browser on Debian to connect to a Tor client running on OpenBSD. The data is transferred between the computers using an SSH tunnel.)
If you're using Firefox and the Torbutton plugin, you'll find that Torbutton only works if Tor is running locally. For a more flexible plugin, see the Tor SwitchProxy howto.
4.6. How often does Tor change its paths?
Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)
But note that a single TCP stream (e.g. a long IRC connection) will stay on the same circuit forever -- we don't rotate individual streams from one circuit to the next. Otherwise an adversary with a partial view of the network would be given many chances over time to link you to your destination, rather than just one chance.
4.7. Why does netstat show these outbound connections?
Because that's how Tor works. It holds open a handful of connections so there will be one available when you need one.
4.8. Tor uses hundreds of bytes for every IRC line. I can't afford that!
Tor sends data in chunks of 512 bytes (called "cells"), to make it harder for intermediaries to guess exactly how many bytes you're communicating at each step. This is unlikely to change in the near future -- if this increased bandwidth use is prohibitive for you, I'm afraid Tor is not useful for you right now.
We have been considering one day adding two classes of cells -- maybe a 64 byte cell and a 1024 byte cell. This would allow less overhead for interactive streams while still allowing good throughput for bulk streams. But since we want to do a lot of work on quality-of-service and better queuing approaches first, you shouldn't expect this change anytime soon (if ever).
4.9. Can I control what nodes I use for entry/exit?
Yes. You can set preferred entry and exit nodes as well as inform Tor which nodes you do not want to use. The following options can be added to your config file "torrc" or specified on the command line:
entrynodes nickname,nickname,...
A list of preferred nodes to use for the first hop in the circuit, if possible.
exitnodes nickname,nickname,...
A list of preferred nodes to use for the last hop in the circuit, if possible.
excludenodes nickname,nickname,...
A list of nodes to never use when building a circuit.
We don't actually recommend you use these for normal use -- you get the best security that Tor can provide when you leave the route selection to Tor.
The entrynodes and exitnodes config options are treated as a request, meaning if the nodes are down or seem slow, Tor will still avoid them. You can make the option mandatory by setting StrictExitNodes 1 or StrictEntryNodes 1 -- but if you do, your Tor connections will stop working if all of the nodes you have specified become unreachable. See the exit node list on serifos for some nicknames you might pick.
If you want to choose the exit node for a specific request, you can give the hostname as hostname.nickname.exit (eg. http://cnn.com.myfavoritetornode.exit). This will work fine if you're using Privoxy. You can also install Blossom, which is a client-side Tor controller that lets you specify what country you want to exit from when accessing a given resource.
If you want to access a service directly through Tor's SOCKS interface (eg. using ssh via connect.c), another option is to set up an internal mapping in your configuration file using MapAddress. See the manual page for details.
4.10. Google tells me I have spyware installed.
This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware. Instead, Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It then notes the IP addresses from which those queries are received. Finally, Google tries to warn the users of those IP addresses that it received queries indicating an infection.
When you use Tor, you are sending queries through exit nodes that are also shared by thousands of other users. If some of those users are infected with software that Google detects, Google may mistakenly conclude that the exit nodes themselves are infected (because the requests appeared to originate from the exit nodes) and, for a limited period of time, will try (incorrectly) to warn all Google users who share an exit node with an infected machine that they are themselves infected.
You may also get this sort of message when lots of Tor users are querying Google in a short period of time. Google interprets the high volume of traffic as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.
To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.
If we think of a measure that would prevent users from seeing this sort of spurious warning message, we will certainly suggest it to Google and to other web site developers. There may also be technical workarounds for Tor end-users affected by this problem; if you find a useful workaround and write up a description of it, please let us know.
4.11. Why does Google show up in foreign languages?
Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.
If you really want to see Google in English you can click the link that provides that. But we consider this a feature with Tor, not a bug --- the Internet is not flat, and it in fact does look different depending on where you are. This feature reminds people of this fact.
Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. On a query this looks like: http://google.com/search?q=...&hl=en&..
In Firefox you can search for the google.src file and add the line <input name="hl" value="en"> to it. Then restart Firefox and it will automatically add the "hl=en" name/value pair to all queries made from the search bar so you will get English results regardless of which Google server you have been sent to. Note that this file is actually 'hidden' as part of the application container on Macs. To get to this file on a Mac you have to right click on the Firefox application icon and select "Show Package Contents" then navigate to Contents/MacOS/searchplugins.
Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on. You can also set your language by first selecting it in Language Tools section, search for something simple. Then extract the language from the URL. In this example, we'll choose Hebrew: http://www.google.com/search?lr=lang_iw. Next, use that string in the url: http://google.com/intl/iw/. This can obviously be set as your homepage or bookmarked if necessary.
4.12. How do I access Tor hidden services?
Tor hidden services are named with a special top-level domain (TLD) name in DNS: .onion. Since the .onion TLD is not recognized by the official root DNS servers on the Internet, your application will not get the response it needs to locate the service. Currently, the Tor directory server provides this look-up service; and thus the look-up request must get to the Tor network.
Therefore, your application needs to pass the .onion hostname to Tor directly. You can't try to resolve it to an IP address, since there is no corresponding IP address: the server is hidden, after all!
So, how do you make your application pass the hostname directly to Tor? You can't use SOCKS 4, since SOCKS 4 proxies require an IP from the client (a web browser is an example of a SOCKS client). Even though SOCKS 5 can accept either an IP or a hostname, most applications supporting SOCKS 5 try to resolve the name before passing it to the SOCKS proxy. SOCKS 4a, however, always accepts a hostname: You'll need to use SOCKS 4a.
Some applications, such as the browsers Mozilla Firefox and Apple's Safari, support sending DNS queries to Tor's SOCKS 5 proxy. Most web browsers don't support SOCKS 4a very well, though. The workaround is to point your web browser at an HTTP proxy, and tell the HTTP proxy to speak to Tor with SOCKS 4a. We recommend Privoxy as your HTTP proxy.
For applications that do not support HTTP proxy, and so cannot use Privoxy, FreeCap is an alternative. When using FreeCap set proxy protocol to SOCKS 5 and under settings set DNS name resolving to remote. This will allow you to use almost any program with Tor without leaking DNS lookups and allow those same programs to access hidden services.
See also the question on DNS.
4.13. My Internet connection requires an HTTP proxy.
Check out the HttpProxy and HttpsProxy config options in the man page. You will need an http proxy for doing GET requests to fetch the Tor directory, and you will need an https proxy for doing CONNECT requests to get to Tor servers. (It's fine if they're the same proxy.)
Also check out HttpProxyAuthenticator and HttpsProxyAuthenticator if your proxy requires auth. We only support basic auth currently, but if you need NTLM authentication, check out this post in the archives.
If your proxies only allow you to connect to certain ports, look at the entry below on Firewalled clients for how to restrict what ports your Tor will try to access.
4.14. My firewall only allows a few outgoing ports.
If your firewall works by blocking ports, then you can tell Tor to only use the ports that your firewall permits by adding "FascistFirewall 1" to your torrc configuration file.
By default, when you set this Tor assumes that your firewall allows only port 80 and port 443 (HTTP and HTTPS respectively). You can select a different set of ports with the FirewallPorts option.
As of Tor 0.1.1.14-alpha, we've replaced FascistFirewall and FirewallPorts with new config options:
ReachableDirAddresses *:80 ReachableORAddresses *:443
4.15. Is there a list of default exit ports?
The default open ports are listed below but keep in mind that, any port or ports can be opened by the server operator by configuring it in torrc or modifying the source code. But the default according to tor.1.in from the source code release tor-0.1.0.8-rc is:
|
reject 0.0.0.0/8 |
//Reject non-routable IP's requests |
|
reject 169.254.0.0/16 |
//Reject non-routable IP's requests |
|
reject 127.0.0.0/8 |
//Reject non-routable IP's requests |
|
reject 192.168.0.0/16 |
//Reject non-routable IP's requests |
|
reject 10.0.0.0/8 |
//Reject non-routable IP's requests |
|
reject 172.16.0.0/12 |
//Reject non-routable IP's requests |
|
reject *:25 |
//Reject SMTP for anti-spam purposes |
|
reject *:119 |
//Reject NNTP (News Network Transfer Protocol) |
|
reject *:135-139 |
//Reject NetBIOS (File sharing for older versions of windows) |
|
reject *:445 |
//Reject Microsoft-DS (a.k.a NetBIOS for newer NT versions) |
|
reject *:1214 |
//Reject Kazaa |
|
reject *:4661-4666 |
//Reject eDonkey network |
|
reject *:6346-6429 |
//Reject Gnutella networks |
|
reject *:6699 |
//Reject Napster |
|
reject *:6881-6999 |
//Reject (Dark Star) deltasource & Bittorent network |
|
accept *:*" |
//Accept the rest of 65535 possible ports |
Thanks to http://www.seifried.org for port references.
4.16. What should I do if I can't use an http proxy with my application?
On Unix, you might try tsocks, but it doesn't seem to work so well on FreeBSD, we'd be happy to hear about alternatives; You might also try socat. It might not be as seamless as tsocks, but it's worked where the former hasn't. There is also proxychains, but I can't get it to play nicely with Tor at the moment.
For FreeBSD and OpenBSD, you can try dante instead of tsocks. Both have a port and package for dante. Instead of running torify irssi you would run socksify irssi after properly setting up dante. See Tor chrooted in OpenBSD for an example dante configuration that works with Tor.
On windows, look at sockscap, or maybe freecap if you prefer free software.
4.17. I keep seeing these warnings about SOCKS and DNS and information leaks. Should I worry?
The warning is:
Your application (using socks5 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.
If you are running Tor to get anonymity, and you are worried about an attacker who is even slightly clever, then yes, you should worry. Here's why.
The Problem. When your applications connect to servers on the Internet, they need to resolve hostnames that you can read (like tor.eff.org) into IP addresses that the Internet can use (like 209.237.230.66). To do this, your application sends a request to a DNS server, telling it the hostname it wants to resolve. The DNS server replies by telling your application the IP address.
Clearly, this is a bad idea if you plan to connect to the remote host anonymously: when your application sends the request to the DNS server, the DNS server (and anybody else who might be watching) can see what hostname you are asking for. Even if your application then uses Tor to connect to the IP anonymously, it will be pretty obvious that the user making the anonymous connection is probably the same person who made the DNS request.
Where SOCKS comes in. Your application uses the SOCKS protocol to connect to your local Tor client. There are 3 versions of SOCKS you are likely to run into: SOCKS 4 (which only uses IP addresses), SOCKS 5 (which usually uses IP addresses in practice), and SOCKS 4a (which uses hostnames).
When your application uses SOCKS 4 or SOCKS 5 to give Tor an IP address, Tor guesses that it 'probably' got the IP address non-anonymously from a DNS server. That's why it gives you a warning message: you probably aren't as anonymous as you think.
So what can I do? We describe a few solutions below.
If your application speaks SOCKS 4a, use it.
For HTTP (web browsing), either configure your browser to perform remote DNS lookups (see the Torify HOWTO how to do this for some versions of Firefox) or use a socks4a-capable HTTP proxy, such as Privoxy. See the Tor documentation for more information. For instant messaging or IRC, use Gaim or XChat. For other programs, consider using freecap (on Win32) or dsocks (on BSD).
If you only need one or two hosts, or you are good at programming, you may be able to get a socks-based port-forwarder like socat to work for you; see the Torify HOWTO for examples.
Tor ships with a program called tor-resolve that can use the Tor network to look up hostnames remotely; if you resolve hostnames to IPs with tor-resolve, then pass the IPs to your applications, you'll be fine. (Tor will still give the warning, but now you know what it means.)
You can use TorDNS as a local DNS server to rectify the DNS leakage. TheOnionRouter/SupportPrograms
See the Torify HOWTO for info on how to run particular applications anonymously.
TODO: More detail on solutions. More windows/unix clarity. And, of course, somebody should write a good, working tsocks workalike that also intercepts gethostbyname. Look into whether dante can intercept gethostbyname.
4.18. I try to connect to https://example.com:1234/ through privoxy and it does not work.
By default privoxy only allows CONNECT (https) to the well known https port 443. If for some reason you try to access an https service on a non-standard port you will need to tell privoxy to allow that.
Edit the default.action file and look for the line that says
-limit-connect \
and replace it with something like this:
+limit-connect{1-} \
and then restart privoxy.
4.19. Do you provide Fat/Universal Binaries for OSX?
Yes. Currently 0.1.2.1-alpha is a universal binary. A universal binary is expected with the release of 0.1.1.24-stable.
5. Running a Tor server
5.1. How do I decide if I should run a server?
We're looking for people with reasonably reliable Internet connections, that have at least 20 kilobytes/s each way. If that's you, please consider helping out.
5.2. I'd run a server, but I don't want to deal with abuse issues.
Great. That's exactly why we implemented exit policies.
Each Tor server has an exit policy that specifies what sort of outbound connections he will allow from his server, and what sort he will refuse. The exit policies are propagated to the client in the directory, so clients will avoid picking exit nodes that would refuse to exit to their intended destination.
By default, your server allows access to many popular services, but restricts some (such as port 25) due to abuse potential. You can edit your torrc to make your exit policy more or less restrictive. If you want to avoid most if not all abuse potential, set it to "reject *:*". This setting forces a "non-exit" operation. Nobody exits through your node, only direct connections to other nodes will be established.
5.3. Do I get better anonymity if I run a server?
Yes, you do get better anonymity against some attacks.
The simplest example is an attacker who owns a small number of Tor servers. He will see a connection from you, but he won't be able to know whether the connection originated at your computer or was relayed from somebody else.
There are some cases where it doesn't seem to help: if an attacker can watch all of your incoming and outgoing traffic, then it's easy for him to learn which connections were relayed and which started at you. (In this case he still doesn't know your destinations unless he is watching them too, but you're no better off than if you were an ordinary client.)
There are also some downsides to running a Tor server. First, while we only have a few hundred servers, the fact that you're running one might signal to an attacker that you place a high value on your anonymity. Second, there are some more esoteric attacks that are not as well-understood or well-tested that involve making use of the knowledge that you're running a server -- for example, an attacker may be able to "observe" whether you're sending traffic even if he can't actually watch your network, by relaying traffic through your Tor server and noticing changes in traffic timing.
It is an open research question whether the benefits outweigh the risks. A lot of that depends on the attacks you are most worried about. For most users, we think it's a smart move.
5.4. Why doesn't my Windows (or other OS) Tor server run well?
Tor servers work best on Linux, FreeBSD 5.x+, OS X Tiger, and Windows Server 2003. We've also heard encouraging reports from Windows Vista users.
You can probably get it working just fine on other operating systems too, but note the following caveats:
Versions of Windows without the word "server" in their name sometimes have some problems. This is especially the case for Win98, but it also happens in some cases for XP. The bug is some resource limitation in non-server versions of Windows that we don't understand very well. The symptom is an assert error with the message "No buffer space available [WSAENOBUFS ] [10055]". If you encounter this, please let us know your system's configuration and Tor version, and help us fix it.
Most developers who contribute to Tor work with Unix like operating systems. Contribution from those with Win32 experience would be appreciated to help improve the usability of Tor in Windows.
FreeBSD 4.x, all versions of OpenBSD, and all versions of NetBSD have broken (or nonexistent) gethostbyname_r() implementations that cause Tor's threads to stomp on each other. So rather than threading on these platforms, we made Tor fork new processes. This means you need way more memory to run a Tor server, especially an exit server. If you want to run a Tor server, we recommend you upgrade to a better OS.
More esoteric or archaic operating systems, like SunOS 5.9 or Irix64, may have problems with some libevent methods (devpoll, etc), probably due to bugs in libevent. If you experience crashes, try setting the EVENT_NODEVPOLL or equivalent environment variable.
5.5. So I can just configure a nickname and ORPort and join the network?
Yes. As of Tor 0.1.0.2-rc, you can join the network and be a useful server without having to take any extra steps.
However, if you register your nickname and key fingerprint with us, nobody else can take your nickname. Otherwise somebody else could choose the same nickname as you, register their key fingerprint, and bump you off the network.
Also, if we know you're running a server, we can help you debug problems, let you know about new bugs early, and let you know if we notice a problem with your server.
See the server configuration instructions for details on how to register your server's nickname, key fingerprint, and contact information.
30 Seconds to a Tor Server:
Configure a Nickname:
Nickname ididnteditheconfig
Configure ORPort:
ORPort 9001
Configure ContactInfo:
ContactInfo human@example.com
Start Tor. Watch the log file for a log entry that states:
[notice] router_orport_found_reachable(): Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
5.6. I want to upgrade/move my server. How do I keep the same key?
When upgrading your Tor server, or running it on a different computer, the important part is to keep the same nickname (defined in your torrc file) and the same identity key (stored in "keys/secret_id_key" in your DataDirectory).
This means that if you're upgrading your Tor server and you keep the same torrc and the same DataDirectory, then the upgrade should just work and there will be no need to re-register your server. If you need to pick a new DataDirectory, be sure to copy your old keys/secret_id_key over.
5.7. How do I run my Tor server as an NT service?
You can run Tor as a service on all versions of Windows except Windows 95/98/ME. This way you can run a Tor server without needing to always have Vidalia running.
If you've already configured your Tor to be a server, please note that when you enable Tor as a service, it will use a different DataDirectory, and thus will generate a different key. So if you registered your Tor server and then service-ize it, the fingerprint you sent won't be valid anymore. See the Upgrading your Tor server FAQ entry for how to restore the old identity key.
To install Tor as a windows' service, just move your torrc file from "\Documents and Settings\user name\Application Data\Tor" to the same folder as your executable and run:
tor -install
A service called Tor Win32 Service will be installed and started. This service will also automatically start every time Windows boots, unless you change the Start-up type. An easy way to check the status of Tor, start or stop the service, and change the start-up type is by running services.msc and finding the Tor service in the list of currently installed services.
If you have Tor 0.1.0.12 or later, you can also start and stop the Tor service from the command line by typing:
tor -service start
or
tor -service stop
If you wish to remove the Tor service, you can simply run:
tor -remove
(Note: If you are running Tor as a service and you want to uninstall it, be sure and run the service removal command (shown just above) FIRST before running the uninstaller from add/remove programs. The uninstaller is currently not capable of removing the active service.)
5.8. Can I run a Tor server from my virtual server account?
Some ISPs are selling "vserver" accounts that provide what they call a virtual server -- you can't actually interact with the hardware, and they can artificially limit certain resources such as the number of file descriptors you can open at once. Competent vserver admins are able to configure your server to not hit these limits. For example, in SWSoft's Virtuozzo, investigate /proc/user_beancounters. Look for "failcnt" in tcpsndbuf, tcprecvbuf, numothersock, and othersockbuf. Ask for these to be increased accordingly. Some users have seen settings work well as follows:
|
resource |
held |
maxheld |
barrier |
limit |
failcnt |
|
tcpsndbuf |
46620 |
48840 |
3440640 |
5406720 |
0 |
|
tcprcvbuf |
0 |
2220 |
3440640 |
5406720 |
0 |
|
othersockbuf |
243516 |
260072 |
2252160 |
4194304 |
0 |
|
numothersock |
151 |
153 |
720 |
720 |
0 |
Xen and VMWare virtual servers have no such limits normally.
Unfortunately, since Tor currently requires you to be able to connect to all the other Tor servers, we need you to be able to use at least 1024 file descriptors. This means we can't make use of Tor servers that are crippled in this way.
We hope to fix this in the future, once we know how to build a Tor network with restricted topologies -- that is, where each node connects to only a few other nodes. But this is still a long way off.
5.9. I want to run more than one server.
Great. If you want to run several servers to donate more to the network, we're happy with that. But please don't run more than a few dozen on the same network, since part of the goal of the Tor network is dispersal and diversity.
If you do decide to run more than one server, please set the "MyFamily" config option in the torrc of each server, listing all the servers (comma-separated) that are under your control:
MyFamily $fingerprint1,$fingerprint2,$fingerprint3
where each fingerprint is the 40 character identity fingerprint (without spaces). You can also list them by nickname, but fingerprint is safer. Be sure to prefix the digest strings with a dollar sign, '$', so that the digest is not confused with a nickname in the config file.
That way clients will know to avoid using more than one of your servers in a single circuit. You should set MyFamily if you have administrative control of the computers or of their network.
For now, you should also consider setting MyFamily even if the computers are run by different people but share the same network --- we have a patch in the 0.1.2.x version of Tor to automatically avoid using servers on the same /16 network in a single circuit, but most people aren't running the new version yet.
5.10. My server is picking the wrong IP address.
Tor guesses its IP address by asking the computer for its hostname, and then resolving that hostname. Often people have old entries in their /etc/hosts file that point to old IP addresses.
If that doesn't fix it, you should use the "Address" config option to specify the IP you want it to pick. If your computer is behind a NAT and it only has an internal IP address, see the following FAQ entry on dynamic IP addresses.
Also, if you have many addresses, you might also want to set "OutboundBindAddress" so external connections come from the IP you intend to present to the world.
5.11. I don't have a static IP.
Tor can handle servers with dynamic IPs just fine, as long as the server itself knows its IP. So if your ISP changes your IP address periodically but your computer is directly connected to it (that is, your computer learns the new external IP address each time), you're all set.
If your computer is behind a NAT -- that is, it has an internal IP address like 192.168.1.1 -- then you will need to sign up for a no-ip.com or dyndns.com account to get a free hostname for your computer. You run the no-ip or dyndns client locally, and it periodically connects to the no-ip or dyndns servers to inform them about your new IP address. Those servers take care of making your hostname resolve to the correct IP address.
Add your hostname to the Address line in Tor's configuration file, and then Tor will periodically resolve it to see if your IP address has changed.
Address torserver.no-ip.com
5.12. I'm behind a NAT/Firewall
If your server is running on a internal net you need to setup port forwarding. Forwarding TCP connections is system dependent but the firewalled-clients FAQ entry offers some examples on how to do this.
5.13. My cable modem keeps crashing. What's going on?
Tor servers hold many connections open at once. This is more intensive use than your cable modem (or other home router) would ever get normally. So if there are any bugs or instabilities, they might show up now.
If your router/etc keeps crashing, you've got two options. First, you should try to upgrade its firmware. If you need tips on how to do this, ask Google or your cable / router provider, or try the Tor IRC channel.
Usually the firmware upgrade will fix it. If it doesn't, you will probably want to get a new (better) router.
5.14. Why do I get portscanned more often when I run a Tor server?
If you allow exit connections, some services that people connect to from your server will connect back to collect more information about you. For example, some IRC servers connect back to your identd port to record which user made the connection. (This doesn't really work for them, because Tor doesn't know this information, but they try anyway.) Also, users exiting from you might attract the attention of other users on the IRC server, website, etc. who want to know more about the host they're relaying through.
Another reason is that groups who scan for open proxies on the Internet have learned that sometimes Tor servers expose their socks port to the world. We recommend that you bind your socksport to local networks only.
In any case, you need to keep up to date with your security. See this article on operational security for Tor servers for more suggestions.
5.15. I have more than one CPU. Does this help?
Yes. You can set your NumCpus config option in torrc to the number of CPUs you have, and Tor will spawn this many cpuworkers to deal with public key operations in parallel.
This option has no effect for clients.
5.16. Why is my Tor server using so much memory?
There are three reasons for this.
The first is that Tor uses threads, so many of the measurements (such as the output of top or ps) are inaccurate: they add up all the library memory used by each thread, so the total "virtual" memory size will be much larger than the actual amount of ram Tor is using. So this isn't actually a problem -- looking at the "resident" memory size instead should be much more accurate (unless you're swapping a lot). (Note that on OpenBSD, NetBSD, and old FreeBSD, Tor uses a separate process for each thread, since threading is broken on these platforms, so in these cases it actually *is* using this much memory!)
The second reason is that Tor servers really do use quite a bit of memory. Each connection that you hold open has a pair of memory buffers that it uses for reading and writing from the network, and when many connections are active at once, these buffers might grow quite large. We used to have them shrink again immediately once they weren't full, but we found that was using too much CPU -- so now they stick around for a short amount of time in case we need to use them again soon after. It is not unusual for a fast exit server to use several hundred megabytes of memory.
The third reason is that we may have some bugs somewhere. They fall into the categories of "things we keep around in memory that are big and we should probably get rid of", and "actual memory leaks". We're working on these, but we'd love some help. We believe the stable releases are pretty good about this.
5.17. What bandwidth shaping options are available to Tor servers?
There are two options you can add to your torrc file:
BandwidthRate is the maximum long-term bandwidth allowed (bytes per second). For example, you might want to choose "BandwidthRate 2 MB" for 2 megabytes per second (a fast connection), or "BandwidthRate 50 KB" for 50 kilobytes per second (a medium-speed cable connection). The minimum BandwidthRate is 20 kilobytes per second.
BandwidthBurst is a pool of bytes used to fulfill requests during short periods of traffic above BandwidthRate but still keeps the average over a long period to BandwidthRate. A low Rate but a high Burst enforces a long-term average while still allowing more traffic during peak times if the average hasn't been reached lately. For example, if you choose "BandwidthBurst 50 KB" and also use that for your BandwidthRate, then you will never use more than 50 kilobytes per second; but if you choose a higher BandwidthBurst (like 1 MB), it will allow more bytes through until the pool is empty.
If you have an asymmetric connection (upload less than download) such as a cable modem, you should set BandwidthRate to less than your smaller bandwidth (Usually that's the upload bandwidth). (Otherwise, you could drop many packets during periods of maximum bandwidth usage -- you may need to experiment with which values make your connection comfortable.) Then set BandwidthBurst to the same as BandwidthRate. Since the BandwidthRate and BandwidthBurst options only look at incoming bytes currently, you may find that if you're still seeing too much outgoing traffic, you should turn off your DirPort; most users don't need to do this though.
(Additionally, there are hibernation options where you can tell Tor to only serve a certain amount of bandwidth per time period (such as 100 GB per month). These are covered in the hibernation entry below.)
5.18. Does BandwidthRate really work?
Yes, it really works. Reread the above entry on limiting the required bandwidth. Note well those two points:
It is in Bytes, not Bits.
It only looks at incoming bytes, not outgoing so maybe you should disable DirPort.
(Of course it's always possible that there is a bug. If you are certain you found one please let us know on the talk mailinglist.)
5.19. How can I limit the total amount of bandwidth used by my Tor server?
The accounting options in the torrc file allow you to specify the maximum amount of bytes your server uses for a time period.
AccountingStart day|week|month [day] HH:MM
This specifies when the accounting should reset. For instance, to setup a total amount of bytes served for a week (that resets every Wednesday at 10:00am), you would use:
AccountingStart week 3 10:00
AccountingMax N bytes|KB|MB|GB|TB
This specifies the maximum amount of data your server will send during an accounting period, and the maximum amount of data your server will receive during an account period. When the accounting period resets (from AccountingStart), then the counters for AccountingMax are reset to 0.
Example. Let's say you want to allow 1 GB of traffic every day in each direction and the accounting should reset at noon each day:
AccountingStart day 12:00
AccountingMax 1 GB
Note that your server won't wake up exactly at the beginning of each accounting period. It will keep track of how quickly it used its quota in the last period, and choose a random point in the new interval to wake up. This way we avoid having hundreds of servers working at the beginning of each month but none still up by the end.
If you have only a small amount of bandwidth to donate compared to your connection speed, we recommend you use daily accounting, so you don't end up using your entire monthly quota in the first day. Just divide your monthly amount by 30. You might also consider rate limiting to spread your usefulness over more of the day: if you want to offer X GB in each direction, you could set your BandwidthRate to 20*X. For example, if you have 10 GB to offer each way, you might set your BandwidthRate to 200 KB: this way your server will always be useful for at least half of each day.
5.20. Why does my server write more bytes onto the network than it reads?
You're right, for the most part a byte into your Tor server means a byte out, and vice versa. But there are a few exceptions:
If you open your DirPort, then Tor clients will ask you for a copy of the directory. The request they make (an HTTP GET) is quite small, and the response is sometimes quite large. This probably accounts for most of the difference between your "write" byte count and your "read" byte count.
Note that in Tor 0.1.1.8-alpha and later, your server is more intelligent about deciding whether to advertise its DirPort. The main change is to not advertise it if we're running at capacity and either a) we could hibernate or b) our capacity is under 50kB and we're using a DirPort above 1024.
Another minor exception shows up when you operate as an exit node, and you read a few bytes from an exit connection (for example, an instant messaging or ssh connection) and wrap it up into an entire 512 byte cell for transport through the Tor network.
5.21. Why can I not browse anymore after limiting bandwidth on my Tor server?
The parameters assigned in the AccountingMax and BandwidthRate apply to both client and server functions of the Tor process. Thus you may find that you are unable to browse as soon as your Tor goes into hibernation, signaled by this entry in the log:
localhost Tor: consider_hibernation(): Bandwidth soft limit reached; commencing hibernation.
The solution is to run two Tor processes - one server and one client, each with its own config. One way to do this (if you are starting from a working server setup) is as follows:
In the server Tor torrc file, simply set the SocksPort to 0.
Create a new client torrc file from the torrc.sample and ensure it uses a different log file from the server. One naming convention may be torrc.client and torrc.server.
Modify the Tor client and server startup scripts to include -f /path/to/correct/torrc.(server|client).
In Linux/BSD/OSX, changing the startup scripts to Tor.client and Tor.server may make separation of configs easier.
5.22. How can I make my server accessible to people stuck behind restrictive firewalls?
Expose your Tor server on port 443 (HTTPS) so that people whose firewalls restrict them to HTTPS can still get to it. Also, you should expose your directory mirror on port 80 (that even works if Apache is already listening there).
You could do this by just setting orport to 443 and dirport to 80 in your server's torrc, but this isn't a very hot idea. Binding to ports under 1024 usually requires you to run as root, and running Tor as root is not recommended (in case there are unknown exploitable bugs). Instead, you should configure Tor to advertise its orport as 443, but really bind to another port (such as 9001). Then, set up your computer to forward incoming connections from port 443 to port 9001.
The Tor side is pretty easy: just set "orport 443" and "orlistenaddress 0.0.0.0:9001" in your torrc file. This will make your Tor server listen for connections to any of its IPs on port 9001, but tell the world that it's listening on port 443 instead. Similarly, "dirport 80" and "dirlistenaddress 0.0.0.0:9030" will bind to port 9030 locally but advertise port 80.
If your server has multiple IP addresses and you want to advertise a port on an IP address that isn't your default IP, you can do this with Tor's "Address" config option.
Forwarding TCP connections is system dependent, however. Here are some possibilities (you can put them in your rc.local so they execute at boot):
On Linux 2.2 (with IP masquerading):
ipmasqadm portfw -a -P tcp -L $IP 443 -R $IP 9001On Linux 2.4 or 2.6 (with iptables):
iptables -t nat -A PREROUTING -p tcp -d $IP --dport 443 \ -j DNAT --to-destination $IP:9001(Run a second command like this with -A OUTPUT instead of -A PREROUTING to make the redirecting work from localhost too.)
When using shorewall (version 2.2.3) you may find it helpful to do add something like this (inside /etc/shorewall/rules):
# DirListenAddress $IP:9091 DNAT net $FW:$IP:9091 tcp 80 - $IP ACCEPT $FW:$IP net tcp 9091 # ORListenAddress $IP:9090 DNAT net $FW:$IP:9090 tcp 443 - $IP ACCEPT $FW:$IP net tcp 9090
Don't forget to tune your default policy (/etc/shorewall/policy) so that it doesn't log those rules when they're triggered.
With ssh (do not use in conjunction with DirPolicy):
ssh -fNL 443:localhost:9001 localhost
Note: if you get an error message "channel 2: open failed: connect failed: Connection refused", try replacing "localhost" with "127.0.0.1" in the ssh command.)
To offer your directory mirror on port 80, where apache is already listening, add this to your apache config:
<IfModule mod_proxy.c> ProxyPass /tor/ http://localhost:9030/tor/ ProxyPassReverse /tor/ http://localhost:9030/tor/ </IfModule>Ideally you wouldn't log those requests. That's not very hard either: Remove your normal AccessLog, and use a CustomLog:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ... SetEnvIf Request_URI "^/tor/" request_is_for_tor=yes CustomLog /var/log/apache/combined.log combined env=!request_is_for_tor CustomLog /dev/null common env=request_is_for_torRefer to the Apache documentation for why this works:
http://httpd.apache.org/docs/mod/mod_log_config.html#customlog and http://httpd.apache.org/docs/mod/mod_setenvif.htmlOn OpenBSD/FreeBSD/NetBSD with PF (
Tutorial). Assume you have a 3com 905b card connected to an Internet gateway.
# Redirect traffic coming in on xl0 from any:any to $IP:443 to localhost:9001 rdr on xl0 proto tcp from any to $IP port 443 -> $IP port 9001
If you just use an external NAT router as your firewall, you only need to do the port forwarding through that.
Volunteers: please add advice for other platforms if you know how they work.
5.23. If I change the exit policy or IP address, do I have to send a new mail to tor-ops?
No. All the authoritative directory servers have in their config is your nickname and the fingerprint for your identity key. Your server automatically generates, signs, and uploads a new router descriptor periodically, so any changes you make, such as a new exit policy or even a new IP address, will be reflected in that.
5.24. Can I install Tor on a central server, and have my clients connect to it?
Yes. Tor can be configured as a client or a server on another machine, and allow other machines to be able to connect to it for anonymity. This is most useful in an environment where many computers want a gateway of anonymity to the rest of the world. However, be forwarned that with this configuration, anyone within your private network (existing between you and the Tor client/server) can see what traffic you are sending in clear text. The anonymity doesn't start until you get to the Tor server. Because of this, if you are the controller of your domain and you know everything's locked down, you will be OK, but this configuration may not be suitable for large private networks where security is key all around.
Configuration is simple, editing your torrc file's SocksListenAddress according to the following examples:
SocksListenAddress 127.0.0.1 #This provides local interface access only, needs SocksPort to be greater than 0 SocksListenAddress 192.168.x.x:9100 #This provides access to Tor on a specified interface SocksListenAddress 0.0.0.0:9100 #Possibly accept from all interfaces? (Hasn't been tested, please edit!)
You can state multiple listen addresses, in the case that you are part of several networks or subnets.
SocksListenAddress 192.168.x.x:9100 #eth0 SocksListenAddress 10.x.x.x:9100 #eth1
After this, your clients on their respective networks/subnets would specify a socks proxy with the address and port you specified SocksListenAddress to be. (This is a direct connection to the Tor server not running through Privoxy or other programs, and may be susceptible to DNS leaks? See Firefox's configuration for Remote DNS for more information on proper configuration of Firefox, and the status of other browsers and their handling of Remote DNS in this instance.
Please note that the SocksPort configuration option gives the port ONLY for localhost (127.0.0.1). When setting up your SocksListenAddress'es, you need to give the port with the address, as shown above.
If you are interested in forcing all outgoing data through the central Tor client/server, instead of the server only being an optional proxy, you may find useful the program iptables for *nix.
6. Development
6.1. Who is responsible for Tor?
Roger Dingledine and Nick Mathewson are the main developers of Tor. You can read more at Tor's People page.
6.2. What do these weird version numbers mean?
Versions of Tor before 0.1.0 used a strange and hard-to-explain version scheme. Let's forget about those.
Starting with 0.1.0, versions all look like this: MAJOR.MINOR.MICRO(.PATCHLEVEL)(-TAG). The stuff in parenthesis is optional. MAJOR, MINOR, MICRO, and PATCHLEVEL are all numbers. Only one release is ever made with any given set of these version numbers. The TAG lets you know how stable we think the release is: "alpha" is pretty unstable; "rc" is a release candidate; and no tag at all means that we have a final release. If the tag ends with "-cvs", you're looking at a development snapshot that came after a given release.
So for example, we might start a development branch with (say) 0.1.1.1-alpha. The patchlevel increments consistently as the status tag changes, for example, as in: 0.1.1.2-alpha, 0.1.1.3-alpha, 0.1.1.4-rc, 0.1.1.5-rc, etc. Eventually, we would release 0.1.1.6. The next stable release would be 0.1.1.7.
Why do we do it like this? Because every release has a unique version number, it is easy for tools like package manager to tell which release is newer than another. The tag makes it easy for users to tell how stable the release is likely to be.
6.3. How do I set up my own Tor private network?
If you want to experiment locally with your own network, or you're cut off from the Internet and want to be able to mess with Tor still, then you may want to set up your own separate Tor network.
To set up your own Tor network, you need to run your own authoritative directory servers, and you need to configure each client and server so it knows about your directory servers rather than the default public ones.
1. Grab the latest release. Use at least 0.1.1.26 for clients
(reason), and at least 0.1.2.4-alpha-dev for authoritative routers.
to reject unlisted routers
2: Recommended options to be set in torrc config file for Tor routers. (need at least 3) All options are listed in the man page for a more detailed explanation
First
Set Tor up as a server (Required) Set these options ORPort, DirPort, DataDirectory, ContactInfo, and Nickname
You should set this so Tor doesn't get the wrong IP from /etc/hosts (Recommended)
Address YOURIPADDRESS
If you are behind a router or using private IP addresses, you need this (Optional)
Needed to build circuits within the same /16 subnet (Required)
You must point your nodes at your authoritative routers. You can generate your keys and output your nickname and fingerprint by running tor --list-fingerprint if your torrc is in the default place, or tor -f torrc --list-fingerprint to specify a torrc. You need one line for each authoritative router (Required)
DirServer nickname v1 IP:PORT fingerprint example: DirServer moria v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
This bypasses the reachability detection and lets the network bootstrap (Recommended?)