2004-06-28 08:47:07 +02:00
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>Tor: an anonymizing overlay network for TCP</title>
|
|
|
|
<meta name="Author" content="Roger Dingledine">
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
|
|
<meta http-equiv="Content-Style-Type" content="text/css">
|
2004-07-13 18:03:46 +02:00
|
|
|
<link rel="stylesheet" type="text/css" href="tor-doc.css">
|
2004-06-28 08:47:07 +02:00
|
|
|
</head>
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<h1><a href="http://freehaven.net/tor/">Tor</a> documentation</h1>
|
|
|
|
|
|
|
|
<p>The simple version: Tor provides a distributed network of servers
|
|
|
|
("onion routers"). Users bounce their TCP streams (web traffic, FTP, SSH,
|
|
|
|
etc.) around the routers. This makes it hard for recipients, observers, and
|
|
|
|
even the onion routers themselves to track the source of the stream.</p>
|
|
|
|
|
|
|
|
<p>The complex version: Onion Routing is a connection-oriented anonymizing
|
|
|
|
communication service. Users choose a source-routed path through a set of
|
|
|
|
nodes, and negotiate a "virtual circuit" through the network, in which
|
|
|
|
each node knows its predecessor and successor, but no others. Traffic
|
|
|
|
flowing down the circuit is unwrapped by a symmetric key at each node,
|
|
|
|
which reveals the downstream node.</p>
|
|
|
|
|
|
|
|
<a name="why"></a>
|
|
|
|
<h2>Why should I use Tor?</h2>
|
|
|
|
|
|
|
|
<p>Individuals need Tor for privacy:
|
|
|
|
<ul>
|
|
|
|
<li>Privacy in web browsing -- both from the remote website (so it can't
|
|
|
|
track and sell your behavior), and similarly from your local ISP.
|
|
|
|
<li>Safety in web browsing: if your local government doesn't approve
|
|
|
|
of its citizens visiting certain websites, they may monitor the sites
|
|
|
|
and put readers on a list of suspicious persons.
|
|
|
|
<li>Circumvention of local censorship: connect to resources (news
|
|
|
|
sites, instant messaging, etc) that are restricted from your
|
|
|
|
ISP/school/company/government.
|
|
|
|
<li>Socially sensitive communication: chat rooms and web forums for
|
|
|
|
rape and abuse survivors, or people with illnesses.
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>Journalists and NGOs need Tor for safety:
|
|
|
|
<ul>
|
|
|
|
<li>Allowing dissidents and whistleblowers to communicate more safely.
|
2004-07-08 21:12:50 +02:00
|
|
|
<li>Censorship-resistant publication, such as making available your
|
|
|
|
home-made movie anonymously via a Tor <a href="#hidden-service">hidden
|
|
|
|
service</a>; and reading, e.g. of news sites not permitted in some
|
|
|
|
countries.
|
2004-09-11 20:16:18 +02:00
|
|
|
<li>Allowing your workers to check back with your home website while
|
2004-06-28 08:47:07 +02:00
|
|
|
they're in a foreign country, without notifying everybody nearby that
|
2004-09-11 20:16:18 +02:00
|
|
|
they're working with your organization.
|
2004-06-28 08:47:07 +02:00
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>Companies need Tor for business security:
|
|
|
|
<ul>
|
|
|
|
<li>Competitive analysis: browse the competition's website safely.
|
|
|
|
<li>Protecting collaborations of sensitive business units or partners.
|
|
|
|
<li>Protecting procurement suppliers or patterns.
|
|
|
|
<li>Putting the "P" back in "VPN": traditional VPNs reveal the exact
|
|
|
|
amount and frequency of communication. Which locations have employees
|
|
|
|
working late? Which locations have employees consulting job-hunting
|
|
|
|
websites? Which research groups are communicating with your company's
|
|
|
|
patent lawyers?
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>Governments need Tor for traffic-analysis-resistant communication:
|
|
|
|
<ul>
|
|
|
|
<li>Open source intelligence gathering (hiding individual analysts is
|
|
|
|
not enough -- the organization itself may be sensitive).
|
|
|
|
<li>Defense in depth on open <em>and classified</em> networks -- networks
|
|
|
|
with a million users (even if they're all cleared) can't be made safe just
|
|
|
|
by hardening them to external threat.
|
|
|
|
<li>Dynamic and semi-trusted international coalitions: the network can
|
|
|
|
be shared without revealing the existence or amount of communication
|
|
|
|
between all parties.
|
|
|
|
<li>Networks partially under known hostile control: to block
|
|
|
|
communications, the enemy must take down the whole network.
|
2004-09-11 20:16:18 +02:00
|
|
|
<li>Politically sensitive negotiations.
|
2004-06-28 08:47:07 +02:00
|
|
|
<li>Road warriors.
|
|
|
|
<li>Protecting procurement patterns.
|
|
|
|
<li>Anonymous tips.
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>Law enforcement needs Tor for safety:
|
|
|
|
<ul>
|
|
|
|
<li>Allowing anonymous tips or crime reporting
|
|
|
|
<li>Allowing agents to observe websites without notifying them that
|
|
|
|
they're being observed (or, more broadly, without having it be an
|
|
|
|
official visit from law enforcement).
|
|
|
|
<li>Surveillance and honeypots (sting operations)
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>Does the idea of sharing the Tor network with
|
|
|
|
all of these groups bother you? It shouldn't -- <a
|
|
|
|
href="http://freehaven.net/doc/fc03/econymics.pdf">you need them for
|
|
|
|
your security</a>.</p>
|
|
|
|
|
|
|
|
<a name="client-or-server"></a>
|
|
|
|
<h2>Should I run a client or a server?</h2>
|
|
|
|
|
|
|
|
<p>You can run Tor in either client mode or server mode. By default,
|
|
|
|
everybody is a <i>client</i>. This means you don't relay traffic for
|
|
|
|
anybody but yourself.</p>
|
|
|
|
|
2004-08-04 08:23:06 +02:00
|
|
|
<p>If you have less than 1Mbit in both directions, you should stay
|
2004-06-28 08:47:07 +02:00
|
|
|
a client. Otherwise, please consider being a server, to help out the
|
2004-10-20 20:39:05 +02:00
|
|
|
network. (Currently each server uses 20-150 gigabytes of traffic
|
2004-06-28 08:47:07 +02:00
|
|
|
per month; but that may go up.)</p>
|
|
|
|
|
|
|
|
<p>Note that you can be a server without allowing users to make
|
|
|
|
connections from your computer to the outside world. This is called being
|
|
|
|
a middleman server.</p>
|
|
|
|
|
|
|
|
<p> Benefits of running a server include:
|
|
|
|
<ul>
|
|
|
|
<li>Clients are generally limited to 100KB/s, whereas servers can inject
|
|
|
|
or receive as much traffic as they want.
|
|
|
|
<li>You may get stronger anonymity, since your destination can't know
|
|
|
|
whether connections relayed through your computer originated at your
|
|
|
|
computer or not.
|
|
|
|
<li>You can also get stronger anonymity by configuring your Tor clients
|
|
|
|
to use your Tor server for entry or for exit.
|
|
|
|
<li>You're helping me with development and scalability testing.
|
|
|
|
<li>You're helping your fellow Internet users by providing a larger
|
|
|
|
network. Also, having servers in many different pieces of the Internet
|
|
|
|
gives users more robustness against curious telcos and brute force
|
|
|
|
attacks.
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<p>You can read more about setting up Tor as a
|
|
|
|
server <a href="#server">below</a>.</p>
|
|
|
|
|
|
|
|
<a name="installing"></a>
|
|
|
|
<h2>Installing Tor</h2>
|
|
|
|
|
|
|
|
<p>You can get the latest releases <a
|
|
|
|
href="http://freehaven.net/tor/dist/">here</a>.</p>
|
|
|
|
|
|
|
|
<p>If you got Tor from a tarball, unpack it: <tt>tar xzf
|
|
|
|
tor-0.0.7.tar.gz; cd tor-0.0.7</tt>. Run <tt>./configure</tt>, then
|
|
|
|
<tt>make</tt>, and then <tt>make install</tt> (as root if necessary). Then
|
|
|
|
you can launch tor from the command-line by running <tt>tor</tt>.</p>
|
|
|
|
|
|
|
|
<p>If you got Tor from the Win32 .exe file, you
|
|
|
|
can just click-click it (you may need to install <a
|
|
|
|
href="http://www.slproweb.com/products/Win32OpenSSL.html">OpenSSL
|
|
|
|
0.9.7</a> first, if you get an error about missing
|
|
|
|
libeay32.dll.) You might also want to run Tor in a dos window,
|
|
|
|
so you can see its logs, and see its error messages if it
|
|
|
|
crashes. If you don't want the default configuration, fetch the <a
|
|
|
|
href="http://freehaven.net/tor/doc/torrc.sample">torrc</a>, edit it,
|
|
|
|
and use <tt>tor.exe -f torrc</tt>.</p>
|
|
|
|
|
|
|
|
<p>Otherwise, if you got it prepackaged (e.g. in the <a
|
|
|
|
href="http://packages.debian.org/tor">Debian package</a> or <a
|
|
|
|
href="http://packages.gentoo.org/packages/?category=net-misc;name=tor">Gentoo
|
|
|
|
package</a>), these steps are already done for you, and you may
|
|
|
|
even already have Tor started in the background (logging to
|
|
|
|
/var/log/something).</p>
|
|
|
|
|
|
|
|
<p>In any case, see the next section for what to <i>do</i> with it now that
|
|
|
|
you've got it running.</p>
|
|
|
|
|
|
|
|
<a name="client"></a>
|
|
|
|
<h2>Configuring a client</h2>
|
|
|
|
|
|
|
|
<p>Tor comes configured as a client by default. It uses a built-in
|
|
|
|
default configuration file, and most people won't need to change any of
|
|
|
|
the settings.</p>
|
|
|
|
|
2004-08-06 11:19:04 +02:00
|
|
|
<p>The only setting you might need to change is "SocksBindAddress".
|
2004-06-28 08:47:07 +02:00
|
|
|
By default, your Tor client only listens for applications that connect
|
|
|
|
from localhost. Connections from other computers are refused. If you
|
|
|
|
want to torify applications on different computers than the Tor client,
|
|
|
|
you should copy torrc.sample to torrc (it's installed by default
|
2004-08-06 11:19:04 +02:00
|
|
|
to /usr/local/etc/tor/), change the SocksBindAddress line to
|
2004-08-04 08:23:06 +02:00
|
|
|
0.0.0.0, and then hup or restart Tor.</p>
|
2004-06-28 08:47:07 +02:00
|
|
|
|
|
|
|
<p>To test if it's working, point your browser
|
|
|
|
to socks4 or socks5 proxy at localhost port 9050. In
|
|
|
|
Mozilla, this is in edit|preferences|advanced|proxies. Go to <a
|
|
|
|
href="http://www.junkbusters.com/cgi-bin/privacy">http://www.junkbusters.com/cgi-bin/privacy</a>
|
|
|
|
and see what IP it says you're coming from. (If you have a personal
|
|
|
|
firewall, be sure to allow local connections to port 9050. If your
|
|
|
|
firewall blocks outgoing connections, punch a hole so it can connect to
|
|
|
|
TCP *:9001-9004 and *:9030-9033. If you're using Safari as your browser,
|
|
|
|
keep in mind that OS X before 10.3 claims to support socks but does
|
|
|
|
not.)</p>
|
|
|
|
|
|
|
|
<p>Once you've tested that it works, you should install <a
|
|
|
|
href="http://www.privoxy.org/">privoxy</a>, which is a filtering web
|
|
|
|
proxy that integrates well with Tor. Add the line <br>
|
|
|
|
<tt>forward-socks4a / localhost:9050 .</tt><br>
|
2004-08-19 01:34:41 +02:00
|
|
|
(don't forget the dot) to its config file (you can just add it to the
|
|
|
|
top). Then change your mozilla to http proxy at localhost port 8118
|
2004-07-20 00:30:18 +02:00
|
|
|
(and no socks proxy). You should also set your SSL proxy to the same
|
2004-08-04 08:23:06 +02:00
|
|
|
thing, to hide your https traffic. Using privoxy is necessary because
|
|
|
|
<a href="http://freehaven.net/tor/cvs/doc/CLIENTS">Mozilla leaks your
|
|
|
|
DNS requests when it uses a socks proxy directly</a>. Privoxy also gives
|
|
|
|
you good html scrubbing.</p>
|
2004-06-28 08:47:07 +02:00
|
|
|
|
|
|
|
<p>You might want to use Tor with an application that doesn't
|
|
|
|
support socks directly. In this case, you should look at
|
|
|
|
using <a href="http://tsocks.sourceforge.net/">tsocks</a>
|
|
|
|
to dynamically replace the system calls in your program to
|
|
|
|
route through Tor. If you want to use socks4a, consider using <a
|
|
|
|
href="http://www.dest-unreach.org/socat/">socat</a> (specific instructions
|
|
|
|
are on <a href="http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp">this hidden
|
|
|
|
service url</a>).</p>
|
|
|
|
|
2004-09-10 01:38:07 +02:00
|
|
|
<p>(Windows doesn't have tsocks; instead, you can try
|
|
|
|
<a
|
|
|
|
href="http://www.socks.permeo.com/Download/SocksCapDownload/index.asp">SocksCap</a>
|
|
|
|
or the <a href="http://www.hummingbird.com/products/nc/socks/index.html?cks=y">Hummingbird</a>
|
|
|
|
SOCKS client.)</p>
|
|
|
|
|
2004-06-28 08:47:07 +02:00
|
|
|
<a name="server"></a>
|
|
|
|
<h2>Configuring a server</h2>
|
|
|
|
|
|
|
|
<p>We're looking for people with reasonably reliable Internet connections,
|
2004-08-04 08:23:06 +02:00
|
|
|
that have at least 1Mbit each way. Currently we don't use all of that,
|
2004-06-28 08:47:07 +02:00
|
|
|
but we want it available for burst traffic.</p>
|
|
|
|
|
2004-08-04 08:23:06 +02:00
|
|
|
<p>(The Tor server doesn't need to be run as root, and doesn't
|
2004-09-22 00:12:27 +02:00
|
|
|
need any special system permissions or kernel mods. You should probably
|
|
|
|
run it as its own user though, especially if you run an identd service
|
|
|
|
too. If you're the paranoid sort, feel free to <a
|
2004-08-03 23:14:39 +02:00
|
|
|
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">put it
|
2004-08-04 08:23:06 +02:00
|
|
|
into a chroot jail</a>.)</p>
|
2004-06-28 08:47:07 +02:00
|
|
|
|
|
|
|
<p>First, copy torrc.sample to torrc (by default it's in
|
|
|
|
/usr/local/etc/tor/), and edit the middle part. Create the DataDirectory,
|
2004-09-22 00:12:27 +02:00
|
|
|
and make sure it's owned by the uid/gid that will be running tor. Fix your system
|
2004-10-30 21:00:29 +02:00
|
|
|
clock so it's not too far off. Make sure name resolution works. Make sure
|
|
|
|
each process can get to 1024 file descriptors (this should be already
|
|
|
|
done for everybody but the BSD folks). Open a hole in your firewall so
|
|
|
|
outsiders can connect to your ORPort.</p>
|
2004-06-28 08:47:07 +02:00
|
|
|
|
|
|
|
<p>Then run tor to generate keys: <tt>tor</tt>. One of the files generated
|
|
|
|
in your DataDirectory is your 'fingerprint' file. Mail it to
|
|
|
|
tor-ops@freehaven.net.</p>
|
|
|
|
|
|
|
|
<p>In that mail, be sure to tell us who you are, so we know whom to contact
|
|
|
|
if there's any problem. Also describe what kind of connectivity the new
|
|
|
|
server will have. If possible, PGP sign your mail.</p>
|
|
|
|
|
|
|
|
<p>Once your fingerprint has been approved, you can click <a
|
|
|
|
href="http://moria.seul.org:9031/">here</a> or <a
|
|
|
|
href="http://62.116.124.106:9030/">here</a> and look at the
|
|
|
|
running-routers line to see if your server is part of the network.</p>
|
|
|
|
|
2004-08-09 07:29:30 +02:00
|
|
|
<p>You may find the initscript in contrib/tor.sh useful if you
|
|
|
|
want to set up Tor to start at boot.</p>
|
|
|
|
|
2004-06-28 08:47:07 +02:00
|
|
|
<a name="hidden-service"></a>
|
|
|
|
<h2>Configuring a hidden service</h2>
|
|
|
|
|
|
|
|
<p>Tor allows clients and servers to offer <em>hidden services</em>. That
|
|
|
|
is, you can offer an apache, sshd, etc, without revealing your IP to its
|
|
|
|
users. This works via Tor's rendezvous point design: both sides build
|
|
|
|
a Tor circuit out, and they meet in the middle.</p>
|
|
|
|
|
|
|
|
<p>If you're using Tor and <a href="http://www.privoxy.org/">Privoxy</a>,
|
|
|
|
you can <a href="http://6sxoyfb3h2nvok2d.onion/">go to the hidden wiki</a>
|
|
|
|
to see hidden services in action.</p>
|
|
|
|
|
|
|
|
<p>To set up a hidden service, copy torrc.sample to torrc (by default it's
|
|
|
|
in /usr/local/etc/tor/), and edit the bottom part. Then run Tor. It will
|
|
|
|
create each HiddenServiceDir you have configured, and it will create a
|
|
|
|
'hostname' file which specifies the url (xyz.onion) for that service. You
|
|
|
|
can tell people the url, and they can connect to it via their Tor client,
|
|
|
|
assuming they're using a proxy (such as Privoxy) that speaks socks4a.</p>
|
|
|
|
|
|
|
|
<a name="own-network"></a>
|
|
|
|
<h2>Setting up your own network</h2>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
If you want to experiment locally with your own network, or you're cut
|
|
|
|
off from the Internet and want to be able to mess with Tor still, then
|
|
|
|
you may want to set up your own separate Tor network.
|
|
|
|
|
|
|
|
<p>
|
|
|
|
To set up your own Tor network, you need to run your own directory
|
|
|
|
servers, and you need to change the tarball so it points to your directory
|
|
|
|
servers rather than the default ones.
|
|
|
|
|
|
|
|
<ul>
|
2004-10-27 08:24:16 +02:00
|
|
|
<li>1: Grab the latest release. Use at least 0.0.9pre5.
|
2004-06-28 08:47:07 +02:00
|
|
|
<li>2: For each directory server you want,
|
|
|
|
<ul>
|
|
|
|
<li>2a: Set it up as a server (see <a href="#server">"setting up a
|
|
|
|
server"</a> above), with a least ORPort, DataDirectory, and Nickname
|
|
|
|
defined.
|
|
|
|
<li>2b: Set "DirPort" to the intended port for serving directories.
|
|
|
|
<li>2c: Set "RecommendedVersions" to a comma-separated list of acceptable
|
|
|
|
versions of the code for clients and servers to be running (see step
|
|
|
|
4c below).
|
2004-10-27 08:24:16 +02:00
|
|
|
<li>2d: Run it: <tt>tor --list-fingerprint</tt> if your torrc is in
|
|
|
|
the default place, or <tt>tor -f torrc --list-fingerprint</tt> to
|
|
|
|
specify one. This will generate your keys and output a fingerprint
|
|
|
|
line.
|
2004-06-28 08:47:07 +02:00
|
|
|
</ul>
|
|
|
|
<li>3: Create the new dirservers file. You do this by concatenating the
|
|
|
|
"router.desc" files from each dirserver's DataDirectory: <tt>cat router1.desc
|
|
|
|
router2.desc ... > dirservers</tt>
|
2004-10-27 08:24:16 +02:00
|
|
|
<li>4a: Now you need to teach clients and servers to use the new
|
|
|
|
dirservers. For each fingerprint, add a line like<br>
|
|
|
|
<tt>DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF</tt><br>
|
|
|
|
to the torrc of each client and server who will be using your network.
|
2004-06-28 08:47:07 +02:00
|
|
|
<li>5: Create a file called approved-routers in the DataDirectory
|
2004-10-27 08:24:16 +02:00
|
|
|
of each directory server. Collect the 'fingerprint' lines from
|
|
|
|
each server (including directory servers), and include them (one per
|
|
|
|
line) in each approved-routers file. You can hup the tor process for
|
|
|
|
each directory server to reload the approved-routers file (so you don't
|
|
|
|
have to restart the process).
|
2004-06-28 08:47:07 +02:00
|
|
|
</ul>
|
|
|
|
|
2004-08-04 08:23:06 +02:00
|
|
|
<!--<h2>Other doc resources</h2>
|
2004-06-28 08:47:07 +02:00
|
|
|
|
|
|
|
<ul>
|
|
|
|
<li>Design paper
|
|
|
|
<li>Spec and rend-spec
|
|
|
|
<li>others
|
2004-08-04 08:23:06 +02:00
|
|
|
</ul> -->
|
2004-06-28 08:47:07 +02:00
|
|
|
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
|