Tor documentation

Tor provides a distributed network of servers ("onion routers"). Users bounce their communications (web requests, IM, IRC, SSH, etc.) around the routers. This makes it hard for recipients, observers, and even the onion routers themselves to track the source of the stream.

Why should I use Tor?

Individuals need Tor for privacy:

Privacy in web browsing -- both from the remote website (so it can't track and sell your behavior), and similarly from your local ISP.
Safety in web browsing: if your local government doesn't approve of its citizens visiting certain websites, they may monitor the sites and put readers on a list of suspicious persons.
Circumvention of local censorship: connect to resources (news sites, instant messaging, etc.) that are restricted from your ISP/school/company/government.
Socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists and NGOs need Tor for safety:

Allowing dissidents and whistleblowers to communicate more safely.
Censorship-resistant publication, such as making available your home-made movie anonymously via a Tor hidden service; and reading, e.g. of news sites not permitted in some countries.
Allowing your workers to check back with your home website while they're in a foreign country, without notifying everybody nearby that they're working with your organization.

Companies need Tor for business security:

Competitive analysis: browse the competition's website safely.
Protecting collaborations of sensitive business units or partners.
Protecting procurement suppliers or patterns.
Putting the "P" back in "VPN": traditional VPNs reveal the exact amount and frequency of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research groups are communicating with your company's patent lawyers?

Governments need Tor for traffic-analysis-resistant communication:

Open source intelligence gathering (hiding individual analysts is not enough -- the organization itself may be sensitive).
Defense in depth on open and classified networks -- networks with a million users (even if they're all cleared) can't be made safe just by hardening them to external threat.
Dynamic and semi-trusted international coalitions: the network can be shared without revealing the existence or amount of communication between all parties.
Networks partially under known hostile control: to block communications, the enemy must take down the whole network.
Politically sensitive negotiations.
Road warriors.
Protecting procurement patterns.
Anonymous tips.

Law enforcement needs Tor for safety:

Allowing anonymous tips or crime reporting
Allowing agents to observe websites without notifying them that they're being observed (or, more broadly, without having it be an official visit from law enforcement).
Surveillance and honeypots (sting operations)

Does the idea of sharing the Tor network with all of these groups bother you? It shouldn't -- you need them for your security.

Should I run a client or a server?

You can run Tor in either client mode or server mode. By default, everybody is a client. This means you don't relay traffic for anybody but yourself.

If your computer doesn't have a routable IP address or you're using a modem, you should stay a client. Otherwise, please consider being a server, to help out the network. (Currently each server uses 20-500 gigabytes of traffic per month, depending on its capacity and its rate limiting configuration.)

Note that you can be a server without allowing users to make connections from your computer to the outside world. This is called being a middleman server.

Benefits of running a server include:

You may get stronger anonymity, since your destination can't know whether connections relayed through your computer originated at your computer or not.
You can also get stronger anonymity by configuring your Tor clients to use your Tor server for entry or for exit.
You're helping the Tor staff with development and scalability testing.
You're helping your fellow Internet users by providing a larger network. Also, having servers in many different pieces of the Internet gives users more robustness against curious telcos and brute force attacks.

Other things to note:

Tor has built-in support for rate limiting; see BandwidthRate and BandwidthBurst config options. Further, if you have lots of capacity but don't want to spend that many bytes per month, check out the Accounting and Hibernation features. See the FAQ for details.
It's fine if the server goes offline sometimes. The directories notice this quickly and stop advertising the server. Just try to make sure it's not too often, since connections using the server when it disconnects will break.
We can handle servers with dynamic IPs just fine, as long as the server itself knows its IP. Have a look at this entry in the FAQ.
If your server is behind a NAT and it doesn't know its public IP (e.g. it has an IP of 192.168.x.y), you need to set up port forwarding. Forwarding TCP connections is system dependent but this entry offers some examples on how to do this.
Your server will passively estimate and advertise its recent bandwidth capacity. Clients choose paths weighted by this capacity, so high-bandwidth servers will attract more paths than low-bandwidth ones. That's why having even low-bandwidth servers is useful too.

You can read more about setting up Tor as a server below.

Installing Tor

We have installers for Windows, Mac OS X 10.3, and Red Hat. We have contributed packages for Debian, Gentoo, and *BSD. See the download page for pointers and details.

If you got Tor from a tarball, unpack it: tar xzf tor-0.1.0.10.tar.gz; cd tor-0.1.0.10. Run ./configure, then make, and then make install (as root if necessary). Then you can launch tor from the command-line by running tor. Otherwise, if you got it prepackaged, these steps are already done for you, and you may even already have Tor started in the background (logging to /var/log/something).

In any case, see the next section for what to do with it now that you've got it running.

Configuring a client

Tor comes configured as a client by default. It uses a built-in default configuration file, and most people won't need to change any of the settings.

See the Windows instructions or the OS X instructions if you're using those. The below are generic instructions for Linux, BSD, Solaris, etc.

After installing Tor, you should install privoxy, which is a filtering web proxy that integrates well with Tor. (If you installed the Win32 or OS X package, see those instructions instead.) To configure privoxy to use Tor, add the line
forward-socks4a / localhost:9050 .
(don't forget the dot) to privoxy's config file (you can just add it to the top). Then change your browser to http proxy at localhost port 8118. (In Firefox on Linux, this is in Edit|Preferences|Advanced|Proxies.) You should also set your SSL proxy to the same thing, to hide your SSL traffic. Using privoxy is necessary because most browsers leak your DNS requests when they use a SOCKS proxy directly. Privoxy also gives you good html scrubbing.

To test if it's working, you need to know your normal IP address so you can verify that the address really changes when running Tor. If you are using Linux or OS X your local IP address is shown by the ifconfig command. Under Windows go to the Start menu, click Run and enter cmd. At the command prompt, enter ipconfig. If you are behind a NAT/Firewall you can use one of the sites listed below to check which IP you are using. When that is done, start Tor and Privoxy and visit any of the sites again. If everything works, your IP address should have changed.

showmyip.com and ipid.shat.net are sites that show your current IP so you can see what address and country you're coming from.

If you have a personal firewall that limits your computer's ability to connect to itself, be sure to allow connections from your local applications to local port 8118 and port 9050. If your firewall blocks outgoing connections, punch a hole so it can connect to at least TCP ports 80, 443, and 9001-9033. For more troubleshooting suggestions, see the FAQ.

To Torify an application that supports http, just point it at Privoxy (that is, localhost port 8118). To use SOCKS directly (for example, for instant messaging, Jabber, IRC, etc.), point your application directly at Tor (localhost port 9050). For applications that support neither SOCKS nor http, you should look at using tsocks to dynamically replace the system calls in your program to route through Tor. If you want to use SOCKS 4A, consider using socat (specific instructions are in the Tor Wiki).

(Windows doesn't have tsocks; see the bottom of the Win32 instructions for alternatives.)

Configuring a server

We're looking for people with reasonably reliable Internet connections, that have at least 20 kilobytes/s each way. If you frequently have a lot of packet loss or really high latency, we can't handle your server yet. Otherwise, please help out!

To read more about whether you should be a server, check out the section above.

To set up a Tor server, do the following steps after installing Tor. (These instructions are Unix-centric; but Tor 0.0.9.5 and later is running as a server on Windows now as well.)

0. Verify that your clock is set correctly. If possible, synchronize your clock with public time servers.
1. Edit the bottom part of your torrc (if you installed from source, you will need to copy torrc.sample to torrc first. Look for them in /usr/local/etc/tor/ on Unix). If you installed a package, you should look for torrc:
- in /etc/torrc or /etc/tor/torrc on Unix.
- in /Library/Tor/torrc on Macintosh OS X.
- in \Application Data\tor\torrc or in \username\Application Data\tor\torrc on Windows.
Make sure to define at least Nickname and ORPort. Create the DataDirectory if necessary, and make sure it's owned by the user that will be running tor. Make sure name resolution works.
2. If you are using a firewall, open a hole in your firewall so incoming connections can reach the ports you configured (i.e. ORPort, plus DirPort if you enabled it). Make sure you allow outgoing connections, to get to other onion routers plus any other addresses or ports your exit policy allows.
3. Start your server: if you installed from source you can just run tor, whereas packages typically launch Tor from their initscripts or startup scripts. If it logs any warnings, address them. (By default Tor logs to stdout, but some packages log to /var/log/tor/ instead. You can edit your torrc to configure log locations.)
4. Once you are convinced it's working, Register your server. Send mail to tor-ops@freehaven.net with a subject of '[New Server] <your server's nickname>' and include the following information in the message:
- Your server's nickname.
- The fingerprint for your server's key (the contents of the "fingerprint" file in your DataDirectory -- look in /usr/local/var/lib/tor or /var/lib/tor on many platforms).
- Who you are, so we know whom to contact if a problem arises, and
- What kind of connectivity the new server will have.
If possible, sign your mail using PGP.
Registering your server reserves your nickname so nobody else can take it, and lets us contact you if you need to upgrade or something goes wrong.
5. Subscribe to the or-announce mailing list. It is very low volume, and it will keep you informed of new stable releases. You might also consider subscribing to or-talk (higher volume), where new development releases are announced.

Here's where Tor puts its files on many common platforms:

	Unix	Windows	Mac OS X
Configuration	`/etc/torrc` or `/usr/local/etc/torrc`	`\username\Application Data\tor\torrc` or `\Application Data\tor\torrc`	`/Library/Tor/torrc`
Fingerprint	`/var/lib/tor/fingerprint` or `/usr/local/var/lib/tor/fingerprint`	`\username\Application Data\tor\fingerprint` or `\Application Data\tor\fingerprint`	`/Library/Tor/var/lib/tor/fingerprint`
Logs	`/var/log/tor` or `/usr/local/var/log/tor`	`\username\Application Data\tor\torrc` or `\Application Data\tor\log`	`/var/log/tor`

Optionally, we recommend the following steps as well:

6 (Unix only). Make a separate user to run the server. If you installed the deb or the rpm, this is already done. Otherwise, you can do it by hand. (The Tor server doesn't need to be run as root, so it's good practice to not run it as root. Running as a 'tor' user avoids issues with identd and other services that detect user name. If you're the paranoid sort, feel free to put Tor into a chroot jail.)
7. Decide what exit policy you want. By default your server allows access to many popular services, but we restrict some (such as port 25) due to abuse potential. You might want an exit policy that is less restrictive or more restrictive; edit your torrc appropriately. If you choose a particularly open exit policy, you might want to make sure your upstream or ISP is ok with that choice.
8. If you installed from source, you may find the initscripts in contrib/tor.sh or contrib/torctl useful if you want to set up Tor to start at boot.
9. Consider setting your hostname to 'anonymous' or 'proxy' or 'tor-proxy' if you can, so when other people see the address in their web logs or whatever, they will more quickly understand what's going on.
10. If you're not running anything else on port 80 or port 443, please consider setting up port-forwarding and advertising these low-numbered ports as your Tor server. This will help allow users behind particularly restrictive firewalls to access the Tor network. Win32 servers can simply set their ORPort and DirPort directly. Other servers need to rig some sort of port forwarding; see the FAQ for details of how to set this up.

You can click here or here and look at the router-status line to see if your server is part of the network. It will be listed by nickname once we have added your server to the list of known servers; otherwise it is listed only by its fingerprint.

Configuring a hidden service

Tor allows clients and servers to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP to its users. You can even have your application listen on localhost only, yet remote Tor connections can access it. This works via Tor's rendezvous point design: both sides build a Tor circuit out, and they meet in the middle.

If you're using Tor and Privoxy, you can go to the hidden wiki to see hidden services in action.

To set up a hidden service, copy torrc.sample to torrc (by default it's in /usr/local/etc/tor/), and edit the middle part. Then run Tor. It will create each HiddenServiceDir you have configured, and it will create a 'hostname' file which specifies the url (xyz.onion) for that service. You can tell people the url, and they can connect to it via their Tor client, assuming they're using a proxy (such as Privoxy) that speaks SOCKS 4A.

Let's consider an example. Assume you want to set up a hidden service to allow people to access your Apache web server through Tor. By doing this, they can access your server but won't know who they are connecting to. You want clients to use the standard port 80 when accessing your server. However, if your Apache server is actually running on port 8080 locally, client connections need to be redirected.

HiddenServiceDir is a directory where Tor will store information about that hidden service. In particular, Tor will create a file here named hostname which will tell you the onion URL. You don't need to add any files to this directory.

HiddenServicePort is where you specify a virtual port and where to redirect connections to this virtual port. For instance, you tell Tor there's a virtual port 80 and then redirect traffic to your local webserver at 127.0.0.1:8080.

Example lines from a torrc file

HiddenServiceDir /usr/local/etc/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080

This tells Tor to store its files in /usr/local/etc/tor/hidden_service/ and allow people to connect to your onion address on port 80. It will then redirect requests to your localhost webserver on port 8080.

To let people access your hidden service, look at the file /usr/local/etc/tor/hidden_service/hostname which will tell you what the hostname is (such as xyz.onion). Then, as long as they have Tor and Privoxy configured, they can access your webserver with a web browser by connecting to http://xyz.onion/

You can have multiple tor hidden services by repeating Dir and Ports:

HiddenServiceDir /usr/local/etc/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080

HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
HiddenServicePort 6667 127.0.0.1:6667
HiddenServicePort 22 127.0.0.1:22

The above example will allow people to connect to the hostname in /usr/local/etc/tor/hidden_service/hostname for an HTTP server and to a different hostname in /usr/local/etc/tor/other_hidden_service/hostname for an IRC and SSH server. To an end user, this appears to be two separate hosts with one running an HTTP server and another running an IRC/SSH server.

Setting up your own network

If you want to experiment locally with your own network, or you're cut off from the Internet and want to be able to mess with Tor still, then you may want to set up your own separate Tor network.

To set up your own Tor network, you need to run your own directory servers, and you need to configure each client and server so it knows about your directory servers rather than the default ones.

1: Grab the latest release. Use at least 0.0.9.5.
2: For each directory server you want,
- 2a: Set it up as a server (see "setting up a server" above), with a least ORPort, DirPort, DataDirectory, and Nickname defined. Set "AuthoritativeDirectory 1".
- 2b: Set "RecommendedVersions" to a comma-separated list of acceptable versions of the code for clients and servers to be running.
- 2c: Run it: tor --list-fingerprint if your torrc is in the default place, or tor -f torrc --list-fingerprint to specify one. This will generate your keys and output a fingerprint line.
3: Now you need to teach clients and servers to use the new dirservers. For each fingerprint, add a line like
DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
to the torrc of each client and server who will be using your network.
4: Create a file called approved-routers in the DataDirectory of each directory server. Collect the 'fingerprint' lines from each server (including directory servers), and include them (one per line) in each approved-routers file. You can hup the tor process for each directory server to reload the approved-routers file (so you don't have to restart the process).