Tor documentation

Tor provides a distributed network of servers ("onion routers"). Users bounce their communications (web requests, IM, IRC, SSH, etc.) around the routers. This makes it hard for recipients, observers, and even the onion routers themselves to track the source of the stream.

Why should I use Tor?

Individuals need Tor for privacy:

Journalists and NGOs need Tor for safety:

Companies need Tor for business security:

Governments need Tor for traffic-analysis-resistant communication:

Law enforcement needs Tor for safety:

Does the idea of sharing the Tor network with all of these groups bother you? It shouldn't -- you need them for your security.

Should I run a client or a server?

You can run Tor in either client mode or server mode. By default, everybody is a client. This means you don't relay traffic for anybody but yourself.

If your computer doesn't have a routable IP address or you're using a modem, you should stay a client. Otherwise, please consider being a server, to help out the network. (Currently each server uses 20-500 gigabytes of traffic per month, depending on its capacity and its rate limiting configuration.)

Note that you can be a server without allowing users to make connections from your computer to the outside world. This is called being a middleman server.

Benefits of running a server include:

Other things to note:

You can read more about setting up Tor as a server below.

Installing Tor

We have installers for Windows and Mac OS X 10.3 or later. For help with installing, configuring, and using Tor on these operating systems, consult the Windows instructions or the Mac OS X instructions.

You can get the latest releases here.

If you got Tor from a tarball, unpack it: tar xzf tor-0.0.9.9.tar.gz; cd tor-0.0.9.9. Run ./configure, then make, and then make install (as root if necessary). Then you can launch tor from the command-line by running tor. Otherwise, if you got it prepackaged (e.g. in the Debian package or Gentoo package), these steps are already done for you, and you may even already have Tor started in the background (logging to /var/log/something).

For newer releases: To build Tor version 0.1.0.1-rc or later from source, you will need Niels Provos's libevent library; you can get the source for the latest version here.

In any case, see the next section for what to do with it now that you've got it running.

Configuring a client

Tor comes configured as a client by default. It uses a built-in default configuration file, and most people won't need to change any of the settings.

After installing Tor, you should install privoxy, which is a filtering web proxy that integrates well with Tor. (If you installed the Win32 or OS X package, see those instructions instead.) To configure privoxy to use Tor, add the line
forward-socks4a / localhost:9050 .
(don't forget the dot) to privoxy's config file (you can just add it to the top). Then change your browser to http proxy at localhost port 8118. (In Mozilla, this is in Edit|Preferences|Advanced|Proxies.) You should also set your SSL proxy to the same thing, to hide your SSL traffic. Using privoxy is necessary because most browsers leak your DNS requests when they use a SOCKS proxy directly. Privoxy also gives you good html scrubbing.

To test if it's working, you need to know your normal IP address so you can verify that the address really changes when running Tor. If you are using Linux or OS X your local IP address is shown by the ifconfig command. Under Windows go to the Start menu, click Run and enter cmd. At the command prompt, enter ipconfig. If you are behind a NAT/Firewall you can use one of the sites listed below to check which IP you are using. When that is done, start Tor and Privoxy and visit any of the sites again. If everything works, your IP address should have changed.

showmyip.com and ipid.shat.net are sites that show your current IP so you can see what address and country you're coming from.

If you have a personal firewall that limits your computer's ability to connect to itself, be sure to allow connections from your local applications to local port 8118 and port 9050. If your firewall blocks outgoing connections, punch a hole so it can connect to at least TCP ports 80, 443, and 9001-9033. For more troubleshooting suggestions, see the FAQ.

To Torify an application that supports http, just point it at Privoxy (that is, localhost port 8118). To use SOCKS directly (for example, for instant messaging, Jabber, IRC, etc), point your application directly at Tor (localhost port 9050). For applications that support neither SOCKS nor http, you should look at using tsocks to dynamically replace the system calls in your program to route through Tor. If you want to use SOCKS 4A, consider using socat (specific instructions are on this hidden service url).

(Windows doesn't have tsocks; see the bottom of the Win32 instructions for alternatives.)

Configuring a server

We're looking for people with reasonably reliable Internet connections, that have at least 20 kilobytes/s each way. If you frequently have a lot of packet loss or really high latency, we can't handle your server yet. Otherwise, please help out!

To read more about whether you should be a server, check out the section above.

To set up a Tor server, do the following steps after installing Tor. (These instructions are Unix-centric; but Tor 0.0.9.5 and later is running as a server on Windows now as well.)

Here's where Tor puts its files on many common platforms:

UnixWindowsMac OS X
Configuration /etc/torrc
or /usr/local/etc/torrc
\Application Data\username\tor\torrc
or \Application Data\tor\torrc
/Library/Tor/torrc
Fingerprint /var/lib/tor/fingerprint or /usr/local/var/lib/tor/fingerprint \Application Data\username\tor\fingerprint or \Application Data\tor\fingerprint /Library/Tor/var/lib/tor/fingerprint
Logs /var/log/tor or /usr/local/var/log/tor \Application Data\username\tor\log or \Application Data\tor\log /var/log/tor

Optionally, we recommend the following steps as well:

You can click here or here and look at the router-status line to see if your server is part of the network. It will be listed by nickname once we have added your server to the list of known servers; otherwise it is listed only by its fingerprint.

Configuring a hidden service

Tor allows clients and servers to offer hidden services. That is, you can offer an apache, sshd, etc, without revealing your IP to its users. This works via Tor's rendezvous point design: both sides build a Tor circuit out, and they meet in the middle.

If you're using Tor and Privoxy, you can go to the hidden wiki to see hidden services in action.

To set up a hidden service, copy torrc.sample to torrc (by default it's in /usr/local/etc/tor/), and edit the middle part. Then run Tor. It will create each HiddenServiceDir you have configured, and it will create a 'hostname' file which specifies the url (xyz.onion) for that service. You can tell people the url, and they can connect to it via their Tor client, assuming they're using a proxy (such as Privoxy) that speaks SOCKS 4A.

Setting up your own network

If you want to experiment locally with your own network, or you're cut off from the Internet and want to be able to mess with Tor still, then you may want to set up your own separate Tor network.

To set up your own Tor network, you need to run your own directory servers, and you need to configure each client and server so it knows about your directory servers rather than the default ones.