The Onion Routing (TOR) Frequently Asked Questions -------------------------------------------------- 1. General. 1.1. What is tor? Tor is an implementation of version 2 of Onion Routing. Onion Routing is a connection-oriented anonymizing communication service. Users build a layered block of asymmetric encryptions (an "onion") which describes a source-routed path through a set of nodes. Those nodes build a "virtual circuit" through the network, in which each node knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each node, which reveals the downstream node. Basically tor provides a distributed network of servers ("onion routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc) around the routers, and recipients, observers, and even the routers themselves have difficulty tracking the source of the stream. 1.2. Why's it called tor? Because tor is the onion routing system. I kept telling people I was working on onion routing, and they said "Neat. Which one?" Even if onion routing has become a standard household term, this is the actual onion routing project, started out of the Naval Research Lab. (Theories about recursive acronyms are ok too.) 1.3 Is there a backdoor in tor? Not right now, but if this answer changes we probably won't be allowed to tell you. You should always check the source (or at least the diffs since the last release) for suspicious things; and if we don't give you source, that's a sure sign something funny could be going on. 2. Compiling and installing. [Read the README file for now; check back here once we've got packages/etc for you.] 3. Running tor. 3.1. What kind of server should I run? The same executable ("or") functions as both client and server, depending on which ports are specified in the configuration file. You can specify: * SocksPort: client applications (eg privoxy, Mozilla) can speak socks to this port. * ORPort: other onion routers connect to this port * DirPort: onion proxies and onion routers speak http to this port, to pull down a directory of which nodes are currently available. 3.2. So I can just run a full onion router and join the network? No. Users should run just an onion proxy (use the 'oprc' config file). If you start up a full onion router, the rest of the routers in the system won't recognize you, so they will reject your handshake attempts. 3.3. How do I join the network then? If you just want to use the onion routing network, you can run a proxy and you're all set. If you want to run a router, you must convince the directory server operators (currently arma@mit.edu) that you're a trustworthy person. From there, the operators add you to the directory, which propagates out to the rest of the network. All nodes will know about you within an hour. 3.4. I want to run a directory server too. If you run a very reliable node, you plan to be around for a long time, and you want to spend some time ensuring that router operators are people we know and like, we may want you to run a directory server too. We must manually add you to the 'dirservers' file that's part of the distribution; users will only know about you when they upgrade to a new version. Of course, you can always just start up your router as a directory server too --- but users won't know to ask you for directories, and more importantly, you'll never learn from the real directory servers about recently joined routers. 4. Development. 4.1. Who's doing this? 4.2. Can I help? 4.3. I've got a bug. 5. Anonymity. 5.1. So I'm totally anonymous if I use tor? 5.2. Where can I learn more about anonymity? 5.3. What attacks remain against onion routing? tagging: can change bytes in the cells, even through link encryption end node can give back wrong data, even subtly wrong data. 6. Comparison to related projects. 6.1. Onion Routing. Tor *is* onion routing. 6.2. Freedom. 7. Protocol and application support. 7.1. http? ftp? udp? socks? mozilla?