tor/doc/tor-doc.html
2005-08-26 23:00:14 +00:00

174 lines
6.7 KiB
HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Tor Documentation</title>
<meta name="Author" content="Roger Dingledine">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Style-Type" content="text/css">
<link rel="stylesheet" type="text/css" href="tor-doc.css">
</head>
<body>
<h1><a href="http://tor.eff.org/">Tor</a> documentation</h1>
<p>Tor provides a distributed network of servers ("onion routers"). Users
bounce their communications (web requests, IM, IRC, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the
onion routers themselves to track the source of the stream.</p>
<a name="why"></a>
<h2>Why should I use Tor?</h2>
<p>Individuals need Tor for privacy:
<ul>
<li>Privacy in web browsing -- both from the remote website (so it can't
track and sell your behavior), and similarly from your local ISP.
<li>Safety in web browsing: if your local government doesn't approve
of its citizens visiting certain websites, they may monitor the sites
and put readers on a list of suspicious persons.
<li>Circumvention of local censorship: connect to resources (news
sites, instant messaging, etc.) that are restricted from your
ISP/school/company/government.
<li>Socially sensitive communication: chat rooms and web forums for
rape and abuse survivors, or people with illnesses.
</ul>
<p>Journalists and NGOs need Tor for safety:
<ul>
<li>Allowing dissidents and whistleblowers to communicate more safely.
<li>Censorship-resistant publication, such as making available your
home-made movie anonymously via a Tor <a
href="http://tor.eff.org/doc/tor-hidden-service.html">hidden
service</a>; and reading, e.g. of news sites not permitted in some
countries.
<li>Allowing your workers to check back with your home website while
they're in a foreign country, without notifying everybody nearby that
they're working with your organization.
</ul>
<p>Companies need Tor for business security:
<ul>
<li>Competitive analysis: browse the competition's website safely.
<li>Protecting collaborations of sensitive business units or partners.
<li>Protecting procurement suppliers or patterns.
<li>Putting the "P" back in "VPN": traditional VPNs reveal the exact
amount and frequency of communication. Which locations have employees
working late? Which locations have employees consulting job-hunting
websites? Which research groups are communicating with your company's
patent lawyers?
</ul>
<p>Governments need Tor for traffic-analysis-resistant communication:
<ul>
<li>Open source intelligence gathering (hiding individual analysts is
not enough -- the organization itself may be sensitive).
<li>Defense in depth on open <em>and classified</em> networks -- networks
with a million users (even if they're all cleared) can't be made safe just
by hardening them to external threat.
<li>Dynamic and semi-trusted international coalitions: the network can
be shared without revealing the existence or amount of communication
between all parties.
<li>Networks partially under known hostile control: to block
communications, the enemy must take down the whole network.
<li>Politically sensitive negotiations.
<li>Road warriors.
<li>Protecting procurement patterns.
<li>Anonymous tips.
</ul>
<p>Law enforcement needs Tor for safety:
<ul>
<li>Allowing anonymous tips or crime reporting
<li>Allowing agents to observe websites without notifying them that
they're being observed (or, more broadly, without having it be an
official visit from law enforcement).
<li>Surveillance and honeypots (sting operations)
</ul>
<p>Does the idea of sharing the Tor network with
all of these groups bother you? It shouldn't -- <a
href="http://freehaven.net/doc/fc03/econymics.pdf">you need them for
your security</a>.</p>
<a name="installing"></a>
<a name="client"></a>
<h2>Installing and configuring Tor</h2>
<p>See the <a href="tor-doc-win32.html">Windows</a>,
<a href="tor-doc-osx.html">OS X</a>, and <a
href="tor-doc-unix.html">Linux/BSD/Unix</a> documentation guides.
<a name="client-or-server"></a>
<a name="server"></a>
<h2>Configuring a server</h2>
<p>
We've moved this section over to the new
<a href="http://tor.eff.org/doc/tor-doc-server.html">Tor Server
Configuration Guide</a>. Hope you like it.
</p>
<a name="hidden-service"></a>
<h2>Configuring a hidden service</h2>
<p>
We've moved this section over to the new <a
href="http://tor.eff.org/doc/tor-hidden-service.html">Tor Hidden Service
Howto</a>. Hope you like it.
</p>
<a name="own-network"></a>
<h2>Setting up your own network</h2>
<p>
If you want to experiment locally with your own network, or you're cut
off from the Internet and want to be able to mess with Tor still, then
you may want to set up your own separate Tor network.
<p>
To set up your own Tor network, you need to run your own directory
servers, and you need to configure each client and server so it knows
about your directory servers rather than the default ones.
<ul>
<li>1: Grab the latest release. Use at least 0.1.1.6-alpha.</li>
<li>2: For each directory server you want,</li>
<ul>
<li>2a: Set it up as a server (see <a href="#server">"setting up a
server"</a> above), with a least ORPort, DirPort, DataDirectory, and Nickname
defined. Set "AuthoritativeDirectory 1", and set "RecommendedVersions"
to a comma-separated list of acceptable
versions of the code for clients and servers to be running.</li>
<li>2b: Create a file called approved-routers in its DataDirectory.
Leave it empty for now.</li>
<li>2c: Run it: <tt>tor --list-fingerprint</tt> if your torrc is in
the default place, or <tt>tor -f torrc --list-fingerprint</tt> to
specify a torrc. This will generate your keys and output a fingerprint
line.</li>
</ul>
<li>3: Now you need to teach clients and servers to use the new
dirservers. For each fingerprint, add a line like<br>
<tt>DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF</tt><br>
to the torrc of each client and server who will be using your network.</li>
<li>4: Each server (including the dir-servers) should set
"AssumeReachable 1" in their torrc. This bypasses the reachability detection
and lets the network bootstrap.
<li>5: If you are running the network using local/private IP space, the
dirservers need to set "DirAllowPrivateAddresses 1" in their torrc, and
all the servers need to explicitly set their Address to their IP in the
torrc.
<li>6: Collect the 'fingerprint' lines from
each server (including directory servers), and include them (one per
line) in each approved-routers file. You can hup the tor process for
each directory server to reload the approved-routers file (so you don't
have to restart the process).</li>
<li>7: Be sure to start at least 3 servers in addition to the
dir-servers. If they're not succeeding at building circuits, hup them
until they do.</li>
</ul>
</body>
</html>