3 <title>Tor Documentation
</title>
4 <meta name=
"Author" content=
"Roger Dingledine">
5 <meta http-equiv=
"Content-Type" content=
"text/html; charset=utf-8">
6 <meta http-equiv=
"Content-Style-Type" content=
"text/css">
7 <link rel=
"stylesheet" type=
"text/css" href=
"tor-doc.css">
12 <h1><a href=
"http://tor.eff.org/">Tor
</a> documentation
</h1>
14 <p>Tor provides a distributed network of servers (
"onion routers"). Users
15 bounce their communications (web requests, IM, IRC, SSH, etc.) around
16 the routers. This makes it hard for recipients, observers, and even the
17 onion routers themselves to track the source of the stream.
</p>
20 <h2>Why should I use Tor?
</h2>
22 <p>Individuals need Tor for privacy:
24 <li>Privacy in web browsing -- both from the remote website (so it can't
25 track and sell your behavior), and similarly from your local ISP.
26 <li>Safety in web browsing: if your local government doesn't approve
27 of its citizens visiting certain websites, they may monitor the sites
28 and put readers on a list of suspicious persons.
29 <li>Circumvention of local censorship: connect to resources (news
30 sites, instant messaging, etc) that are restricted from your
31 ISP/school/company/government.
32 <li>Socially sensitive communication: chat rooms and web forums for
33 rape and abuse survivors, or people with illnesses.
36 <p>Journalists and NGOs need Tor for safety:
38 <li>Allowing dissidents and whistleblowers to communicate more safely.
39 <li>Censorship-resistant publication, such as making available your
40 home-made movie anonymously via a Tor
<a href=
"#hidden-service">hidden
41 service
</a>; and reading, e.g. of news sites not permitted in some
43 <li>Allowing your workers to check back with your home website while
44 they're in a foreign country, without notifying everybody nearby that
45 they're working with your organization.
48 <p>Companies need Tor for business security:
50 <li>Competitive analysis: browse the competition's website safely.
51 <li>Protecting collaborations of sensitive business units or partners.
52 <li>Protecting procurement suppliers or patterns.
53 <li>Putting the
"P" back in
"VPN": traditional VPNs reveal the exact
54 amount and frequency of communication. Which locations have employees
55 working late? Which locations have employees consulting job-hunting
56 websites? Which research groups are communicating with your company's
60 <p>Governments need Tor for traffic-analysis-resistant communication:
62 <li>Open source intelligence gathering (hiding individual analysts is
63 not enough -- the organization itself may be sensitive).
64 <li>Defense in depth on open
<em>and classified
</em> networks -- networks
65 with a million users (even if they're all cleared) can't be made safe just
66 by hardening them to external threat.
67 <li>Dynamic and semi-trusted international coalitions: the network can
68 be shared without revealing the existence or amount of communication
70 <li>Networks partially under known hostile control: to block
71 communications, the enemy must take down the whole network.
72 <li>Politically sensitive negotiations.
74 <li>Protecting procurement patterns.
78 <p>Law enforcement needs Tor for safety:
80 <li>Allowing anonymous tips or crime reporting
81 <li>Allowing agents to observe websites without notifying them that
82 they're being observed (or, more broadly, without having it be an
83 official visit from law enforcement).
84 <li>Surveillance and honeypots (sting operations)
87 <p>Does the idea of sharing the Tor network with
88 all of these groups bother you? It shouldn't --
<a
89 href=
"http://freehaven.net/doc/fc03/econymics.pdf">you need them for
90 your security
</a>.
</p>
92 <a name=
"client-or-server"></a>
93 <h2>Should I run a client or a server?
</h2>
95 <p>You can run Tor in either client mode or server mode. By default,
96 everybody is a
<i>client
</i>. This means you don't relay traffic for
97 anybody but yourself.
</p>
99 <p>If your computer doesn't have a routable IP address or you're using
100 a modem, you should stay a client. Otherwise, please consider being
101 a server, to help out the network. (Currently each server uses
20-
500
102 gigabytes of traffic per month, depending on its capacity and its rate
103 limiting configuration.)
</p>
105 <p>Note that you can be a server without allowing users to make
106 connections from your computer to the outside world. This is called being
107 a middleman server.
</p>
109 <p> Benefits of running a server include:
111 <li>You may get stronger anonymity, since your destination can't know
112 whether connections relayed through your computer originated at your
114 <li>You can also get stronger anonymity by configuring your Tor clients
115 to use your Tor server for entry or for exit.
116 <li>You're helping the Tor staff with development and scalability testing.
117 <li>You're helping your fellow Internet users by providing a larger
118 network. Also, having servers in many different pieces of the Internet
119 gives users more robustness against curious telcos and brute force
123 <p>Other things to note:
125 <li>Tor has built-in support for rate limiting; see BandwidthRate
126 and BandwidthBurst config options. Further, if you have
127 lots of capacity but don't want to spend that many bytes per
128 month, check out the Accounting and Hibernation features. See
<a
129 href=
"http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ">the FAQ
</a>
131 <li>It's fine if the server goes offline sometimes. The directories
132 notice this quickly and stop advertising the server. Just try to make
133 sure it's not too often, since connections using the server when it
134 disconnects will break.
</li>
135 <li>We can handle servers with dynamic IPs just fine, as long as the
136 server itself knows its IP. If your server is behind a NAT and it doesn't
137 know its public IP (e.g. it has an IP of
192.168.x.y), then we can't use it
138 as a server yet. (If you want to port forward and set your Address
139 config option to use dyndns DNS voodoo to get around this, feel free. If
140 you write a howto,
<a href=
"mailto:tor-volunteer@freehaven.net">even
142 <li>Your server will passively estimate and advertise its recent
144 Clients choose paths weighted by this capacity, so high-bandwidth
145 servers will attract more paths than low-bandwidth ones. That's why
146 having even low-bandwidth servers is useful too.
</li>
150 <p>You can read more about setting up Tor as a
151 server
<a href=
"#server">below
</a>.
</p>
153 <a name=
"installing"></a>
154 <h2>Installing Tor
</h2>
156 <p>We have installers for Windows and Mac OS X. For help with installing,
157 configuring, and using Tor on these operating systems, consult the
158 <a href=
"tor-doc-win32.html">Windows instructions
</a> or the
159 <a href=
"tor-doc-osx.html">Mac OS X instructions
</a>.
162 <p>You can get the latest releases
<a
163 href=
"http://tor.eff.org/dist/">here
</a>.
</p>
165 <p>If you got Tor from a tarball, unpack it:
<tt>tar xzf
166 tor-
0.0.9.5.tar.gz; cd tor-
0.0.9.5</tt>. Run
<tt>./configure
</tt>, then
167 <tt>make
</tt>, and then
<tt>make install
</tt> (as root if necessary). Then
168 you can launch tor from the command-line by running
<tt>tor
</tt>.
169 Otherwise, if you got it prepackaged (e.g. in the
<a
170 href=
"http://packages.debian.org/tor">Debian package
</a> or
<a
171 href=
"http://packages.gentoo.org/packages/?category=net-misc;name=tor">Gentoo
172 package
</a>), these steps are already done for you, and you may
173 even already have Tor started in the background (logging to
174 /var/log/something).
</p>
176 <p><b>For newer releases
</b>: To build Tor version
0.1.0.1-rc or later from
177 source, you will need Niels Provos's
<tt>libevent
</tt> library; you can get
178 the source for the latest version
179 <a href=
"http://www.monkey.org/~provos/libevent/">here
</a>.
</p>
181 <p>In any case, see the
<a href=
"#client">next section
</a> for what to
182 <i>do
</i> with it now that you've got it running.
</p>
184 <a name=
"client"></a>
185 <h2>Configuring a client
</h2>
187 <p>Tor comes configured as a client by default. It uses a built-in
188 default configuration file, and most people won't need to change any of
191 <p>After installing Tor, you should install
<a
192 href=
"http://www.privoxy.org/">privoxy
</a>, which is a filtering web
193 proxy that integrates well with Tor. Add the line
<br>
194 <tt>forward-socks4a / localhost:
9050 .
</tt><br>
195 (don't forget the dot) to privoxy's config file (you can just add it to the
196 top). Then change your browser to http proxy at localhost port
8118.
197 (In Mozilla, this is in Edit|Preferences|Advanced|Proxies.)
198 You should also set your SSL proxy to the same
199 thing, to hide your SSL traffic. Using privoxy is
<b>necessary
</b> because
200 <a href=
"http://tor.eff.org/cvs/tor/doc/CLIENTS">Mozilla leaks your
201 DNS requests when it uses a SOCKS proxy directly
</a>. Privoxy also gives
202 you good html scrubbing.
</p>
204 <p>To test if it's working, go to
205 <!--<a href="http://peertech.org/privacy-knoppix/">peertech</a>, -->
206 <a href=
"http://www.junkbusters.com/cgi-bin/privacy">junkbusters
</a>,
207 <a href=
"http://www.network-tools.com">network-tools
</a> or
208 <a href=
"http://ipid.shat.net">ipid
</a>
209 and see what IP it says you're coming from.
213 If you have a personal firewall that limits your computer's ability
214 to connect to itself, be sure to allow connections from your local
216 local port
8118 and port
9050. If your firewall blocks outgoing connections,
217 punch a hole so it can connect to at least TCP ports
80,
443, and
9001-
9033.
219 using Safari as your browser, keep in mind that OS X before 10.3 claims
220 to support SOCKS but does not. -->
221 For more troubleshooting suggestions, see
<a
222 href=
"http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ">the FAQ
</a>.
225 <p>To Torify an application that supports http, just point it at Privoxy
226 (that is, localhost port
8118). To use SOCKS directly (for example, for
227 instant messaging, Jabber, IRC, etc), point your application directly at
228 Tor (localhost port
9050). For applications that support neither SOCKS
229 nor http, you should look at
230 using
<a href=
"http://tsocks.sourceforge.net/">tsocks
</a>
231 to dynamically replace the system calls in your program to
232 route through Tor. If you want to use SOCKS
4A, consider using
<a
233 href=
"http://www.dest-unreach.org/socat/">socat
</a> (specific instructions
234 are on
<a href=
"http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp">this hidden
235 service url
</a>).
</p>
237 <p>(Windows doesn't have tsocks; see the bottom of the
238 <a href=
"tor-doc-win32.html">Win32 instructions
</a> for alternatives.)
241 <a name=
"server"></a>
242 <h2>Configuring a server
</h2>
244 <p>We're looking for people with reasonably reliable Internet connections,
245 that have at least
20 kilobytes/s each way. If you frequently have a
246 lot of packet loss or really high latency, we can't handle your server
247 yet. Otherwise, please help out!
251 To read more about whether you should be a server, check out
<a
252 href=
"#client-or-server">the section above
</a>.
255 <p>To set up a Tor server, do the following steps after installing Tor.
256 (These instructions are Unix-centric; but Tor
0.0.9.5 and later is running
257 as a server on Windows now as well.)
261 <li>1. Edit the bottom part of your torrc (if you installed from source,
262 you will need to copy torrc.sample to torrc first. Look for them in
263 /usr/local/etc/tor/ on Unix). If you installed a package, you should look
265 <ul><li>in
<tt>/etc/torrc
</tt> or
<tt>/etc/tor/torrc
</tt> on Unix.
</li>
266 <li>in
<tt>/Library/Tor/torrc
</tt> on Macintosh OS X.
</li>
267 <li>in
<tt>\Application Data\tor\torrc
</tt> or in
268 <tt>\Application Data\
</tt><i>username
</i><tt>\tor\torrc
</tt>
271 Make sure to define at least Nickname and ORPort.
272 Create the DataDirectory if necessary, and make
273 sure it's owned by the user that will be running tor. Fix your system
274 clock so it's not too far off. Make sure name resolution works.
275 <li>2. If you are using a firewall, open a hole in your firewall so
276 incoming connections can reach the ports you configured (i.e. ORPort,
277 plus DirPort if you enabled it). Make sure you allow outgoing connections,
278 to get to other onion routers plus any other addresses or ports your
280 <li>3. Start your server: if you installed from source you can just
281 run
<tt>tor
</tt>, whereas packages typically launch Tor from their
282 initscripts or startup scripts. If it logs any warnings, address them. (By
283 default Tor logs to stdout, but some packages log to
<tt>/var/log/tor/
</tt>
284 instead. You can edit your torrc to configure log locations.)
285 <li>4.
<b>Register your server.
</b> Send mail to
<a
286 href=
"mailto:tor-ops@freehaven.net">tor-ops@freehaven.net
</a> with the
287 following information:
289 <li>The fingerprint for your server's key (the contents of the
290 "fingerprint" file in your DataDirectory -- look in /usr/local/var/lib/tor
291 or /var/lib/tor on many platforms)
</li>
292 <li>Who you are, so we know whom to contact if a problem arises,
294 <li>What kind of connectivity the new server will have.
</li>
296 If possible, sign your mail using PGP.
297 <li>5. Subscribe to the
<a href=
"http://archives.seul.org/or/announce/">or-announce
</a>
298 mailing list. It is very low volume, and it will keep you informed
299 of new stable releases. You might also consider subscribing to
<a
300 href=
"http://archives.seul.org/or/talk/">or-talk
</a> (higher volume),
301 where new development releases are announced.
</li>
305 <p>Here's where Tor puts its files on many common platforms:
</p>
306 <table borderwidth=
"3 px">
307 <tr><th></th><th>Unix
</th><th>Windows
</th><th>Mac OS X
</th></tr>
308 <tr><th>Configuration
</th>
309 <td><tt>/etc/torrc
</tt> <br />or
<tt>/usr/local/etc/torrc
</tt></td>
310 <td><tt>\Application
Data\
</tt><i>username
</i><tt>\tor\torrc
</tt> <br />or
311 <tt>\Application
Data\tor\torrc
</tt></td>
312 <td><tt>/Library/Tor/torrc
</tt></td></tr>
313 <tr><th>Fingerprint
</th>
314 <td><tt>/var/lib/tor/fingerprint
</tt>
315 or
<tt>/usr/local/var/lib/tor/fingerprint
</tt></td>
316 <td><tt>\Application
Data\
</tt><i>username
</i><tt>\tor\fingerprint
</tt>
317 or
<tt>\Application
Data\tor\fingerprint
</tt></td>
318 <td><tt>/Library/Tor/var/lib/tor/fingerprint
</tt></td></tr>
320 <td><tt>/var/log/tor
</tt>
321 or
<tt>/usr/local/var/log/tor
</tt></td>
322 <td><tt>\Application
Data\
</tt><i>username
</i><tt>\tor\log
</tt>
323 or
<tt>\Application
Data\tor\log
</tt></td>
324 <td><tt>/var/log/tor
</tt></td></tr>
329 Optionally, we recommend the following steps as well:
333 <li>6 (Unix only). Make a separate user to run the server. If you
334 installed the deb or the rpm, this is already done. Otherwise,
335 you can do it by hand. (The Tor server doesn't need to be run as
336 root, so it's good practice to not run it as root. Running as a
337 'tor' user avoids issues with identd and other services that
338 detect user name. If you're the paranoid sort, feel free to
<a
339 href=
"http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">put Tor
340 into a chroot jail
</a>.)
341 <li>7. Decide what exit policy you want. By default your server allows
342 access to many popular services, but we restrict some (such as port
25)
343 due to abuse potential. You might want an exit policy that is
344 less restrictive or more restrictive; edit your torrc appropriately.
345 If you choose a particularly open exit policy, you might want to make
346 sure your upstream or ISP is ok with that choice.
347 <li>8. If you installed from source, you may find the initscripts in
348 contrib/tor.sh or contrib/torctl useful if you want to set up Tor to
350 <li>9. Consider setting your hostname to 'anonymous' or
351 'proxy' or 'tor-proxy' if you can, so when other people see the address
352 in their web logs or whatever, they will more quickly understand what's
354 <li>10. If you're not running anything else on port
80 or port
443,
355 please consider setting up port-forwarding and advertising these
356 low-numbered ports as your Tor server. This will help allow users behind
357 particularly restrictive firewalls to access the Tor network. Win32
358 servers can simply set their ORPort and DirPort directly. Other servers
359 need to rig some sort of port forwarding; see
<a
360 href=
"http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#ServerForFirewalledClients">the
361 FAQ
</a> for details of how to set this up.
364 <p>You can click
<a href=
"http://moria.seul.org:9031/">here
</a> or
<a
365 href=
"http://62.116.124.106:9030/">here
</a> and look at the router-status
366 line to see if your server is part of the network. It will be listed by
367 nickname once we have added your server to the list of known servers;
368 otherwise it is listed only by its fingerprint.
</p>
370 <a name=
"hidden-service"></a>
371 <h2>Configuring a hidden service
</h2>
373 <p>Tor allows clients and servers to offer
<em>hidden services
</em>. That
374 is, you can offer an apache, sshd, etc, without revealing your IP to its
375 users. This works via Tor's rendezvous point design: both sides build
376 a Tor circuit out, and they meet in the middle.
</p>
378 <p>If you're using Tor and
<a href=
"http://www.privoxy.org/">Privoxy
</a>,
379 you can
<a href=
"http://6sxoyfb3h2nvok2d.onion/">go to the hidden wiki
</a>
380 to see hidden services in action.
</p>
382 <p>To set up a hidden service, copy torrc.sample to torrc (by default it's
383 in /usr/local/etc/tor/), and edit the middle part. Then run Tor. It will
384 create each HiddenServiceDir you have configured, and it will create a
385 'hostname' file which specifies the url (xyz.onion) for that service. You
386 can tell people the url, and they can connect to it via their Tor client,
387 assuming they're using a proxy (such as Privoxy) that speaks SOCKS
4A.
</p>
389 <a name=
"own-network"></a>
390 <h2>Setting up your own network
</h2>
393 If you want to experiment locally with your own network, or you're cut
394 off from the Internet and want to be able to mess with Tor still, then
395 you may want to set up your own separate Tor network.
398 To set up your own Tor network, you need to run your own directory
399 servers, and you need to configure each client and server so it knows
400 about your directory servers rather than the default ones.
403 <li>1: Grab the latest release. Use at least
0.0.9.5.
404 <li>2: For each directory server you want,
406 <li>2a: Set it up as a server (see
<a href=
"#server">"setting up a
407 server"</a> above), with a least ORPort, DirPort, DataDirectory, and Nickname
408 defined. Set
"AuthoritativeDirectory 1".
409 <li>2b: Set
"RecommendedVersions" to a comma-separated list of acceptable
410 versions of the code for clients and servers to be running.
411 <li>2c: Run it:
<tt>tor --list-fingerprint
</tt> if your torrc is in
412 the default place, or
<tt>tor -f torrc --list-fingerprint
</tt> to
413 specify one. This will generate your keys and output a fingerprint
416 <li>3: Now you need to teach clients and servers to use the new
417 dirservers. For each fingerprint, add a line like
<br>
418 <tt>DirServer
18.244.0.114:
80 719B E45D E224 B607 C537
07D0 E214
3E2D
423E
74CF
</tt><br>
419 to the torrc of each client and server who will be using your network.
420 <li>4: Create a file called approved-routers in the DataDirectory
421 of each directory server. Collect the 'fingerprint' lines from
422 each server (including directory servers), and include them (one per
423 line) in each approved-routers file. You can hup the tor process for
424 each directory server to reload the approved-routers file (so you don't
425 have to restart the process).
428 <!--<h2>Other doc resources</h2>
432 <li>Spec and rend-spec