doc/tor-doc.html

   1 <html>
   2 <head>
   3 <title>Tor: an anonymizing overlay network for TCP</title>
   4 <meta name="Author" content="Roger Dingledine">
   5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   6 <meta http-equiv="Content-Style-Type" content="text/css">
   7 <link rel="stylesheet" type="text/css" href="tor-doc.css">
   8 </head>
   9
  10 <body>
  11
  12 <h1><a href="http://freehaven.net/tor/">Tor</a> documentation</h1>
  13
  14 <p>The simple version: Tor provides a distributed network of servers
  15 ("onion routers"). Users bounce their TCP streams (web traffic, FTP, SSH,
  16 etc.) around the routers. This makes it hard for recipients, observers, and
  17 even the onion routers themselves to track the source of the stream.</p>
  18
  19 <p>The complex version: Onion Routing is a connection-oriented anonymizing
  20 communication service. Users choose a source-routed path through a set of
  21 nodes, and negotiate a "virtual circuit" through the network, in which
  22 each node knows its predecessor and successor, but no others. Traffic
  23 flowing down the circuit is unwrapped by a symmetric key at each node,
  24 which reveals the downstream node.</p>
  25
  26 <a name="why"></a>
  27 <h2>Why should I use Tor?</h2>
  28
  29 <p>Individuals need Tor for privacy:
  30 <ul>
  31 <li>Privacy in web browsing -- both from the remote website (so it can't
  32 track and sell your behavior), and similarly from your local ISP.
  33 <li>Safety in web browsing: if your local government doesn't approve
  34 of its citizens visiting certain websites, they may monitor the sites
  35 and put readers on a list of suspicious persons.
  36 <li>Circumvention of local censorship: connect to resources (news
  37 sites, instant messaging, etc) that are restricted from your
  38 ISP/school/company/government.
  39 <li>Socially sensitive communication: chat rooms and web forums for
  40 rape and abuse survivors, or people with illnesses.
  41 </ul>
  42
  43 <p>Journalists and NGOs need Tor for safety:
  44 <ul>
  45 <li>Allowing dissidents and whistleblowers to communicate more safely.
  46 <li>Censorship-resistant publication, such as making available your
  47 home-made movie anonymously via a Tor <a href="#hidden-service">hidden
  48 service</a>; and reading, e.g. of news sites not permitted in some
  49 countries.
  50 <li>Allowing your workers to check back with your home website while
  51 they're in a foreign country, without notifying everybody nearby that
  52 they're working with your organization.
  53 </ul>
  54
  55 <p>Companies need Tor for business security:
  56 <ul>
  57 <li>Competitive analysis: browse the competition's website safely.
  58 <li>Protecting collaborations of sensitive business units or partners.
  59 <li>Protecting procurement suppliers or patterns.
  60 <li>Putting the "P" back in "VPN": traditional VPNs reveal the exact
  61 amount and frequency of communication. Which locations have employees
  62 working late? Which locations have employees consulting job-hunting
  63 websites? Which research groups are communicating with your company's
  64 patent lawyers?
  65 </ul>
  66
  67 <p>Governments need Tor for traffic-analysis-resistant communication:
  68 <ul>
  69 <li>Open source intelligence gathering (hiding individual analysts is
  70 not enough -- the organization itself may be sensitive).
  71 <li>Defense in depth on open <em>and classified</em> networks -- networks
  72 with a million users (even if they're all cleared) can't be made safe just
  73 by hardening them to external threat.
  74 <li>Dynamic and semi-trusted international coalitions: the network can
  75 be shared without revealing the existence or amount of communication
  76 between all parties.
  77 <li>Networks partially under known hostile control: to block
  78 communications, the enemy must take down the whole network.
  79 <li>Politically sensitive negotiations.
  80 <li>Road warriors.
  81 <li>Protecting procurement patterns.
  82 <li>Anonymous tips.
  83 </ul>
  84
  85 <p>Law enforcement needs Tor for safety:
  86 <ul>
  87 <li>Allowing anonymous tips or crime reporting
  88 <li>Allowing agents to observe websites without notifying them that
  89 they're being observed (or, more broadly, without having it be an
  90 official visit from law enforcement).
  91 <li>Surveillance and honeypots (sting operations)
  92 </ul>
  93
  94 <p>Does the idea of sharing the Tor network with
  95 all of these groups bother you? It shouldn't -- <a
  96 href="http://freehaven.net/doc/fc03/econymics.pdf">you need them for
  97 your security</a>.</p>
  98
  99 <a name="client-or-server"></a>
 100 <h2>Should I run a client or a server?</h2>
 101
 102 <p>You can run Tor in either client mode or server mode. By default,
 103 everybody is a <i>client</i>. This means you don't relay traffic for
 104 anybody but yourself.</p>
 105
 106 <p>If you have less than 1Mbit in both directions, you should stay
 107 a client. Otherwise, please consider being a server, to help out the
 108 network. (Currently each server uses 20-150 gigabytes of traffic
 109 per month; but that may go up.)</p>
 110
 111 <p>Note that you can be a server without allowing users to make
 112 connections from your computer to the outside world. This is called being
 113 a middleman server.</p>
 114
 115 <p> Benefits of running a server include:
 116 <ul>
 117 <li>Clients are generally limited to 100KB/s, whereas servers can inject
 118 or receive as much traffic as they want.
 119 <li>You may get stronger anonymity, since your destination can't know
 120 whether connections relayed through your computer originated at your
 121 computer or not.
 122 <li>You can also get stronger anonymity by configuring your Tor clients
 123 to use your Tor server for entry or for exit.
 124 <li>You're helping me with development and scalability testing.
 125 <li>You're helping your fellow Internet users by providing a larger
 126 network. Also, having servers in many different pieces of the Internet
 127 gives users more robustness against curious telcos and brute force
 128 attacks.
 129 </ul>
 130
 131 <p>You can read more about setting up Tor as a
 132 server <a href="#server">below</a>.</p>
 133
 134 <a name="installing"></a>
 135 <h2>Installing Tor</h2>
 136
 137 <p>You can get the latest releases <a
 138 href="http://freehaven.net/tor/dist/">here</a>.</p>
 139
 140 <p>If you got Tor from a tarball, unpack it: <tt>tar xzf
 141 tor-0.0.7.tar.gz; cd tor-0.0.7</tt>. Run <tt>./configure</tt>, then
 142 <tt>make</tt>, and then <tt>make install</tt> (as root if necessary). Then
 143 you can launch tor from the command-line by running <tt>tor</tt>.</p>
 144
 145 <p>If you got Tor from the Win32 .exe file, you
 146 can just click-click it (you may need to install <a
 147 href="http://www.slproweb.com/products/Win32OpenSSL.html">OpenSSL
 148 0.9.7</a> first, if you get an error about missing
 149 libeay32.dll.) You might also want to run Tor in a dos window,
 150 so you can see its logs, and see its error messages if it
 151 crashes. If you don't want the default configuration, fetch the <a
 152 href="http://freehaven.net/tor/cvs/src/config/torrc.sample.in">torrc</a>, edit it,
 153 and use <tt>tor.exe -f torrc</tt>.</p>
 154
 155 <p>Otherwise, if you got it prepackaged (e.g. in the <a
 156 href="http://packages.debian.org/tor">Debian package</a> or <a
 157 href="http://packages.gentoo.org/packages/?category=net-misc;name=tor">Gentoo
 158 package</a>), these steps are already done for you, and you may
 159 even already have Tor started in the background (logging to
 160 /var/log/something).</p>
 161
 162 <p>In any case, see the next section for what to <i>do</i> with it now that
 163 you've got it running.</p>
 164
 165 <a name="client"></a>
 166 <h2>Configuring a client</h2>
 167
 168 <p>Tor comes configured as a client by default. It uses a built-in
 169 default configuration file, and most people won't need to change any of
 170 the settings.</p>
 171
 172 <p>The only setting you might need to change is "SocksBindAddress".
 173 By default, your Tor client only listens for applications that connect
 174 from localhost. Connections from other computers are refused. If you
 175 want to torify applications on different computers than the Tor client,
 176 you should copy torrc.sample to torrc (it's installed by default
 177 to /usr/local/etc/tor/), change the SocksBindAddress line to
 178 0.0.0.0, and then hup or restart Tor.</p>
 179
 180 <p>To test if it's working, point your browser
 181 to socks4 or socks5 proxy at localhost port 9050. In
 182 Mozilla, this is in edit|preferences|advanced|proxies. Go to <a
 183 href="http://www.junkbusters.com/cgi-bin/privacy">http://www.junkbusters.com/cgi-bin/privacy</a>
 184 and see what IP it says you're coming from. (If you have a personal
 185 firewall, be sure to allow local connections to port 9050. If your
 186 firewall blocks outgoing connections, punch a hole so it can connect to
 187 TCP *:9001-9004 and *:9030-9033. If you're using Safari as your browser,
 188 keep in mind that OS X before 10.3 claims to support socks but does
 189 not.)</p>
 190
 191 <p>Once you've tested that it works, you should install <a
 192 href="http://www.privoxy.org/">privoxy</a>, which is a filtering web
 193 proxy that integrates well with Tor. Add the line <br>
 194 <tt>forward-socks4a / localhost:9050 .</tt><br>
 195 (don't forget the dot) to its config file (you can just add it to the
 196 top). Then change your mozilla to http proxy at localhost port 8118
 197 (and no socks proxy). You should also set your SSL proxy to the same
 198 thing, to hide your https traffic. Using privoxy is necessary because
 199 <a href="http://freehaven.net/tor/cvs/doc/CLIENTS">Mozilla leaks your
 200 DNS requests when it uses a socks proxy directly</a>. Privoxy also gives
 201 you good html scrubbing.</p>
 202
 203 <p>You might want to use Tor with an application that doesn't
 204 support socks directly. In this case, you should look at
 205 using <a href="http://tsocks.sourceforge.net/">tsocks</a>
 206 to dynamically replace the system calls in your program to
 207 route through Tor. If you want to use socks4a, consider using <a
 208 href="http://www.dest-unreach.org/socat/">socat</a> (specific instructions
 209 are on <a href="http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp">this hidden
 210 service url</a>).</p>
 211
 212 <p>(Windows doesn't have tsocks; instead, you can try
 213   <a
 214   href="http://www.socks.permeo.com/Download/SocksCapDownload/index.asp">SocksCap</a>
 215   or the <a href="http://www.hummingbird.com/products/nc/socks/index.html?cks=y">Hummingbird</a>
 216   SOCKS client.)</p>
 217
 218 <a name="server"></a>
 219 <h2>Configuring a server</h2>
 220
 221 <p>We're looking for people with reasonably reliable Internet connections,
 222 that have at least 1Mbit each way. Currently we don't use all of that,
 223 but we want it available for burst traffic.</p>
 224
 225 <p>(The Tor server doesn't need to be run as root, and doesn't
 226 need any special system permissions or kernel mods. You should probably
 227 run it as its own user though, especially if you run an identd service
 228 too. If you're the paranoid sort, feel free to <a
 229 href="http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">put it
 230 into a chroot jail</a>.)</p>
 231
 232 <p>First, copy torrc.sample to torrc (in the default configuration this
 233 means copy /usr/local/etc/tor/torrc.sample to /usr/local/etc/tor/torrc),
 234 and edit the middle part. Create the DataDirectory,
 235 and make sure it's owned by the uid/gid that will be running tor. Fix your system
 236 clock so it's not too far off. Make sure name resolution works. Make sure
 237 each process can get to 1024 file descriptors (this should be already
 238 done for everybody but the BSD folks). Open a hole in your firewall so
 239 outsiders can connect to your ORPort.</p>
 240
 241 <p>Then run tor to generate keys: <tt>tor</tt>. One of the files generated
 242 in your DataDirectory is your 'fingerprint' file. Mail it to
 243 tor-ops@freehaven.net.</p>
 244
 245 <p>In that mail, be sure to tell us who you are, so we know whom to contact
 246 if there's any problem.  Also describe what kind of connectivity the new
 247 server will have. If possible, PGP sign your mail.</p>
 248
 249 <p>Once your fingerprint has been approved, you can click <a
 250 href="http://moria.seul.org:9031/">here</a> or <a
 251 href="http://62.116.124.106:9030/">here</a> and look at the
 252 running-routers line to see if your server is part of the network.</p>
 253
 254 <p>You may find the initscript in contrib/tor.sh useful if you
 255 want to set up Tor to start at boot.</p>
 256
 257 <a name="hidden-service"></a>
 258 <h2>Configuring a hidden service</h2>
 259
 260 <p>Tor allows clients and servers to offer <em>hidden services</em>. That
 261 is, you can offer an apache, sshd, etc, without revealing your IP to its
 262 users. This works via Tor's rendezvous point design: both sides build
 263 a Tor circuit out, and they meet in the middle.</p>
 264
 265 <p>If you're using Tor and <a href="http://www.privoxy.org/">Privoxy</a>,
 266 you can <a href="http://6sxoyfb3h2nvok2d.onion/">go to the hidden wiki</a>
 267 to see hidden services in action.</p>
 268
 269 <p>To set up a hidden service, copy torrc.sample to torrc (by default it's
 270 in /usr/local/etc/tor/), and edit the bottom part. Then run Tor. It will
 271 create each HiddenServiceDir you have configured, and it will create a
 272 'hostname' file which specifies the url (xyz.onion) for that service. You
 273 can tell people the url, and they can connect to it via their Tor client,
 274 assuming they're using a proxy (such as Privoxy) that speaks socks4a.</p>
 275
 276 <a name="own-network"></a>
 277 <h2>Setting up your own network</h2>
 278
 279 <p>
 280 If you want to experiment locally with your own network, or you're cut
 281 off from the Internet and want to be able to mess with Tor still, then
 282 you may want to set up your own separate Tor network.
 283
 284 <p>
 285 To set up your own Tor network, you need to run your own directory
 286 servers, and you need to change the tarball so it points to your directory
 287 servers rather than the default ones.
 288
 289 <ul>
 290 <li>1: Grab the latest release. Use at least 0.0.9pre5.
 291 <li>2: For each directory server you want,
 292 <ul>
 293 <li>2a: Set it up as a server (see <a href="#server">"setting up a
 294 server"</a> above), with a least ORPort, DirPort, DataDirectory, and Nickname
 295 defined. Set "AuthoritativeDirectory 1".
 296 <li>2b: Set "RecommendedVersions" to a comma-separated list of acceptable
 297 versions of the code for clients and servers to be running (see step
 298 4c below).
 299 <li>2c: Run it: <tt>tor --list-fingerprint</tt> if your torrc is in
 300 the default place, or <tt>tor -f torrc --list-fingerprint</tt> to
 301 specify one. This will generate your keys and output a fingerprint
 302 line.
 303 </ul>
 304 <li>3: Create the new dirservers file. You do this by concatenating the
 305 "router.desc" files from each dirserver's DataDirectory: <tt>cat router1.desc
 306 router2.desc ... &gt; dirservers</tt>
 307 <li>4a: Now you need to teach clients and servers to use the new
 308 dirservers. For each fingerprint, add a line like<br>
 309 <tt>DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF</tt><br>
 310 to the torrc of each client and server who will be using your network.
 311 <li>5: Create a file called approved-routers in the DataDirectory
 312 of each directory server. Collect the 'fingerprint' lines from
 313 each server (including directory servers), and include them (one per
 314 line) in each approved-routers file. You can hup the tor process for
 315 each directory server to reload the approved-routers file (so you don't
 316 have to restart the process).
 317 </ul>
 318
 319 <!--<h2>Other doc resources</h2>
 320
 321 <ul>
 322 <li>Design paper
 323 <li>Spec and rend-spec
 324 <li>others
 325 </ul> -->
 326
 327 </body>
 328 </html>
 329