• TheOnionRouter
• TorFAQ

up to Tor

Table of Contents

../FAQUnanswered <-- Add your questions here or better yet answer one and promote it to this page!

1. General

[link]

1.1. What is Tor?

[link]

Tor is an anonymity network. It protects your privacy on the internet. Tor uses a series of three proxies - computers (or nodes) which communicate on your behalf using their own identifying information - in such a way that none of them know both your identifying information and your destination. Tor can also help people get around restrictive firewalls which censor web content. Read the Tor overview to learn more about Tor and what it can do for you.

1.2. What programs and applications work with Tor?

[link]

Tor presents a SOCKS proxy interface to applications, so any application that supports SOCKS (versions 4, 4a and 5) can be anonymized using Tor. Most web browsers, many instant messaging and IRC clients, SSH clients and email clients already have built-in support for SOCKS. However, not all SOCKS interfaces are equal. See below for information about how some SOCKS interfaces may leak information via DNS about where you are going on the internet, and how you can avoid this.

Since Tor does not filter message content, additional software agents should be used to filter content. For example, Privoxy (see FAQ) is a good HTTP proxy for filtering dangerous or annoying web content, such as tracking scripts and ads.

1.3. How do I configure Tor with IRC, instant messaging, web browsing, etc?

[link]

We have compiled a list of applications that help you direct your traffic through Tor, and a list of instructions for Torifying specific applications. Please add to these lists and help us keep them accurate!

1.4. How can I help?

[link]

We've set up a preliminary "volunteer" page, which lists a few ways to help. If you have something to contribute that we haven't listed there, chances are we still need it.

There are also more answers in the Why is Tor slow? answer and the What we need to work on answer.

1.5. Why is it called Tor?

[link]

Because Tor is the onion routing network. I kept telling people I was working on onion routing, and they said "Neat. Which one?" Even if onion routing has become a standard household term, this is the actual onion routing project, started out of the Naval Research Lab.

(Theories about recursive acronyms are ok too. It's also got a fine translation into German.)

Note: even though it comes from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized.

1.6. Is there a backdoor in Tor?

[link]

There is absolutely no backdoor in Tor. Nobody has asked us to put one in, and we know some smart lawyers who say that it's unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.

We think that putting a backdoor in Tor would be tremendously irresponsible to our users, and a bad precedent for security software in general. If we ever put a deliberate backdoor in our security software, it would ruin our professional reputations. Nobody would trust our software ever again---for excellent reason!

But that said, there are still plenty of subtle attacks people might try. Somebody might impersonate us, or break into our computers, or something like that. Tor is open source, and you should always check the source (or at least the diffs since the last release) for suspicious things. If we (or the distributors) don't give you source, that's a sure sign something funny might be going on. You should also check the GPG signatures on the releases, to make sure nobody messed with the distribution sites.

Also, there might be accidental bugs in Tor that could affect your anonymity. We don't know of such bugs right now. If we learn of any, we will let you know.

1.7. Can I distribute Tor on my magazine's CD?

[link]

Yes.

The Tor software is free software. This means we give you the rights to redistribute the Tor software, either modified or unmodified, either for a fee or gratis. You don't have to ask us for specific permission.

However, if you want to redistribute the Tor software you must follow our LICENSE. Essentially this means that you need to include our LICENSE file along with whatever part of the Tor software you're distributing.

Most people who ask us this question don't want to distribute just the Tor software, though. They want to distribute the Tor bundles, which typically include Privoxy and Vidalia. You will need to follow the licenses for those programs as well. Both of them are distributed under the GNU General Public License. The simplest way to obey their licenses is to include the source code for these programs everywhere you include the bundles themselves. Look for "source" packages on the Vidalia download page and the Privoxy download page.

Also, you should make sure not to confuse your users about what Tor is, who makes it, and what properties it provides (and doesn't provide). See our trademark FAQ for details.

Lastly, you should realize that we release new versions of the Tor software frequently, and sometimes we make backward incompatible changes. So if you distribute a particular version of the Tor software, it may not be supported -- or even work -- six months later. This is a fact of life for all security software under heavy development.

1.8. How can I get an answer to my Tor support mail?

[link]

Many people send the Tor developers mail privately, or send mail to our internal aliases like tor-webmaster, with questions about their specific setup -- they can't get their firewall working right, they can't configure Privoxy correctly, or so on. Sometimes our volunteers can answer these mails, but typically they need to spend most of their time on development tasks that will benefit more people. This is especially true if your question is already covered in the documentation or on this FAQ. We don't hate you; we're just busy.

So if we don't answer your mail, first check the documentation (including this FAQ) to make sure your question isn't answered there. Then read "How to ask questions the smart way". If this doesn't help you, note that we have an IRC channel where you can ask your questions (but if they are still open-ended, ill-formed, or not about Tor, you likely won't get much help there either). Lastly, people on the or-talk mailing list may be able to provide some hints for you, if others have experienced your problems too. Etiquette - How to post on or-talk mailinglist - What is Top-posting? Be sure to look over the archives first.

Another strategy is to run a Tor relay for a while, and/or donate money or time to the effort. We're more likely to pay attention to people who have demonstrated interest and commitment to giving back to the Tor community.

If you find an answer, please stick around on the IRC channel or the mailing list and answer questions from others.

1.9. Why is Tor so slow?

[link]

There are many reasons why the Tor network is currently slow.

Before we answer, though, you should realize that Tor is never going to be blazing fast. Your traffic is bouncing through volunteers' computers in various parts of the world, and some bottlenecks and network latency will always be present. You shouldn't expect to see university-style bandwidth through Tor.

But that doesn't mean that it can't be improved. The current Tor network is quite small compared to the number of people trying to use it, and many of these users don't understand or care that Tor can't currently handle file-sharing traffic load.

What can you do to help?

• Configure your Tor to relay traffic for others. Help make the Tor network large enough that we can handle all the users who want privacy and security on the Internet.

• Help us make Tor more usable. We especially need people to help make it easier to configure your Tor as a relay. Also, we need help with clear simple documentation to walk people through setting it up.

• There are some bottlenecks in the current Tor network. Help us design experiments to track down and demonstrate where the problems are, and then we can focus better on fixing them.
• There are some steps that individuals can take to improve their Tor performance.

  You can configure your Firefox to handle Tor better, you can use Polipo with Tor, or you can try upgrading to the latest version of Tor. If this works well, please help by documenting what you did, and letting us know about it.

• Tor needs some architectural changes too. One important change is to start providing

  better service to people who relay traffic. We're working on this, and we'll finish faster if we get to spend more time on it.

• Help do other things so we can do the hard stuff. Please take a moment to figure out what your skills and interests are, and then

  look at our volunteer page.

• Help find sponsors for Tor. Do you work at a company or government agency that uses Tor or has a use for Internet privacy, e.g. to browse the competition's websites discreetly, or to connect back to the home servers when on the road without revealing affiliations? If your organization has an interest in keeping the Tor network working, please contact them about supporting Tor. Without sponsors, Tor is going to become even slower.
• If you can't help out with any of the above, you can still help out individually by

  donating a bit of money to the cause. It adds up!

1.10. What would the Tor project do with more funding?

[link]

We have about 1500 relays right now, pushing over 150 MB/s average traffic. We have several hundred thousand active users. But the Tor network is not yet self-sustaining.

There are six main development/maintenance pushes that need attention:

• Scalability: We need to keep scaling and decentralizing the Tor architecture so it can handle thousands of relays and millions of users. The upcoming stable release is a major improvement, but there's lots more to be done next in terms of keeping Tor fast and stable.
• User support: With this many users, a lot of people are asking questions all the time, offering to help out with things, and so on. We need good clean docs, and we need to spend some effort coordinating volunteers.
• Relay support: the Tor network is run by volunteers, but they still need attention with prompt bug fixes, explanations when things go wrong, reminders to upgrade, and so on. The network itself is a commons, and somebody needs to spend some energy making sure the relay operators

  stay happy. We also need to work on stability on some platforms -- e.g., Tor relays have problems on Win XP currently.

• Usability: Beyond documentation, we also need to work on usability of the software itself. This includes installers, clean GUIs, easy configuration to interface with other applications, and generally automating all of the difficult and confusing steps inside Tor. We've got

  a start on this with the GUI Contest, but much more work remains -- usability for privacy software has never been easy.

• Incentives: We need to work on ways to encourage people to configure their Tors as relays and exit nodes rather than just clients.

  We need to make it easy to become a relay, and we need to give people incentives to do it.

• Research: The anonymous communications field is full of surprises and gotchas. In our copious free time, we also help run top anonymity

  and privacy conferences like PET. We've identified a set of critical Tor research questions that will help us figure out how to make Tor secure against the variety of attacks out there. Of course, there are more research questions waiting behind these.

We're continuing to move forward on all of these, but at this rate the Tor network is growing faster than the developers can keep up. Now would be an excellent time to add a few more developers to the effort so we can continue to grow the network.

We are also excited about tackling related problems, such as censorship-resistance.

We are proud to have sponsorship and support from the Omidyar Network, the International Broadcasting Bureau, Bell Security Solutions, the Electronic Frontier Foundation, several government agencies and research groups, and hundreds of private contributors.

However, this support is not enough to keep Tor abreast of changes in the Internet privacy landscape. Please donate to the project, or contact our executive director for information on making grants or major donations.

Please let us know if you can help.

2. Compilation and Installation

[link]

2.1. How do I uninstall Tor?

[link]

This depends entirely on how you installed it. If you installed a package, then hopefully your package has a way to uninstall itself.

For Mac OS X, follow the uninstall directions.

If you installed by source, I'm afraid there is no easy uninstall method. But on the bright side, by default it only installs into /usr/local/ and it should be pretty easy to notice things there.

2.2. What are these ".asc" signature files in the dist/ directory?

[link]

These are PGP signatures, so you can verify that the file you've downloaded is exactly the one that we intended you to get.

Please read the TheOnionRouter/VerifyingSignatures page for details.

2.3. How do I compile Tor under Windows?

[link]

Try following the steps at https://www.torproject.org/svn/trunk/doc/tor-win32-mingw-creation.txt.

You can also try following the (somewhat outdated) instructions at https://tor.addicts.nl/windows/.

2.4. Why does my Tor executable appear to have a virus or spyware?

[link]

Sometimes, overzealous Windows virus and spyware detectors trigger on some parts of the Tor Windows binary. Our best guess is that these are false positives --- after all, the anti-virus and anti-spyware business is just a guessing game anyway. You should contact your vendor and explain that you have a program that seems to be triggering false positives. Or pick a better vendor.

In the meantime, we encourage you to not just take our word for it. Our job is to provide the source; please do recompile it yourself.

2.5. Is there a LiveCD or other bundle that includes Tor?

[link]

There isn't any official LiveCD at this point. We're still trying to find good solutions and trying to understand the security and anonymity implications of the various options. In the mean time, feel free to check out the list below and use your best judgement:

Maintained:

• JanusVM is a Linux kernel and software running in VMWare that sits between your Windows computer and the Internet, making sure that your Internet traffic is scrubbed and anonymized.

• xB Browser, previously known as Torpark, is a Firefox+Tor package for Win32 that can installed on a USB key. It needs a host Win32 operating system.

• TorK LiveCD is Knoppix-based with an emphasis on user-friendliness. You can work anonymously or non-anonymously while TorK tries to keep you informed of the consequences of your activity. The TorK LiveCD is experimental, so the aim is to provide regular releases through 2007 and beyond.

• Polippix / Privatlivets Fred is a Danish Knoppix-based LiveCD with TOR

  and utilities to encrypt IP-telephony. Info and download.

• Incognito LiveCD/USB is a CD you can boot that has several Internet applications (Firefox, IRC, Mail, etc) pre-configured to use Tor. For most computers everything is automatically configured and you're ready to go. You can even copy the CD to a USB drive. Includes TorK.

• Privatix LiveCD/USB is a german (english version will follow) livesystem including tor, firefox and torbutton which can save bookmarks and other settings or data on an encrypted usb-key

• [add yours here!]

Not currently maintained as far as we know:

• ELE is a Linux LiveCD which is focused on privacy related

• software. It includes Tor and you can download it at

  http://www.northernsecurity.net/download/ele/.

• Virtual Privacy Machine is a Linux LiveCD that includes Firefox, Privoxy, Tor, some IRC and IM applications, and a set of ipchains rules aimed to prevent non-Tor traffic from accidentally leaving your computer. More information at

  http://wiki.noreply.org/noreply/VirtualPrivacyMachine.

• Anonym.OS is a LiveCD similar to the above but is based on OpenBSD rather than Linux for maximum security. It was designed to be anonymous and secure from the ground up, and thus has some features and limitations not found in other LiveCDs (Tor related or otherwise). You can obtain more information and download Anonym.OS from

  Kaos.Theory.

• Phantomix is a LiveCD for anonymous surfing and chatting based on the most recent KNOPPIX release. It comes preconfigured with tor and privoxy. You can get it from the

  Phantomix Website.

3. Running Tor

[link]

3.1. I'm supposed to "edit my torrc". What does that mean?

[link]

Tor installs a text file called torrc that contains configuration instructions for how your Tor program should behave.

The location of your torrc file depends on the way you installed Tor.

• On Windows, if you installed a Tor bundle with Vidalia, you

  can find your torrc file in the Start menu under Programs -> Vidalia Bundle -> Tor, or you can find it by hand in \Documents and Settings\username\Application Data\Vidalia\torrc. If you installed Tor without Vidalia, you can find your torrc in

  the Start menu under Programs -> Tor, or manually in either \Documents and Settings\Application Data\tor\torrc or \Documents and Settings\username\Application Data\tor\torrc.

• On OS X, open your favorite text editor and load /Library/Tor/torrc
• On Unix, if you installed a pre-built package, look for /etc/torrc or /etc/tor/torrc or consult your package's documentation.
• Finally, if you installed from source, you may not have a torrc installed yet: look in /usr/local/etc/ and note that you may need to manually copy torrc.sample to torrc

The default torrc file should work fine for most Tor users. You will need to edit it if you want to start relaying traffic for others (that is, become a Tor relay). For other configuration options you can use, look at the Tor man page.

Once you've changed your torrc, you will need to restart Tor for the changes to take effect. (For advanced users on OS X and Unix, note that you actually only need to send Tor a HUP signal, not actually restart it.)

Remember, all lines beginning with # in torrc are treated as comments and have no effect on Tor's configuration.

3.2. How do I set up logging, or see Tor's logs?

[link]

If you installed a Tor bundle with Vidalia, then Vidalia has a window called "Message Log" that will show you Tor's log messages. You can click on "Settings" to see more details, or to save the messages to a file also. You're all set.

If you're not using Vidalia, you'll have to go find the log files by hand as described below.

By default, Tor logs to "standard out" (also knows as "stdout") at log-level notice. However, some Tor packages (notably the ones for OS X, Debian, Red Hat, etc) change the default logging so it logs to a file, and then Tor runs in the background.

If you're using a pre-packaged Tor, here are some likely places for your logs to go by default:

• On Windows, there are no default log files currently. If you configure logging to a file in your torrc, they will show up in \username\Application Data\tor\log\ or \Application Data\tor\log\
• On OS X, Debian, Red Hat, etc, the logs are in /var/log/tor/
• If you compiled Tor from source, your logs will go to /usr/local/var/log/tor/, but only if you enable them in the torrc file.

If you want to change your logging setup, open your torrc in an editor.

Find the section (near the top of the file) which contains the following line:

• ##Logs go to stdout at level "notice" unless redirected by something else, like one of the below lines.

Now, assuming you want Tor to send complete debug, info, notice, warn, and err level messages to a file, append the following line to the end of the section:

• Log debug file c:/program files/tor/debug.log

Replace "c:/program files/tor/debug.log" with a directory/filename for your Tor log.

If you also want Tor to output to stdout, append the following line to the section as well:

• Log notice stdout

3.3. What log level should I use?

[link]

There are five log levels (also called "log severities") you might see in Tor's logs:

• "err": something bad just happened, and we can't recover. Tor will exit.
• "warn": something bad happened, but we're still running. The bad thing might be a bug in the code, some other Tor process doing something unexpected, etc. The operator should examine the message and try to correct the problem.
• "notice": something the operator will want to know about.
• "info": something happened (maybe bad, maybe ok), but there's nothing you need to (or can) do about it.
• "debug": for everything louder than info. It is quite loud indeed.

Alas, some of the warn messages are hard for ordinary users to correct -- the developers are slowly making progress at making Tor automatically react correctly for each situation.

We recommend running at the default, which is "notice". You will hear about important things, and you won't hear about unimportant things.

Tor relays in particular should avoid logging at info or debug in normal operation, since they might end up recording sensitive information in their logs.

3.4. Do I have to open all these outbound ports on my firewall?

[link]

Tor may attempt to connect to any port that is advertised in the directory as an ORPort (for making Tor connections) or a DirPort (for fetching updates to the directory). There are a variety of these ports, but many of them are running on 80, 443, 9001, and 9030.

So as a client, you could probably get away with opening only those four ports. Since Tor does all its connections in the background, it will retry ones that fail, and hopefully you'll never have to know that it failed, as long as it finds a working one often enough. However, to get the most diversity in your entry nodes -- and thus the most security -- as well as the most robustness in your connectivity, you'll want to let it connect to all of them.

If you really need to connect to only a small set of ports, see the FAQ entry on firewalled ports.

Note that if you're running as a Tor relay, you must allow outgoing connections to every other relay, and to anywhere your exit policy advertises that you allow. The cleanest way to do that is to simply allow all outgoing connections at your firewall. If you don't, clients will try to use these connections and things won't work.

3.5. My Tor keeps crashing.

[link]

We want to hear from you! There are supposed to be zero crash bugs in Tor. This FAQ entry describes the best way for you to be helpful to us. But even if you can't work out all the details, we still want to hear about it, so we can help you track it down.

First, make sure you're using the latest version of Tor (either the latest stable or the latest development version).

Second, make sure your version of libevent is new enough. We recommend at least libevent 1.3a.

Third, see if there's already an entry for your bug in the Tor bugtracker. If so, check if there are any new details that you can add.

Fourth, is the crash repeatable? Can you cause the crash? Can you isolate some of the circumstances or config options that make it happen? How quickly or often does the bug show up? Can you check if it happens with other versions of Tor, for example the latest stable release?

Fifth, what sort of crash do you get?

• Does your Tor log include an "assert failure"? If so, please tell us that line, since it helps us figure out what's going on. Tell us the previous couple of log messages as well, especially if they seem important.
• If it says "Segmentation fault - core dumped" then you need to do a bit more to track it down. Look for a file like "core" or "tor.core" or "core.12345" in your current directory, or in your Data Directory. If it's there, run "gdb tor core" and then "bt", and include the output. If you can't find a core, run "ulimit -c unlimited", restart Tor, and try to make it crash again. (This core thing will only work on Unix -- alas, tracking down bugs on Windows is harder. If you're on Windows, can you get somebody to duplicate your bug on Unix?)
• If Tor simply vanishes mysteriously, it probably is a segmentation fault but you're running Tor in the background (as a daemon) so you won't notice. Go look at the end of your log file, and look for a core file as above. If you don't find any good hints, you should consider running Tor in the foreground (from a shell) so you can see how it dies. Warning: if you switch to running Tor in the foreground, you might start using a different torrc file, with a different default Data Directory; see

  the relay-upgrade FAQ entry for details.

• If it's still vanishing mysteriously, perhaps something else is killing it? Do you have resource limits (ulimits) configured that kill off processes sometimes? (This is especially common on OpenBSD.) On Linux, try running "dmesg" to see if the out-of-memory killer removed your process. (Tor will exit cleanly if it notices that it's run out of memory, but in some cases it might not have time to notice.) In very rare circumstances, hardware problems could also be the culprit.

Sixth, if the above ideas don't point out the bug, consider increasing your log level to "loglevel debug". You can look at the log-configuration FAQ entry for instructions on what to put in your torrc file. If it usually takes a long time for the crash to show up, you will want to reserve a whole lot of disk space for the debug log. Alternatively, you could just send debug-level logs to the screen (it's called "stdout" in the torrc), and then when it crashes you'll see the last couple of log lines it had printed. (Note that running with verbose logging like this will slow Tor down considerably, and note also that it's generally not a good idea security-wise to keep logs like this sitting around.)

4. Running a Tor client

[link]

4.1. I installed Tor and Privoxy but it's not working.

[link]

Are you sure Tor and Privoxy are both running? If you're using Vidalia, you may have to click on the onion and select "Start" to launch Tor.

Did you configure your web browser to http proxy to port 8118? Most people should do this simply by installing Torbutton and making sure it says "Tor enabled" at the bottom.

Check your Tor logs. Do they give you any hints about what's going wrong?

Check your system clock. If it's more than a few hours off, Tor will refuse to build circuits. For XP users, synchronize your clock under the clock -> Internet time tab. In addition, correct the day and date under the 'Date & Time' Tab.

Is your Internet connection firewalled, or do you normally need to use a proxy? Are you running programs like Norton Internet Security that block certain connections, even though you don't realize they do?

If you installed Privoxy yourself (not from a bundle), did you edit the Privoxy config file as described? Did you remember to put the "." at the end of the Privoxy config line? Did you accidentally comment the config line out? Did you restart Privoxy after this change?

For Red Hat Linux and related systems, do you have SELinux enabled? If so, it might be preventing Privoxy from talking to Tor. We also run across BSD users periodically who have local firewall rules that prevent some connections to localhost.

When it's working, Tor should report that it 'has successfully opened a circuit. Looks like client functionality is working.'

4.2. How can I tell if Tor is working, and that my connections really are anonymized? Are there external servers that will test my connection?

[link]

Once you've set up your browser to point to Privoxy, and (if necessary) your Privoxy to point to Tor, there are sites you can visit that will tell you if you appear to be coming through the Tor network. Try the Tor Check site and see whether it thinks you are using Tor or not.

If that site is down, you can still test, but it will involve more effort: http://ipid.shat.net and http://www.showmyip.com/ will tell you what your IP address appears to be, but you'll need to know your current IP address so you can compare and decide whether you're using Tor correctly.

To learn your IP address on OS X, Linux, BSD, etc, run "ifconfig". On Windows, go to the Start menu, click Run and enter "cmd". At the command prompt, enter "ipconfig /a".

If you are behind a NAT or firewall, though, your IP address will show up as something like 192.168.1.1 or 10.10.10.10, and this isn't your public IP address. In this case, you should 1) configure your browser to connect directly (that is, stop using Privoxy), 2) check your IP address with one of the sites above, 3) point your browser back to Privoxy, and 4) see whether your IP address has changed.

4.3. Why does Privoxy keep telling me "resolve failed"?

[link]

Unfortunately, Privoxy only has one error message. So no matter what went wrong, it will tell you "resolve failed".

You might have better luck looking at Tor's log messages.

If you're technically inclined, you'll probably be happier setting up Polipo rather than Privoxy: it provides much more useful error messages.

(One day the bundles will come with Polipo rather than Privoxy --- and that day will come sooner if you help!)

4.4. How do I use my browser for ftp with Tor?

[link]

The short answer is to use Firefox 1.5 or above with Torbutton. With this configuration, accessing ftp:// links should be safe for you: your Firefox will safely use Tor directly as a socks proxy when accessing these links.

Versions of Firefox older than 1.5 don't know how to use a socks proxy without broadcasting your DNS queries to the local network, so in those cases you should avoid ftp:// links. Torbutton will automatically configure your browser in this case to point all protocols to Privoxy: this means that ftp connections will fail, but at least they won't be dangerous.

If you're using a different browser, we wish you luck. Most of them don't support doing socks requests without leaking the DNS resolve, so you will want to set as many proxy lines as you can. Internet Explorer users beware --- there is a known bug that causes Explorer to directly send FTP requests without going through the specified proxy. You should at least disable Folder View in Internet Explorer if using Tor with Privoxy, and you may need to take other steps as well.

If you want a separate application for an ftp client, we've heard good things about FileZilla for Windows. You can configure it to point to Tor as a "socks4a" proxy on "localhost" port "9050".

4.5. Does Tor remove personal information from the data my application sends?

[link]

No, it doesn't. You need to use a separate program that understands your application and protocol and knows how to clean or "scrub" the data it sends. Privoxy is an example of this for web browsing. But note that even Privoxy won't protect you completely: you may still fall victim to viruses, Java Script attacks, etc; and Privoxy can't do anything about text that you type into forms. Be careful and be smart.

4.6. I want to run my Tor client on a different computer than my applications.

[link]

By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers than the Tor client, you should edit your torrc to define  SocksListenAddress 0.0.0.0  and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP. (For a complete example of this, see Tor through SSH tunnel using a web browser on Debian to connect to a Tor client running on OpenBSD. The data is transferred between the computers using an SSH tunnel.)

If you are using tor through privoxy, or using the Firefox Torbutton plugin with privoxy (the default arrangement) you will need to edit your privoxy config file so that your 'forward-socks4a' line reads something like the following:

 forward-socks4a / 192.168.1.2:9100 . 

Where 192.168.1.2 is the address on your local network where your tor relay is running.

For a more flexible plugin alternative to Torbutton, see the Tor SwitchProxy howto.

For more information on setting up a central tor server, see Can I install Tor on a central server, and have my clients connect to it?

4.7. How often does Tor change its paths?

[link]

Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)

But note that a single TCP stream (e.g. a long IRC connection) will stay on the same circuit forever -- we don't rotate individual streams from one circuit to the next. Otherwise an adversary with a partial view of the network would be given many chances over time to link you to your destination, rather than just one chance.

4.8. Why does netstat show these outbound connections?

[link]

Because that's how Tor works. It holds open a handful of connections so there will be one available when you need one.

4.9. Tor uses hundreds of bytes for every IRC line. I can't afford that!

[link]

Tor sends data in chunks of 512 bytes (called "cells"), to make it harder for intermediaries to guess exactly how many bytes you're communicating at each step. This is unlikely to change in the near future -- if this increased bandwidth use is prohibitive for you, I'm afraid Tor is not useful for you right now.

We have been considering one day adding two classes of cells -- maybe a 64 byte cell and a 1024 byte cell. This would allow less overhead for interactive streams while still allowing good throughput for bulk streams. But since we want to do a lot of work on quality-of-service and better queuing approaches first, you shouldn't expect this change anytime soon (if ever).

4.10. Can I control what nodes I use for entry/exit?

[link]

Yes. You can set preferred entry and exit nodes as well as inform Tor which nodes you do not want to use. The following options can be added to your config file "torrc" or specified on the command line:

• entrynodes $fingerprint,$fingerprint,...

  • A list of preferred nodes to use for the first hop in the circuit, if possible.

  exitnodes $fingerprint,$fingerprint,...

  • A list of preferred nodes to use for the last hop in the circuit, if possible.

  excludenodes $fingerprint,$fingerprint,...

  • A list of nodes to never use when building a circuit.

We recommend you do not use these -- they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand.

The entrynodes and exitnodes config options are treated as a request, meaning if the nodes are down or seem slow, Tor will still avoid them. You can make the option mandatory by setting StrictExitNodes 1 or StrictEntryNodes 1 -- but if you do, your Tor connections will stop working if all of the nodes you have specified become unreachable. See the Tor status pages for some nodes you might pick.

If you want to choose the exit node for a specific request, you can give the hostname as hostname.$fingerprint.exit (e.g. http://cnn.com.$A3035DE0545C24A9EA0D87F5FB7E4098DED0C4FF.exit). This will work fine if you're using Privoxy. You can also install Blossom, which is a client-side Tor controller that lets you specify what country you want to exit from when accessing a given resource.

If you want to access a service directly through Tor's SOCKS interface (eg. using ssh via connect.c), another option is to set up an internal mapping in your configuration file using MapAddress. See the manual page for details.

4.11. Google tells me I have spyware installed.

[link]

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware. Instead, Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It then notes the IP addresses from which those queries are received. Finally, Google tries to warn the users of those IP addresses that it received queries indicating an infection.

When you use Tor, you are sending queries through exit nodes that are also shared by thousands of other users. If some of those users are infected with software that Google detects, Google may mistakenly conclude that the exit nodes themselves are infected (because the requests appeared to originate from the exit nodes) and, for a limited period of time, will try (incorrectly) to warn all Google users who share an exit node with an infected machine that they are themselves infected.

You may also get this sort of message when lots of Tor users are querying Google in a short period of time. Google interprets the high volume of traffic as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

If we think of a measure that would prevent users from seeing this sort of spurious warning message, we will certainly suggest it to Google and to other web site developers. There may also be technical workarounds for Tor end-users affected by this problem; if you find a useful workaround and write up a description of it, please let us know.

4.12. Why does Google show up in foreign languages?

[link]

Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.

If you really want to see Google in English you can click the link that provides that. But we consider this a feature with Tor, not a bug --- the Internet is not flat, and it in fact does look different depending on where you are. This feature reminds people of this fact.

Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. On a query this looks like: http://google.com/search?q=...&hl=en&..

In Firefox you can search for the google.src file and add the line <input name="hl" value="en"> to it. Then restart Firefox and it will automatically add the "hl=en" name/value pair to all queries made from the search bar so you will get English results regardless of which Google server you have been sent to. Note that this file is actually 'hidden' as part of the application container on Macs. To get to this file on a Mac you have to right click on the Firefox application icon and select "Show Package Contents" then navigate to Contents/MacOS/searchplugins.

Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on. You can also set your language by first selecting it in Language Tools section, search for something simple. Then extract the language from the URL. In this example, we'll choose Hebrew: http://www.google.com/search?lr=lang_iw. Next, use that string in the url: http://google.com/intl/iw/. This can obviously be set as your homepage or bookmarked if necessary.

4.13. How do I access Tor hidden services?

[link]

Tor hidden services are named with a special top-level domain (TLD) name in DNS: .onion. Since the .onion TLD is not recognized by the official root DNS servers on the Internet, your application will not get the response it needs to locate the service. Currently, the Tor directory server provides this look-up service; and thus the look-up request must get to the Tor network.

Therefore, your application needs to pass the .onion hostname to Tor directly. You can't try to resolve it to an IP address, since there is no corresponding IP address: the server is hidden, after all!

So, how do you make your application pass the hostname directly to Tor? You can't use SOCKS 4, since SOCKS 4 proxies require an IP from the client (a web browser is an example of a SOCKS client). Even though SOCKS 5 can accept either an IP or a hostname, most applications supporting SOCKS 5 try to resolve the name before passing it to the SOCKS proxy. SOCKS 4a, however, always accepts a hostname: You'll need to use SOCKS 4a.

Some applications, such as the browsers Mozilla Firefox and Apple's Safari, support sending DNS queries to Tor's SOCKS 5 proxy. Most web browsers don't support SOCKS 4a very well, though. The workaround is to point your web browser at an HTTP proxy, and tell the HTTP proxy to speak to Tor with SOCKS 4a. We recommend Privoxy as your HTTP proxy.

For applications that do not support HTTP proxy, and so cannot use Privoxy, FreeCap is an alternative. When using FreeCap set proxy protocol to SOCKS 5 and under settings set DNS name resolving to remote. This will allow you to use almost any program with Tor without leaking DNS lookups and allow those same programs to access hidden services.

See also the question on DNS.

4.14. My Internet connection requires an HTTP proxy.

[link]

Check out the HttpProxy and HttpsProxy config options in the man page. You will need an http proxy for doing GET requests to fetch the Tor directory, and you will need an https proxy for doing CONNECT requests to get to Tor relays. (It's fine if they're the same proxy.)

Also check out HttpProxyAuthenticator and HttpsProxyAuthenticator if your proxy requires auth. We only support basic auth currently, but if you need NTLM authentication, check out this post in the archives.

If your proxies only allow you to connect to certain ports, look at the entry below on Firewalled clients for how to restrict what ports your Tor will try to access.

4.15. My firewall only allows a few outgoing ports.

[link]

If your firewall works by blocking ports, then you can tell Tor to only use the ports that your firewall permits by adding "FascistFirewall 1" to your torrc configuration file.

By default, when you set this Tor assumes that your firewall allows only port 80 and port 443 (HTTP and HTTPS respectively). You can select a different set of ports with the FirewallPorts option.

As of Tor 0.1.1.14-alpha, we've replaced FascistFirewall and FirewallPorts with new config options:

  ReachableDirAddresses *:80
  ReachableORAddresses *:443

4.16. Is there a list of default exit ports?

[link]

The default open ports are listed below but keep in mind that, any port or ports can be opened by the relay operator by configuring it in torrc or modifying the source code. But the default according to tor.1.in from the source code release tor-0.1.0.8-rc is:

Thanks to http://www.seifried.org for port references.

4.17. What should I do if I can't use an http proxy with my application?

[link]

On Unix, you might try tsocks, but it doesn't seem to work so well on FreeBSD, we'd be happy to hear about alternatives; You might also try socat. It might not be as seamless as tsocks, but it's worked where the former hasn't. There is also proxychains, but I can't get it to play nicely with Tor at the moment.

For FreeBSD and OpenBSD, you can try dante instead of tsocks. Both have a port and package for dante. Instead of running torify irssi you would run socksify irssi after properly setting up dante. See Tor chrooted in OpenBSD for an example dante configuration that works with Tor.

On windows, look at sockscap, or maybe freecap if you prefer free software.

4.18. I keep seeing these warnings about SOCKS and DNS and information leaks. Should I worry?

[link]

The warning is:

Your application (using socks5 on port %d) is giving Tor only an IP address.
Applications that do DNS resolves themselves may leak information. Consider
using Socks4A (e.g. via privoxy or socat) instead.

If you are running Tor to get anonymity, and you are worried about an attacker who is even slightly clever, then yes, you should worry. Here's why.

The Problem. When your applications connect to servers on the Internet, they need to resolve hostnames that you can read (like www.torproject.org) into IP addresses that the Internet can use (like 209.237.230.66). To do this, your application sends a request to a DNS server, telling it the hostname it wants to resolve. The DNS server replies by telling your application the IP address.

Clearly, this is a bad idea if you plan to connect to the remote host anonymously: when your application sends the request to the DNS server, the DNS server (and anybody else who might be watching) can see what hostname you are asking for. Even if your application then uses Tor to connect to the IP anonymously, it will be pretty obvious that the user making the anonymous connection is probably the same person who made the DNS request.

Where SOCKS comes in. Your application uses the SOCKS protocol to connect to your local Tor client. There are 3 versions of SOCKS you are likely to run into: SOCKS 4 (which only uses IP addresses), SOCKS 5 (which usually uses IP addresses in practice), and SOCKS 4a (which uses hostnames).

When your application uses SOCKS 4 or SOCKS 5 to give Tor an IP address, Tor gue