tor/doc/FAQ

The Onion Routing (TOR) Frequently Asked Questions
--------------------------------------------------

1. General.

1.1. What is tor?

Tor is an implementation of version 2 of Onion Routing.

Onion Routing is a connection-oriented anonymizing communication
service. Users build a layered block of asymmetric encryptions
(an "onion") which describes a source-routed path through a set of
nodes. Those nodes build a "virtual circuit" through the network, in which
each node knows its predecessor and successor, but no others. Traffic
flowing down the circuit is unwrapped by a symmetric key at each node,
which reveals the downstream node.

Basically tor provides a distributed network of servers ("onion
routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc)
around the routers, and recipients, observers, and even the routers
themselves have difficulty tracking the source of the stream.

1.2. Why's it called tor?

Because tor is the onion routing system. I kept telling people I was
working on onion routing, and they said "Neat. Which one?" Even if onion
routing has become a standard household term, this is the actual onion
routing project, started out of the Naval Research Lab.

(Theories about recursive acronyms are ok too.)


2. Compiling and installing.

[Read the README file for now; check back here once we've got packages/etc
for you.]


3. Running tor.

3.1. What kind of server should I run?

The same executable ("or") functions as both client and server, depending
on which ports are specified in the configuration file. You can specify:
* APPort: client applications (eg privoxy, Mozilla) can speak socks to
  this port.
* OPPort: onion proxies (client onion routers) connect to this port.
* ORPort: other onion routers connect to this port
* DirPort: onion proxies and onion routers speak http to this port, to
  pull down a directory of which nodes are currently available.

3.2. So I can just run a full onion router and join the network?

No. Users should run just an onion proxy (use the 'oprc' config file).
If you start up a full onion router, the rest of the routers in the
system won't recognize you, so they will reject your handshake attempts.

3.3. How do I join the network then?

If you just want to use the onion routing network, you can run a proxy
and you're all set. If you want to run a router, you must convince
the directory server operators (currently arma@mit.edu) that you're a
trustworthy person. From there, the operators add you to the directory,
which propagates out to the rest of the network. All nodes will know
about you within an hour.

3.4. I want to run a directory server too.

If you run a very reliable node, you plan to be around for a long time,
and you want to spend some time ensuring that router operators are
people we know and like, we may want you to run a directory server
too. We must manually add you to the 'dirservers' file that's part of
the distribution; users will only know about you when they upgrade to
a new version. Of course, you can always just start up your router as a
directory server too --- but users won't know to ask you for directories,
and more importantly, you'll never learn from the real directory servers
about recently joined routers.


4. Development.

4.1. Who's doing this?

4.2. Can I help?

4.3. I've got a bug.


5. Anonymity.

5.1. So I'm totally anonymous if I use tor?



5.2. Where can I learn more about anonymity?

5.3. What attacks remain against onion routing?

tagging: can change bytes in the cells, even through link encryption
end node can give back wrong data, even subtly wrong data.


6. Comparison to related projects.

6.1. Onion Routing.

Tor *is* onion routing.

6.2. Freedom.


7. Protocol and application support.

7.1. http? ftp? udp? socks? mozilla?