123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 |
- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <title>Tor Documentation</title>
- <meta name="Author" content="Roger Dingledine">
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta http-equiv="Content-Style-Type" content="text/css">
- <link rel="stylesheet" type="text/css" href="tor-doc.css">
- </head>
- <body>
- <h1><a href="http://tor.eff.org/">Tor</a> documentation</h1>
- <p>Tor provides a distributed network of servers ("onion routers"). Users
- bounce their communications (web requests, IM, IRC, SSH, etc.) around
- the routers. This makes it hard for recipients, observers, and even the
- onion routers themselves to track the source of the stream.</p>
- <a name="why"></a>
- <h2>Why should I use Tor?</h2>
- <p>Individuals need Tor for privacy:
- <ul>
- <li>Privacy in web browsing -- both from the remote website (so it can't
- track and sell your behavior), and similarly from your local ISP.
- <li>Safety in web browsing: if your local government doesn't approve
- of its citizens visiting certain websites, they may monitor the sites
- and put readers on a list of suspicious persons.
- <li>Circumvention of local censorship: connect to resources (news
- sites, instant messaging, etc.) that are restricted from your
- ISP/school/company/government.
- <li>Socially sensitive communication: chat rooms and web forums for
- rape and abuse survivors, or people with illnesses.
- </ul>
- <p>Journalists and NGOs need Tor for safety:
- <ul>
- <li>Allowing dissidents and whistleblowers to communicate more safely.
- <li>Censorship-resistant publication, such as making available your
- home-made movie anonymously via a Tor <a
- href="http://tor.eff.org/doc/tor-hidden-service.html">hidden
- service</a>; and reading, e.g. of news sites not permitted in some
- countries.
- <li>Allowing your workers to check back with your home website while
- they're in a foreign country, without notifying everybody nearby that
- they're working with your organization.
- </ul>
- <p>Companies need Tor for business security:
- <ul>
- <li>Competitive analysis: browse the competition's website safely.
- <li>Protecting collaborations of sensitive business units or partners.
- <li>Protecting procurement suppliers or patterns.
- <li>Putting the "P" back in "VPN": traditional VPNs reveal the exact
- amount and frequency of communication. Which locations have employees
- working late? Which locations have employees consulting job-hunting
- websites? Which research groups are communicating with your company's
- patent lawyers?
- </ul>
- <p>Governments need Tor for traffic-analysis-resistant communication:
- <ul>
- <li>Open source intelligence gathering (hiding individual analysts is
- not enough -- the organization itself may be sensitive).
- <li>Defense in depth on open <em>and classified</em> networks -- networks
- with a million users (even if they're all cleared) can't be made safe just
- by hardening them to external threat.
- <li>Dynamic and semi-trusted international coalitions: the network can
- be shared without revealing the existence or amount of communication
- between all parties.
- <li>Networks partially under known hostile control: to block
- communications, the enemy must take down the whole network.
- <li>Politically sensitive negotiations.
- <li>Road warriors.
- <li>Protecting procurement patterns.
- <li>Anonymous tips.
- </ul>
- <p>Law enforcement needs Tor for safety:
- <ul>
- <li>Allowing anonymous tips or crime reporting
- <li>Allowing agents to observe websites without notifying them that
- they're being observed (or, more broadly, without having it be an
- official visit from law enforcement).
- <li>Surveillance and honeypots (sting operations)
- </ul>
- <p>Does the idea of sharing the Tor network with
- all of these groups bother you? It shouldn't -- <a
- href="http://freehaven.net/doc/fc03/econymics.pdf">you need them for
- your security</a>.</p>
- <a name="installing"></a>
- <a name="client"></a>
- <h2>Installing and configuring Tor</h2>
- <p>See the <a href="tor-doc-win32.html">Windows</a>,
- <a href="tor-doc-osx.html">OS X</a>, and <a
- href="tor-doc-unix.html">Linux/BSD/Unix</a> documentation guides.
- <a name="client-or-server"></a>
- <a name="server"></a>
- <h2>Configuring a server</h2>
- <p>
- We've moved this section over to the new
- <a href="http://tor.eff.org/doc/tor-doc-server.html">Tor Server
- Configuration Guide</a>. Hope you like it.
- </p>
- <a name="hidden-service"></a>
- <h2>Configuring a hidden service</h2>
- <p>
- We've moved this section over to the new <a
- href="http://tor.eff.org/doc/tor-hidden-service.html">Tor Hidden Service
- Howto</a>. Hope you like it.
- </p>
- <a name="own-network"></a>
- <h2>Setting up your own network</h2>
- <p>
- If you want to experiment locally with your own network, or you're cut
- off from the Internet and want to be able to mess with Tor still, then
- you may want to set up your own separate Tor network.
- <p>
- To set up your own Tor network, you need to run your own directory
- servers, and you need to configure each client and server so it knows
- about your directory servers rather than the default ones.
- <ul>
- <li>1: Grab the latest release. Use at least 0.0.9.5.
- <li>2: For each directory server you want,
- <ul>
- <li>2a: Set it up as a server (see <a href="#server">"setting up a
- server"</a> above), with a least ORPort, DirPort, DataDirectory, and Nickname
- defined. Set "AuthoritativeDirectory 1".
- <li>2b: Set "RecommendedVersions" to a comma-separated list of acceptable
- versions of the code for clients and servers to be running.
- <li>2c: Run it: <tt>tor --list-fingerprint</tt> if your torrc is in
- the default place, or <tt>tor -f torrc --list-fingerprint</tt> to
- specify one. This will generate your keys and output a fingerprint
- line.
- </ul>
- <li>3: Now you need to teach clients and servers to use the new
- dirservers. For each fingerprint, add a line like<br>
- <tt>DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF</tt><br>
- to the torrc of each client and server who will be using your network.
- <li>4: Create a file called approved-routers in the DataDirectory
- of each directory server. Collect the 'fingerprint' lines from
- each server (including directory servers), and include them (one per
- line) in each approved-routers file. You can hup the tor process for
- each directory server to reload the approved-routers file (so you don't
- have to restart the process).
- </ul>
- </body>
- </html>
|