|
|
@@ -3,33 +3,34 @@ The Onion Routing (TOR) Frequently Asked Questions
|
|
|
|
|
|
1. General.
|
|
|
|
|
|
-1.1. What is tor?
|
|
|
+1.1. What is Tor?
|
|
|
|
|
|
Tor is an implementation of version 2 of Onion Routing.
|
|
|
+Go read the tor-design.pdf for the details.
|
|
|
|
|
|
-Onion Routing is a connection-oriented anonymizing communication
|
|
|
-service. Users build a layered block of asymmetric encryptions
|
|
|
-(an "onion") which describes a source-routed path through a set of
|
|
|
-nodes. Those nodes build a "virtual circuit" through the network, in which
|
|
|
-each node knows its predecessor and successor, but no others. Traffic
|
|
|
-flowing down the circuit is unwrapped by a symmetric key at each node,
|
|
|
-which reveals the downstream node.
|
|
|
+In brief, Onion Routing is a connection-oriented anonymizing communication
|
|
|
+service. Users choose a source-routed path through a set of nodes, and
|
|
|
+negotiate a "virtual circuit" through the network, in which each node
|
|
|
+knows its predecessor and successor, but no others. Traffic flowing down
|
|
|
+the circuit is unwrapped by a symmetric key at each node, which reveals
|
|
|
+the downstream node.
|
|
|
|
|
|
-Basically tor provides a distributed network of servers ("onion
|
|
|
+Basically Tor provides a distributed network of servers ("onion
|
|
|
routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc)
|
|
|
around the routers, and recipients, observers, and even the routers
|
|
|
themselves have difficulty tracking the source of the stream.
|
|
|
|
|
|
-1.2. Why's it called tor?
|
|
|
+1.2. Why's it called Tor?
|
|
|
|
|
|
-Because tor is the onion routing system. I kept telling people I was
|
|
|
+Because Tor is the onion routing system. I kept telling people I was
|
|
|
working on onion routing, and they said "Neat. Which one?" Even if onion
|
|
|
routing has become a standard household term, this is the actual onion
|
|
|
routing project, started out of the Naval Research Lab.
|
|
|
|
|
|
-(Theories about recursive acronyms are ok too.)
|
|
|
+(Theories about recursive acronyms are ok too. It's also got a fine
|
|
|
+translation into German.)
|
|
|
|
|
|
-1.3 Is there a backdoor in tor?
|
|
|
+1.3 Is there a backdoor in Tor?
|
|
|
|
|
|
Not right now, but if this answer changes we probably won't be allowed
|
|
|
to tell you. You should always check the source (or at least the diffs
|
|
|
@@ -42,12 +43,12 @@ source, that's a sure sign something funny could be going on.
|
|
|
for you.]
|
|
|
|
|
|
|
|
|
-3. Running tor.
|
|
|
+3. Running Tor.
|
|
|
|
|
|
3.1. What kind of server should I run?
|
|
|
|
|
|
-The same executable ("or") functions as both client and server, depending
|
|
|
-on which ports are specified in the configuration file. You can specify:
|
|
|
+The same executable functions as both client and server, depending on
|
|
|
+which ports are specified in the configuration file. You can specify:
|
|
|
* SocksPort: client applications (eg privoxy, Mozilla) can speak socks to
|
|
|
this port.
|
|
|
* ORPort: other onion routers connect to this port
|
|
|
@@ -56,18 +57,18 @@ on which ports are specified in the configuration file. You can specify:
|
|
|
|
|
|
3.2. So I can just run a full onion router and join the network?
|
|
|
|
|
|
-No. Users should run just an onion proxy (use the 'oprc' config file).
|
|
|
-If you start up a full onion router, the rest of the routers in the
|
|
|
-system won't recognize you, so they will reject your handshake attempts.
|
|
|
+No. Users should run just an onion proxy. If you start up a full onion
|
|
|
+router, the rest of the routers in the system won't recognize you,
|
|
|
+so they will reject your handshake attempts.
|
|
|
|
|
|
3.3. How do I join the network then?
|
|
|
|
|
|
If you just want to use the onion routing network, you can run a proxy
|
|
|
and you're all set. If you want to run a router, you must convince
|
|
|
the directory server operators (currently arma@mit.edu) that you're a
|
|
|
-trustworthy person. From there, the operators add you to the directory,
|
|
|
-which propagates out to the rest of the network. All nodes will know
|
|
|
-about you within an hour.
|
|
|
+trustworthy and reliable person. From there, the operators add you to
|
|
|
+the directory, which propagates out to the rest of the network. All
|
|
|
+nodes will know about you within a half hour.
|
|
|
|
|
|
3.4. I want to run a directory server too.
|
|
|
|
|
|
@@ -93,7 +94,7 @@ about recently joined routers.
|
|
|
|
|
|
5. Anonymity.
|
|
|
|
|
|
-5.1. So I'm totally anonymous if I use tor?
|
|
|
+5.1. So I'm totally anonymous if I use Tor?
|
|
|
|
|
|
|
|
|
|
|
|
@@ -101,8 +102,6 @@ about recently joined routers.
|
|
|
|
|
|
5.3. What attacks remain against onion routing?
|
|
|
|
|
|
-tagging: can change bytes in the cells, even through link encryption
|
|
|
-end node can give back wrong data, even subtly wrong data.
|
|
|
|
|
|
|
|
|
6. Comparison to related projects.
|
Roger Dingledine