常见问题

通常情况下,除非你知道如何把 VPN 和 Tor 在不侵犯你的隐私的情况下一起配置,我们不建议将这两者配合使用。

You can find more detailed information about Tor + VPN at our wiki.

Tor 浏览器目前在 WindowsLinuxmacOS上可用。

Tor 浏览器有一个适用于[安卓](https://www.torproject.org/download/#android)的版本,[The Guardian Project](https://guardianproject.info)也提供了应用 [Orbot](https://play.google.com/store/apps/details?id=org.torproject.android),以通过 Tor 网络在 Android 设备上路由其他应用。

Tor 还没有官方的 iOS 版本,但是我们推荐Onion Browser

强烈建议不要在 Tor 浏览器上安装新的附加组件,因为这可能会损害你的隐私和安全。

安装新的拓展可能会意外影响 Tor 浏览器,并使得您的 Tor 浏览器的浏览器指纹变得独一无二。 如果您的 Tor 浏览器副本拥有独特标记,您的浏览活动可以被反匿名并被追踪,即使您正在使用 Tor 浏览器。

简单来说,所有浏览器的设置与特性都会创造一个叫“浏览器指纹”的东西。 大多数浏览器不经意间为每一个用户创建独一无二的浏览器指纹,那可以被用来在全网追踪该用户。 Tor 浏览器经过特殊设计来使得所有用户拥有近乎相同的浏览器指纹(人无完人!)。 这意味着每一个 Tor 浏览器用户看起来都跟其他 Tor 浏览器用户一样,使得追踪一个单独的用户变得困难。

新的插件也有可能增加Tor 浏览器遭到攻击的几率。 这可能会允许敏感信息被泄露或允许攻击者感染 Tor 浏览器。 插件本身可能就被恶意设计用于监控您。

Tor Browser already comes installed with two add-ons — HTTPS Everywhere and NoScript — and adding anything else could deanonymize you.

想要了解更多有关浏览痕迹?在 Tor 博客中有一篇文章介绍了所有有关它的内容。

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

Tor 浏览器防止人们获知您访问过的网站。 有些机构,例如您的互联网服务提供商,也许会知道您正在使用 Tor 。不过他们将不会知晓您正在使用 Tor 做些什么。

关于 Tor

“Tor”这一名称可用于多个不同的组件。

Tor是一个您能运行在您的电脑上,保护您在互联网上安全的程序。 It protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. This set of volunteer relays is called the Tor network.

The way most people use Tor is with Tor Browser, which is a version of Firefox that fixes many privacy issues. You can read more about Tor on our about page.

Tor 项目是一个非盈利性(慈善)组织,它维护和开发 Tor 软件。

因为Tor是洋葱路由网络。 When we were starting the new next-generation design and implementation of onion routing in 2001-2002, we would tell people we were working on onion routing, and they would say "Neat. Which one?" Even if onion routing has become a standard household term, Tor was born out of the actual onion routing project run by the Naval Research Lab.

(它也拥有优秀的德语和土耳其语翻译。)

注意:尽管它原本来源于一个缩写,Tor 不能被拼写成“TOR”。 只有首字母时大写的。 In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.

不,它不会。 你需要使用另一个程序去理解你的应用和协议并且了解如何清除或者"擦除"它发送的数据。 Tor 浏览器尽力确保应用层数据,例如用户代理的字符串,对于所有用户都是一致的。 Tor Browser can't do anything about the text that you type into forms, though.

一个传统的代理提供商会在互联网的某处搭建一台服务器并允许您使用它来中继您的流量。 这构建一个简单的,容易维护的架构。 所有用户都通过同一台服务器来通讯。 提供者可以对代理的使用进行收费,或者通过服务器上的广告来支付其成本。 通过最简单的配置,您不需要安装任何东西。 您只需要将您的浏览器指向他们的代理服务器。 如果您不希望在线保护自己的隐私和匿名性,并且您相信提供者不会做坏事,那么简单的代理提供者就是很好的解决方案。 一些简单的代理提供程序使用SSL来保护您与它们之间的连接,从而保护您免受本地窃听者的侵害,例如在带有免费wifi上网的咖啡馆中。

简易的代理服务商也可能会造成单点故障。 供应商知道您是谁,也知道您在互联网上正浏览什么。 在您的流量经过他们的服务器时,他们可以看见您的流量。 在某些情况下,当他们使你的加密流量依赖于银行网点或者电商商店,他们甚至可以看到你其中的加密流量。 您不得不信任您的供应商不监控您的流量,注入他们自己的广告或者记录您的个人信息。

在您的流量抵达目的地前,Tor将它传递通过至少三台不同服务器。 因为这三层中的每一层都附加了互相独立的加密,监视您的的网络连接的人将无法修改或读取你发送给 Tor 网络的信息。 您的流量在 Tor 客户端(在您的计算机上)与世界其他地方弹出的站点之间进行了加密。

第一台服务器不知道我是谁吗?

有可能。 三台服务器中的第一台服务器里的不良服务器可能会看到来自计算机的加密 Tor 流量。 它仍然不知道您是谁,也不知道您正在使用 Tor 做什么。 它仅仅能看到“这个 IP 地址正在使用 Tor”。 Tor 并非在世界上任何一个地方都是不合法的,所以在 Tor 被允许使用的地方使用它。 仍然可以保护您免受此节点的影响,因为它既无法确定您的身份,也无法确定您在 Internet 上的去向。

第三台服务器看不见我的流量吗?

有可能。 一个恶意的末端服务器可以看到三分之一的你发送给 Tor 的流量。 它不会知道是谁发送的数据。 如果您正在使用加密(例如HTTPS协议),它仅能知道目标地点。 查看关于Tor与HTTPS的可视化内容来理解Tor是如何与HTTPS交互的。

可以。

Tor 软件是免费软件。 这意味着我们给予您权力来再次分发 Tor 软件,无论是修改或未修改的版本,无论是收费或免费。 您不需要向我们要特殊许可。

但是,如果您想要分发 Tor 软件,您必须遵守我们的许可。 特别地,这意味着无论您要发行 Tor 软件哪个部分的发行版,您都需要把我们的[许可]文件和这个该发行版放在一起。

然而问我们这个问题的大多数人不仅仅想为 Tor 软件做出贡献。 他们想分发 Tor 浏览器。 这包括火狐拓展支持,NoScript和HTTPS-Everywhere拓展。 你将需要遵守这些程序的许可。 这些分发的火狐拓展都 [GNU 基本公共证书] (https://www.fsf.org/licensing/licenses/gpl.html),而火狐企业版的发行则必须有火狐公共证书。 遵从他们的许可证的最简单方式就是把源代码包含进这些程序里面,只要你打包了这些软件。

同时,你应该确保不让你的读者对这些问题迷惑:什么是 Tor?是谁做的?它能提供什么功能?(以及不提供什么?) 查看我们的商标常见问题来获取详细信息。

还有很多其他应用程序能与 Tor 搭配使用,但我们还没能彻底地研究这些应用的应用层面匿名性问题,因此我们无法推荐一个较为安全的配置方法。 我们的 Wiki 包含社区维护的 [Torify 特定应用程序]说明列表(https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO)。 请添加这些列表,帮助我们保持它们的准确。

很多人使用Tor 浏览器,因为使用Tor来浏览网页能够保证一切安全。 将 Tor 和其他浏览器一起使用是危险且不推荐的

Tor 中完全没有后门。

我们知道一些聪明的律师,他们说在我们的司法权生效的地方(美国),不太可能有人让我们添加后门。 如果他们的确让我们这样做,我们会和他们抗争,(律师说)我们可能会赢。

我们永远不会在 Tor 中植入后门。 我们认为,在 Tor 中使用后门程序对我们的用户将是极为不负责任的,对于一般的安全软件而言,这是一个不好的先例。 如果我们在安全软件中故意放置后门程序,那将破坏我们的专业声誉。 没有人会再次相信我们的软件——有充分的理由。

但是,尽管如此,人们仍然可以尝试进行攻击。 可能有人冒充我们,或破解我们的计算机,或类似的事情。 Tor 是开源项目,您应当总是检查源代码(或至少此版本和上个发行版的源代码之间的差异),以确认没有可疑的迹象。 如果我们(或者发行者)拒绝给您源代码,即表明了有一些不可告人的事情正在发生。 您同样应当检查发行版的 PGP 签名,以确保无人对发行网站动了手脚。

同时,Tor 中也可能会有意外性漏洞并影响您的匿名性。 我们定期发现并修复匿名性相关的漏洞,所以请确保您的 Tor 是最新版本。

Tor 浏览器

警告: 千万不要遵循任何让你手动编辑你的 torrc 文件的建议/教程!!! 这样做会使攻击者通过对 torrc 的恶意配置来破坏您的安全性和匿名性。

Tor uses a text file called torrc that contains configuration instructions for how Tor should behave. The default configuration should work fine for most Tor users (hence the warning above.)

To find your Tor Browser torrc, follow the instructions for your operating system below.

运行于 Windows 或 Linux:

  • The torrc is in the Tor Browser Data directory at Browser/TorBrowser/Data/Tor inside your Tor Browser directory.

运行于macOS:

  • The torrc is in the Tor Browser Data directory at ~/Library/Application Support/TorBrowser-Data/Tor.
  • 注意库文件夹在新版的macOS中是被隐藏的。在访达中访问这个文件夹,需要选择”前往“菜单中的”前往文件夹...“。
  • Then type "~/Library/Application Support/" in the window and click Go.

在修改您的torrc之前关闭Tor 浏览器,否则Tor 浏览器可能会擦除您的修改。 Some options will have no effect as Tor Browser overrides them with command line options when it starts Tor.

Have a look at the sample torrc file for hints on common configurations. For other configuration options you can use, see the Tor manual page. 记住,在torrc中所有以“#”开头的行都会被视为注释并且不会影响Tor的配置。

它们的名字很具有误导性,但“隐身模式”(或隐私模式)无法让你在互联网上匿名化。 它们在你关闭浏览器后删除你计算机上所有与你的浏览会话相关的信息,但是它们在隐匿你的网络痕迹方面毫无作为。 这表示一个窃听者可以和任何普通浏览器一样获取你的网络通信流量。

Tor Browser offers all the amnesic features of private tabs while also hiding the source IP, browsing habits and details about a device that can be used to fingerprint activity across the web, allowing for a truly private browsing session that's fully obfuscated from end-to-end.

For more information regarding the limitations of Incognito mode and private tabs, see Mozilla's article on Common Myths about Private Browsing.

我们强烈不推荐把 Tor 和 Tor 浏览器以外的浏览器搭配使用。 在其它浏览器中使用 Tor 可能会使你置于没有 Tor 浏览器提供的隐私保护的风险中。

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

有些网站因为他们无法分辨出普通 Tor 用户和机器人的区别而屏蔽了 Tor 用户的访问。 我们能让网站解封 Tor 用户的最成功的手段是让用户直接联系网站管理员。 这么做也许能解决你的问题:

“嗨!我正在使用 Tor 浏览器访问 xyz.com ,不过似乎你们并没有允许 Tor 用户访问。 我建议您重新考虑这个决定;Tor 被世界各地的人用来保护隐私和对抗审查。 封锁 Tor 用户意味着也可能封锁了希望在专制国家自由的浏览互联网的用户,希望隐藏自己避免被发现的研究人员、记者、举报人和社会活动家,或只是希望不被第三方跟踪的普通人。 请采取强硬立场支持数字隐私和互联网自由,以及允许 Tor 用户访问 xyz.com,谢谢。”

另外,银行等比较敏感的网站经常进行地区范围的屏蔽(例如如果你平时只在某个特定的国家使用他们的服务,从其他国家进行访问时你的账号可能就会被冻结)。

如果你无法连接洋葱服务,请参阅 我无法访问 x.onion!

你当然可以在使用 Tor 浏览器时使用其它的浏览器。 不过你应该清楚其他浏览器不能提供和 Tor 浏览器一样的隐私保护。 不过在切换浏览器时要多加小心,你也许会不小心在普通浏览器里执行要在 Tor 浏览器中执行的操作。

You can set Proxy IP address, port, and authentication information in Tor Browser's Network Settings. If you're using Tor another way, check out the HTTPProxy and HTTPSProxy config options in the manual page, and modify your torrc file accordingly. You will need an HTTP proxy for doing GET requests to fetch the Tor directory, and you will need an HTTPS proxy for doing CONNECT requests to get to Tor relays. (It's fine if they're the same proxy.) Tor also recognizes the torrc options Socks4Proxy and Socks5Proxy.

Also, read up on the HTTPProxyAuthenticator and HTTPSProxyAuthenticator options if your proxy requires auth. We only support basic auth currently, but if you need NTLM authentication, you may find this post in the archives useful.

If your proxies only allow you to connect to certain ports, look at the entry on Firewalled clients for how to restrict what ports your Tor will try to access.

Please see the Installation section in the Tor Browser Manual.

Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.

In general, this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by its rightful owner.

Even though this may be a byproduct of using the service via Tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory, only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.

And if somebody did steal your google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor Browser, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

More recently, Gmail users can turn on 2-Step Verification on their accounts to add an extra layer of security.

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.

When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.

如果您真的想看英文版的 Google,你可以点击提供此内容的链接。不过我们认为这是 Tor 的一项特性,而不是漏洞——互联网并非处处相同,实际上,根据您所在的位置,它看上去确实有所不同。 此功能使人们想起了这一事实。

Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. On a query this looks like:

https://encrypted.google.com/search?q=online%20anonymity&hl=en

Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on.

Tor Browser is built using Firefox ESR, so errors regarding Firefox may occur. 请确认你只有一个 Tor 浏览器在运行并且你的 Tor 浏览器安装在一个有正确权限的文件夹里。 If you are running an anti-virus, please see My antivirus/malware protection is blocking me from accessing Tor Browser, it is common for anti-virus / anti-malware software to cause this type of issue.

Tor 浏览器6.0.6及之后版本使用 DuckDuckGo 作为内置搜索引擎。 我们以前在 Tor 浏览器使用的 Disconnect 已经不能再从 Google 获得搜索结果。 虽然 Disconnect 是一个允许用户使用不同的搜索提供商的元搜索引擎,它使用 Bing 作为后备,而 Bing 的搜索结果质量并不理想。

Tor 浏览器中,每一个新的羽毛会分配到一条独立的链路。 The Design and Implementation of Tor Browser document further explains the thinking behind this design.

Tor 浏览器是为和 Tor 一起使用而定制的 Firefox 。 Tor 浏览器做了很多工作,例如加入强化隐私和安全的补丁。 虽然你可以同时使用 Tor 浏览器和其他的浏览器,但是同时使用其他浏览器会暴露你的身份信息。我们强烈建议您不要使用其他浏览器。 Learn more about the design of Tor Browser.

有时重度依赖 JavaScript 的网站无法在 Tor 浏览器中正确运作, The simplest fix is to click on the Security icon (the small gray shield at the top-right of the screen), then click "Advanced Security Settings..." 把安全等级设置为“标准”。

使用 Tor 浏览器时,没人能看见你在浏览的网站。 不过你的网络提供商或网络管理员也许可以发现你在使用 Tor,但他们无法知道你浏览的具体网站。

We want everyone to be able to enjoy Tor Browser in their own language. Tor Browser is now available in 30 different languages, and we are working to add more. Want to help us translate? Become a Tor translator!

You can also help us in testing the next languages we will release, by installing and testing Tor Browser Alpha releases.

我们不建议运行多个 Tor 浏览器实例,在很多平台中这样做可能会导致运行不正常。

十分不幸,有些网站要求 Tor 用户填写验证码,我们对此无能为力。 最有效的方法往往是联系网站管理员,告诉他们验证码给像你一样的用户带来的不便。

因为禁用 JavaScript 会让很多网站无法工作, Tor 浏览器内置的 NoScript 默认允许 JavaScript。 默认禁用 JavaScript 造成的不便过于严重,也许会让大多数用户直接放弃使用 Tor 。 原则上来说,我们不仅想让 Tor 浏览器尽可能安全,还想让大多数人都可以使用。所以按照目前状态, Tor 浏览器会继续默认启用 JavaScript。

For users who want to have JavaScript disabled on all HTTP sites by default, we recommend changing your Tor Browser's "Security Level" option. This can be done by navigating the Security icon (the small gray shield at the top-right of the screen), then clicking "Advanced Security Settings...". The "Standard" level allows JavaScript, but the "Safer" and "Safest" levels both block JavaScript on HTTP sites.

运行 Tor 浏览器不会使你成为网络中的一个中继节点。 这意味着你的电脑不会用于中继其他人的流量。 If you'd like to become a relay, please see our Tor Relay Guide.

目前没有设置 Tor 浏览器为默认浏览器的方法。 Tor 浏览器做了大量工作使它和你的操作系统的其他部分相互隔离,以及设置为默认浏览器的过程并不可靠。 This means sometimes a website would load in the Tor Browser, and sometimes it would load in another browser. This type of behavior can be dangerous and break anonymity.

Tor 浏览器目前在 WindowsLinuxmacOS上可用。

Tor 浏览器有一个适用于[安卓](https://www.torproject.org/download/#android)的版本,[The Guardian Project](https://guardianproject.info)也提供了应用 [Orbot](https://play.google.com/store/apps/details?id=org.torproject.android),以通过 Tor 网络在 Android 设备上路由其他应用。

Tor 还没有官方的 iOS 版本,但是我们推荐Onion Browser

Tor 浏览器会让你的网络活动看起来像是来自于世界各个不同地区的网络连接。 有时候某些像是银行或电子邮件服务的网站会认为您的帐号被他人盗用了,因此自动将您的帐号锁定。

要解决此情况的唯一方式是利用网站服务提供的帐号恢复功能,或直接向该网站服务的提供业者说明您的情况。

如果你所使用服务的提供商支持比基于 IP 的验证更安全的双因素认证选项的话,你也许能规避这种场景。 联系你的服务提供商询问它们有没有支持双因素验证。

Tor 浏览器防止人们获知您访问过的网站。 有些机构,例如您的互联网服务提供商,也许会知道您正在使用 Tor 。不过他们将不会知晓您正在使用 Tor 做些什么。

Tor 浏览器有两种方法改变你的中继线路 —— “新身份”和“为该站点使用新 Tor 线路”。

两个选项都在菜单中,你也可以从地址栏的网站信息菜单中选择“新的 Tor 线路”选项。

新身份

这个选项在你不想让你接下来的浏览活动和以前的关联时会很有用。

运行此功能将会关闭所有已经打开的浏览器窗口及标签页,清除所有的浏览器 Cookie 与历史记录等个人信息,并且为后续所有的网络连接创建新的洋葱路由回路。

Tor 浏览器会提示你所有的活动和下载会被终止,在你点击“新身份”时考虑这一点。

Tor Browser Menu

为此站点使用新 Tor 线路

这个选项在出口节点无法访问你请求的网站或显示不正常时会有用。 选择它会在新的 Tor 线路上加载当前标签页。

在其它标签或窗口打开的相同的网站会在重新加载后使用新的线路。

这个选项不会清除任何私密信息或者取消关联你的活动,也不会影响你当前与其它网站的连接。

New Circuit for this Site

Please see the HTTPS Everywhere FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.

Please see the NoScript FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.

Please see the DuckDuckGo support portal. If you believe this is a Tor Browser issue, please report it on our bug tracker.

DuckDuckGo is the default search engine in Tor Browser. DuckDuckGo does not track its users nor does it store any data about user searches. Learn more about DuckDuckGo privacy policy.

使用 Tor 浏览器有时会比其他浏览器慢。 The Tor network has over a million daily users, and just over 6000 relays to route all of their traffic, and the load on each server can sometimes cause latency. And, by design, your traffic is bouncing through volunteers' servers in various parts of the world, and some bottlenecks and network latency will always be present. 您可以通过[运行您自己的中继](https://community.torproject.org/relay/)或鼓励他人这样做来帮助提高网络速度。 For the much more in-depth answer, see Roger's blog post on the topic and Tor's Open Research Topics: 2018 edition about Network Performance. 也就是说, Tor 比以前快的多了,你未必会注意到和其它浏览器相比的速度变化。

当 Tor 浏览器第一次连接到网络时,点击窗口下方的“复制 Tor 日志到剪贴板”按钮。 If Tor Browser is already open, click on the Torbutton icon (the small gray onion at the top-right of the screen), then "Tor Network Settings", then "Copy Tor Log To Clipboard". 当你复制了日志以后,你就可以粘贴到文字编辑器或邮件客户端中里。

造成 Tor 浏览器连接失败的最常见的问题之一是系统时间设置错误。 请确认你的时钟,日期和时区设置正确。 如果这个问题还没有被解决,请查看位于 Tor 浏览器用户手册 的故障排查界面。

这是 Tor 的正常操作。 你连接的中继回路中的第一个节点通常被称为“入口节点”或是“中转节点"。 它是一个快速且稳定的节点,并且将会在您的中继回路中维持两到三个月,用来抵挡破解匿名攻击。 其余的中继会在你每次访问新网站时改变,这三个 Tor 中继会一起提供完整的隐私保护。 For more information on how guard relays work, see this blog post and paper on entry guards.

你所用的网络可能存在封锁,因此你应该试试使用桥。 有一些网桥是 Tor 浏览器内置的,在第一次启动 Tor 浏览器时你可以通过点击 Tor Launcher 中的“设置”(并遵循提示)来使用这些网桥。 如果您需要其他的桥接,你可以从桥接网站 上查询。 关于网桥的更多信息请参阅 Tor 浏览器用户手册

抱歉,我们没有官方支持 *BSD 系统上的 Tor 浏览器。 There is something called the TorBSD project, but their Tor Browser is not officially supported.

如果您同时使用 Tor 浏览器和其他浏览器,这不会影响 Tor 的安全性和私密性。 但请注意,其他浏览器不能让您的活动保持私密,您可能会错误地使用非私密浏览器来执行您在 Tor 浏览器中的操作。

强烈不推荐自行修改 Tor 线路。 You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry/exit nodes can compromise your anonymity. 如果你只想访问只在某些国家或地区提供的服务,你可能更应该去使用 VPN 而不是 Tor。 请注意,VPN 和 Tor 在隐私属性上是有区别的,但是 VPN 可以解决一些区域限制问题。

很不幸,我们目前还没有 Chrome OS 版本的 Tor。 You could run Tor Browser for Android on Chrome OS. Note that by using Tor Mobile on Chrome OS, you will view the mobile (not desktop) versions of websites. However, because we have not audited the app in Chrome OS, we don't know if all the privacy features of Tor Browser for Android will work well.

强烈建议不要在 Tor 浏览器上安装新的附加组件,因为这可能会损害你的隐私和安全。

安装新的拓展可能会意外影响 Tor 浏览器,并使得您的 Tor 浏览器的浏览器指纹变得独一无二。 如果您的 Tor 浏览器副本拥有独特标记,您的浏览活动可以被反匿名并被追踪,即使您正在使用 Tor 浏览器。

简单来说,所有浏览器的设置与特性都会创造一个叫“浏览器指纹”的东西。 大多数浏览器不经意间为每一个用户创建独一无二的浏览器指纹,那可以被用来在全网追踪该用户。 Tor 浏览器经过特殊设计来使得所有用户拥有近乎相同的浏览器指纹(人无完人!)。 这意味着每一个 Tor 浏览器用户看起来都跟其他 Tor 浏览器用户一样,使得追踪一个单独的用户变得困难。

新的插件也有可能增加Tor 浏览器遭到攻击的几率。 这可能会允许敏感信息被泄露或允许攻击者感染 Tor 浏览器。 插件本身可能就被恶意设计用于监控您。

Tor Browser already comes installed with two add-ons — HTTPS Everywhere and NoScript — and adding anything else could deanonymize you.

想要了解更多有关浏览痕迹?在 Tor 博客中有一篇文章介绍了所有有关它的内容。

只有 Tor 浏览器的流量会通过 Tor 网络传输。 你操作系统上的其他程序(包括其他的浏览器)的连接不会使用 Tor 网络,也不会被保护。 需要单独配置来使用 Tor。 If you need to be sure that all traffic will go through the Tor network, take a look at the Tails live operating system which you can start on almost any computer from a USB stick or a DVD.

Flash在Tor 浏览器中被关闭,并且我们推荐您不要打开它。 我们认为 Flash 在任何浏览器上都是是极不安全的 —— 它可以轻易盗取你的个人信息或者给你安装恶意软件。 幸运的是,大多数网站、设备,还有其它浏览器都正在淘汰 Flash。

你下载或运行的文件会提示你选择一个目标位置。 如果您忘记了它位于哪里,那么最大的可能性它会位于桌面或者下载文件夹。

Windows 安装包中的默认设置也会为您在您的桌面上创建一个快捷方式,但请注意,您可能无意中取消了创建快捷方式的选项。

如果你在文件夹中找不到,请再次下载并注意询问你下载位置的提示。 选择一个你能简单记住的目录,下载完成后你能在选择的目录中看到 Tor 浏览器文件夹。

大多数防病毒软件允许你将某些进程添加到白名单中。 请打开你的防病毒软件(或反恶意软件工具)中的设置,寻找白名单或类似的选项。 接下来,执行以下步骤:

  • Windows
    • firefox.exe
    • tor.exe
    • obfs4proxy.exe (如果你使用网桥)

*对于 macOS

  • Tor 浏览器
  • tor.real
  • obfs4proxy (如果你使用网桥)

最后,重新启动 Tor 浏览器。 这应该能解决你遇到的问题。 请注意,卡巴斯基之类的防病毒软件可能会在防火墙层面封锁 Tor。

当新的 Tor 浏览器稳定版本发布时,我们将会写一篇包括新的特性与已知问题的博文。 如果您在升级了 Tor 浏览器后遇到了问题,请在blog.torproject.org查阅有关最新稳定版本的Tor 浏览器的博客,您的问题可能被包含在其中。 If your issue is not listed, please file a bug report about what you're experiencing.

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing), a technique developed by Mozilla and presented earlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.

数字签名是一个确保某个包由其开发人员生成并且未被篡改的过程。 下面我们解释为什么它很重要,以及如何验证您下载的 Tor 程序是我们创建的,并且未被某些攻击者修改过的程序。

我们下载页面上的每个文件都附带一个与包名称相同的文件和扩展名“.asc”。这些.asc文件就是 OpenGPG 签名。 它们允许你验证你下载的文件正是我们希望你获取的文件。

For example, torbrowser-install-win64-9.0_en-US.exe is accompanied by torbrowser-install-win64-9.0_en-US.exe.asc.

我们现在展示如何在不同的操作系统上验证下载文件的数字签名。 请注意数字签名是标注该包被签名的时间。 因此,每个新文件上传时,都会生成具有不同日期的新签名。 只要您验证了签名,就不必担心报告的日期可能有所不同。

正在安装 GnuPG

首先你需要安装GnuPG才能验证签名。

对于 Windows 的用户:

如果您使用 Windows, 下载 Gpg4win并运行其安装包。

为了验证签名,您需要在 Windows 命令行(“cmd.exe")中输入一些命令。

对于 macOS 的用户:

如果您正在使用 macOS,您可以安装 GPGTools

为了验证签名,您需要在(“应用程序”下的)终端中输入一些命令

对于 GNU/Linux 的用户:

如果你使用 GNU/Linux,那么可能在你的系统中已经安装了 GnuPG,因为大多数 Linux 发行版都预装了它。

为了验证签名,您需要在终端窗口中输入一些命令。如何进行此操作将取决于您的发行版。

正在提取 Tor 开发者密钥

Tor 浏览器团队为 Tor 浏览器发行版签名。 导入Tor 浏览器开发者登录密钥(0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

这会向您展示像这样的内容:

gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]

在导入密钥完成后,您可以将其另存为一个文件(通过指纹来鉴定它):

gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

验证签名

为了验证你下载的包的签名,除了安装文件本身,你还需要下载相应的“.asc”签名文件,并用一个命令让 GnuPG 验证你下载的文件。

下面的例子假设你已经下载了这样的两个文件到你的"下载"文件夹。

对于 Windows 的用户:

gpgv --keyring .\tor.keyring Downloads\torbrowser-install-win64-9.0_en-US.exe.asc Downloads\torbrowser-install-win64-9.0_en-US.exe

对于 macOS 的用户:

gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0-osx64_en-US.dmg{.asc,}

对于 GNU/Linux 的用户(如果您有32位的安装包,请将64转为32)

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz{.asc,}

命令的结果应该与以下输出相似的内容:

gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time
gpgv: using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"

<<<<<<< HEAD

Workaround (using a public key)

If you encounter errors you cannot fix, feel free to download and use this public key instead. Alternatively, you may use the following command:

curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

> 4c7b199efc403f7f73b9ae06733568f8945eb6ae

Workaround (using a public key)

If you encounter errors you cannot fix, feel free to download and use this public key instead. Alternatively, you may use the following command:

curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

你也许会想了解更多关于GnuPG

Tor Messenger

不,在几次 beta 版之后,我们终止了 Tor Messenger 的支持。 即使现在没有那么多资源进行这项工作,我们依旧相信 Tor 可以和即时消息结合。 你也相信吗?联系我们

在移动设备上使用 Tor

它将会,_很快_可用。 In the meantime you can use F-Droid to download Tor Browser for Android by enabling the Guardian Project's Repository.

Learn how to add a repository to F-Droid.

While both Tor Browser for Android and Orbot are great, they serve different purposes. Tor Browser for Android is like the desktop Tor Browser, but on your mobile device. It is a one stop browser that uses the Tor network and tries to be as anonymous as possible. Orbot on the other hand is a proxy that will enable you to send the data from your other applications (E-Mail clients, instant messaging apps, etc.) through the tor network; a version of Orbot is also inside of the Tor Browser for Android, and is what enables it to connect to the Tor network. That version, however, does not enable you to send other apps outside of the Tor Browser for Android through it. Depending on how you want to use the tor network, either one or both of these could be a great option.

目前没有在 Windows Phone 上运行 Tor 的方法。

在 iOS 上我们推荐 Onion Browser,它是开放源代码软件,使用 Tor 线路,而且由和 Tor Project 关系密切的人开发。 但是,苹果要求所有在 iOS 运行的浏览器使用 Webkit ,这会使 Onion Browser 不能提供和 Tor 浏览器相同的隐私保护。

了解更多有关Onion Browser。 在[App Store]中下载Onion Browser。(https://itunes.apple.com/us/app/onion-browser/id519296448)。

The Guardian Project maintains Orbot (and other privacy applications) on Android. More info can be found on the Guardian Project's website.

Yes, there is a version of Tor Browser available specifically for Android. Installing Tor Browser for Android is all you need to run Tor on your Android device.

The Guardian Project provides the app Orbot which can be used to route other apps on your Android device over the Tor network, however only Tor Browser for Android is needed to browse the web with Tor.

GetTor

要获得 Tor 浏览器的下载链接,你可以向 gettor@torproject.org 发送带有下面信息的电子邮件:

  • Linux
  • macOS(OS X)
  • Windows

通过推特的GetTor服务目前正在维护当中。请使用电子邮件

给 gettor@torproject.org 发送一封电子邮件。 在信息的正文中写下您的操作系统(如 Windows、macOS 或 Linux)并发送。 GetTor 将会给你自动回复一封电子邮件给,信中会带有 Tor 浏览器的下载链接、数字签名(用于验证下载)、签名的指纹和文件的散列值。 你也许需要选择“32 位”或“64 位”版本:这和你的电脑有关,你可能需要查阅你电脑的说明书或是和制造商联系来了解更多信息。

如果你无法通过我们的 网站下载 Tor Browser,你可以通过 GetTor 获取一份 Tor Browser 的拷贝。 GetTor 是一项通过不同方式自动回复最新版 Tor 浏览器下载链接的服务。这些链接由不同处所托管,例如 Dropbox 、Google Drive 和 GitHub. You can also download Tor Browser from https://tor.eff.org or from https://tor.ccc.de. For more geographically specific links visit Tor: Mirrors

连接 Tor

如果无法访问您想访问的洋葱服务,请检查是否正确输入了洋葱地址的16个字符(或者新版地址的56个字符)。只要有一点点错误,Tor 浏览器就无法连接到网站。 如果你仍然无法访问这个洋葱服务,请稍后重试。 有可能是网络连接有出现暂时性阻碍,或者是该网站的管理员在没有提示的情况下关闭了网站。

You can also ensure that you're able to access other onion services by connecting to DuckDuckGo's onion service.

如果你遇到了连接问题,请选择 “复制 Tor 日志到剪贴板” 选项。 然后粘贴 Tor 日志到文本文件或者其他文档格式中。 您应该能够在 Tor 日志中发现这些常见问题(请在 Tor 日志里寻找如下所示的错误):

常见错误 #1: 代理连接失败
2017-10-29 09:23:40.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 5%: Connecting to directory server
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
2017-10-29 09:24:08.900 [WARN] Proxy Client: unable to connect to xx..xxx..xxx.xx:xxxxx ("general SOCKS server failure")

如果您看见这些提示出现在您的日志里面,这意味着您连接 SOCKS 代理失败了。 如果您的网络连接需要设置 SOCKS 代理,请确认您代理服务器的信息正确。 如果您的系统不需要代理,或者您不敢肯定,请尝试直接连接 Tor 网络。

常见错误 #2: 无法连接到中继
11/1/2017 21:11:43 PM.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/1/2017 21:11:44 PM.300 [NOTICE] Bootstrapped 80%: Connecting to the Tor network
11/1/2017 21:11:44 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.
11/1/2017 21:11:44 PM.500 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
11/1/2017 21:11:45 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.

如果您看见这些提示出现在您的日志里面,这意味着您的 Tor 无法连接到 Tor 网络中的第一个节点。 这可能意味着您处于有审查的网络中。

请尝试通过网桥连接,这应该能解决问题。

常见错误 #3:无法完成 TLS 握手
13-11-17 19:52:24.300 [NOTICE] Bootstrapped 10%: Finishing handshake with direc Tor y server 
13-11-17 19:53:49.300 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 10; recommendation warn; host [host] at xxx.xxx.xxx.xx:xxx) 
13-11-17 19:53:49.300 [WARN] 10 connections have failed: 
13-11-17 19:53:49.300 [WARN]  9 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE 
13-11-17 19:53:49.300 [WARN]  1 connections died in state connect()ing with SSL state (No SSL object)

如果你在 Tor 日志里看见这句话,这意味着 Tor 和目录服务器无法完成 TLS 握手。 使用网桥可能会解决这个问题。

常见错误 #4:时钟偏差
19.11.2017 00:04:47.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
19.11.2017 00:04:48.000 [NOTICE] Bootstrapped 5%: Connecting to direc Tor y server 
19.11.2017 00:04:48.200 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
19.11.2017 00:04:48.800 [WARN] Received NETINFO cell with skewed time (OR:xxx.xx.x.xx:xxxx): It seems that our clock is behind by 1 days, 0 hours, 1 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.

如果您看见这些提示出现在您的日志里面,这意味着您的系统时间设置错误。 请确认您的时间设置是正确的,包括正确的时区。然后重新启动 Tor。

造成 Tor 浏览器连接失败的最常见的问题之一是系统时间设置错误。 请确认你的时钟,日期和时区设置正确。 如果这个问题还没有被解决,请查看位于 Tor 浏览器用户手册 的故障排查界面。

审查

网桥是不在 Tor 公共目录里列出的中继节点。

这意味着政府或 ISP 阻止 Tor 网络的尝试不能简单的封锁所有网桥。 如果你处于某个压迫政权中,或是担心被发现自己正在和 Tor 中继的 IP 地址连接,你可能需要使用网桥。

网桥就是有些许不同的中继。 See How do I run a bridge for instructions.

一些国家,包括中国和伊朗,已经发现了检测和屏蔽 Tor 网桥的方法。 Obfsproxy bridges address this by adding another layer of obfuscation. 需要一些额外软件和设置来运行 obfsproxy 网桥。 See our page on pluggable transports for more info.

如果你遇到了连接问题,请选择 “复制 Tor 日志到剪贴板” 选项。 然后粘贴 Tor 日志到文本文件或者其他文档格式中。 您应该能够在 Tor 日志中发现这些常见问题(请在 Tor 日志里寻找如下所示的错误):

常见错误 #1: 代理连接失败
2017-10-29 09:23:40.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 5%: Connecting to directory server
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
2017-10-29 09:24:08.900 [WARN] Proxy Client: unable to connect to xx..xxx..xxx.xx:xxxxx ("general SOCKS server failure")

如果您看见这些提示出现在您的日志里面,这意味着您连接 SOCKS 代理失败了。 如果您的网络连接需要设置 SOCKS 代理,请确认您代理服务器的信息正确。 如果您的系统不需要代理,或者您不敢肯定,请尝试直接连接 Tor 网络。

常见错误 #2: 无法连接到中继
11/1/2017 21:11:43 PM.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/1/2017 21:11:44 PM.300 [NOTICE] Bootstrapped 80%: Connecting to the Tor network
11/1/2017 21:11:44 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.
11/1/2017 21:11:44 PM.500 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
11/1/2017 21:11:45 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.

如果您看见这些提示出现在您的日志里面,这意味着您的 Tor 无法连接到 Tor 网络中的第一个节点。 这可能意味着您处于有审查的网络中。

请尝试通过网桥连接,这应该能解决问题。

常见错误 #3:无法完成 TLS 握手
13-11-17 19:52:24.300 [NOTICE] Bootstrapped 10%: Finishing handshake with direc Tor y server 
13-11-17 19:53:49.300 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 10; recommendation warn; host [host] at xxx.xxx.xxx.xx:xxx) 
13-11-17 19:53:49.300 [WARN] 10 connections have failed: 
13-11-17 19:53:49.300 [WARN]  9 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE 
13-11-17 19:53:49.300 [WARN]  1 connections died in state connect()ing with SSL state (No SSL object)

如果你在 Tor 日志里看见这句话,这意味着 Tor 和目录服务器无法完成 TLS 握手。 使用网桥可能会解决这个问题。

常见错误 #4:时钟偏差
19.11.2017 00:04:47.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
19.11.2017 00:04:48.000 [NOTICE] Bootstrapped 5%: Connecting to direc Tor y server 
19.11.2017 00:04:48.200 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
19.11.2017 00:04:48.800 [WARN] Received NETINFO cell with skewed time (OR:xxx.xx.x.xx:xxxx): It seems that our clock is behind by 1 days, 0 hours, 1 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.

如果您看见这些提示出现在您的日志里面,这意味着您的系统时间设置错误。 请确认您的时间设置是正确的,包括正确的时区。然后重新启动 Tor。

你所用的网络可能存在封锁,因此你应该试试使用桥。 有一些网桥是 Tor 浏览器内置的,在第一次启动 Tor 浏览器时你可以通过点击 Tor Launcher 中的“设置”(并遵循提示)来使用这些网桥。 如果您需要其他的桥接,你可以从桥接网站 上查询。 关于网桥的更多信息请参阅 Tor 浏览器用户手册

如果你无法通过我们的 网站下载 Tor Browser,你可以通过 GetTor 获取一份 Tor Browser 的拷贝。 GetTor 是一项通过不同方式自动回复最新版 Tor 浏览器下载链接的服务。这些链接由不同处所托管,例如 Dropbox 、Google Drive 和 GitHub. You can also download Tor Browser from https://tor.eff.org or from https://tor.ccc.de. For more geographically specific links visit Tor: Mirrors

有些网站因为他们无法分辨出普通 Tor 用户和机器人的区别而屏蔽了 Tor 用户的访问。 我们能让网站解封 Tor 用户的最成功的手段是让用户直接联系网站管理员。 这么做也许能解决你的问题:

“嗨!我正在使用 Tor 浏览器访问 xyz.com ,不过似乎你们并没有允许 Tor 用户访问。 我建议您重新考虑这个决定;Tor 被世界各地的人用来保护隐私和对抗审查。 封锁 Tor 用户意味着也可能封锁了希望在专制国家自由的浏览互联网的用户,希望隐藏自己避免被发现的研究人员、记者、举报人和社会活动家,或只是希望不被第三方跟踪的普通人。 请采取强硬立场支持数字隐私和互联网自由,以及允许 Tor 用户访问 xyz.com,谢谢。”

另外,银行等比较敏感的网站经常进行地区范围的屏蔽(例如如果你平时只在某个特定的国家使用他们的服务,从其他国家进行访问时你的账号可能就会被冻结)。

如果你无法连接洋葱服务,请参阅 我无法访问 x.onion!

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

HTTPS

简单来说是:“可以,你可以使用Tor访问普通的HTTPS站点。”

HTTPS连接被用于确保电脑网络中的通讯安全。 You can read more about HTTPS here. Tor 浏览器内置 HTTPS Everywhere 插件,它将自动将数千个不受加密保护的 HTTP 站点切换至更加安全隐私的 HTTPS 站点。

Tor 浏览器防止窃听者获知您访问过的网站。 不过,出口节点和出口节点与目标网站之间的监听者能看到通过 HTTP 协议传输的未加密的内容。 如果你访问的网站使用了 HTTPS,你的流量在离开出口节点时是加密的,不会被窃听者看到。

This visualization shows what information is visible to eavesdroppers with and without Tor Browser and HTTPS encryption.

下方的展示呈现了有使用以及没有使用 Tor 浏览器与 HTTPS 加密连接时,网络监听者可以拦截窃取到的数据种类:

  • 点击“Tor”按钮可以查看当您未使用洋葱路由时,有哪些数据可以让网络监听者直接拦截获取,当此按钮呈现绿色状态时,表示洋葱路由功能已经启动。
  • 您可以点击“HTTPS”功能按钮来查看当 HTTPS 启用时,有哪些数据仍然可能被网络监听者拦截窃取。而当此按钮呈现绿色状态时,表示 HTTPS 功能已经启动。
  • 当两个按钮都为绿色状态时,您可以看到在这两个功能都同时启动的状态下,网络监听者依能够窃取到的数据有哪些。
  • 而当这两个按钮都呈现灰色时,您则可以查看当这两个功能都在关闭的状态下时,网络监听者能够拦截窃取到的数据有哪些。



POTENTIALLY VISIBLE DATA
site.com
被访问的网站。
用户名/密码
用于身份验证的用户名和密码。
数据
被传输的数据。
所处位置
访问网站的计算机的网络位置(公网IP地址)。
Tor
是否使用了 Tor。

中继操作者

Tor guesses its IP address by asking the computer for its hostname, and then resolving that hostname. Often people have old entries in their /etc/hosts file that point to old IP addresses.

If that doesn't fix it, you should use the "Address" config option to specify the IP you want it to pick. If your computer is behind a NAT and it only has an internal IP address, see the following Support entry on dynamic IP addresses.

Also, if you have many addresses, you might also want to set "OutboundBindAddress" so external connections come from the IP you intend to present to the world.

If your relay is relatively new then give it time. Tor decides which relays it uses heuristically based on reports from Bandwidth Authorities. These authorities take measurements of your relay's capacity and, over time, directs more traffic there until it reaches an optimal load. The lifecycle of a new relay is explained in more depth in this blog post. If you've been running a relay for a while and still having issues then try asking on the tor-relays list.

If you allow exit connections, some services that people connect to from your relay will connect back to collect more information about you. For example, some IRC servers connect back to your identd port to record which user made the connection. (This doesn't really work for them, because Tor doesn't know this information, but they try anyway.) Also, users exiting from you might attract the attention of other users on the IRC server, website, etc. who want to know more about the host they're relaying through.

Another reason is that groups who scan for open proxies on the Internet have learned that sometimes Tor relays expose their socks port to the world. We recommend that you bind your socksport to local networks only.

In any case, you need to keep up to date with your security. See this article on security for Tor relays for more suggestions.

  • The exit relay is the most needed relay type but it also comes with the highest legal exposure and risk (and you should NOT run them from your home).
  • If you are looking to run a relay with minimal effort, fast guard relays are also very useful
  • Followed by bridges.

When an exit is misconfigured or malicious it's assigned the BadExit flag. This tells Tor to avoid exiting through that relay. In effect, relays with this flag become non-exits. If you got this flag then we either discovered a problem or suspicious activity when routing traffic through your exit and weren't able to contact you. Please reach out to the bad-relays team so we can sort out the issue.

When upgrading your Tor relay, or moving it on a different computer, the important part is to keep the same identity keys (stored in "keys/ed25519_master_id_secret_key" and "keys/secret_id_key" in your DataDirectory). Keeping backups of the identity keys so you can restore a relay in the future is the recommended way to ensure the reputation of the relay won't be wasted.

This means that if you're upgrading your Tor relay and you keep the same torrc and the same DataDirectory, then the upgrade should just work and your relay will keep using the same key. If you need to pick a new DataDirectory, be sure to copy your old keys/ed25519_master_id_secret_key and keys/secret_id_key over.

Note: As of Tor 0.2.7 we are using new generation identities for relays based on ed25519 elliptic curve cryptography. Eventually they will replace the old RSA identities, but that will happen in time, to ensure compatibility with older versions. Until then, each relay will have both an ed25519 identity (identity key file: keys/ed25519_master_id_secret_key) and a RSA identity (identity key file: keys/secret_id_key). You need to copy / backup both of them in order to restore your relay, change your DataDirectory or migrate the relay on a new computer.

We're looking for people with reasonably reliable Internet connections, that have at least 10 Mbit/s (Mbps) available bandwidth each way. If that's you, please consider running a Tor relay.

Even if you do not have at least 10 Mbit/s of available bandwidth you can still help the Tor network by running a Tor bridge with obfs4 support. In that case you should have at least 1 MBit/s of available bandwidth.

You're right, for the most part a byte into your Tor relay means a byte out, and vice versa. But there are a few exceptions:

If you open your DirPort, then Tor clients will ask you for a copy of the directory. The request they make (an HTTP GET) is quite small, and the response is sometimes quite large. This probably accounts for most of the difference between your "write" byte count and your "read" byte count.

Another minor exception shows up when you operate as an exit node, and you read a few bytes from an exit connection (for example, an instant messaging or ssh connection) and wrap it up into an entire 512 byte cell for transport through the Tor network.

If your Tor relay is using more memory than you'd like, here are some tips for reducing its footprint:

  • If you're on Linux, you may be encountering memory fragmentation bugs in glibc's malloc implementation. That is, when Tor releases memory back to the system, the pieces of memory are fragmented so they're hard to reuse. The Tor tarball ships with OpenBSD's malloc implementation, which doesn't have as many fragmentation bugs (but the tradeoff is higher CPU load). You can tell Tor to use this malloc implementation instead: ./configure --enable-openbsd-malloc.
  • If you're running a fast relay, meaning you have many TLS connections open, you are probably losing a lot of memory to OpenSSL's internal buffers (38KB+ per socket). We've patched OpenSSL to release unused buffer memory more aggressively. If you update to OpenSSL 1.0.0 or newer, Tor's build process will automatically recognize and use this feature.
  • If you still can't handle the memory load, consider reducing the amount of bandwidth your relay advertises. Advertising less bandwidth means you will attract fewer users, so your relay shouldn't grow as large. See the MaxAdvertisedBandwidth option in the man page.

All of this said, fast Tor relays do use a lot of ram. It is not unusual for a fast exit relay to use 500-1000 MB of memory.

We aim to make setting up a Tor relay easy and convenient:

  • It's fine if the relay goes offline sometimes. The directories notice this quickly and stop advertising the relay. Just try to make sure it's not too often, since connections using the relay when it disconnects will break.
  • Each Tor relay has an exit policy that specifies what sort of outbound connections are allowed or refused from that relay. If you are uncomfortable allowing people to exit from your relay, you can set it up to only allow connections to other Tor relays.
  • Your relay will passively estimate and advertise its recent bandwidth capacity, so high-bandwidth relays will attract more users than low-bandwidth ones. Therefore, having low-bandwidth relays is useful too.

If you're using Debian or Ubuntu especially, there are a number of benefits to installing Tor from the Tor Project's repository.

  • Your ulimit -n gets set to 32768 high enough for Tor to keep open all the connections it needs.
  • A user profile is created just for Tor, so Tor doesn't need to run as root.
  • An init script is included so that Tor runs at boot.
  • Tor runs with --verify-config, so that most problems with your config file get caught.
  • Tor can bind to low level ports, then drop privileges.

All outgoing connections must be allowed, so that each relay can communicate with every other relay.

In many jurisdictions, Tor relay operators are legally protected by the same common carrier regulations that prevent internet service providers from being held liable for third-party content that passes through their network. Exit relays that filter some traffic would likely forfeit those protections.

Tor promotes free network access without interference. Exit relays must not filter the traffic that passes through them to the internet. Exit relays found to be filtering traffic will get the BadExit flag once detected.

不要这么做。 如果司法部门察觉了你出口节点的数据流量,他们可能会没收你的电子设备。 出于这些原因,最好不要在你的家中或使用你家里的网络运行出口节点。

推荐在支持 Tor 的商业实体(例如某些 VPS 服务商 —— 译者注)上搭建 Tor 的出口节点。 你的出口节点有一个独立的 IP 地址,而且不会传输你的流量。 当然,你应该避免在你运行出口节点的电脑上存储任何敏感或与你有关的信息。

  • 不要使用 Ubuntu 仓库中的包,它们未得到可靠更新。 如果您使用它们,您可能会错过重要的稳定性和安全性修复。
  • 运行下面的命令确定你 Ubuntu 的版本
     $ lsb_release -c
    
  • 以 root 用户身份把下面的行添加到 /etc/apt/sources.list 中。用前一步你获得的版本号代替'version'。
     $ deb https://deb.torproject.org/torproject.org version main
     $ deb-src https://deb.torproject.org/torproject.org version main
    
  • 运行下面的命令来添加签名软件包的 gpg 公钥:
     $ curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo apt-key add -
    
  • 运行下面的命令来检查签名并安装 tor:
     $ sudo apt-get update
     $ sudo apt-get install tor deb.torproject.org-keyring
    

For the most in-depth resource on running a relay, see the Relay Setup Guide.

In simple words, it works like this:

  • There is a master ed25519 identity secret key file named "ed25519_master_id_secret_key". This is the most important one, so make sure you keep a backup in a secure place - the file is sensitive and should be protected. Tor could encrypt it for you if you generate it manually and enter a password when asked.
  • A medium term signing key named "ed25519_signing_secret_key" is generated for Tor to use. Also, a certificate is generated named "ed25519_signing_cert" which is signed by the master identity secret key and confirms that the medium term signing key is valid for a certain period of time. The default validity is 30 days, but this can be customized by setting "SigningKeyLifetime N days|weeks|months" in torrc.
  • There is also a master public key named "ed25519_master_id_public_key, which is the actual identity of the relay advertised in the network. This one is not sensitive and can be easily computed from "ed5519_master_id_secret_key".

Tor will only need access to the medium term signing key and certificate as long as they are valid, so the master identity secret key can be kept outside DataDirectory/keys, on a storage media or a different computer. You'll have to manually renew the medium term signing key and certificate before they expire otherwise the Tor process on the relay will exit upon expiration.

This feature is optional, you don't need to use it unless you want to. If you want your relay to run unattended for longer time without having to manually do the medium term signing key renewal on regular basis, best to leave the master identity secret key in DataDirectory/keys, just make a backup in case you'll need to reinstall it. If you want to use this feature, you can consult our more detailed guide on the topic.

Since it's now a guard, clients are using it less in other positions, but not many clients have rotated their existing guards out to use it as a guard yet. Read more details in this blog post or in Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor.

Great. If you want to run several relays to donate more to the network, we're happy with that. But please don't run more than a few dozen on the same network, since part of the goal of the Tor network is dispersal and diversity.

If you do decide to run more than one relay, please set the "MyFamily" config option in the torrc of each relay, listing all the relays (comma-separated) that are under your control:

MyFamily $fingerprint1,$fingerprint2,$fingerprint3

where each fingerprint is the 40 character identity fingerprint (without spaces).

That way, Tor clients will know to avoid using more than one of your relays in a single circuit. You should set MyFamily if you have administrative control of the computers or of their network, even if they're not all in the same geographic location.

The accounting options in the torrc file allow you to specify the maximum amount of bytes your relay uses for a time period.

    AccountingStart day week month [day] HH:MM

This specifies when the accounting should reset. For instance, to setup a total amount of bytes served for a week (that resets every Wednesday at 10:00am), you would use:

    AccountingStart week 3 10:00
    AccountingMax 500 GBytes

This specifies the maximum amount of data your relay will send during an accounting period, and the maximum amount of data your relay will receive during an account period. When the accounting period resets (from AccountingStart), then the counters for AccountingMax are reset to 0.

Example: Let's say you want to allow 50 GB of traffic every day in each direction and the accounting should reset at noon each day:

    AccountingStart day 12:00
    AccountingMax 50 GBytes

Note that your relay won't wake up exactly at the beginning of each accounting period. It will keep track of how quickly it used its quota in the last period, and choose a random point in the new interval to wake up. This way we avoid having hundreds of relays working at the beginning of each month but none still up by the end.

If you have only a small amount of bandwidth to donate compared to your connection speed, we recommend you use daily accounting, so you don't end up using your entire monthly quota in the first day. Just divide your monthly amount by 30. You might also consider rate limiting to spread your usefulness over more of the day: if you want to offer X GB in each direction, you could set your RelayBandwidthRate to 20*X KBytes. For example, if you have 50 GB to offer each way, you might set your RelayBandwidthRate to 1000 KBytes: this way your relay will always be useful for at least half of each day.

    AccountingStart day 0:00
    AccountingMax 50 GBytes
    RelayBandwidthRate 1000 KBytes
    RelayBandwidthBurst 5000 KBytes # allow higher bursts but maintain average

Tor has partial support for IPv6 and we encourage every relay operator to enable IPv6 functionality in their torrc configuration files when IPv6 connectivity is available. For the time being Tor will require IPv4 addresses on relays, you can not run a Tor relay on a host with IPv6 addresses only.

The parameters assigned in the AccountingMax and BandwidthRate apply to both client and relay functions of the Tor process. Thus you may find that you are unable to browse as soon as your Tor goes into hibernation, signaled by this entry in the log:

Bandwidth soft limit reached; commencing hibernation. No new
    connections will be accepted

The solution is to run two Tor processes - one relay and one client, each with its own config. One way to do this (if you are starting from a working relay setup) is as follows:

  • In the relay Tor torrc file, simply set the SocksPort to 0.
  • Create a new client torrc file from the torrc.sample and ensure it uses a different log file from the relay. One naming convention may be torrc.client and torrc.relay.
  • Modify the Tor client and relay startup scripts to include -f /path/to/correct/torrc.
  • In Linux/BSD/Mac OS X, changing the startup scripts to Tor.client and Tor.relay may make separation of configs easier.

Great. That's exactly why we implemented exit policies.

Each Tor relay has an exit policy that specifies what sort of outbound connections are allowed or refused from that relay. The exit policies are propagated to Tor clients via the directory, so clients will automatically avoid picking exit relays that would refuse to exit to their intended destination. This way each relay can decide the services, hosts, and networks it wants to allow connections to, based on abuse potential and its own situation. Read the Support entry on issues you might encounter if you use the default exit policy, and then read Mike Perry's tips for running an exit node with minimal harassment.

The default exit policy allows access to many popular services (e.g. web browsing), but restricts some due to abuse potential (e.g. mail) and some since the Tor network can't handle the load (e.g. default file-sharing ports). You can change your exit policy by editing your torrc file. If you want to avoid most if not all abuse potential, set it to "reject :". This setting means that your relay will be used for relaying traffic inside the Tor network, but not for connections to external websites or other services.

If you do allow any exit connections, make sure name resolution works (that is, your computer can resolve Internet addresses correctly). If there are any resources that your computer can't reach (for example, you are behind a restrictive firewall or content filter), please explicitly reject them in your exit policy otherwise Tor users will be impacted too.

Tor can handle relays with dynamic IP addresses just fine. Just leave the "Address" line in your torrc blank, and Tor will guess.

Yes, you do get better anonymity against some attacks.

The simplest example is an attacker who owns a small number of Tor relays. They will see a connection from you, but they won't be able to know whether the connection originated at your computer or was relayed from somebody else.

There are some cases where it doesn't seem to help: if an attacker can watch all of your incoming and outgoing traffic, then it's easy for them to learn which connections were relayed and which started at you. (In this case they still don't know your destinations unless they are watching them too, but you're no better off than if you were an ordinary client.)

There are also some downsides to running a Tor relay. First, while we only have a few hundred relays, the fact that you're running one might signal to an attacker that you place a high value on your anonymity. Second, there are some more esoteric attacks that are not as well-understood or well-tested that involve making use of the knowledge that you're running a relay -- for example, an attacker may be able to "observe" whether you're sending traffic even if they can't actually watch your network, by relaying traffic through your Tor relay and noticing changes in traffic timing.

It is an open research question whether the benefits outweigh the risks. A lot of that depends on the attacks you are most worried about. For most users, we think it's a smart move.

See portforward.com for directions on how to port forward with your NAT/router device.

If your relay is running on a internal net, you need to setup port forwarding. Forwarding TCP connections is system dependent but the firewalled-clients FAQ entry offers some examples on how to do this.

Also, here's an example of how you would do this on GNU/Linux if you're using iptables:

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 9001 -j ACCEPT

You may have to change "eth0" if you have a different external interface (the one connected to the Internet). Chances are you have only one (except the loopback) so it shouldn't be too hard to figure out.

There are two options you can add to your torrc file:

BandwidthRate is the maximum long-term bandwidth allowed (bytes per second). For example, you might want to choose "BandwidthRate 10 MBytes" for 10 megabytes per second (a fast connection), or "BandwidthRate 500 KBytes" for 500 kilobytes per second (a decent cable connection). The minimum BandwidthRate setting is 75 kilobytes per second.

BandwidthBurst is a pool of bytes used to fulfill requests during short periods of traffic above BandwidthRate but still keeps the average over a long period to BandwidthRate. A low Rate but a high Burst enforces a long-term average while still allowing more traffic during peak times if the average hasn't been reached lately. For example, if you choose "BandwidthBurst 500 KBytes" and also use that for your BandwidthRate, then you will never use more than 500 kilobytes per second; but if you choose a higher BandwidthBurst (like 5 MBytes), it will allow more bytes through until the pool is empty.

If you have an asymmetric connection (upload less than download) such as a cable modem, you should set BandwidthRate to less than your smaller bandwidth (Usually that's the upload bandwidth). Otherwise, you could drop many packets during periods of maximum bandwidth usage - you may need to experiment with which values make your connection comfortable. Then set BandwidthBurst to the same as BandwidthRate.

Linux-based Tor nodes have another option at their disposal: they can prioritize Tor traffic below other traffic on their machine, so that their own personal traffic is not impacted by Tor load. A script to do this can be found in the Tor source distribution's contrib directory.

Additionally, there are hibernation options where you can tell Tor to only serve a certain amount of bandwidth per time period (such as 100 GB per month). These are covered in the hibernation entry below.

Note that BandwidthRate and BandwidthBurst are in Bytes, not Bits.

洋葱服务

When browsing an Onion Service, Tor Browser displays different onion icons in the address bar indicating the security of the current webpage.

绿色洋葱标识 一个绿色的洋葱意味着:

  • 洋葱服务通过 HTTP 或带有自签名证书的 HTTPS 提供。

绿色带锁洋葱标识 一个绿色的带锁洋葱意味着:

  • 洋葱服务通过具有 CA 颁发的证书的 HTTPS 提供。

灰色洋葱带红色斜杠标识 带有红色斜线的灰洋葱表示:

  • The Onion Service is served over HTTPS with a self-signed or CA-Issued certificate.
  • The webpage contains subresources served over HTTP.

如果无法访问您想访问的洋葱服务,请检查是否正确输入了洋葱地址的16个字符(或者新版地址的56个字符)。只要有一点点错误,Tor 浏览器就无法连接到网站。 如果你仍然无法访问这个洋葱服务,请稍后重试。 有可能是网络连接有出现暂时性阻碍,或者是该网站的管理员在没有提示的情况下关闭了网站。

You can also ensure that you're able to access other onion services by connecting to DuckDuckGo's onion service.

洋葱服务允许人们匿名的访问和发表信息,包括架设匿名网站。

Onion services are also relied on for metadata-free chat and file sharing, safer interaction between journalists and their sources like with SecureDrop or OnionShare, safer software updates, and more secure ways to reach popular websites like Facebook.

这些服务使用特殊的顶级域名(TLD) .onion (而不是.com .net .org等)而且这些服务只有在 Tor 网络 里可以连接。

当你浏览洋葱服务网站时,Tor 浏览器会在地址栏左侧以一个绿色的洋葱图标表示(使用洋葱服务的安全连接)。

Onion icon

并且如果您正在通过 HTTPS 协议访问一个支持洋葱服务的网站,浏览器会显示绿色的洋葱和安全锁的图标。

Green onion with a padlock

只能通过 Tor 访问的网站称作“洋葱服务”,它们以 .onion 结尾。 For example, the DuckDuckGo onion is https://3g2upl4pq6kufc4m.onion. 您可以用 Tor 浏览器访问这些网站。 因为洋葱服务并不能像普通的网站一样被索引,所以必须由网站所有者把洋葱服务的地址分享给你。

其它

Vidalia 已经不再维护和支持。 Vidalia 提供的许多功能已经整合进了 Tor 浏览器中。

不,我们不提供任何在线服务。 A list of all of our software projects can be found on our projects page.

Tor 不会保留能识别用户身份的日志记录。 We do take some safe measurements of how the network functions, which you can check out at Tor Metrics.

我们很抱歉,但这是您被恶意软件感染的现象。 Tor Project 并不是这个恶意软件的作者。不过恶意软件的作者希望你使用 Tor 浏览器来匿名的联系他们来交付赎金。

如果这是你第一次听说 Tor 浏览器,我们知道你可能会认为我们是坏人。

但请考虑我们的软件每天都被人权活动家,记者,国内暴乱幸存者,举报人,执法人员和其他许多人用于各种目的。不幸的是,我们的软件在保护这些人的同时也会被罪犯和恶意软件作者滥用。 Tor Project 没有支持也没有纵容以恶意的方式使用我们的软件。

不推荐将 Tor 和 BitTorrent 一起使用。 For further details, please see our blog post on the subject.

Tor 有不同的资金支持赞助,包括美国中央政府部分机构(译者加:应该是搞笑的,Tor 被列为国家安全局重点监控对象-----因为无法监控),私有募款机构和个人。 Check out a list of all our sponsors and a series of blog posts on our financial reports.

我们认为开诚布公地谈论我们的赞助商和资助模式是与社区保持信任的最佳方式。 我们一直在寻求更多的资金来源,尤其是基金会和个人。

Tor 被设计成通过防止被各种人(甚至是我们)监控和审查来抵御人权和隐私。 我们厌恶用 Tor 做糟糕的事情的人,但是我们并不能在剔除他们的同时,不伤害到人权活动者,记者,虐待后的幸存者们,以及其他用 Tor 做好事的人们。 虽然我们仅需要增加一些软件后门就可以阻止某些人使用 Tor 网络,但是这会导致我们的用户遭更容易受到专制政权和其他组织的攻击。

感谢你的支持! You can find more information about donating on our donor FAQ.

For sharing files over Tor, OnionShare is a good option. OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from you, or upload files to you. It doesn't require setting up a separate server, using a third party file-sharing service, or even logging into an account.

Unlike services like email, Google Drive, DropBox, WeTransfer, or nearly any other way people typically send files to each other, when you use OnionShare you don't give any companies access to the files that you're sharing. So long as you share the unguessable web address in a secure way (like pasting it in an encrypted messaging app), no one but you and the person you're sharing with can access the files.

OnionShare is developed by Micah Lee.

很多出口节点会设置成阻止 BitTorrent 一类的文件共享服务的流量。 BitTorrent in particular is not anonymous over Tor.

目前路径的长度为 3 加上你的路径中敏感路径的数量。 是的,通常是三个,但如果你访问洋葱服务或是“.exit”地址时会增加。

因为会增加网络的负载而且(据我们所知)不会提供任何额外的安全性,所以我们不鼓励使用比默认设置更长的路径长度。 Also, using paths longer than 3 could harm anonymity, first because it makes denial of security attacks easier, and second because it could act as an identifier if only a small number of users have the same path length as you.

抱歉, Tor Project 不提供虚拟主机服务。

Tor 开发者没有追踪 Tor 用户的手段。 Tor 具有避免恶意用户破坏匿名性的保护措施,这些措施也阻止了我们追踪用户。

The community team has developed this glossary of terms about and related to Tor.

A

组件,扩展,或插件

组件,扩展,和插件是可以被添加到网络浏览器的组件以使它们有新的功能。 Tor 浏览器上安装了两个组件: NoScriptHTTPS Everywhere. 你不应该安装额外新的插件到 Tor 浏览器,因为这些插件会影响一些隐私保护功能。

杀毒软件

杀毒软件用于防止,检测和删除恶意软件。 杀毒软件可能会干扰计算机上运行的 Tor。 如果您不知道如何允许 Tor,就可能需要查阅杀毒软件的文档。

app

A web application (web app), is an application that the client runs in a web browser. App 也能表示你在移动端操作系统上安装的软件。

Atlas

Atlas 是一个了解当前运行中的 Tor 中继的 Web 应用。

B

带宽验证

为了确定中继的吞吐量,称为带宽管理器的特殊继电器在共识中周期性测量中继

网桥

如同普通的 Tor 中继,网桥由志愿者经营; 然而,与普通中继不同,它们并未公开列出,因此对手无法轻易识别它们。 Pluggable transports are a type of bridge that helps disguise the fact that you are using Tor.

权威网桥

一种专用中继,用于维护网桥列表。

浏览器指纹

指纹是收集设备或服务的信息来对其身份或特征进行有根据的猜测的方法。 独立的行为或响应可以被用于辨认设备和分析服务。 Tor 浏览器阻止指纹追踪。

浏览历史

浏览器历史记录是使用 Web 浏览器时发出的请求的记录,包括访问过的网站和访问时间等信息。 Tor 浏览器会在您关闭会话后删除您的浏览历史记录。

C

验证码

验证码是一种用于计算的挑战-响应测试,用于确定用户是否是人类。 Tor users are often served captchas because Tor relays make so many requests that sometimes websites have a hard time determining whether or not those requests are coming from humans or bots.

校验和

Checksums are hash values of files. If you have downloaded the software without errors, the given checksum and the checksum of your downloaded file will be identical.

链路

客户端构建的 Tor 网络链路,由随机选择的节点组成。链路以网桥守卫节点开始。大多数链路由三个节点组成——一个守卫节点或网桥,一个中间中继和一个出口。大多数洋葱服务在一个链路中使用6跳(除了 single onion services),并且没有出口节点。您可以在 Tor 浏览器中点击洋葱按钮查看您当前 Tor 链路。

客户

Tor 中,客户端是Tor网络中的一个节点,通常代表一个用户运行,它通过一系列中继路由应用程序连接。

Compass

Compass 是一个可用于了解当前批量运行的Tor中继的 Web 应用程序。

共识

在 Tor 中,单个文档会在每小时被目录管理器编译和投票一次,以保证每个客户端都有构成 Tor 网络中继的相同信息。

HTTP cookie(也称为 web cookie、Internet cookie、浏览器 cookie 或简称 cookie)是用户在浏览网页时,由用户的 Web 浏览器发送到用户的计算机上并存储在计算机上的一小段数据。Tor 浏览器不存储 cookie。

跨站脚本(XSS)

跨站脚本(XSS)允许攻击者在不应有向网站添加恶意功能或行为的能力时向网站添加这些功能或行为。

密码学签名

密码学签名证明消息或文件的真实性。它是由公钥密码学中密钥对的私有部分的持有者创建的,可以由相应的公钥进行验证。如果你从 torproject.org 下载软件,你会发现它是一个签名文件(.asc)。这些是 PGP 签名,从而您可以验证您下载的文件正是我们希望您获得的文件。有关如何验证签名的更多信息,请参见这里

D

daemon

后台进程是相对于在用户的直接控制之下,作为背景运行的计算机程序。

目录管理器

一个有特殊用途的中继,它维护当前运行的中继的列表,并定期与其他目录管理器一起发布一个共识

E

加密

将一段数据打乱成只能被目标接收者读取的密码的过程。Tor 在 Tor 链路中使用三层加密;每个中继在将请求传递到下一个中继之前解密一个层。

端到端加密

从起始到终点加密传输数据叫做端到端加密。

退出

Tor 链路中最后一个中继会发送流量 到公共互联网。你连接的服务(网站、聊天服务器、电子邮件提供商等等…)会看到出口的 IP 地址

ExoneraTor

The ExoneraTor service maintains a database of relay IP addresses that have been part of the Tor network. It answers the question of whether there was a Tor relay running on a given IP address on a given date. This service is often useful when dealing with law enforcement.

F

Firefox

Mozilla Firefox 是一个由 Mozilla 基金会及其子公司 Mozilla 公司开发的免费且开源的 浏览器Tor 浏览器 是基于 Firefox ESR(扩展支持版本)的修改版本构建的。 Firefox 可使用于 Windows、macOS 和 Linux 操作系统,同时其手机版)(fennec)可适用于 Android。

防火墙

A firewall is a network security system that monitors and controls incoming and outgoing network traffic. This traffic filter is based on predetermined rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network but it can also be used as a content filter in the sense of censorship. Sometimes people have trouble connecting to Tor because their firewall blocks Tor connections. You can reconfigure or disable your firewall and restart Tor to test this.

Flash 播放器

Flash Player is a browser plugin for Internet applications to watch audio and video content. You should never enable Flash to run in Tor Browser as it is unsafe. Many services that use Flash also offer an HTML5 alternative, which should work in the Tor Browser.

fte

FTE(变形加密)是一个将 Tor 流量混淆为普通网络(HTTP)流量的可插拔传输。

G

GetTor

这是一种自动接收消息(电子邮件、XMPP、推特)并响应存储在多地如 Dropbox、Google Drive 和 Github 的 Tor 浏览器最新版本链接的服务。

GSoC

Tor 项目参与了 Google 编程之夏,这是一个针对大学生的暑期编程活动。

守卫

Tor 链路的第一个中继,除非使用网桥。当使用网桥时,网桥取代了守卫。

H

哈希值

加密哈希值是将数据映射到固定大小的位串的数学算法的结果。 它被设计为单向函数,这意味着值很容易在一个方向上计算,但不可能反转。 哈希值用于验证数据的完整性。

隐身服务

"onion services"的曾用名,有时仍在 Tor 里被使用。

Tor项目中,一“跳”表示流量链路中继 之间移动。

HTTP

超文本传输协议(HTTP)是用于在网络上的设备之间发送文件和数据的通道。 最初仅用于传输网页,现在它可以提供多种形式的数据和通信。

HTTPS

安全超文本传输协议 (Hypertext Transfer Protocol Secure, HTTPS) 是用于在网络中的设备之间传输文件和数据的 HTTP 通道的加密版本。

HTTPS Everywhere

HTTPS Everywhere 是一个 Firefox,Chrome 和 Opera的拓展 ,它将默认通过 HTTPS 访问那些搭建了 HTTPS 服务但没有将其设置为默认的网站。 HTTPS Everywhere 已经内置于 Tor 浏览器 中。

I

网络服务提供商(ISP)

一个互联网服务提供商(ISP)是一个提供接入与使用互联网服务的组织。当使用 Tor 浏览器时,你的 ISP 无法看见你正在访问什么网站。

IP 地址

互联网协议地址(IP 地址)是一个数字标签(在 IPv6 的情况下是字母-数字组合标签),分配给每一个连接到计算机网络并通过网络协议通讯的设备(例如:电脑、打印机)。 IP地址是设备的网络位置的地址,就像是一个物理位置的地址一样。 Tor 浏览器 通过让您的流量看上去来自一个不属于你的IP地址来模糊你的地址。

J

JavaScript

JavaScript 是一种编程语言,网站用它来提供视频、动画、音频和状态时间轴等交互元素。遗憾的是,JavaScript 还可以对 Web 浏览器的安全性进行攻击,这可能导致去匿名化。 Tor Browser 中的 NoScript 拓展可用于管理不同网站上的 JavaScript。

K

L

little-t tor

"little-t tor" 是指代 tor 网络后台进程的一种叫法,而不是 Tor 浏览器或 Tor 项目。

M

meek

这些可插拔传输使得它看起来像是在浏览一个主要网站,而不是使用 Tor。Meek-amazon 使您看起来像使用亚马逊网络服务;meek-azure 让你看起来像是在使用微软网站;meek-google 让你看起来像是在使用谷歌搜索。

中段中继

Tor链路 的中间位置。非出口的中继可以用作不同用户的"中转"或“守卫节点”。

N

新身份

新标识是 Tor 浏览器 的功能,让你可以防止后续的浏览器活动与之前的操作相关联。 选择该选项将关闭所有已经打开的浏览器标签页与窗口,清除所有个人信息,例如cookiesbrowsing history,并且对于所有连接使用新的Tor circuits。 Tor 浏览器会警告你所有活动与下载将被停止,所以在点击“新身份”前请考虑这一点。 新的身份也可以帮助判断 Tor 浏览器是否会在连接一个特定网站时出现问题,类似于"为此站点生成新的 Tor 链路"。

为此站点使用新 Tor 线路

如果您使用的出口无法连接到您需要的网站,或者未正确加载,则此选项很有用。选中它将导致当前激活的选项卡或窗口通过新的 Tor 链路重新加载。 来自同一网站的其他打开的标签和窗口也将在重新加载后使用新链路。 此选项不会清除任何私人信息或取消您的活动链接,也不会影响您与其他网站的当前连接。

网络审查

有时直接进入 Tor 网络 的访问会被您的 互联网服务提供商(ISP) 或者政府所组织。Tor 浏览器包含了一些规避工具来绕过这些阻碍,包括网桥, 可插拔传输, and GetTor

NoScript

Tor 浏览器 包含一个叫 NoScript 的扩展,可通过窗口左上角的 “S” 图标访问。允许你控制运行于单个网页中的 JavaScript,或者完全阻止运行 JavaScript。

nyx

匿名的中继监视器(从前是arm, 现在是nyx)是一个 Tor在 命令行使用的终端状态监视器。这是一个在系统中监视核心 Tor 进程的工具,对中继操作员常常很有用。

O

obfs3

Obfs3 是一种能够让 Tor通信看上去像是随机噪声的可插拔式传输方式。因此它并不像 Tor 或者其他协议,Obfs3 网桥会在大多数地区工作。

obfs4

Obfs4 是一个像 obfs3 一样使 Tor流量看起来随机的可插拔传输,而且可以通过互联网扫描寻找网桥来防止审查。

Onion地址

A standardized internet domain name used by onion services that end in .onion and is designed to be self-authenticating.

OONI

OONI stands for "Open Observatory of Network Interference", it is a global observation network for detecting censorship, surveillance and traffic manipulation on the internet.

Onion Browser

一个开源、使用 Tor 路由、并由工作和Tor项目密切相关的一些人开发的 iOS 应用。 了解更多关于 Onion Browser

洋葱服务

洋葱服务(以前称为“隐藏服务”)是只能通过 Tor 网络 访问的(类似于网站的)服务。 洋葱网提供的服务比非私有网络上的普通服务更有优势,包括:

Onionoo

Onionoo 是一个基于 Web 的协议,用于了解当前运行的 Tor 中继网桥。Onionoo 为其他应用程序和网站(compass,atlas等)提供数据,这些数据向人类提供 Tor 网络状态信息。

洋葱站点

洋葱站点是洋葱服务的另一个名字,但是只用于称呼网站。 这些网站使用 .onion 顶级域名(TLD)。

onionspace

一组可用的洋葱服务。例如,你可以说“我的网站在onionspace上”而不是“我的网站在暗网上”。

操作系统(OS)

主要系统软件,负责管理计算机硬件和软件资源,并为计算机程序提供通用服务。 最常用的桌面操作系统是 Windows、macOS 和 Linux。Android 和 iOS 是主流的移动操作系统。

Orbot

Orbot is a free app from The Guardian Project that empowers other apps on your device to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and hide it by bouncing through a series of computers around the world.

Orfox

Orfox不再被维护与支持。

如果需要在安卓设备上使用 Tor 访问网络,请使用受 Tor Project 开发、支持的 Tor Browser for Android 应用

P

可插拔传输

Tor可以用于伪装它发出的流量的工具。 这在互联网服务提供商(ISP)或其他机构正在主动封锁与Tor 网络的连接的情况下非常有用。

私钥

公钥/私钥对的私有部分。 这是必须保持私有,且不能被公布给他人的密钥。

代理

代理是介于客户端(例如浏览器)和服务端(例如网页服务器)之间的中间人。 客户端不是直接连接到服务,而是将信息发送到代理。 代理代表客户端发出请求,并将响应传递返回客户端。 该服务仅与代理通信,且只能看见代理。

公钥

公钥/私钥对的公有部分。 这是一个可以被传递给他人的密钥。

公开密钥加密算法

公钥加密系统使用成对的数学密钥。 公钥public key会被广泛地传递,而它所属的私钥private key仅被这对密钥的所属者所知晓。 任何人都可以使用接收者的公钥加密信息,但只有拥有私钥的接收者才能解密信息。 Additionally, the private key can be used to create a signature to prove the identity of the creator of a message or other files. 可以通过公钥验证此签名。

Q

R

中继

Tor网络中公开列出的节点代表客户端转发流量,并使用目录管理器注册自己。

S

Satori

这是一个Chrome或Chromium浏览器的插件,让你可以从不同来源下载多个安全和隐私程序,包括Tor 浏览器。你可以从Chrome网上应用商店安装Satori。

scramblesuit

Scramblesuit与obfs4很相似,但是有一套不同的网桥

脚本

被网站用于提供动态/交互式内容的元素。

自认证地址

洋葱地址的专用地址格式是自我验证的。该格式自动保证洋葱地址绑定到用于保护与onionsite连接的密钥。 普通的互联网域名要求网站所有者信任并获得认证机构(CA)的批准才能进行此绑定,他们会被CA劫持,并且通常也会受到许多其他方的劫持。

服务器

A device on a network that offers a service, such as file and web page storage, email or chat.

会话

会话是指在网络上通信的两个设备之间的对话。使用Tor 浏览器 表示关闭网络浏览器时会将擦除会话数据。

单一洋葱服务

单一洋葱服务是可以配置为不需要匿名,但希望为连接到的客户提供服务的洋葱服务。单一洋葱服务在链路中仅使用三个跃点,而不是洋葱服务的典型六个跃点。

Stem

Stem是一个Python(编程语言)的核心 Tor控制库。如果您想要用Python控制核心Tor,这就是为您准备的。

Sybil attack

计算机安全中,Sybil攻击是一种在声誉系统中通过创建大量身份,并使用它们在网络中获得不成比例的巨大影响力的攻击。

T

Tails

Tails是一个“实时”操作系统,几乎可以从DVD,USB存储器或SD卡上的任何计算机上启动。 它旨在保护您的隐私和匿名性。 了解更多关于Tails.

The Tor Project

Tor项目可以指代The Tor Project Inc,一个负责维护Tor软件的501(c)3美国非营利组织,或由来自世界各地帮助创建Tor的数千名志愿者组成的Tor项目社区。

第三方跟踪

大多数网站使用大量第三方服务,包括广告和分析跟踪器,它们收集您的IP地址,,Web浏览器操作系统和您的浏览行为本身的数据,所有这些都可以将您的活动链接到不同的网站。 Tor 浏览器阻止了很多这样行为的发生。

Tor / Tor 网络/ Tor 核心

Tor是一个您能运行在您的电脑上,保护您在互联网上安全的程序。 它通过在世界各地的志愿者运行的中继分布式网络中弹跳来保护您:它可以阻止有人通过监视您的互联网连接来了解您访问的网站,并防止您访问的网站得知你的物理位置。 这个志愿者中继集合被称为Tor网络。 有时,与此网络相关联的软件称为核心Tor,有时称为“little-t tor”。 大多数人使用Tor的方式是使用Tor 浏览器,它是一个修复了许多隐私问题的Firefox版本。

Tor 浏览器

Tor 浏览器使用Tor 网络 保护您的隐私和匿名性。 Your internet activity, including the names and addresses of the websites you visit, will be hidden from your Internet Service Provider (ISP) and anyone watching your connection locally. 您使用的网站和服务的运营商以及任何监视它们的人都将看到连接来自 Tor 网络而不是您的真实互联网(IP)地址,并且不知道您是谁,除非您明确标识自己。 此外,Tor 浏览器的设计包括防止网站根据您的浏览器配置而收集“指纹”或识别您。 Tor 浏览器默认不保留任何浏览记录Cookies 仅对单个 会话有效(直到退出Tor 浏览器或请求新的身份为止)。

Tor 启动器

当您第一次运行 Tor 浏览器 时, 您会看到 Tor 启动器的界面。 此处您可以选择直接连上Tor 网络,或者为您的连接配置Tor 浏览器。 In the second case, Tor Launcher will take you through a series of configuration options.

Tor 日志

“Tor log”是一个自动生成的Tor活动列表,可以帮助诊断问题。 当Tor出现问题时,您可能会看到在错误信息中看到选项“将Tor日志复制到剪贴板”。 如果您没有看到此选项并且已打开Tor 浏览器,您可以找到Torbutton(位于浏览器左上角,URL栏的左侧)。 点击Tor button,然后打开Tor网络设置。 您应该会在底部看到一个选项可以将日志复制到剪贴板,然后您可以将其粘贴到文档中以展示给帮助您排除故障的人。

Tor Messenger

Tor Messenger是一个旨在默认安全的跨平台聊天程序,它将所有流量通过Tor发送。 Tor Messenger 已经不再继续开发。 它支持Jabber (XMPP),IRC,Google Talk,Facebook Chat,Twitter,Yahoo及其他;自动启动不留记录(OTR)的即时通讯;拥有多种语言的易用的图形界面。

TorBirdy

这个拓展 配置使Thunderbird通过Tor建立连接。

Torbutton

A button marked by a little gray onion to the right of the URL bar. Its menu offers you "New Identity", "Tor Network Settings..." and "Check for Tor Browser Update..." options.

torrc

Tor的核心配置文件。

Torsocks

Torsocks能够让你通过Tor以一种更安全的方式来使用很多应用。 它确保安全地处理域名解析服务请求,并明确拒绝您正在使用的应用程序中除TCP以外的任何流量

Tor2Web

Tor2web 是一个让用户不使用 Tor 浏览器 访问洋葱服务的项目。 注意:这不如通过Tor 浏览器连接到洋葱服务那样安全,并将移除所有客户端原有,依赖于Tor的保护。

TPI

TPI是The Tor Project, Inc的首字母缩写。

tpo

IRC上的人在写主机名时经常使用tpo来表示torproject.org的缩写。 例如,trac.tpotrac.torproject.org的缩写。

流量

流量是被客户端服务器发送和接收的数据。

U

V

W

Web 浏览器

Web 浏览器(通常称为浏览器)是用于在万维网上检索,呈现和遍历信息资源的软件应用程序。 主流 Web 浏览器包括 Firefox、Chrome、Internet Explorer 和 Safari。

网站镜像

A website mirror is a one-to-one copy of a website that you can find under other web addresses. 最近可用的 torproject.org 镜像列表可以在 https://www.torproject.org/getinvolved/mirrors.html.en 中找到。

X

Y

Z

Tor 依靠全球用户和志愿者的支持来帮助我们改进我们的软件和资源,因此您的反馈对我们(以及所有 Tor 用户)都非常有价值。

反馈模板

给我们发送反馈或者报告程序问题时,请尽量包含以下信息,越多越好:

  • 您正在使用的操作系统
  • Tor 浏览器版本
  • Step by step of how you got to the issue, so we can reproduce it (e.g. I opened the browser, typed a url, clicked on (i) icon, then my browser crashed)
  • 一张有关该问题的截屏。
  • 日志文件

如何与我们联系

There are several ways to reach us, so please use what works best for you.

Trac

You can file a ticket at https://trac.torproject.org. We track all Tor Browser 9 related issues with the tbb-9.0-issues keyword. Tickets related to our website should be added with the component "Webpages/Website."

电子邮件

Send us an email to frontdesk@torproject.org

In the subject line of your email, please tell us what you're reporting. The more objective your subject line is (e.g. "Connection failure", "feedback on website", "feedback on Tor Browser, "I need a bridge"), the easier it will be for us to understand and follow up. Sometimes when we receive emails without subject lines, they're marked as spam and we don't see them.

For the fastest response, please write in English, Spanish, and/or Portuguese if you can. If none of these languages works for you, please write on any language you feel comfortable with, but keep in mind it will take us a bit longer to answer as we will need help with translation to understand it.

博客文章评论

You can always leave comments on the blog post related to the issue or feedback you want to report. If there is not a blog post related to your issue, please contact us another way.

IRC

You can find us in the #tor channel on OFTC to give us feedback or report bugs/issues. We may not respond right away, but we do check the backlog and will get back to you when we can.

了解如何连接到 OFTC 服务器.

邮件列表

For reporting issues or feedback using email lists, we recommend that you do on the one that is related to what you would like to report.

For feedback or issues related to Tor Browser, Tor network or other projects developed by Tor: tor-talk

For feedback or issues related to our websites: ux

For feedback or issues related to running a Tor relay: tor-relays

For feedback on content related to Tor Browser Manual or Support website: tor-community-team

Report a security issue

If you've found a security issue in one of our projects or in our infrastructure, please email tor-security@lists.torproject.org. If you've found a security bug in Tor or Tor Browser, feel free to submit it for our bug bounty program. If you want to encrypt your mail, you can get the GPG public key for the list by contacting tor-security-sendkey@lists.torproject.org or from pool.sks-keyservers.net. Here is the fingerprint:

  gpg --fingerprint tor-security@lists.torproject.org
  pub 4096R/1A7BF184 2017-03-13
  Key fingerprint = 8B90 4624 C5A2 8654 E453 9BC2 E135 A8B4 1A7B F184
  uid tor-security@lists.torproject.org
  uid tor-security@lists.torproject.org
  uid tor-security@lists.torproject.org
  sub 4096R/C00942E4 2017-03-13

保持联系

The #tor-project channel is where Tor people discuss and coordinate daily Tor work. It has fewer members than #tor and is more focused on the work at hand. You are also welcome to join this channel. To access #tor-project, your nickname (nick) must be registered and verified.

Here's how to reach #tor-project and other registered channels.

注册您的昵称

  1. Log onto #tor. See How can I chat with Tor Project teams?

  2. Then, click on the word "Status" at the top left of the screen.

  3. In the window at the bottom of the page, type: /msg nickserv REGISTER yournewpassowrd youremailaddress

  4. 点击确定。

If all goes well, you will receive a message that you are registered.

The system may register you as your nick_ instead of your nick.

If so, just go with it but remember you are user_ and not user.

Every time you log on to IRC, to identify your registered nick, type:

/nick yournick

/msg nickserv IDENTIFY YourPassWord

如何验证您的昵称

Then, to complete the registration and ultimately gain access to the #tor-project channel, your nickname must be verified.

  1. To verify your nick, open a new browser window and go to https://services.oftc.net/login.

  2. 使用您的IRC昵称和密码来登入。

  3. Look for the word verify and log in there. It may appear that nothing has happened. Look at the top of the page, and there will be a column called Account.

  4. 点击账户

  5. Click on the small sentence at the bottom of the square that says: Verify account.

  6. 填入弹出的CAPTCHA验证,然后点击确定。

  7. A tiny message will appear: "Your NickServ account has been verified."

  8. Go back to the IRC webpage where you are logged in and type:

    /msg nickserv checkverify

  9. 点击确定。

  10. 如果一切顺利,您将会收到一条消息,写着:

*!NickServ*checkverify

Usermodechange: +R

!NickServ- Successfully set +R on your nick.
`

您的昵称验证成功!

现在,加入 #tor-project,您可以直接键入:

/join #tor-project 并点击确定。

您将会被允许进入频道。如果成功的话,祝贺您!

然而,如果您在某一步中遇到了问题,您可以在#tor channel中寻求帮助。

You can toggle back and forth between channels by clicking on the different channel names at the top left of the IRC window.

Here is how you can get onto IRC and start to chat with Tor contributors in real time:

  1. 进入OFTC网页聊天。

  2. 在空白处填入:

    NICKNAME: Anything you want, but choose the same nickname (nick) every time you use IRC to talk to people on Tor. If your nick is already being used, you will get a message from the system and you should choose another nick.

    频道: #tor

  3. 点击确定

祝贺!您正在使用IRC。

After a few seconds, you will automatically enter #tor, which is a chatroom with Tor developers, relay operators and other community members. There are some random people in #tor as well.

You can ask questions in the empty bar at the bottom of the screen. Please, don't ask to ask, just ask your question.

People may be able to answer right away, or there may be a bit of a delay (some people are listed on the channel but are away from their keyboards and record channel activities to read later).

If you want to chat with someone specific, start your comment with their nick and they will typically receive a notification that someone is trying to contact them.

您也应该考虑使用IRC客户端。

Debian 资料库

是的,“deb.torproject.org” 也通过一个隐藏服务提供服务: http://sdscoq7snqtznauu.onion/

如需通过 Tor 使用apt,需要安装 apt 运载工具。

   # apt install apt-transport-tor

Then replace the address in the lines added before with, for example:

   # 对于稳定版本。
   deb tor://sdscoq7snqtznauu.onion/torproject.org <DISTRIBUTION> main

   # 对于不稳定版本。
   deb tor://sdscoq7snqtznauu.onion/torproject.org tor-nightly-master-<DISTRIBUTION> main

Replace <DISTRIBUTION> with your Operating System codename. Run lsb_release -c or cat /etc/debian_version to discover.

现在刷新您的资源并且尝试是否能够安装tor:

   # apt update
   # apt install tor

不. 不要使用Ubuntu universe提供的软件包! In the past they have not reliably been updated. That means you could be missing stability and security fixes. Please, use Tor Debian repository.

The Tor Project maintains its own Debian package repository. Since Debian provides the LTS version of Tor that this might not always give you the latest stable Tor version, it's recommended to install tor from our repository.

如果您需要在您的基于 Debian 的系统中添加 Tor 软件包仓库,请遵循以下指示:

1. 安装 apt-transport-https

To enable all package managers using the libapt-pkg library to access metadata and packages available in sources accessible over https (Hypertext Transfer Protocol Secure).

   # apt install apt-transport-https

2. 将以下条目加到 "/etc/apt/sources.list" 后,或者 “/etc/apt/sources.list.d/” 中的一个新文件中。

   deb https://deb.torproject.org/torproject.org <DISTRIBUTION> main
   deb-src https://deb.torproject.org/torproject.org <DISTRIBUTION> main

如果您想尝试实验性版本:

   deb https://deb.torproject.org/torproject.org tor-experimental-0.3.4.x-<DISTRIBUTION> main
   deb-src https://deb.torproject.org/torproject.org tor-experimental-0.3.4.x-<DISTRIBUTION> main

或是每晚构建:

   deb https://deb.torproject.org/torproject.org tor-nightly-master-<DISTRIBUTION> main
   deb-src https://deb.torproject.org/torproject.org tor-nightly-master-<DISTRIBUTION> main

Replace <DISTRIBUTION> with your Operating System codename. Run lsb_release -c or cat /etc/debian_version to discover.

3. 然后,在命令窗口中运行下面的命令来添加用于签名软件包的 gpg 公钥:

   # curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
   # gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

4. 安装 tor 和 tor debian 密钥串

我们提供一个 Debian 软件包,以帮助您保持我们的密钥为最新状态。推荐您使用这个软件包。用下列命令安装它:

   # apt update
   # apt install tor deb.torproject.org-keyring