常见问题

通常来说完美的匿名性是不可能的,即使使用了Tor。 Though there are some things you can practice to improve your anonymity while using Tor and offline.

Use Tor Browser and software specifically configured for Tor

Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects applications that are properly configured to send their Internet traffic through Tor.

网页浏览:

文件浏览:

控制您通过网络表单提供的信息

当你使用Tor 浏览器浏览网站时,他们不知道你是谁或你的真实位置。 Unfortunately many sites ask for more personal information than they need through web forms. If you sign in to that website, they still don't know your location but they know who you are. Further, if you provide: name, email, address, phone number, or any other personal information, you are no longer anonymous to that website. The best defense is to be vigilant and extremely cautious when filling out web forms.

不要在 Tor 上 torrent

Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that's how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

不要允许或安装浏览器插件

Tor 浏览器会屏蔽 Flash、RealPlayer、Quicktime 等浏览器插件,因为它们可以被操纵来暴露你的 IP 地址。 Similarly, we do not recommend installing additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy.

使用https版的网页

Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends on that website. To help ensure private encryption to websites, Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a padlock or onion icon in the address bar, include https:// in the URL, and display the proper expected name for the website. Also see EFF's interactive graphic explaining how Tor and HTTPS relate.

在线时不要打开通过 Tor 下载的文档

Tor Browser will warn you before automatically opening documents that are handled by external applications. 不要忽略此警告。 You should be very careful when downloading documents via Tor (especially DOC and PDF files, unless you use the PDF viewer that's built into Tor Browser) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. 这将显示您的非 Tor IP 地址。 If you must work with files downloaded via Tor, we strongly recommend either using a disconnected computer, or using dangerzone to create safe PDF files that you can open. Under no circumstances is it safe to use BitTorrent and Tor together, however.

Use bridges and/or find company

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a bridge rather than connecting directly to the Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. 说服其他人也使用 Tor!

聪明一点,学习更多。 了解 Tor 做什么和不能提供什么。 This list of pitfalls isn't complete, and we need your help identifying and documenting all the issues.

Sure! We have a list of organizations that run Tor relays that are happy to turn your donations into better speed and anonymity for the Tor network.

These organizations are not the same as The Tor Project, Inc, but we consider that a good thing. 他们被一些同样来自 Tor 大家庭的优秀人才运营着。

Note that there can be a tradeoff here between anonymity and performance. The Tor network's anonymity comes in part from diversity, so if you are in a position to run your own relay, you will be improving Tor's anonymity more than by donating. At the same time though, economies of scale for bandwidth mean that combining many small donations into several larger relays is more efficient at improving network performance. Improving anonymity and improving performance are both worthwhile goals, so however you can help is great!

通常情况下,除非你知道如何把 VPN 和 Tor 在不侵犯你的隐私的情况下一起配置,我们不建议将这两者配合使用。

您可以在我们的 Wiki 上找到更多有关 Tor 与 VPN 一起使用时的信息。

Tor 浏览器目前在Windows, LinuxmacOS 上可用。

这里是 Tor 浏览器的安卓版本,The Guardian Project 也提供了 Orbot app,以在您的设备上通过 Tor 的网络路由其他应用。

Tor 还没有官方的 iOS 版本,但是我们推荐Onion Browser

强烈建议不要在 Tor 浏览器上安装新的附加组件,因为这可能会损害你的隐私和安全。

安装新的拓展可能会意外影响 Tor 浏览器,并使得您的 Tor 浏览器的浏览器指纹变得独一无二。 如果您的 Tor 浏览器副本拥有独特标记,您的浏览活动可以被反匿名并被追踪,即使您正在使用 Tor 浏览器。

简单来说,所有浏览器的设置与特性都会创造一个叫“浏览器指纹”的东西。 大多数浏览器不经意间为每一个用户创建独一无二的浏览器指纹,那可以被用来在全网追踪该用户。 Tor 浏览器经过专门设计,使其用户之间的指纹几乎相同(我们并不完美!)。 这意味着每一个 Tor 浏览器用户看起来都跟其他 Tor 浏览器用户一样,使得追踪一个单独的用户变得困难。

新的插件也有可能增加Tor 浏览器遭到攻击的几率。 这可能会允许敏感信息被泄露或允许攻击者感染 Tor 浏览器。 插件本身可能就被恶意设计用于监控您。

Tor 浏览器已经预先安装了两个拓展插件——HTTPS EverywhereNoScript——并且安装其他插件可能使您失去匿名状态。

想要了解更多关于浏览痕迹的信息?在 Tor 的博客里有一篇文章介绍了有关它的全部信息。

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

Tor 浏览器防止人们获知您访问过的网站。 有些机构,例如您的互联网服务提供商,也许会知道您正在使用 Tor 。不过他们将不会知晓您正在使用 Tor 做些什么。

关于 Tor

Internet communication is based on a store-and-forward model that can be understood in analogy to postal mail: Data is transmitted in blocks called IP datagrams or packets. Every packet includes a source IP address (of the sender) and a destination IP address (of the receiver), just as ordinary letters contain postal addresses of sender and receiver. The way from sender to receiver involves multiple hops of routers, where each router inspects the destination IP address and forwards the packet closer to its destination. Thus, every router between sender and receiver learns that the sender is communicating with the receiver. In particular, your local ISP is in the position to build a complete profile of your Internet usage. In addition, every server in the Internet that can see any of the packets can profile your behavior.

The aim of Tor is to improve your privacy by sending your traffic through a series of proxies. Your communication is encrypted in multiple layers and routed via multiple hops through the Tor network to the final receiver. More details on this process can be found in this visualization. Note that all your local ISP can observe now is that you are communicating with Tor nodes. Similarly, servers in the Internet just see that they are being contacted by Tor nodes.

Generally speaking, Tor aims to solve three privacy problems:

First, Tor prevents websites and other services from learning your location, which they can use to build databases about your habits and interests. With Tor, your Internet connections don't give you away by default -- now you can have the ability to choose, for each connection, how much information to reveal.

Second, Tor prevents people watching your traffic locally (such as your ISP or someone with access to your home wifi or router) from learning what information you're fetching and where you're fetching it from. It also stops them from deciding what you're allowed to learn and publish -- if you can get to any part of the Tor network, you can reach any site on the Internet.

Third, Tor routes your connection through more than one Tor relay so no single relay can learn what you're up to. Because these relays are run by different individuals or organizations, distributing trust provides more security than the old one hop proxy approach.

Note, however, that there are situations where Tor fails to solve these privacy problems entirely: see the entry below on remaining attacks.

As mentioned above, it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model.

In a more limited sense, note that if a censor or law enforcement agency has the ability to obtain specific observation of parts of the network, it is possible for them to verify a suspicion that you talk regularly to your friend by observing traffic at both ends and correlating the timing of only that traffic. Again, this is only useful to verify that parties already suspected of communicating with one another are doing so. In most countries, the suspicion required to obtain a warrant already carries more weight than timing correlation would provide.

Furthermore, since Tor reuses circuits for multiple TCP connections, it is possible to associate non anonymous and anonymous traffic at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications.

“Tor” 这一名称可用于多个不同的组件。

Tor 是一个您能运行在您的电脑上,保护您在互联网上安全的程序。 它会将您的通信在一个由多个中继站组成的分散网络内不断传递,这些中继站被来自世界各地的志愿者们运营,并以此来保护您:这阻止了某些人通过您访问了哪些网址来得知您的网络链接,也防止了您访问的网站获取您的地理位置。 这些由志愿者搭建的中继被成为 Tor 网络。

大多数人通过 Tor 浏览器使用 Tor。Tor 浏览器基于火狐浏览器开发,并修复了许多隐私问题。 您可以在我们的关于页面了解更多信息。

Tor 项目是一个非盈利性(慈善)组织,它维护和开发 Tor 软件。

Tor 的全称是洋葱路由网络。 当我们在2001-2002年开始新的下一代洋葱路由的设计与实践时,我们会告诉人们我们正在搭建洋葱路由,然后他们会说“酷!哪一个洋葱路由?” 即使洋葱路由已经成为了一个标准的家庭条款,Tor 诞生于实际的由 Naval 研究实验室运行的洋葱路由项目之外。

(它还有优秀的德语和土耳其语翻译版本。)

注意:尽管它原本来源于一个缩写,Tor 不能被拼写成“TOR”。 只有首字母时大写的。 实际上,我们常常会发现一些没有读过我们网站的人(而是从新闻报道中了解了他们对 Tor 的一切知识)正在使用我们的服务,因为他们将其拼写错误。

不,它不会。 你需要使用另一个程序去理解你的应用和协议并且了解如何清除或者"擦除"它发送的数据。 Tor 浏览器尽力确保应用层数据,例如用户代理的字符串,对于所有用户都是一致的。 但是,Tor 浏览器无法对您输入到表单中的文本做任何更改。

一个传统的代理提供商会在互联网的某处搭建一台服务器并允许您使用它来中继您的流量。 这构建一个简单的,容易维护的架构。 所有用户都通过同一台服务器来通讯。 提供者可以对代理的使用进行收费,或者通过服务器上的广告来支付其成本。 通过最简单的配置,您不需要安装任何东西。 您只需要将您的浏览器指向他们的代理服务器。 如果您不希望在线保护自己的隐私和匿名性,并且您相信提供者不会做坏事,那么简单的代理提供者就是很好的解决方案。 一些简单的代理提供程序使用SSL来保护您与它们之间的连接,从而保护您免受本地窃听者的侵害,例如在带有免费wifi上网的咖啡馆中。

简易的代理服务商也可能会造成单点故障。 供应商知道您是谁,也知道您在互联网上正浏览什么。 在您的流量经过他们的服务器时,他们可以看见您的流量。 在某些情况下,当他们使你的加密流量依赖于银行网点或者电商商店,他们甚至可以看到你其中的加密流量。 您不得不信任您的供应商不监控您的流量,注入他们自己的广告或者记录您的个人信息。

在您的流量抵达目的地前,Tor将它传递通过至少三台不同服务器。 因为这三层中的每一层都附加了互相独立的加密,监视您的的网络连接的人将无法修改或读取你发送给 Tor 网络的信息。 您的流量在 Tor 客户端(在您的计算机上)与世界其他地方弹出的站点之间进行了加密。

第一台服务器不知道我是谁吗?

有可能。 三台服务器中的第一台服务器里的不良服务器可能会看到来自计算机的加密 Tor 流量。 它仍然不知道您是谁,也不知道您正在使用 Tor 做什么。 它仅仅能看到“这个 IP 地址正在使用 Tor”。 仍然可以保护您免受此节点的影响,因为它既无法确定您的身份,也无法确定您在 Internet 上的去向。

第三台服务器看不见我的流量吗?

有可能。 一个恶意的末端服务器可以看到三分之一的你发送给 Tor 的流量。 它不会知道是谁发送的数据。 如果您正在使用加密(例如 HTTPS 协议),它仅能知道目标地点。 See this visualization of Tor and HTTPS to understand how Tor and HTTPS interact.

可以。

Tor 软件是免费软件。 这意味着我们给予您权力来再次分发 Tor 软件,无论是修改或未修改的版本,无论是收费或免费。 您不需要向我们要特殊许可。

但是,如果您想要分发 Tor 软件,您必须遵守我们的许可。 特别地,这意味着无论您要发行 Tor 软件哪个部分的发行版,您都需要把我们的[许可]文件和这个该发行版放在一起。

然而问我们这个问题的大多数人不仅仅想为 Tor 软件做出贡献。 他们想分发 Tor 浏览器。 这包括火狐拓展支持,NoScript和HTTPS-Everywhere拓展。 你将需要遵守这些程序的许可。 这些分发的火狐拓展都 GNU 基本公共证书,而火狐企业版的发行则必须有火狐公共证书。 遵从他们的许可证的最简单方式就是把源代码包含进这些程序里面,只要你打包了这些软件。

同时,你应该确保不让你的读者对这些问题迷惑:什么是 Tor?是谁做的?它能提供什么功能?(以及不提供什么?) 查看我们的商标常见问题来获取详细信息。

还有很多其他应用程序能与 Tor 搭配使用,但我们还没能彻底地研究这些应用的应用层面匿名性问题,因此我们无法推荐一个较为安全的配置方法。 我们的 Wiki 包含社区维护的 Torify 特定应用程序说明列表。 请补充这个名单,帮助我们保持它的准确性!

很多人使用Tor 浏览器,因为使用Tor来浏览网页能够保证一切安全。 Using Tor with other browsers is dangerous and not recommended.

Tor 中完全没有后门。

我们知道一些聪明的律师,他们说在我们的司法权生效的地方(美国),不太可能有人让我们添加后门。 如果他们的确让我们这样做,我们会和他们抗争,(律师说)我们可能会赢。

我们永远不会在 Tor 中植入后门。 我们认为,在 Tor 中使用后门程序对我们的用户将是极为不负责任的,对于一般的安全软件而言,这是一个不好的先例。 如果我们故意在我们的安全软件中设置了后门程序,那会使我们的专业名誉受损。 没有人会有充分的理由再次信任我们的软件。

但是,尽管如此,人们仍然可以尝试进行攻击。 可能有人冒充我们,或破解我们的计算机,或类似的事情。 Tor 是开源项目,您应当总是检查源代码(或至少此版本和上个发行版的源代码之间的差异),以确认没有可疑的迹象。 如果我们(或者 Tor 的经销商)拒绝向您提供源代码的获取方式,那么这其中肯定有蹊跷。 You should also check the PGP signatures on the releases, to make sure nobody messed with the distribution sites.

同时,Tor 中也可能会有意外性漏洞并影响您的匿名性。 我们定期发现并修复匿名性相关的漏洞,所以请确保您的 Tor 是最新版本。

Tor (like all current practical low-latency anonymity designs) fails when the attacker can see both ends of the communications channel. For example, suppose the attacker controls or watches the Tor relay you choose to enter the network, and also controls or watches the website you visit. In this case, the research community knows no practical low-latency design that can reliably stop the attacker from correlating volume and timing information on the two sides.

So, what should we do? Suppose the attacker controls, or can observe, C relays. Suppose there are N relays total. If you select new entry and exit relays each time you use the network, the attacker will be able to correlate all traffic you send with probability around (c/n)2. But profiling is, for most users, as bad as being traced all the time: they want to do something often without an attacker noticing, and the attacker noticing once is as bad as the attacker noticing more often. Thus, choosing many random entries and exits gives the user no chance of escaping profiling by this kind of attacker.

The solution is "entry guards": each Tor client selects a few relays at random to use as entry points, and uses only those relays for their first hop. If those relays are not controlled or observed, the attacker can't win, ever, and the user is secure. If those relays are observed or controlled by the attacker, the attacker sees a larger fraction of the user's traffic - but still the user is no more profiled than before. Thus, the user has some chance (on the order of (n-c)/n) of avoiding profiling, whereas they had none before.

You can read more at An Analysis of the Degradation of Anonymous Protocols, Defending Anonymous Communication Against Passive Logging Attacks, and especially Locating Hidden Servers.

Restricting your entry nodes may also help against attackers who want to run a few Tor nodes and easily enumerate all of the Tor user IP addresses. (Even though they can't learn what destinations the users are talking to, they still might be able to do bad things with just a list of users.) However, that feature won't really become useful until we move to a "directory guard" design as well.

Tor uses a variety of different keys, with three goals in mind: 1) encryption to ensure privacy of data within the Tor network, 2) authentication so clients know they're talking to the relays they meant to talk to, and 3) signatures to make sure all clients know the same set of relays.

Encryption: first, all connections in Tor use TLS link encryption, so observers can't look inside to see which circuit a given cell is intended for. Further, the Tor client establishes an ephemeral encryption key with each relay in the circuit; these extra layers of encryption mean that only the exit relay can read the cells. Both sides discard the circuit key when the circuit ends, so logging traffic and then breaking into the relay to discover the key won't work.

Authentication: Every Tor relay has a public decryption key called the "onion key". Each relay rotates its onion key once a week. When the Tor client establishes circuits, at each step it demands that the Tor relay prove knowledge of its onion key. That way the first node in the path can't just spoof the rest of the path. Because the Tor client chooses the path, it can make sure to get Tor's "distributed trust" property: no single relay in the path can know about both the client and what the client is doing.

Coordination: How do clients know what the relays are, and how do they know that they have the right keys for them? Each relay has a long-term public signing key called the "identity key". Each directory authority additionally has a "directory signing key". The directory authorities provide a signed list of all the known relays, and in that list are a set of certificates from each relay (self-signed by their identity key) specifying their keys, locations, exit policies, and so on. So unless the adversary can control a majority of the directory authorities (as of 2021 there are 10 directory authorities), they can't trick the Tor client into using other Tor relays.

How do clients know what the directory authorities are?

The Tor software comes with a built-in list of location and public key for each directory authority. So the only way to trick users into using a fake Tor network is to give them a specially modified version of the software.

How do users know they've got the right software?

When we distribute the source code or a package, we digitally sign it with GNU Privacy Guard. See the instructions on how to check Tor Browser's signature.

In order to be certain that it's really signed by us, you need to have met us in person and gotten a copy of our GPG key fingerprint, or you need to know somebody who has. If you're concerned about an attack on this level, we recommend you get involved with the security community and start meeting people.

Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)

But note that a single TCP stream (e.g. a long IRC connection) will stay on the same circuit forever. We don't rotate individual streams from one circuit to the next. Otherwise, an adversary with a partial view of the network would be given many chances over time to link you to your destination, rather than just one chance.

Tor 浏览器

数字签名是一个确保某个包由其开发人员生成并且未被篡改的过程。 Below we explain why it is important and how to verify that the Tor Browser you download is the one we have created and has not been modified by some attacker.

Each file on our download page is accompanied by a file labelled "signature" with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures. 它们允许你验证你下载的文件正是我们希望你获取的文件。 This will vary by web browser, but generally you can download this file by right-clicking the "signature" link and selecting the "save file as" option.

例如: torbrowser-install-win64-9.0_en-US.exe 是与 torbrowser-install-win64-9.0_en-US.exe.asc一起的。 These are example file names and will not exactly match the file names that you download.

我们现在展示如何在不同的操作系统上验证下载文件的数字签名。 请注意数字签名是标注该包被签名的时间。 因此,每个新文件上传时,都会生成具有不同日期的新签名。 只要您验证了签名,就不必担心报告的日期可能有所不同。

正在安装 GnuPG

首先你需要安装GnuPG才能验证签名。

对于 Windows 的用户:

如果您使用 Windows, 下载 Gpg4win并运行其安装包。

为了验证签名,您需要在 Windows 命令行(“cmd.exe")中输入一些命令。

对于 macOS 的用户:

如果您正在使用 macOS,您可以安装 GPGTools

为了验证签名,您需要在(“应用程序”下的)终端中输入一些命令

对于 GNU/Linux 的用户:

如果你使用 GNU/Linux,那么可能在你的系统中已经安装了 GnuPG,因为大多数 Linux 发行版都预装了它。

为了验证签名,您需要在终端窗口中输入一些命令。如何进行此操作将取决于您的发行版。

正在提取 Tor 开发者密钥

Tor 浏览器团队为 Tor 浏览器发行版签名。 导入Tor 浏览器开发者登录密钥(0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

‪# gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

这会向您展示像这样的内容:

gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2014-12-15 [C] [expires: 2025-07-21]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub   rsa4096 2018-05-26 [S] [expires: 2020-12-19]

If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work. You might be able to import the key using the Workaround (using a public key) section instead.

After importing the key, you can save it to a file (identifying it by its fingerprint here):

gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

This command results in the key being saved to a file found at the path ./tor.keyring, i.e. in the current directory. If ./tor.keyring doesn't exist after running this command, something has gone wrong and you cannot continue until you've figured out why this didn't work.

验证签名

为了验证你下载的包的签名,除了安装文件本身,你还需要下载相应的“.asc”签名文件,并用一个命令让 GnuPG 验证你下载的文件。

下面的例子假设你已经下载了这样的两个文件到你的"下载"文件夹。 Note that these commands use example file names and yours will be different: you will have downloaded a different version than 9.0 and you may not have chosen the English (en-US) version.

对于 Windows 的用户:

gpgv --keyring .\tor.keyring Downloads\torbrowser-install-win64-9.0_en-US.exe.asc Downloads\torbrowser-install-win64-9.0_en-US.exe

对于 macOS 的用户:

gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0-osx64_en-US.dmg.asc ~/Downloads/TorBrowser-9.0-osx64_en-US.dmg

对于 GNU/Linux 的用户(如果您有32位的安装包,请将64转为32)

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz.asc ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz

命令的结果应该与以下输出相似的内容:

gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time
gpgv: using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"

If you get error messages containing 'No such file or directory', either something went wrong with one of the previous steps, or you forgot that these commands use example file names and yours will be a little different.

更多操作(使用公钥)

如果您遇到了无法解决的问题,不妨下载并使用这个公钥来代替。或者,您还可以使用以下指令:

‪# curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

Tor Browser Developers key is also available on keys.openpgp.org and can be downloaded from https://keys.openpgp.org/vks/v1/by-fingerprint/EF6E286DDA85EA2A4BA7DE684E2C6E8793298290. If you're using MacOS or GNU/Linux, the key can also be fetched by running the following command:
$ gpg --keyserver keys.openpgp.org --search-keys torbrowser@torproject.org

你也许会想了解更多关于 GnuPG

你下载或运行的文件会提示你选择一个目标位置。 如果您忘记了它位于哪里,那么最大的可能性它会位于桌面或者下载文件夹。

Windows 安装包中的默认设置也会为您在您的桌面上创建一个快捷方式,但请注意,您可能无意中取消了创建快捷方式的选项。

如果你在文件夹中找不到,请再次下载并注意询问你下载位置的提示。 选择一个你能简单记住的目录,下载完成后你能在选择的目录中看到 Tor 浏览器文件夹。

当新的 Tor 浏览器稳定版本发布时,我们将会写一篇包括新的特性与已知问题的博文。 If you started having issues with your Tor Browser after an update, check out blog.torproject.org for a post on the most recent stable Tor Browser to see if your issue is listed. If your issue is not listed there, please check first Tor Browser's issue tracker and create a GitLab issue about what you're experiencing.

We want everyone to be able to enjoy Tor Browser in their own language. Tor Browser is now available in 36 different languages, and we are working to add more. Want to help us translate? Become a Tor translator!

你还可以安装并试用 Tor 浏览器 Alpha 测试版,来帮助我们测试即将正式发布的新语言版本。

没有,Tor 浏览器是开源且免费的软件。 任何声称是 Tor 浏览器且强迫你付费的浏览器均是假冒。 为确保你下载的是正版Tor 浏览器,请访问我们的 Tor 浏览器下载页面。 After downloading, you can make sure that you have the official version of Tor Browser by verifying the signature. If you are not able to access our website, then visit censorship section to get information about alternate way of downloading Tor Browser.

You can report fake Tor Browsers on frontdesk@torproject.org

Tor 浏览器目前在Windows, LinuxmacOS 上可用。

这里是 Tor 浏览器的安卓版本,The Guardian Project 也提供了 Orbot app,以在您的设备上通过 Tor 的网络路由其他应用。

Tor 还没有官方的 iOS 版本,但是我们推荐Onion Browser

很不幸,我们目前还没有 Chrome OS 版本的 Tor。 你可以在 Chrome 操作系统上运行 Tor 浏览器安卓版本。 请注意:如果您在 Chrome 操作系统上使用 Tor 移动版,那么您只能浏览网站的移动版(而不是桌面版)。 然而,因为我们没有将软件针对 Chrome 操作系统进行修改,我们不能确定是否所有 Tor 浏览器安卓版的隐私保护功能会运行良好。

抱歉,我们没有官方支持 *BSD 系统上的 Tor 浏览器。 There is something called the TorBSD project, but their Tor Browser is not officially supported.

使用 Tor 浏览器有时会比其他浏览器慢。 Tor 的网络每日有超过一百万的用户浏览,但只有6000多个中继站来路由所有的通信,所以服务器有时会因过载造成延迟。此外,根据我们的设计,您的通信是在世界各地的志愿者服务器上不断传输的,所以一些堵塞和网络延迟总是不可避免的会出现。 您可以通过运行您自己的中继或鼓励他人这样做来帮助提高网络速度。 想要获取更多深入的回答,请参阅 Roger 的话题博客文章Tor 的公开研究专题:2018年版关于网络性能的部分。 也就是说, Tor 比以前快的多了,你未必会注意到和其它浏览器相比的速度变化。

它们的名字很具有误导性,但“隐身模式”(或隐私模式)无法让你在互联网上匿名化。 它们在你关闭浏览器后删除你计算机上所有与你的浏览会话相关的信息,但是它们在隐匿你的网络痕迹方面毫无作为。 这表示一个窃听者可以和任何普通浏览器一样获取你的网络通信流量。

Tor 浏览器不仅提供了所有被遗忘的私人标签的特点,同时还隐藏了所有可以被用来观察网络活动轨迹的源 IP、浏览偏好和设备细节,给用户提供了一个真正的全过程隐蔽的私密浏览体验。

想要了解更多有关匿名模式和私人标签的局限性,请查阅 Mozilla 关于私密浏览常见的谣言一文。

There are methods for setting Tor Browser as your default browser, but those methods may not work always or in every operating system. Tor 浏览器做了大量工作使它和你的操作系统的其他部分相互隔离,以及设置为默认浏览器的过程并不可靠。 这意味着一个网站有时会在 Tor 浏览器里加载,有时却会在其他浏览器里加载。这种操作十分危险而且可能暴露您的身份。

我们强烈不推荐把 Tor 和 Tor 浏览器以外的浏览器搭配使用。 在其它浏览器中使用 Tor 可能会使你置于没有 Tor 浏览器提供的隐私保护的风险中。

你当然可以在使用 Tor 浏览器时使用其它的浏览器。 不过你应该清楚其他浏览器不能提供和 Tor 浏览器一样的隐私保护。 不过在切换浏览器时要多加小心,你也许会不小心在普通浏览器里执行要在 Tor 浏览器中执行的操作。

如果您同时使用 Tor 浏览器和其他浏览器,这不会影响 Tor 的安全性和私密性。 但请注意,其他浏览器不能让您的活动保持私密,您可能会错误地使用非私密浏览器来执行您在 Tor 浏览器中的操作。

只有 Tor 浏览器的流量会通过 Tor 网络传输。 你操作系统上的其他程序(包括其他的浏览器)的连接不会使用 Tor 网络,也不会被保护。 需要单独配置来使用 Tor。 如果您想确保所有的通信都通过 Tor 的网络进行,请使用 Tail 实时操作系统。您只要用 USB 或是 DVD 就可以在几乎任意电脑上启动它。

我们不建议运行多个 Tor 浏览器实例,在很多平台中这样做可能会导致运行不正常。

Tor 浏览器使用 Firefox ESR 搭建, 所以属于火狐的问题可能会出现。 请确认你只有一个 Tor 浏览器在运行并且你的 Tor 浏览器安装在一个有正确权限的文件夹里。 如果您的电脑正在运行杀毒软件,请参阅我的杀毒/反恶意软件保护程序正阻止我使用 Tor 浏览器,这通常是导致此类问题的主要原因。

Tor 浏览器是为和 Tor 一起使用而定制的 Firefox 。 Tor 浏览器做了很多工作,例如加入强化隐私和安全的补丁。 虽然你可以同时使用 Tor 浏览器和其他的浏览器,但是同时使用其他浏览器会暴露你的身份信息。我们强烈建议您不要使用其他浏览器。 了解更多有关Tor 浏览器的设计.

Bookmarks in the Tor Browser can be exported, imported, backed up, restored as well as imported from another browser. In order to manage your bookmarks in Tor Browser, go to:

  • Hamburger menu >> Library >> Bookmarks >> Show All Bookmarks (below the menu)
  • From the toolbar on the Library window, click Import and Backup

If you wish to export bookmarks

  • Choose Export Bookmarks to HTML
  • In the Export Bookmarks File window that opens, choose a location to save the file, which is named bookmarks.html by default. The desktop is usually a good spot, but any place that is easy to remember will work.
  • Click the Save button. The Export Bookmarks File window will close.
  • Close the Library window.

Your bookmarks are now successfully exported from Tor Browser. The bookmarks HTML file you saved is now ready to be imported into another web browser.

If you wish to import bookmarks

  • Choose Import Bookmarks from HTML
  • Within the Import Bookmarks File window that opens, navigate to the bookmarks HTML file you are importing and select the file.
  • Click the Open button. The Import Bookmarks File window will close.
  • Close the Library window.

The bookmarks in the selected HTML file will be added to your Tor Browser within the Bookmarks Menu directory.

If you wish to backup

  • 选择备份
  • A new window opens and you have to choose the location to save the file. The file has a .json extension.

If you wish to restore

  • Choose Restore and then select the bookmark file you wish to restore.
  • Click okay to the pop up box that appears and hurray, you just restored your backup bookmark.

Import data from another browser

Bookmarks can be transferred from Firefox to Tor Browser. There are two ways to export and import bookmarks in Firefox: HTML file or JSON file. After exporting the data from the browser, follow the above step to import the bookmark file into your Tor Browser.

Note: Currently, on Tor Browser for Android, there is no good way to export and import bookmarks. Bug #31617

When you have Tor Browser open, you can navigate to the hamburger menu ("≡"), then click on "Preferences", and finally on "Tor" in the side bar. 在此页面的底部,“查看 Tor 日志”字样旁边,点击“查看日志”按钮。 你能看见一个把日志拷贝到剪切板的选项,然后你就可以将其粘贴到文字编辑器或邮件客户端。

Alternatively, on GNU/Linux, to view the logs right in the terminal, navigate to the Tor Browser directory and launch the Tor Browser from the command line by running:

./start-tor-browser.desktop --verbose

or to save the logs to a file (default: tor-browser.log)

./start-tor-browser.desktop --log [file]

默认模式下 Tor 浏览器大致用200px x 100px的倍数来打开一个新的窗口以避免屏幕尺寸留下的指纹。 这里的策略是将所有的用户都放入一个桶中并使得分辨出其中的单独一个变得很困难。 这种方式将一直有效,直到用户重新设定窗口的尺寸(例如最大化窗口或进入全屏模式)。 Tor Browser ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented in 2019. 它通过向浏览器窗口添加白色边缘来使窗口大小尽量与用户需求一样。与此同时,它还可以让所有用户只在几个屏幕尺寸桶量里,防止他们因此被排外。

简单来说,这项技术给予了不同的用户某种特定的屏幕尺寸,许多用户会拥有同样的屏幕大小,从而令用户不会被屏幕尺寸问题所困扰。

letterboxing

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

有些网站因为他们无法分辨出普通 Tor 用户和机器人的区别而屏蔽了 Tor 用户的访问。 我们能让网站解封 Tor 用户的最成功的手段是让用户直接联系网站管理员。 这么做也许能解决你的问题:

“嗨!我正在使用 Tor 浏览器访问 xyz.com ,不过似乎你们并没有允许 Tor 用户访问。 我建议您重新考虑这个决定;Tor 被世界各地的人用来保护隐私和对抗审查。 封锁 Tor 用户意味着也可能封锁了希望在专制国家自由的浏览互联网的用户,希望隐藏自己避免被发现的研究人员、记者、举报人和社会活动家,或只是希望不被第三方跟踪的普通人。 请采取强硬立场支持数字隐私和互联网自由,以及允许 Tor 用户访问 xyz.com,谢谢。”

另外,银行等比较敏感的网站经常进行地区范围的屏蔽(例如如果你平时只在某个特定的国家使用他们的服务,从其他国家进行访问时你的账号可能就会被冻结)。

如果您不能连接到洋葱服务器,请查阅我不能连接到 X.onion 了!

有些网站因为他们无法分辨出普通 Tor 用户和机器人的区别而屏蔽了 Tor 用户的访问。 我们能让网站解封 Tor 用户的最成功的手段是让用户直接联系网站管理员。 这么做也许能解决你的问题:

“嗨!我正在使用 Tor 浏览器访问 xyz.com ,不过似乎你们并没有允许 Tor 用户访问。 我建议您重新考虑这个决定;Tor 被世界各地的人用来保护隐私和对抗审查。 封锁 Tor 用户意味着也可能封锁了希望在专制国家自由的浏览互联网的用户,希望隐藏自己避免被发现的研究人员、记者、举报人和社会活动家,或只是希望不被第三方跟踪的普通人。 请采取强硬立场支持数字隐私和互联网自由,以及允许 Tor 用户访问 xyz.com,谢谢。”

另外,银行等比较敏感的网站经常进行地区范围的屏蔽(例如如果你平时只在某个特定的国家使用他们的服务,从其他国家进行访问时你的账号可能就会被冻结)。

如果您不能连接到洋葱服务器,请查阅我不能连接到 X.onion 了!

Tor 浏览器会让你的网络活动看起来像是来自于世界各个不同地区的网络连接。 有时候某些像是银行或电子邮件服务的网站会认为您的帐号被他人盗用了,因此自动将您的帐号锁定。

要解决此情况的唯一方式是利用网站服务提供的帐号恢复功能,或直接向该网站服务的提供业者说明您的情况。

如果你所使用服务的提供商支持比基于 IP 的验证更安全的双因素认证选项的话,你也许能规避这种场景。 联系你的服务提供商询问它们有没有支持双因素验证。

有时重度依赖 JavaScript 的网站无法在 Tor 浏览器中正确运作, 最简单的解决办法就是点击安全图标 ( 屏幕右上角那个小小的灰色盾牌 ),然后双击 “ 高级安全设置... ”。 把安全等级设置为“标准”。

Most antivirus or malware protection allows the user to "allowlist" certain processes that would otherwise be blocked. Please open your antivirus or malware protection software and look in the settings for a "allowlist" or something similar. 接下来,执行以下步骤:

  • Windows
    • firefox.exe
    • tor.exe
    • obfs4proxy.exe (如果你使用网桥)
    • snowflake-client.exe

*对于 macOS

  • Tor 浏览器
  • tor.real
  • obfs4proxy (如果你使用网桥)
  • snowflake-client

最后,重新启动 Tor 浏览器。 这应该能解决你遇到的问题。 请注意,卡巴斯基之类的防病毒软件可能会在防火墙层面封锁 Tor。

一些杀毒软件在 Tor 浏览器启动时会提示有恶意软件。 If you downloaded Tor Browser from our main website or used GetTor, and verified it, these are false positives and you have nothing to worry about. 一些杀毒程序会将没有被大量用户浏览过的文档认定为可疑文件。 To make sure that the Tor program you download is the one we have created and has not been modified by some attacker, you can verify Tor Browser's signature. You may also want to permit certain processes to prevent antiviruses from blocking access to Tor Browser.

You might be on a network that is blocking the Tor network, and so you should try using bridges. Some bridges are built in to Tor Browser and requires only a few steps to enable it. When you open Tor Browser for the first time, click "Tor Network Settings". Under the "Bridges" section, select the checkbox "Use a bridge", and choose the "Select a built-in bridge" option. From the dropdown, select whichever pluggable transport you'd like to use. Once you've selected the pluggable transport, scroll up and click "Connect" to save your settings.

Or, if you have Tor Browser running, click on "Preferences" (or "Options" on Windows) in the hamburger menu (≡) and then on "Tor" in the sidebar. 在“网桥”界面中,点击“使用网桥”的复选框,并从“选择一个内置网桥”选项中,在下拉菜单里选择任意一个您想要使用的可插拔传输。 当你关闭标签页时你的设定会自动保存。

如果您需要其他的桥接,你可以从桥接网站 上查询。 关于网桥的更多信息请参阅 Tor 浏览器用户手册

造成 Tor 浏览器连接失败的最常见的问题之一是系统时间设置错误。 请确认你的时钟,日期和时区设置正确。 如果这个问题还没有被解决,请查看位于 Tor 浏览器用户手册 的故障排查界面。

有时,当您在 Tor 浏览器上使用 Gmail 时,谷歌会弹出一个提示窗口,提醒您您的账户有可能被盗用了。 这个提示窗口列出了一系列近期在世界范围内被用于登录您的账户的 IP 地址和地点

总的来说,这是一个错误的警报:由于您使用了 Tor 的服务,谷歌会看见多个来自不同地点的登录,所以它希望确认是真正的账号持有者在登录这个账户。

虽然这可能是使用 Tor 的服务带来的意外影响,但这并不意味着您可以彻底忽视这些警告。 这有可能是一个误报,也有可能是真的有人盗取了您的谷歌cookie,从而获取了您的账户。

通过直接操控您的计算机,或者监视您的网络通讯,都可以盗取您的cookie。 理论上来说,只有直接在您的电脑上操作,才有可能使您的系统陷入危险,因为毕竟 Gmail 和类似的服务应该只会通过 SSL 协议来传送cookie。 在现实中,唉,其实要远比这个来的复杂得多

And if somebody did steal your Google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor Browser, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

最近,Gmail 的用户可以在他们的账户上开 两步验证来增添一层安全保障。

这是一个已知的间歇性问题。 这并不意味着Google认为Tor是间谍软件。

当您使用 Tor 的时候,您正和其他数千名用户共同使用着出口中继。Tor 的用户会在当许多人短时间内同时使用谷歌搜索时看见这条提示。当谷歌看见一个 IP 地址(就是您恰好正在使用的这个出口中继)有大量通信流量时,会认为是有人在试图“爬取”他们的网站,于是会把这个 IP 地址的访问速度暂时地放慢。

您可以尝试“更改这个网站使用的链路”来从另一个 IP 地址访问该网站。

另一个可能的解释是,谷歌试图检测某些向它发送异常查询的间谍软件或病毒。它记录那些发出异常询问的 IP 地址(但并没有意识到它们是 Tor 的出口中继),然后对任何来自那些 IP 地址的网络链接发出警告,声称它最近的查询记录是病毒感染的结果。

我们认为,谷歌没有特意地针对 Tor 的使用进行删除或拦截。那些声称计算机被病毒感染的错误信息应该在短时间内会消失。

十分不幸,有些网站要求 Tor 用户填写验证码,我们对此无能为力。 最有效的方法往往是联系网站管理员,告诉他们验证码给像你一样的用户带来的不便。

谷歌用地理定位来确定您现在身处何处,以便给您提供更好的个性化体验。这包括了提供它认为您正在使用的语言,以及根据您的搜索呈现不同的结果。

如果您真的想看英文版的 Google,你可以点击提供此内容的链接。不过我们认为这是 Tor 的一项特性,而不是漏洞——互联网并非处处相同,实际上,根据您所在的位置,它看上去确实有所不同。 此功能使人们想起了这一事实。

Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. The changed link might look like this:

https://encrypted.google.com/search?q=online%20anonymity&hl=en

另一个方法是直接使用您的国家代码来访问谷歌。这可以是google.be,google.de,google.us等等。

使用 Tor 浏览器时,没人能看见你在浏览的网站。 不过你的网络提供商或网络管理员也许可以发现你在使用 Tor,但他们无法知道你浏览的具体网站。

Tor 浏览器防止人们获知您访问过的网站。 有些机构,例如您的互联网服务提供商,也许会知道您正在使用 Tor 。不过他们将不会知晓您正在使用 Tor 做些什么。

DuckDuckGo 是 Tor 浏览器的默认搜索引擎。 DuckDuckGo 既不追踪用户,也不存储用户的任何搜索信息。了解更多关于 DuckDuckGo 隐私政策

Tor 浏览器6.0.6及之后版本使用 DuckDuckGo 作为内置搜索引擎。 我们之前在 Tor 浏览器上使用的 Disconnect 现在暂时没有获取谷歌搜索结果的权限。 因为 Disconnect 更像是一个允许用户在不同搜索引擎间来回切换的元搜索引擎,它转而提供了 Bing 的搜索结果,但 Bing 的搜索结果质量往往并不理想。 DuckDuckGo does not log, collect or share the user's personal information or their search history, and therefore is best positioned to protect your privacy. Most other search engines store your searches along with other information such as the timestamp, your IP address, and your account information if you are logged in.

请查阅 DuckDuckGo 支持门户。 If you believe this is a Tor Browser issue, please report it on our issue tracker.

Tor 浏览器有两种方法改变你的中继线路 —— “新身份”和“为该站点使用新 Tor 线路”。 Both options are located in the hamburger menu ("≡"). You can also access the New Circuit option inside the site information menu in the URL bar, and the New Identity option by clicking the small sparky broom icon at the top-right of the screen.

新身份

这个选项在你不想让你接下来的浏览活动和以前的关联时会很有用。

运行此功能将会关闭所有已经打开的浏览器窗口及标签页,清除所有的浏览器 Cookie 与历史记录等个人信息,并且为后续所有的网络连接创建新的洋葱路由回路。

Tor 浏览器会提示你所有的活动和下载会被终止,在你点击“新身份”时考虑这一点。

Tor 浏览器菜单

New Tor Circuit for this Site

这个选项在出口节点无法访问你请求的网站或显示不正常时会有用。 选择它会在新的 Tor 线路上加载当前标签页。

在其它标签或窗口打开的相同的网站会在重新加载后使用新的线路。

这个选项不会清除任何私密信息或者取消关联你的活动,也不会影响你当前与其它网站的连接。

该站点的新线路

运行 Tor 浏览器不会使你成为网络中的一个中继节点。 这意味着你的电脑不会用于中继其他人的流量。 如果您想搭建一个中继,请查阅我们的 Tor 中继指南

这是 Tor 的正常操作。 你连接的中继回路中的第一个节点通常被称为“入口节点”或是“中转节点"。 它是一个快速且稳定的节点,并且将会在您的中继回路中维持两到三个月,用来抵挡破解匿名攻击。 其余的中继会在你每次访问新网站时改变,这三个 Tor 中继会一起提供完整的隐私保护。 想了解更多关于安全中继站如何工作的信息,请参阅 entry guard 上的这篇博客文章和这篇论文

Tor 浏览器中,每一个新的域名会分配到一条独立的链路。 Tor 浏览器的设计与应用文档更深入地解释了这项设计背后的思考。

强烈不推荐自行修改 Tor 线路。 让 Tor 选择路由会给你带来最高的安全性,修改中继节点可能会破坏你的匿名性。 如果你只想访问只在某些国家或地区提供的服务,你可能更应该去使用 VPN 而不是 Tor。 请注意,VPN 和 Tor 在隐私属性上是有区别的,但是 VPN 可以解决一些区域限制问题。

警告: 千万不要遵循任何让你手动编辑你的 torrc 文件的建议/教程!!! 这样做会使攻击者通过对 torrc 的恶意配置来破坏您的安全性和匿名性。

Tor使用一个叫做“torrc”的文本文件来存储有关于Tor的设置。 默认设置应该能在大多数的Tor用户那里正常工作(因此出现以上警告)。

请按照下方对应您的操作系统的指示找到您的 Tor 浏览器的torrc。

运行于 Windows 或 Linux:

  • torrc在您的 Tor 浏览器目录里的“Browser/TorBrowser/Data/Tor”目录中可以找到。

在 macOS 中:

  • torrc在“~/Library/Application Support/TorBrowser-Data/Tor”目录里可以找到。
  • 注意 Library 文件夹在新版的 macOS 中是被隐藏的。在访达中访问这个文件夹,需要选择”前往“菜单中的”前往文件夹...“。
  • 然后在窗口中输入“~/Library/Application Support/”并点击确定。

在修改您的torrc之前关闭Tor 浏览器,否则Tor 浏览器可能会擦除您的修改。 当命令模式选项启动 Tor 时,Tor 浏览器会覆盖掉一些其他选项。

请查看 torrc 示例文件来获取关于常用配置的建议。 想了解其他可供您使用的配置选项,请看 Tor 操作指南页。 记住,在torrc中所有以“#”开头的行都会被视为注释并且不会影响Tor的配置。

强烈建议不要在 Tor 浏览器上安装新的附加组件,因为这可能会损害你的隐私和安全。

安装新的拓展可能会意外影响 Tor 浏览器,并使得您的 Tor 浏览器的浏览器指纹变得独一无二。 如果您的 Tor 浏览器副本拥有独特标记,您的浏览活动可以被反匿名并被追踪,即使您正在使用 Tor 浏览器。

简单来说,所有浏览器的设置与特性都会创造一个叫“浏览器指纹”的东西。 大多数浏览器不经意间为每一个用户创建独一无二的浏览器指纹,那可以被用来在全网追踪该用户。 Tor 浏览器经过专门设计,使其用户之间的指纹几乎相同(我们并不完美!)。 这意味着每一个 Tor 浏览器用户看起来都跟其他 Tor 浏览器用户一样,使得追踪一个单独的用户变得困难。

新的插件也有可能增加Tor 浏览器遭到攻击的几率。 这可能会允许敏感信息被泄露或允许攻击者感染 Tor 浏览器。 插件本身可能就被恶意设计用于监控您。

Tor 浏览器已经预先安装了两个拓展插件——HTTPS EverywhereNoScript——并且安装其他插件可能使您失去匿名状态。

想要了解更多关于浏览痕迹的信息?在 Tor 的博客里有一篇文章介绍了有关它的全部信息。

Flash 在Tor 浏览器中被关闭,并且我们推荐您不要打开它。 我们认为 Flash 在任何浏览器上都是是极不安全的 —— 它可以轻易盗取你的个人信息或者给你安装恶意软件。 幸运的是,大多数网站、设备,还有其它浏览器都正在淘汰 Flash。

If you're using Tor Browser, you can set your proxy's address, port, and authentication information in the Network Settings.

If you're using Tor another way, you can set the proxy information in your torrc file. Check out the HTTPSProxy config option in the manual page. If your proxy requires authentication, see the HTTPSProxyAuthenticator option. Example with authentication:

  HTTPSProxy 10.0.0.1:8080
  HTTPSProxyAuthenticator myusername:mypass

We only support Basic auth currently, but if you need NTLM authentication, you may find this post in the archives useful.

For using a SOCKS proxy, see the Socks4Proxy, Socks5Proxy, and related torrc options in the manual page. Using a SOCKS 5 proxy with authentication might look like this:

  Socks5Proxy 10.0.0.1:1080
  Socks5ProxyUsername myuser
  Socks5ProxyPassword mypass

如果您的代理服务器只允许您接入特定的端口,请查看被防火墙阻挡的客户,获悉如何限制您的 Tor 浏览器接入的端口。

If your firewall works by blocking ports, then you can tell Tor to only use the ports when you start your Tor Browser. Or you can add the ports that your firewall permits by adding "FascistFirewall 1" to your torrc configuration file. By default, when you set this Tor assumes that your firewall allows only port 80 and port 443 (HTTP and HTTPS respectively). You can select a different set of ports with the FirewallPorts torrc option. If you want to be more fine-grained with your controls, you can also use the ReachableAddresses config options, e.g.:

ReachableDirAddresses *:80
ReachableORAddresses *:443

请查阅 HTTPS Everywhere 常见问题. If you believe this is a Tor Browser issue, please report it on our issue tracker.

By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers than the Tor client, you should edit your torrc to define SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP.

Yes. Tor can be configured as a client or a relay on another machine, and allow other machines to be able to connect to it for anonymity. This is most useful in an environment where many computers want a gateway of anonymity to the rest of the world. However, be forewarned that with this configuration, anyone within your private network (existing between you and the Tor client/relay) can see what traffic you are sending in clear text. The anonymity doesn't start until you get to the Tor relay. Because of this, if you are the controller of your domain and you know everything's locked down, you will be OK, but this configuration may not be suitable for large private networks where security is key all around.

Configuration is simple, editing your torrc file's SocksListenAddress according to the following examples:

SocksListenAddress 127.0.0.1
SocksListenAddress 192.168.x.x:9100
SocksListenAddress 0.0.0.0:9100

You can state multiple listen addresses, in the case that you are part of several networks or subnets.

SocksListenAddress 192.168.x.x:9100 #eth0
SocksListenAddress 10.x.x.x:9100 #eth1

After this, your clients on their respective networks/subnets would specify a socks proxy with the address and port you specified SocksListenAddress to be. Please note that the SocksPort configuration option gives the port ONLY for localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need to give the port with the address, as shown above. If you are interested in forcing all outgoing data through the central Tor client/relay, instead of the server only being an optional proxy, you may find the program iptables (for *nix) useful.

因为禁用 JavaScript 会让很多网站无法工作, Tor 浏览器内置的 NoScript 默认允许 JavaScript。 默认禁用 JavaScript 造成的不便过于严重,也许会让大多数用户直接放弃使用 Tor 。 原则上来说,我们不仅想让 Tor 浏览器尽可能安全,还想让大多数人都可以使用。所以按照目前状态, Tor 浏览器会继续默认启用 JavaScript。

对于想要在所有的 HTTP 网站上默认关闭 Javascript 的用户,我们坚已您更改 Tor 浏览器中“安全等级“的选项。 这可以通过找到安全图标(屏幕右上角那个小小的灰色盾牌)并点击“高级安全设置...”来实现。 ”标准“等级允许JavaScript,但是”安全“与”最安全“等级都将阻止HTTP网站上的JavaScript。

请查阅 NoScript 常见问题. 如果您认为这是 Tor 浏览器的问题,请向我们的漏洞追踪器汇报。

在移动设备上使用 Tor

它将会,_很快_可用。 同时,您还可以启用守卫计划的第三方库,来使用 F-Droid 下载安卓的 Tor 浏览器。

学习如何向 F-Droid 添加第三方库

尽管Tor 浏览器安卓版和Orbot都很棒,他们有着不同的用途。 Tor 浏览器安卓版就像是桌面版的Tor 浏览器一样,但是它运行在您的移动设备上。他是一款使用Tor 网络并试图尽可能匿名的一站式浏览器。 Orbot on the other hand is a proxy that will enable you to send the data from your other applications (E-Mail clients, instant messaging apps, etc.) through the Tor network; a version of Orbot is also inside of the Tor Browser for Android, and is what enables it to connect to the Tor network. 然而您不能使用这个版本来用除 Tor 浏览器以外的其他应用发送数据。 Depending on how you want to use the Tor network, either one or both of these could be a great option.

There is currently no supported method for running Tor Browser on older Windows Phones but in case of the newer Microsoft-branded/promoted phones, same steps as in Tor Browser for Android can be followed.

在 iOS 上我们推荐 Onion Browser,它是开放源代码软件,使用 Tor 线路,而且由和 Tor Project 关系密切的人开发。 但是,苹果要求所有在 iOS 运行的浏览器使用 Webkit ,这会使 Onion Browser 不能提供和 Tor 浏览器相同的隐私保护。

了解更多有关 Onion Browser 的消息。 在 App Store 中下载 Onion Browser。

守卫计划对 Orbot(以及其他隐私保护的软件)的安卓版本进行维护。您可以在守卫计划官网上获得更多详细信息。

没错,这是一个特地为安卓设计的 Tor 浏览器版本。您只需要安装安卓版本的 Tor 浏览器就可以在您的安卓设备上运行 Tor 了。

守卫计划提供了一个叫 Orbot 的应用,帮助您在安卓设备上用 Tor 的网络路由其他应用。然而如果您只需要用 Tor 来浏览网络的话,那么安装一个安卓版本的 Tor 浏览器就足够了。

连接 Tor

Proxy server errors can occur for a variety of reasons. You may try one or more of the following activities in case you encounter this error:

  • If you have an antivirus, it may be interfering with the Tor service. Disable the antivirus and restart the browser.
  • You should not have moved the Tor Browser folder from its original location to a different location. If you did this, revert the change.
  • You should also check the port that you are connecting with. Try a different port from the one currently in use, such as 9050 or 9150.
  • When all else fails, reinstall the browser. This time, make sure to install Tor Browser in a new directory, not over a previously installed browser.

If the error persists, please get in touch with us.

If you cannot reach the onion service you desire, make sure that you have entered the 16-character or, the newest format, 56-character onion address correctly; even a small mistake will stop Tor Browser from being able to reach the site. 如果你仍然无法访问这个洋葱服务,请稍后重试。 有可能是网络连接有出现暂时性阻碍,或者是该网站的管理员在没有提示的情况下关闭了网站。

You can also ensure that you're able to access other onion services by connecting to DuckDuckGo's onion service.

如果您的连接出现问题,一则错误信息会弹出,您可以选择“将 Tor 日志复制到剪切板上”选项。 然后粘贴 Tor 日志到文本文件或者其他文档格式中。

If you don't see this option and you have Tor Browser open, you can navigate to the hamburger menu ("≡"), then click on "Preferences", and finally on "Tor" in the side bar. 在此页面的底部,“查看 Tor 日志”字样旁边,点击“查看日志”按钮。

Alternatively, on GNU/Linux, to view the logs right in the terminal, navigate to the Tor Browser directory and launch the Tor Browser from the command line by running:

./start-tor-browser.desktop --verbose

or to save the logs to a file (default: tor-browser.log)

./start-tor-browser.desktop --log [file]

您应该能够在 Tor 日志中发现这些常见问题(请在 Tor 日志里寻找如下所示的错误):

Common log error #1: Proxy connection failure

2017-10-29 09:23:40.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 5%: Connecting to directory server
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
2017-10-29 09:24:08.900 [WARN] Proxy Client: unable to connect to xx..xxx..xxx.xx:xxxxx ("general SOCKS server failure")

如果您看见这些提示出现在您的日志里面,这意味着您连接 SOCKS 代理失败了。 如果您的网络连接需要设置 SOCKS 代理,请确认您代理服务器的信息正确。 如果您的系统不需要代理,或者您不敢肯定,请尝试直接连接 Tor 网络。

Common log error #2: Can’t reach guard relays

11/1/2017 21:11:43 PM.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/1/2017 21:11:44 PM.300 [NOTICE] Bootstrapped 80%: Connecting to the Tor network
11/1/2017 21:11:44 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.
11/1/2017 21:11:44 PM.500 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
11/1/2017 21:11:45 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.

如果您看见这些提示出现在您的日志里面,这意味着您的 Tor 无法连接到 Tor 网络中的第一个节点。 这可能意味着您处于有审查的网络中。

请尝试通过网桥连接,这应该能解决问题。

Common log error #3: Failed to complete TLS handshake

13-11-17 19:52:24.300 [NOTICE] Bootstrapped 10%: Finishing handshake with direc Tor y server 
13-11-17 19:53:49.300 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 10; recommendation warn; host [host] at xxx.xxx.xxx.xx:xxx) 
13-11-17 19:53:49.300 [WARN] 10 connections have failed: 
13-11-17 19:53:49.300 [WARN]  9 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE 
13-11-17 19:53:49.300 [WARN]  1 connections died in state connect()ing with SSL state (No SSL object)

如果你在 Tor 日志里看见这句话,这意味着 Tor 和目录服务器无法完成 TLS 握手。 使用网桥可能会解决这个问题。

Common log error #4: Clock skew

19.11.2017 00:04:47.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
19.11.2017 00:04:48.000 [NOTICE] Bootstrapped 5%: Connecting to direc Tor y server 
19.11.2017 00:04:48.200 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
19.11.2017 00:04:48.800 [WARN] Received NETINFO cell with skewed time (OR:xxx.xx.x.xx:xxxx): It seems that our clock is behind by 1 days, 0 hours, 1 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.

如果您看见这些提示出现在您的日志里面,这意味着您的系统时间设置错误。 请确认您的时间设置是正确的,包括正确的时区。然后重新启动 Tor。

造成 Tor 浏览器连接失败的最常见的问题之一是系统时间设置错误。 请确认你的时钟,日期和时区设置正确。 如果这个问题还没有被解决,请查看位于 Tor 浏览器用户手册 的故障排查界面。

审查

如果你无法通过我们的 网站下载 Tor Browser,你可以通过 GetTor 获取一份 Tor Browser 的拷贝。 GetTor 是一项通过不同方式自动回复最新版 Tor 浏览器下载链接的服务。这些链接由不同处所托管,例如 Dropbox 、Google Drive 和 GitHub. 您也可以从https://tor.eff.org或是https://tor.ccc.de下载Tor 浏览器。 想要更多明确的地理链接,请访问 Tor:镜像

给 gettor@torproject.org 发送一封电子邮件。 In the body of the mail, write the name of your operating system (such as Windows, macOS, or Linux). GetTor will respond with an email containing links from which you can download Tor Browser, the cryptographic signature (needed for verifying the download), the fingerprint of the key used to make the signature, and the package’s checksum. 你也许需要选择“32 位”或“64 位”版本:这和你的电脑有关,你可能需要查阅你电脑的说明书或是和制造商联系来了解更多信息。

GetTor via Twitter is currently under maintenance. Please use the email instead.

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

如果您的连接出现问题,一则错误信息会弹出,您可以选择“将 Tor 日志复制到剪切板上”选项。 然后粘贴 Tor 日志到文本文件或者其他文档格式中。

If you don't see this option and you have Tor Browser open, you can navigate to the hamburger menu ("≡"), then click on "Preferences", and finally on "Tor" in the side bar. 在此页面的底部,“查看 Tor 日志”字样旁边,点击“查看日志”按钮。

Alternatively, on GNU/Linux, to view the logs right in the terminal, navigate to the Tor Browser directory and launch the Tor Browser from the command line by running:

./start-tor-browser.desktop --verbose

or to save the logs to a file (default: tor-browser.log)

./start-tor-browser.desktop --log [file]

您应该能够在 Tor 日志中发现这些常见问题(请在 Tor 日志里寻找如下所示的错误):

Common log error #1: Proxy connection failure

2017-10-29 09:23:40.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 5%: Connecting to directory server
2017-10-29 09:23:47.900 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
2017-10-29 09:24:08.900 [WARN] Proxy Client: unable to connect to xx..xxx..xxx.xx:xxxxx ("general SOCKS server failure")

如果您看见这些提示出现在您的日志里面,这意味着您连接 SOCKS 代理失败了。 如果您的网络连接需要设置 SOCKS 代理,请确认您代理服务器的信息正确。 如果您的系统不需要代理,或者您不敢肯定,请尝试直接连接 Tor 网络。

Common log error #2: Can’t reach guard relays

11/1/2017 21:11:43 PM.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/1/2017 21:11:44 PM.300 [NOTICE] Bootstrapped 80%: Connecting to the Tor network
11/1/2017 21:11:44 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.
11/1/2017 21:11:44 PM.500 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
11/1/2017 21:11:45 PM.300 [WARN] Failed to find node for hop 0 of our path. Discarding this circuit.

如果您看见这些提示出现在您的日志里面,这意味着您的 Tor 无法连接到 Tor 网络中的第一个节点。 这可能意味着您处于有审查的网络中。

请尝试通过网桥连接,这应该能解决问题。

Common log error #3: Failed to complete TLS handshake

13-11-17 19:52:24.300 [NOTICE] Bootstrapped 10%: Finishing handshake with direc Tor y server 
13-11-17 19:53:49.300 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 10; recommendation warn; host [host] at xxx.xxx.xxx.xx:xxx) 
13-11-17 19:53:49.300 [WARN] 10 connections have failed: 
13-11-17 19:53:49.300 [WARN]  9 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE 
13-11-17 19:53:49.300 [WARN]  1 connections died in state connect()ing with SSL state (No SSL object)

如果你在 Tor 日志里看见这句话,这意味着 Tor 和目录服务器无法完成 TLS 握手。 使用网桥可能会解决这个问题。

Common log error #4: Clock skew

19.11.2017 00:04:47.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
19.11.2017 00:04:48.000 [NOTICE] Bootstrapped 5%: Connecting to direc Tor y server 
19.11.2017 00:04:48.200 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
19.11.2017 00:04:48.800 [WARN] Received NETINFO cell with skewed time (OR:xxx.xx.x.xx:xxxx): It seems that our clock is behind by 1 days, 0 hours, 1 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.

如果您看见这些提示出现在您的日志里面,这意味着您的系统时间设置错误。 请确认您的时间设置是正确的,包括正确的时区。然后重新启动 Tor。

网桥是不在 Tor 公共目录里列出的中继节点。

这意味着政府或 ISP 阻止 Tor 网络的尝试不能简单的封锁所有网桥。 如果你处于某个压迫政权中,或是担心被发现自己正在和 Tor 中继的 IP 地址连接,你可能需要使用网桥。

网桥就是有些许不同的中继。 查看我该如何运行网桥以获得指南。

一些国家,包括中国和伊朗,已经发现了检测和屏蔽 Tor 网桥的方法。 Obfs 代理服务器网桥通过增加一层混淆来解决这个问题。 需要一些额外软件和设置来运行 obfsproxy 网桥。 See our page on pluggable transports for more info.

Snowflake is a pluggable transport available in Tor Browser to defeat internet censorship. Like a Tor bridge, a user can access the open internet when even regular Tor connections are censored. To use Snowflake is as easy as to switch to a new bridge configuration in Tor Browser.

This system is composed of three components: volunteers running Snowflake proxies, Tor users that want to connect to the internet, and a broker, that delivers snowflake proxies to users.

Volunteers willing to help users on censored networks can help by spinning short-lived proxies on their regular browsers. Check, how can I use Snowflake?

Snowflake uses the highly effective domain fronting technique to make a connection to one of the thousands of snowflake proxies run by volunteers. These proxies are lightweight, ephemeral, and easy to run, allowing us to scale Snowflake more easily than previous techniques.

For censored users, if your Snowflake proxy gets blocked, the broker will find a new proxy for you, automatically.

If you're interested in the technical details and specification, see the Snowflake Technical Overview and the project page.

Snowflake is available in Tor Browser stable for all platforms: Windows, macOS, GNU/Linux, and Android. You can also use Snowflake with Onion Browser on iOS.

If you're running Tor Browser for desktop for the first time, you can click on 'Tor Network Settings' on the start-up screen and then select 'Use a bridge'. Click on 'Select a built-in bridge' and choose 'snowflake' from the dropdown menu. Once you've selected Snowflake, scroll up and click 'Connect' to save your settings.

From within the browser, you can click on the hamburger menu ("≡"), then go to 'Preferences' and go to 'Tor'. Alternatively, you can also type about:preferences#tor in the url bar. Check 'Use a bridge' and 'Select a built-in bridge'. Then select 'snowflake' from the dropdown menu.

If your internet access is not censored, you should consider installing the Snowflake extension to help users in censored networks. When you run Snowflake on you regular browser, you will provide connection as a proxy to an entry node in the Tor Network, and that’s all.

Add-on

Firstly make sure you have WebRTC enabled. Then you can install this addon for Firefox or the add-on for Chrome which will let you become a Snowflake proxy. It can also inform you about how many people you have helped in the last 24 hours.

Web page

In a browser where WebRTC is enabled: If you don't want to add Snowflake to your browser, you can go to https://snowflake.torproject.org/embed and toggle the button to opt in to being a proxy. You shouldn't close that page if you want to remain a Snowflake proxy.

Users in China need to take a few steps to circumvent the Great Firewall and connect to the Tor network. First, get an updated version of Tor Browser: send an email to gettor@torproject.org with the subject "windows zh-cn" or other operating system (linux or macos)

After installing Tor Browser, you will probably not be able to connect directly to the Tor network, because the Great Firewall is blocking Tor. Therefore, the second step will be to obtain a bridge that works in China.

There are three options to unblock Tor in China:

  1. Snowflake: uses ephemeral proxies to connect to the Tor network. It's available in Tor Browser stable version (Desktop and Android). You can select Snowflake from Tor Browser's built-in bridge dropdown.
  2. Private and unlisted obfs4 bridges: users will need to request a private bridge to frontdesk@torproject.org with the phrase "private bridge" in the subject of the email or, if they are tech-savvy, they can run their own obfs4 bridge from outside China. It's important to note that bridges distributed by BridgeDB (HTTPS, email), and built-in obfs4 bridges bundled in Tor Browser most likely won't work.
  3. meek-azure: it looks like you are browsing a Microsoft website instead of using Tor. However, because it has a bandwidth limitation, this option will be quite slow. You can select meek-azure from Tor Browser's built-in bridges dropdown.

If one of these options below is not working, check your Tor logs and try another option.

You might be on a network that is blocking the Tor network, and so you should try using bridges. Some bridges are built in to Tor Browser and requires only a few steps to enable it. When you open Tor Browser for the first time, click "Tor Network Settings". Under the "Bridges" section, select the checkbox "Use a bridge", and choose the "Select a built-in bridge" option. From the dropdown, select whichever pluggable transport you'd like to use. Once you've selected the pluggable transport, scroll up and click "Connect" to save your settings.

Or, if you have Tor Browser running, click on "Preferences" (or "Options" on Windows) in the hamburger menu (≡) and then on "Tor" in the sidebar. 在“网桥”界面中,点击“使用网桥”的复选框,并从“选择一个内置网桥”选项中,在下拉菜单里选择任意一个您想要使用的可插拔传输。 当你关闭标签页时你的设定会自动保存。

如果您需要其他的桥接,你可以从桥接网站 上查询。 关于网桥的更多信息请参阅 Tor 浏览器用户手册

有些网站因为他们无法分辨出普通 Tor 用户和机器人的区别而屏蔽了 Tor 用户的访问。 我们能让网站解封 Tor 用户的最成功的手段是让用户直接联系网站管理员。 这么做也许能解决你的问题:

“嗨!我正在使用 Tor 浏览器访问 xyz.com ,不过似乎你们并没有允许 Tor 用户访问。 我建议您重新考虑这个决定;Tor 被世界各地的人用来保护隐私和对抗审查。 封锁 Tor 用户意味着也可能封锁了希望在专制国家自由的浏览互联网的用户,希望隐藏自己避免被发现的研究人员、记者、举报人和社会活动家,或只是希望不被第三方跟踪的普通人。 请采取强硬立场支持数字隐私和互联网自由,以及允许 Tor 用户访问 xyz.com,谢谢。”

另外,银行等比较敏感的网站经常进行地区范围的屏蔽(例如如果你平时只在某个特定的国家使用他们的服务,从其他国家进行访问时你的账号可能就会被冻结)。

如果您不能连接到洋葱服务器,请查阅我不能连接到 X.onion 了!

HTTPS

The short answer is: Yes, you can browse normal HTTPS sites using Tor.

HTTPS 连接被用于确保电脑网络中的通讯安全。 您可以在这里阅读更多有关 HTTPS 的信息。 Tor 浏览器内置 HTTPS Everywhere 插件,它将自动将数千个不受加密保护的 HTTP 站点切换至更加安全隐私的 HTTPS 站点。

Tor 浏览器防止窃听者获知您访问过的网站。 不过,出口节点和出口节点与目标网站之间的监听者能看到通过 HTTP 协议传输的未加密的内容。 如果你访问的网站使用了 HTTPS,你的流量在离开出口节点时是加密的,不会被窃听者看到。

这个可视化展示说明了窃听者在有或没有 Tor 浏览器和 HTTPS 加密的情况下,能够看到哪些信息。

下方的展示呈现了有使用以及没有使用 Tor 浏览器与 HTTPS 加密连接时,网络监听者可以拦截窃取到的数据种类:

  • 点击“Tor”按钮可以查看当您未使用洋葱路由时,有哪些数据可以让网络监听者直接拦截获取,当此按钮呈现绿色状态时,表示洋葱路由功能已经启动。
  • 您可以点击“HTTPS”功能按钮来查看当 HTTPS 启用时,有哪些数据仍然可能被网络监听者拦截窃取。而当此按钮呈现绿色状态时,表示 HTTPS 功能已经启动。
  • 当两个按钮都为绿色状态时,您可以看到在这两个功能都同时启动的状态下,网络监听者依能够窃取到的数据有哪些。
  • 而当这两个按钮都呈现灰色时,您则可以查看当这两个功能都在关闭的状态下时,网络监听者能够拦截窃取到的数据有哪些。



潜在可视数据
site.com
被访问的网站。
用户名/密码
用于身份验证的用户名和密码。
数据
被传输的数据。
所处位置
访问网站的计算机的网络位置(公网IP地址)。
Tor
是否使用了 Tor。

Relay Operators

Tor 通过询问计算机的主机名来猜测它的IP地址,然后解析那个主机名。人们往往在他们的 /etc/hosts 文件里有指向旧 IP 地址的旧条目。

如果那不能解决这个问题,您应该使用“地址”配置选项来具体说明您想选取的 IP 地址。如果您的计算机处于一个网络地址转换里,并只有一个内部IP地址,请查看以下关于如何进入动态IP地址的技术支持。

并且,如果您有许多地址,您可能也想要设置“OutboundBindAddress”,这样外部的连接就会来自您想要展示给世界的那个。

如果您的中继才刚刚开始运行,请给它一些时间。 Tor 根据带宽权威机构的报告来决定使用哪个中继服务器。这些机构测量您的中继服务器的容量,并随着时间推移,引导更多的通讯流量至您的中继服务器,直到它达到最佳运载量。 一个新的中继服务器的生命周期在这个博客帖子 里解释的更为详尽。 如果您运行中继服务器已经有一段时间了,并仍然有疑问,那么请尝试在tor-中继服务器名单 上提问。

Why Relay Load Varies

Tor manages bandwidth across the entire network. It does a reasonable job for most relays. But Tor's goals are different to protocols like BitTorrent. Tor wants low-latency web pages, which requires fast connections with headroom. BitTorrent wants bulk downloads, which requires using all the bandwidth.

We're working on a new bandwidth scanner, which is easier to understand and maintain. It will have diagnostics for relays that don't get measured, and relays that have low measurements.

Why does Tor need bandwidth scanners?

Most providers tell you the maximum speed of your local connection. But Tor has users all over the world, and our users connect to one or two Guard relays at random. So we need to know how well each relay can connect to the entire world.

So even if all relay operators set their advertised bandwidth to their local connection speed, we would still need bandwidth authorities to balance the load between different parts of the Internet.

What is a normal relay load?

It's normal for most relays to be loaded at 30%-80% of their capacity. This is good for clients: an overloaded relay has high latency. (We want enough relays to so that each relay is loaded at 10%. Then Tor would be almost as fast as the wider Internet).

Sometimes, a relay is slow because its processor is slow or its connections are limited. Other times, it is the network that is slow: the relay has bad peering to most other tor relays, or is a long distance away.

Finding Out what is Limiting a Relay

Lots of things can slow down a relay. Here's how to track them down.

System Limits

  • Check RAM, CPU, and socket/file descriptor usage on your relay

Tor logs some of these when it starts. Others can be viewed using top or similar tools.

Provider Limits

  • Check the Internet peering (bandwidth, latency) from your relay's provider to other relays. Relays transiting via Comcast have been slow at times. Relays outside North America and Western Europe are usually slower.

Tor Network Limits

Relay bandwidth can be limited by a relay's own observed bandwidth, or by the directory authorities' measured bandwidth. Here's how to find out which measurement is limiting your relay:

  • Check each of the votes for your relay on consensus-health (large page), and check the median. If your relay is not marked Running by some directory authorities:
    • Does it have the wrong IPv4 or IPv6 address?
    • Is its IPv4 or IPv6 address unreachable from some networks?
    • Are there more than 2 relays on its IPv4 address?

Otherwise, check your relay's observed bandwidth and bandwidth rate (limit). Look up your relay on Metrics. Then mouse over the bandwidth heading to see the observed bandwidth and relay bandwidth rate.

Here is some more detail and some examples: Drop in consensus weight and Rampup speed of Exit relay.

How to fix it

The smallest of these figures is limiting the bandwidth allocated to the relay.

  • If it's the bandwidth rate, increase the BandwidthRate/Burst or RelayBandwidthRate/Burst in your torrc.
  • If it's the observed bandwidth, your relay won't ask for more bandwidth until it sees itself getting faster. You need to work out why it is slow.
  • If it's the median measured bandwidth, your relay looks slow from a majority of bandwidth authorities. You need to work out why they measure it slow.

Doing Your Own Relay Measurements

If your relay thinks it is slow, or the bandwidth authorities think it is slow, you can test the bandwidth yourself:

  • Run a test using tor to see how fast tor can get on your network/CPU.
  • Run a test using tor and chutney to find out how fast tor can get on your CPU. Keep increasing the data volume until the bandwidth stops increasing.

如果您允许了出口节点连接,那么人们通过您的中继服务器连接的一些服务就会连接回来,以收集更多关于您的信息。比如,一些 IRC 服务器会连接回您的identd接口来记录哪些用户建立了连接。(这实际上并不会奏效,因为 Tor 不知道这些信息,但他们还是会试一试。)此外,从您的节点出去的用户也许会吸引其他在 RC 服务器、网站等上的用户的注意,这些用户可能想要了解更多关于他们正在使用的这个中继服务器的主人的信息。

另一个原因是,在互联网上扫描公共代理的小组意识到有时 Tor 中继服务器会将它们的socks接口暴露给全世界。我们推荐您将socks接口只与本地网络捆绑。

在任何情况下,您都需要保持您的安全措施是最新的。在 Tor 中继服务器的安全措施 上阅读这篇文章以获得更多建议。

  • 出口节点是需求最大的一种中继服务器,但同时,它也面临着最大程度上的法律曝光和风险(而且您不应该在您的家里运行它们
  • 如果您正想要运行一个最简单的中继,快速守卫中继也十分有用。
  • Followed by bridges.

当一个出口被错误地配置了,或是一个恶意出口,它会被分配给损坏出口标志。这会让 Tor 避免将那个中继服务器作为出口。事实上,有着这个标志的中继服务器就相当于不存在。 如果您有了这个旗帜标志,那么说明我们在从您的出口节点路由通信时发现了问题或可疑活动,但无法联系上您。请与问题中继服务器团队 取得联系,这样我们才能整治问题。

在升级您的 Tor 中继服务器,或把它转移到另一台计算机上时,重要的是保持同样的身份密钥(存储于您的数据词典里的"keys/ed25519_master_id_secret_key" and "keys/secret_id_key")。 给身份密钥进行备份,这样您就可以在未来修复中继服务器。这是我们推荐的确保中继服务器的名誉不被浪费的方法。

这意味着,如果您正在升级您的 Tor 中继服务器,且您没有更改torrc和数据词典,那么升级过程不会出现问题,您的中继服务器会继续使用相同的密钥。 如果您需要选择一个新的数据词典,请确保复制了您旧的keys/ed25519_master_id_secret_key and keys/secret_id_key。

Note: As of Tor 0.2.7 we are using new generation identities for relays based on ed25519 elliptic curve cryptography. 最终它们会取代老的 RSA 身份,来确保老版本的兼容性,但这不会立即发生。 直到那时,每个中继服务器都会有一个ed25519身份(身份密钥文件:keys/ed25519_master_id_secret_key)和一个 RSA 身份(身份密钥文件:keys/secret_id_key)。 您需要将两者都拷贝 / 备份,以便恢复您的中继服务器,更改您的数据词典或将中继服务器移植到另一台计算机上。

We're looking for people with reasonably reliable Internet connections, that have at least 10 Mbit/s (Mbps) available bandwidth each way. If that's you, please consider running a Tor relay.

Even if you do not have at least 10 Mbit/s of available bandwidth you can still help the Tor network by running a Tor bridge with obfs4 support. In that case you should have at least 1 MBit/s of available bandwidth.

You can run a relay in Windows following this tutorials:

You should only run a Windows relay if you can run it 24/7. If you are unable to guarantee that, Snowflake is a better way to contribute your resources to the Tor network.

您是正确的,在大多数情况下,您的 Tor 中继服务器进一个比特就意味着要出一个比特,反之亦然。但也有几个例外:

如果您打开了您的 DirPort,那么 Tor 的客户端就会向您索要一份目录的拷贝。 他们发出的请求(一个 HTTP GET)十分的小,然而回复有时会非常大。 这应该能解释大多数您的“写入”比特量与“读取”比特量之间的不符。

当您以出口节点运行,并阅读了来自出口连接的几比特信息(比如一则即时信息或ssh连接),把它包裹成一个完整的512比特包以便在 Tor 网络里运输时,一个小小的例外会出现。

如果您的 Tor 中继服务器使用了比您预想中更多的记忆储存,这儿有几条减少足迹的贴士:

  • 如果您是 Linux 操作系统,您也许会在glibc的动态内存分配操作里遇到记忆储存碎片故障。 这就是说,当 or 将记忆储存释放回系统后,这些记忆储存的片段被分成了许多碎片,很难再被利用。 Tor 原始码是用 OpenBSD 的动态内存分配操作进行运输的,这个方法没有那么多的碎片故障(但代价是更高的 CPU 负荷)。 You can tell Tor to use this malloc implementation instead: ./configure --enable-openbsd-malloc.
  • 如果您正在运行一个高速中继服务器,这意味着您拥有许多 TLS 连接处于打开状态,您可能正有大量记忆储存流失到了 OpenSSL 的内部缓冲储存器里。(每个数据包 38KB+) 我们已经给 OpenSSL 打过了补丁,来更激进地释放未使用的缓冲区记忆储存. 如果您升级到 OpenSSL 1.0.0或更新的版本,Tor 的构造进程会自动识别并使用这个特点。
  • 如果您仍然解决不了记忆存储加载的问题,不妨考虑一下减少您的中继服务器公布的带宽。 展示较少的带宽意味着您会吸引较少的用户,所以您的中继服务器的规模应该不会变得很大。 请查阅主页中的MaxAdvertisedBandwidth选项。

所有这些都说明,Tor 高速中继确实需要大量内存。高速出口节点占用500-1000 MB内存是不正常的。

我们旨在让搭建一个Tor 中继简单而又边界:

  • 如果中继有时下线,这并没有关系。 目录系统会迅速注意到这一点,并停止发布该中继。 但请试图确保这并不会太频繁地发生,因为当中继断连时,正在使用该中继进行的连接也会断开。
  • 每个 Tor 中继服务器都有一个出口法规则,它详细规定了中继服务器应该同意什么样的外部连接,或是拒绝什么样的外部连接。 如果你不喜欢允许别人的流量经由你的中继出口,你可以设置成仅允许从其他 Tor 中继的连接。
  • 您的中继服务器会被动地估计并公布它最近的带宽容量,所以高带宽的中继服务器会比低带宽服务器吸引更多的用户。因此,拥有低带宽中继服务器也是有用的。

On relay search we show an amber dot next to the relay nickname when this is overloaded. This means that one or many of the following load metrics have been triggered:

  • Any Tor OOM invocation due to memory pressure
  • Any ntor onionskins are dropped
  • TCP port exhaustion
  • DNS timeout reached

Note that if a relay reaches an overloaded state we show it for 72 hours after the relay has recovered.

If you notice that your relay is overloaded please:

1. Check https://status.torproject.org/ for any known issues in the "Tor network" category.

2. Consider tuning sysctl for your system for network, memory and CPU load.

If you are experiencing TCP port exhaustion consider expanding your local port range

‪sysctl -w net.ipv4.ip_local_port_range="15000 64000"

echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range

If you are experiencing DNS timeout, you should investigate if this is a network or a resolver issue.

In Linux in resolve.conf there is an option to set a timeout:

timeout:n
  Sets  the  amount of time the resolver will wait for a response from a remote
  name server before retrying the query via a different name server.
  This may not be the total time taken by any resolver API call and there is no guarantee
  that a single resolver API call maps to a single timeout.
  Measured in seconds, the default is RES_TIMEOUT (currently 5, see <resolv.h>).
  The value for this option is silently capped to 30.

Check $ man resolve.conf for more information.

3. Consider enabling MetricsPort to understand what is happening.

MetricsPort data for relays has been introduced since version >= 0.4.7.1-alpha, while the overload data has been added to the relay descriptors since 0.4.6+.

It's important to understand that exposing tor metrics publicly is dangerous to the Tor network users. Please take extra precaution and care when opening this port. Set a very strict access policy with MetricsPortPolicy and consider using your operating systems firewall features for defense in depth.

Here is an example of what output enabling MetricsPort will produce:

‪# HELP tor_relay_load_onionskins_total Total number of onionskins handled
‪# TYPE tor_relay_load_onionskins_total counter
tor_relay_load_onionskins_total{type="tap",action="processed"} 0
tor_relay_load_onionskins_total{type="tap",action="dropped"} 0
tor_relay_load_onionskins_total{type="fast",action="processed"} 0
tor_relay_load_onionskins_total{type="fast",action="dropped"} 0
tor_relay_load_onionskins_total{type="ntor",action="processed"} 0
tor_relay_load_onionskins_total{type="ntor",action="dropped"} 0
‪# HELP tor_relay_exit_dns_query_total Total number of DNS queries done by this relay
‪# TYPE tor_relay_exit_dns_query_total counter
tor_relay_exit_dns_query_total{record="A"} 0
tor_relay_exit_dns_query_total{record="PTR"} 0
tor_relay_exit_dns_query_total{record="AAAA"} 0
‪# HELP tor_relay_exit_dns_error_total Total number of DNS errors encountered by this relay
‪# TYPE tor_relay_exit_dns_error_total counter
tor_relay_exit_dns_error_total{record="A",reason="success"} 0
tor_relay_exit_dns_error_total{record="A",reason="format"} 0
tor_relay_exit_dns_error_total{record="A",reason="serverfailed"} 0
tor_relay_exit_dns_error_total{record="A",reason="notexist"} 0
tor_relay_exit_dns_error_total{record="A",reason="notimpl"} 0
tor_relay_exit_dns_error_total{record="A",reason="refused"} 0
tor_relay_exit_dns_error_total{record="A",reason="truncated"} 0
tor_relay_exit_dns_error_total{record="A",reason="unknown"} 0
tor_relay_exit_dns_error_total{record="A",reason="timeout"} 0
tor_relay_exit_dns_error_total{record="A",reason="shutdown"} 0
tor_relay_exit_dns_error_total{record="A",reason="cancel"} 0
tor_relay_exit_dns_error_total{record="A",reason="nodata"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="success"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="format"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="serverfailed"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="notexist"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="notimpl"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="refused"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="truncated"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="unknown"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="timeout"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="shutdown"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="cancel"} 0
tor_relay_exit_dns_error_total{record="PTR",reason="nodata"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="success"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="format"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="serverfailed"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="notexist"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="notimpl"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="refused"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="truncated"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="unknown"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="timeout"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="shutdown"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="cancel"} 0
tor_relay_exit_dns_error_total{record="AAAA",reason="nodata"} 0
‪# HELP tor_relay_load_tcp_exhaustion_total Total number of times we ran out of TCP ports
‪# TYPE tor_relay_load_tcp_exhaustion_total counter
tor_relay_load_tcp_exhaustion_total 0
‪# HELP tor_relay_load_socket_total Total number of sockets
‪# TYPE tor_relay_load_socket_total gauge
tor_relay_load_socket_total{state="opened"} 135
tor_relay_load_socket_total 1048544
‪# HELP tor_relay_load_oom_bytes_total Total number of bytes the OOM has freed by subsystem
‪# TYPE tor_relay_load_oom_bytes_total counter
tor_relay_load_oom_bytes_total{subsys="cell"} 0
tor_relay_load_oom_bytes_total{subsys="dns"} 0
tor_relay_load_oom_bytes_total{subsys="geoip"} 0
tor_relay_load_oom_bytes_total{subsys="hsdir"} 0
‪# HELP tor_relay_load_global_rate_limit_reached_total Total number of global connection bucket limit reached
‪# TYPE tor_relay_load_global_rate_limit_reached_total counter
tor_relay_load_global_rate_limit_reached_total{side="read"} 0
tor_relay_load_global_rate_limit_reached_total{side="write"} 0

Let's find out what some of these lines actually mean:

tor_relay_load_onionskins_total{type="ntor",action="dropped"} 0

When a relay starts seeing "dropped", it is a CPU/RAM problem usually.

Tor is sadly single threaded except for when the "onion skins" are processed. The "onion skins" are the cryptographic work that needs to be done on the famous "onion layers" in every circuits.

When tor processes the layers we use a thread pool and outsource all of that work to that pool. It can happen that this pool starts dropping work due to memory or CPU pressure and this will trigger an overload state.

If your server is running at capacity this will likely be triggered.

tor_relay_exit_dns_error_total{...}

Any counter in the "*_dns_error_total" realm indicates a DNS problem.

DNS timeouts issues only apply to Exit nodes. If tor starts noticing DNS timeouts, you'll get the overload flag. This might not be because your relay is overloaded in terms of resources but it signals a problem on the network.

DNS timeouts at the Exits are a huge UX problem for tor users. Therefore Exit operators really need to address these issues to help the network.

tor_relay_load_oom_bytes_total{...}

An Out-Of-Memory invocation indicates a RAM problem. The relay might need more RAM or it is leaking memory. If you noticed that the tor process is leaking memory, please report the issue via either GitLab or send an email to the tor-relays mailing list.

Tor has its own OOM handler and it is invoked when 75%, of the total memory tor thinks is available, is reached. Thus, let say tor thinks it can use 2GB in total then at 1.5GB of memory usage, it will start freeing memory. That is considered an overload state.

To estimate the amount of memory it has available, when tor starts, it will use MaxMemInQueues or, if not set, will look at the total RAM available on the system and apply this algorithm:

    if RAM >= 8GB {
      memory = RAM * 40%
    } else {
      memory = RAM * 75%
    }
    /* Capped. */
    memory = min(memory, 8GB) -> [8GB on 64bit and 2GB on 32bit)
    /* Minimum value. */
    memory = max(250MB, memory)

To avoid an overloaded state we recommend to run a relay above 2GB of RAM on 64bit. 4GB is advised, although of course it doesn't hurt to add more RAM if you can.

One might notice that tor could be called by the OS OOM handler itself. Because tor takes the total memory on the system when it starts, if the overall system has many other applications running using RAM, it ends up eating too much memory. In this case the OS could OOM tor, without tor even noticing memory pressure.

tor_relay_load_socket_total


tor_relay_load_tcp_exhaustion_total

These lines indicate the relay is running out of sockets or TCP ports. If the issue is socket related the solution is to increase ulimit -n for the tor process

If the solution is related to TCP ports exhaustion try to tune sysctl as described above.

tor_relay_load_global_rate_limit_reached_total

If this counter is incremented by some noticeable value over a short period of time then it indicates the relay is congested. It is likely being used as a Guard by a big onion service or for an ongoing DDoS on the network.

If your relay is still overloaded and you don't know why, please get in touch with network-report@torproject.org. You can encrypt your email using network-report OpenPGP key.

特别地,如果您正在使用Debian或Ubuntu,从 Tor 项目的信息库 里安装 Tor 会有许多好处。

  • Your ulimit -n gets set to 32768 high enough for Tor to keep open all the connections it needs.
  • 为 Tor 创建一个用户,所以 Tor 不需要root就能运行。
  • 一个启动脚本被包含在了里面,这样 Tor 就会在开机时自行启动。
  • Tor runs with --verify-config, so that most problems with your config file get caught.
  • Tor 可以捆绑低层级的接口,然后下放权限。

所有的传出连接必须被允许,这样每一个中继才可以与其他中继互相通讯。

在许多司法管辖区,Tor 中继服务器运行者是受公共承运人法律保护的,这条法律保护互联网服务提供者免受潜在的传播第三方内容的法律风险。 过滤某些流量的出口节点将丧失那些保护。

Tor促进了免费无干扰的网络访问。 出口中继不得过滤通过中继的互联网流量。 被检测到过滤流量的出口节点会被打上劣质出口的标签。

不要这么做。 如果司法部门察觉了你出口节点的数据流量,他们可能会没收你的电子设备。 出于这些原因,最好不要在你的家中或使用你家里的网络运行出口节点。

推荐在支持 Tor 的商业实体(例如某些 VPS 服务商 —— 译者注)上搭建 Tor 的出口节点。 你的出口节点有一个独立的 IP 地址,而且不会传输你的流量。 当然,你应该避免在你运行出口节点的电脑上存储任何敏感或与你有关的信息。

  • 不要使用 Ubuntu 仓库中的包,它们未得到可靠更新。 如果您使用它们,您可能会错过重要的稳定性和安全性修复。
  • 运行下面的命令确定你 Ubuntu 的版本
     ‪$ lsb_release -c
    
  • 以 root 用户身份把下面的行添加到 /etc/apt/sources.list 中。用前一步你获得的版本号代替'version'。
     deb https://deb.torproject.org/torproject.org version main
     deb-src https://deb.torproject.org/torproject.org version main
    
  • 运行下面的命令来添加签名软件包的 gpg 公钥:
     ‪$ curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo apt-key add -
    
  • 运行下面的命令来检查签名并安装 tor:
     ‪$ sudo apt-get update
     ‪$ sudo apt-get install tor deb.torproject.org-keyring
    

想了解更深入了解如何运行一个中继服务器,请参阅中继服务器设置指南

简而言之,它这样工作:

  • There is a primary ed25519 identity secret key file named "ed25519_master_id_secret_key". 这是最重要的一个,所以请确保您在安全的地方存有备份——这份文件十分敏感,应得到充分保护。 如果您手动生成它,Tor 会对它进行加密并在被要求时输入密码。
  • 一个叫"ed25519_signing_secret_key"的中期签名密钥已经被生成,供Tor 使用。 Also, a certificate is generated named "ed25519_signing_cert" which is signed by the primary identity secret key and confirms that the medium term signing key is valid for a certain period of time. 默认有效期为30天,但这个时长可以在torrc里通过设置" 签名密钥有效时间 N 天|周|月 "来自行调节。
  • There is also a primary public key named "ed25519_master_id_public_key", which is the actual identity of the relay advertised in the network. This one is not sensitive and can be easily computed from "ed5519_master_id_secret_key".

Tor will only need access to the medium term signing key and certificate as long as they are valid, so the primary identity secret key can be kept outside DataDirectory/keys, on a storage media or a different computer. 您不得不在中期签名密钥和认证过期前手动更新它们,否则中继服务器上的Tor 进程会在到期时立刻退出。

这个功能是可选的,您不需要使用它除非您想这么做。 If you want your relay to run unattended for longer time without having to manually do the medium term signing key renewal on regular basis, best to leave the primary identity secret key in DataDirectory/keys, just make a backup in case you'll need to reinstall it. 如果您想要使用这个特殊功能,请参考我们在这个话题上更详细的指南

既然它现在是一名守卫了,客户们在其他地方使用它的频率变低了,但还没有许多客户将他们已有的守卫移走并把它当作守卫使用。 在这篇博客帖子 里查阅更多详情,或查看守卫的变迁:理解和优化Tor的入口守卫选项的框架

棒!如果您想允许几个中继来为网络贡献更多,我们很欢迎这样做。 但请不要在同一个网络上运行太多中继,因为分散与多样性是Tor 网络目标的一部分。

如果您真的决定要运行多个中继服务器,请打开每个中继服务器torrc上的“我的家庭”配置选项,列出在您控制下的所有中继服务器(用逗号隔开):

MyFamily $fingerprint1,$fingerprint2,$fingerprint3

每个指纹是40个字母组成的身份指纹(没有空格)。

这样的话,Tor 客户就会记住不要在单个环路里使用超过一个您的中继服务器。 如果您有这些计算机或其网络管理上的控制权,您就应该设置我的家庭,即使它们不全在同一个地理位置。

torrc文件里的会计选项让您能够明确规定您的中继服务器在一段时间内使用的最大流量。

    AccountingStart day week month [day] HH:MM

这详细规定了计数器应该在何时被重置。比方说,要想设置可供服务一星期的比特量(这在每周三上午10:00点会重置),您会使用:

    AccountingStart week 3 10:00
    AccountingMax 500 GBytes

这详细规定了您的中继服务器在一个计数周期内发送的最大数据量和接收的最大数据量。 当会计期间被(AcountingStart)重置后,AccountingMax 的计数器会被重置为0。

比如:假设您想要每天每个方向设置50GB的流量,那么计数器就应该在每天中午重置。

    AccountingStart day 12:00
    AccountingMax 50 GBytes

请注意,您的中继服务器不会在每个会计期间的一开始恰好被唤醒。 它会跟踪记录它在上一个时期里使用额度的速度有多快,并在新的时间间隔里选择一个随机的点唤醒。 这样我们就能避免数百个中继服务器在每个月的一开始就同时运行,结果在月末就没有服务器运行的情况发生。

相较于您的连接速率,如果您只能贡献一小部分带宽,我们推荐您使用日常账户,这样您就不会在每个月的第一天就把一整个月的额度全用光。 只要将您每月的限额除以30即可。您也可以考虑将流量限速,把您的额度覆盖更多的时间:如果您想要在每个方向提供X GB, 您可以将中继服务器的带宽率设为20*X KB. 比如,如果您每种方法都有50GB可提供,您也许要将您的中继服务器带宽率调为1000 KBytes: 这样您的中继服务器就总是可保持每天起码有一半的时间可以使用。

    AccountingStart day 0:00
    AccountingMax 50 GBytes
    RelayBandwidthRate 1000 KBytes
    RelayBandwidthBurst 5000 KBytes # 允许更高的短时流量但是保持平均

Tor has partial support for IPv6 and we encourage every relay operator to enable IPv6 functionality in their torrc configuration files when IPv6 connectivity is available. Tor 目前需要中继的 IPv4 地址,您不能在仅有 IPv6 的主机上运行 Tor 中继。

Tor 进程的两个客户和中继服务器功能都适用于在 AccountingMax带宽率里分配的参数。 因此您可能会发现,一旦您的 Tor 进入休眠,您就不能进行浏览了,而且在日志里会出现这样一条记录:

Bandwidth soft limit reached; commencing hibernation.
新的连接将被拒绝。

解决方案是运行两个Tor 进程——一个中继和一个客户端,每一个进程使用自己的配置。 做到这一点(如果您是从一个正在工作的中继服务器设置开始的话)的一种方法如下:

  • 在中继的Tor torrc文件中,将SocksPort设置为0.
  • 从torrc.样例中创建一个新的用户torrc 文件,并确保它与中继服务器使用的不是同一个登陆文件。 一种命名约定可以是 torrc.client 和 torrc.relay。
  • 修改 Tor 客户端和中继服务器启动脚本来包括-f /path/to/correct/torrc
  • 在 Linux/BSD/Mac OS X 系统中,将启动脚本改为Tor.clientTor.relay可以使系统配置的分离变得更轻松。

很棒! 这就是我们实施出口政策的原因。

每个 Tor 中继拥有一条出口规则,用于指定允许或拒绝何种类型的出站连接通过该中继。 出口政策通过目录传送给 Tor 的客户,所以客户会自动避免挑选会拒绝退出到他们想要到达的目的地的出口中继服务器。 这样一来,每个中继服务器都可以决定服务,主人和它想让连接到达的网络,这些都基于滥用的可能性和它自身的状况。 Read the Support entry on issues you might encounter if you use the default exit policy, and then read Mike Perry's tips for running an exit node with minimal harassment.

默认的出口中继协议允许许多流行服务的获取权(如网页浏览),但出于滥用的潜在风险,限制了一些服务(如邮箱),还有一些是因为流量大小超出了 Tor 网络的承受范围(如默认文件共享端口)。 您可以通过编辑您的torrc文件来更改您自己的出口策略。 If you want to avoid most if not all abuse potential, set it to "reject *:*". 这个设置意味着您的中继服务器只会被用来中继 Tor 网络内部的通讯,而不是外部的网站连接或其他服务。

如果您确实允许任何出口连接,确保域名解析正常(也就是,您的电脑能正确解析网络地址)。 如果有任何您的计算机不能访问的资源(比如您被限制性防火墙或内容过滤器拦住了),请明确的在您的出口节点规定里驳回它们,否则其他 Tor 的用户也会被影响。

Tor可以很好地处理使用动态IP地址的中继,这没有关系。 您只需要将您的torrc文件中的”Address“留空,然后 Tor 会猜出它来。

The default open ports are listed below but keep in mind that, any port or ports can be opened by the relay operator by configuring it in torrc or modifying the source code. The default according to src/or/policies.c (line 85 and line 1901) from the source code release release-0.4.6:

reject 0.0.0.0/8
reject 169.254.0.0/16
reject 127.0.0.0/8
reject 192.168.0.0/16
reject 10.0.0.0/8
reject 172.16.0.0/12

reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:563
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*

BridgeDB implements four mechanisms to distribute bridges: HTTPS, Moat, Email, and Reserved. Bridge operators can check which mechanism their bridge is using, on the Relay Search. Enter the bridge's <HASHED FINGERPRINT> in the form and click "Search".

Operators can also choose which distribution method their bridge uses. To change the method, modify the BridgeDistribution setting in the torrc file to one of these: https, moat, email, none, any.

Read more on the Bridges post-install guide.

是的,您在一些攻击中确实能获得更好的匿名性。

最简单的例子是一个拥有一些数量Tor 中继的攻击者。 他们会看见一个来自您的连接,但他们不会知道这个连接是来自于您的电脑还是您的中继上的其他人。

有些情况下,它不能帮助我们:如果一个网络入侵者观看了你所有的来来往往的通信,那么他很容易发现哪些连接被转接了,哪些连接从你开始。 (在这个情况下,他们仍然不知道您的目的地址,除非他们也在观察它们,但您也没有比一个普通客户好到哪里。)

运行一个Tor中继也有一些坏处。 首先,我们只有几百个中继服务器,而您恰好在运行其中一个。这个事实对于攻击者来说就是一个信号,告诉他们您把匿名看的很重要。 第二,有一些更深奥的、没有被很好理解或测试的攻击利用了您正在运行中继服务器这一点——比如,一个攻击者即使不能真的看见您的网络,他也能通过使用您的Tor中继服务器发送消息并留意通信时间,从而“观察”到您是否在发送信息

收益是否大于风险是一个开放的研究性问题。 很大程度上这取决于您最担心的攻击方式。 对于大多数用户来说,我们认为这是一种明智的举动。

关于如何用您的 NAT/路由设备进行端口转发的指导,参见 portforward.com

如果您的中继在内网运行,您需要设置端口转发。 Forwarding TCP connections is system dependent but the firewalled-clients FAQ entry offers some examples on how to do this.

另外,这还有一个说明如何在 GNU/Linux 下使用 iptables 操作的例子。

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 9001 -j ACCEPT

如果您有不同的(连接到互联网的)外部接口,您可能需要改动"eth0"。 因为您可能只有一个(除了环回接口)所以这应该不难找。

您有两种添加至 torrc 的方法:

带宽率是指条件允许的情况下,最大的长时间传输带宽(字节每秒)。 比如,您也许想要选择“10M带宽率”来获得10兆字节每秒的传输速率(十分快速的连接),或者“500KB带宽率”来获取0.5兆每秒的传输速率(相当于一个不错的有线电缆传输速率)。 最小的 BandwidthRate 是 75KB 每秒。

BandwidthBurst是一个字节池,用于满足短期流量高于 BandwidthRate 但长期平均流量低于 BandwidthRate 的需求。 A low Rate but a high Burst enforces a long-term average while still allowing more traffic during peak times if the average hasn't been reached lately. 比如,如果您选择了“带宽突发传输率 500KBytes” 并应用到您的带宽率,那么您的网速就永运不会超过50万字节每秒;但如果您选择了一个更高的带宽突发传输率(如5 MBytes),它就会允许更多的数据通过,直到资源池已满。

如果您有不对称的连接(上传小于下载),比如一个电缆调制解调器,您应该把带宽率设置成小于您更小的那个带宽(通常就是上传带宽)。 否则,你可能会在最大带宽使用时掉包——你可能需要试验一下哪些值使你的连接顺畅。 然后设置BandwidthBurst与BandwidthRate相同。

基于 Linux 系统的 Tor 节点提供了另外一种选择:他们会优先将Tor置于其他运行网络之下,因此他们的私人网络运作不会被 Tor 影响。 A script to do this can be found in the Tor source distribution's contrib directory.

此外,您可以使用冬眠选项来告诉tor在每个特定时间段里只服务一定的带宽(比如每月100GB)。这些选项在下方的冬眠入口里。

请注意,带宽率和带宽突发传输率都是以字节而不是比特为单位的。

洋葱服务

How do I know if I'm using v2 or v3 onion services?

You can identify v3 onion addresses by their 56 character length, e.g. Tor Project's v2 address:http://expyuzz4wqqyqhjn.onion/, and Tor Project's v3 address: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/

If you're an onion service administrator, you must upgrade to v3 onion services as soon as possible. If you're a user, please ensure that you update your bookmarks to the website's v3 onion addresses.

What is the timeline for the v2 deprecation?

In September 2020, Tor started warning onion service operators and clients that v2 will be deprecated and obsolete in version 0.4.6. Tor Browser started warning users in June, 2021.

In July 2021, 0.4.6 Tor will no longer support v2 and support will be removed from the code base.

In October 2021, we will release new Tor client stable versions for all supported series that will disable v2.

You can read more in the Tor Project's blog post Onion Service version 2 deprecation timeline.

Can I keep using my v2 onion address? Can I access my v2 onion after September? Is this a backward-incompatible change?

V2 onion addresses are fundamentally insecure. If you have a v2 onion, we recommend you migrate now. This is a backward incompatible change: v2 onion services will not be reachable after September 2021.

What is the recommendation for developers to migrate? Any tips on how to spread the new v3 addresses to people?

In torrc, to create a version 3 address, you simply need to create a new service just as you did your v2 service, with these two lines:

HiddenServiceDir /full/path/to/your/new/v3/directory/
HiddenServicePort <virtual port> <target-address>:<target-port>

The default version is now set to 3 so you don't need to explicitly set it. Restart tor, and look on your directory for the new address. If you wish to keep running your version 2 service until it is deprecated to provide a transition path to your users, add this line to the configuration block of your version 2 service:

HiddenServiceVersion 2

This will allow you to identify in your configuration file which one is which version.

If you have Onion-Location configured on your website, you need to set the header with your new v3 address. For technical documentation about running onion services, please read the Onion Services page in our Community portal.

I didn't see the announcement, can I get more time to migrate?

No, v2 onion connections will start failing nowish, first slowly, then suddenly. It's time to move away.

Will services start failing to be reached in September, or before already?

Already, introduction points are not in Tor 0.4.6 anymore, so they will not be reachable if relay operators update.

As a website administrator, can I redirect users from my v2 onion to v3?

Yes, it will work until the v2 onion address is unreachable. You may want to encourage users to update their bookmarks.

Are v3 onion services going to help in mitigating DDoS problems?

Yes, we are continuously working on improving onion services security. Some of the work we have in our roadmap is ESTABLISH_INTRO Cell DoS Defense Extension, Res tokens: Anonymous Credentials for Onion Service DoS Resilience, and A First Take at PoW Over Introduction Circuits. For an overview about these proposals, read the detailed blog post How to stop the onion denial (of service).

当浏览一项洋葱服务时,Tor 浏览器会在地址栏展示不同的洋葱图标,来表示当前网站的安全等级。

Image of an onion An onion means:

  • The Onion Service is served over HTTP, or HTTPS with a CA-Issued certificate.
  • The Onion Service is served over HTTPS with a Self-Signed certificate.

Image of an onion with a red slash An onion with a red slash means:

  • The Onion Service is served with a script from an insecure URL.

Image of an onion with a caution sign An onion with caution sign means:

  • The Onion Service is served over HTTPS with an expired Certificate.
  • The Onion Service is served over HTTPS with a wrong Domain.
  • The Onion Service is served with a mixed form over an insecure URL.

没错!我们洋葱服务的名单可以在 onion.torproject.org 上找到。

If you cannot reach the onion service you desire, make sure that you have entered the 16-character or, the newest format, 56-character onion address correctly; even a small mistake will stop Tor Browser from being able to reach the site. 如果你仍然无法访问这个洋葱服务,请稍后重试。 有可能是网络连接有出现暂时性阻碍,或者是该网站的管理员在没有提示的情况下关闭了网站。

You can also ensure that you're able to access other onion services by connecting to DuckDuckGo's onion service.

洋葱服务允许人们匿名的访问和发表信息,包括架设匿名网站。

洋葱服务还被依赖于提供一系列的服务:去元数据式的聊天,文件共享,利用诸如SecureDrop洋葱共享 进行的记者之间的互动和资源共享,更安全的软件升级,和更安全的访问如 Facebook 这样网页的渠道。

These services use the special-use top level domain (TLD) .onion (instead of .com, .net, .org, etc.) and are only accessible through the Tor network.

When accessing a website that uses an onion service, Tor Browser will show at the URL bar an icon of an onion displaying the state of your connection: secure and using an onion service.

洋葱图标

只能通过 Tor 访问的网站称作“洋葱服务”,它们以 .onion 结尾。 For example, the DuckDuckGo onion is https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/. 您可以用 Tor 浏览器访问这些网站。 因为洋葱服务并不能像普通的网站一样被索引,所以必须由网站所有者把洋葱服务的地址分享给你。

Onion-Location is a new HTTP header that web sites can use to advertise their onion counterpart. If the web site that you're visiting has an onion site available, a purple suggestion pill will prompt at the URL bar saying ".onion available". When you click on ".onion available", the web site will be reloaded and redirected to its onion counterpart. At the moment, Onion-Location is available for Tor Browser desktop (Windows, macOS and GNU/Linux). You can learn more about Onion-Location in the Tor Browser Manual. If you're an onion service operator, learn how to configure Onion-Location in your onion site.

An authenticated onion service is an onion service that requires you to provide an authentication token (in this case, a private key) before accessing the service. The private key is not transmitted to the service, and it's only used to decrypt its descriptor locally. You can get the access credentials from the onion service operator. Reach out to the operator and request access. Learn more about how to use onion authentication in Tor Browser. If you want to create an onion service with client authentication, please see the Client Authorization in the Community portal.

其它

不,在几次 beta 版之后,我们终止了 Tor Messenger 的支持。 即使现在没有那么多资源进行这项工作,我们依旧相信 Tor 可以和即时消息结合。 你也相信吗?联系我们

Vidalia 已经不再维护和支持。 Vidalia 提供的许多功能已经整合进了 Tor 浏览器中。

不,我们不提供任何在线服务。 我们所有软件项目的清单可以在我们的 项目页面 里找到。

Tor 不会保留能识别用户身份的日志记录。 我们对于网络运转有一些措施,您可以在 Tor 指数 里查看。

我们很抱歉,但这是您被恶意软件感染的现象。 Tor Project 并不是这个恶意软件的作者。不过恶意软件的作者希望你使用 Tor 浏览器来匿名的联系他们来交付赎金。

如果这是你第一次听说 Tor 浏览器,我们知道你可能会认为我们是坏人。

但请考虑我们的软件每天都被人权活动家,记者,国内暴乱幸存者,举报人,执法人员和其他许多人用于各种目的。不幸的是,我们的软件在保护这些人的同时也会被罪犯和恶意软件作者滥用。 Tor Project 没有支持也没有纵容以恶意的方式使用我们的软件。

不推荐将 Tor 和 BitTorrent 一起使用。 更多详情,请看我们有关该话题的博客帖子

Tor 有不同的资金支持赞助,包括美国中央政府部分机构(译者加:应该是搞笑的,Tor 被列为国家安全局重点监控对象-----因为无法监控),私有募款机构和个人。 查看我们所有的赞助商 和一系列关于我们财务报告的博客帖子

我们认为开诚布公地谈论我们的赞助商和资助模式是与社区保持信任的最佳方式。 我们一直在寻求更多的资金来源,尤其是基金会和个人。

Tor 被设计成通过防止被各种人(甚至是我们)监控和审查来抵御人权和隐私。 我们厌恶用 Tor 做糟糕的事情的人,但是我们并不能在剔除他们的同时,不伤害到人权活动者,记者,虐待后的幸存者们,以及其他用 Tor 做好事的人们。 虽然我们仅需要增加一些软件后门就可以阻止某些人使用 Tor 网络,但是这会导致我们的用户遭更容易受到专制政权和其他组织的攻击。

感谢你的支持! 您可以在我们的捐赠常见问题 上找到更多信息。

要想在 Tor 上共享文件,onionShare 是个好的选择。 洋葱共享是一个开源、安全、匿名式收发文件的工具,使用的是 Tor 洋葱服务。 它的工作原理是:直接在您的计算机上开启网络服务器,并将其变成一个不可猜测的 Tor 网络地址以便访问,他人可以登陆 Tor 浏览器来从您这里下载文件,或者向您上传文件。 这不要求设置一个独立的服务器,使用第三方文件共享服务,或甚至是登陆账户。

不像邮件、Google Drive、DropBox、WeTransfer 或几乎其他任何一种人们通常用来发送文件的服务,当您使用洋葱共享时,您不需要授予任何公司您共享文件的访问权限。 只要您以一种安全的方式共享不可猜测的网络地址(比如用编码过的通信软件进行传输),除了您和与您共享的人以外没有人可以访问这些文件。

OnionShare由Micah Lee开发。

很多出口节点会设置成阻止 BitTorrent 一类的文件共享服务的流量。 特别地,BitTorrent 在 Tor 中是无法匿名的

目前路径的长度为 3 加上你的路径中敏感路径的数量。 是的,通常是三个,但如果你访问洋葱服务或是“.exit”地址时会增加。

因为会增加网络的负载而且(据我们所知)不会提供任何额外的安全性,所以我们不鼓励使用比默认设置更长的路径长度。 并且,使用长度超过3的线路会损害您的匿名性,首先这回让拒绝安全措施 的攻击变得更容易,其次,如果只有很少的用户的线路长度和您一样,您会很容易被区分出来。

抱歉, Tor Project 不提供虚拟主机服务。

Tor 开发者没有追踪 Tor 用户的手段。 Tor 具有避免恶意用户破坏匿名性的保护措施,这些措施也阻止了我们追踪用户。

There are a few reasons we don't:

  1. We can't help but make the information available, since Tor clients need to use it to pick their paths. So if the "blockers" want it, they can get it anyway. Further, even if we didn't tell clients about the list of relays directly, somebody could still make a lot of connections through Tor to a test site and build a list of the addresses they see.
  2. If people want to block us, we believe that they should be allowed to do so. Obviously, we would prefer for everybody to allow Tor users to connect to them, but people have the right to decide who their services should allow connections from, and if they want to block anonymous users, they can.
  3. Being blockable also has tactical advantages: it may be a persuasive response to website maintainers who feel threatened by Tor. Giving them the option may inspire them to stop and think about whether they really want to eliminate private access to their system, and if not, what other options they might have. The time they might otherwise have spent blocking Tor, they may instead spend rethinking their overall approach to privacy and anonymity.

Even if your application is using the correct variant of the SOCKS protocol, there is still a risk that it could be leaking DNS queries. This problem happens in Firefox extensions that resolve the destination hostname themselves, for example to show you its IP address, what country it's in, etc. If you suspect your application might behave like this, follow the instructions below to check.

  1. Add TestSocks 1 to your torrc file.
  2. Start Tor, and point your program's SOCKS proxy settings to Tor's SOCKS5 server (socks5://127.0.0.1:9050 by default).
  3. Watch your logs as you use your application. For each socks connection, Tor will log a notice for safe connections, and a warn for connections leaking DNS requests.

If you want to automatically disable all connections leaking DNS requests, set SafeSocks 1 in your torrc file.

Tor 依靠全球用户和志愿者的支持来帮助我们改进我们的软件和资源,因此您的反馈对我们(以及所有 Tor 用户)都非常有价值。

反馈模板

给我们发送反馈或者报告程序问题时,请尽量包含以下信息,越多越好:

  • Operating System you are using
  • Tor 浏览器版本
  • Tor Browser Security Level
  • 请详细叙述您遇到问题的过程和步骤,以便于我们重新还原您遇到的问题。(比如,“我打开了浏览器,输入了一个网页地址,点击了图标,然后我的浏览器就崩溃了。”)
  • 一张有关该问题的截屏。
  • 日志文件

如何与我们联系

有多种方式可以联系我们,请选择对您来说最方便的一种。

GitLab

First, check if the bug is already known. You can search and read all the issues at https://gitlab.torproject.org/. To create a new issue, please request a new account to access Tor Project's GitLab instance and find the right repository to report your issue. We track all Tor Browser related issues at Tor Browser issue tracker. Issues related to our websites should be filed under the Web issue tracker.

电子邮件

给我们发送邮件至frontdesk@torproject.org

In the subject line of your email, please tell us what you're reporting. The more specific your subject line is (e.g. "Connection failure", "feedback on website", "feedback on Tor Browser, "I need a bridge"), the easier it will be for us to understand and follow up. Sometimes when we receive emails without subject lines, they're marked as spam and we don't see them.

For the fastest response, please write in English, Spanish, and/or Portuguese if you can. If none of these languages works for you, please write in any language you feel comfortable with, but keep in mind it will take us a bit longer to answer as we will need help with translation to understand it.

博客文章评论

You can always leave comments on the blog post related to the issue or feedback you want to report. If there is not a blog post related to your issue, please contact us another way.

IRC

You can find us in the #tor channel on OFTC to give us feedback or report bugs/issues. We may not respond right away, but we do check the backlog and will get back to you when we can.

Learn how to connect to OFTC servers.

邮件列表

For reporting issues or feedback using email lists, we recommend that you do so on the one that is related to what you would like to report. A complete directory of our mailing lists can be found here.

想要反馈或有关 Tor 浏览器、Tor 网络和 Tor 开发的其他项目的问题:tor-talk

想要反馈或有关我们网站的问题:ux

想要获得反馈或有关运行 Tor 中继服务器的问题: tor-relays

反馈有关 Tor 浏览器使用手册或支持网站的问题:tor-community-team

报告安全问题

如果您在我们的项目或基础设施里发现了问题,请发邮件至tor-security@lists.torproject.org。 如果您在 Tor或 Tor 浏览器里找到了安全漏洞,请报告给我们的漏洞悬赏项目. 如果您想要加密您的邮件,可以通过与tor-security-sendkey@lists.torproject.org联系或从pool.sks-keyservers.net获取列表的GPG公钥。 这是指纹:

  gpg --fingerprint tor-security@lists.torproject.org
  pub 4096R/1A7BF184 2017-03-13
  Key fingerprint = 8B90 4624 C5A2 8654 E453 9BC2 E135 A8B4 1A7B F184
  uid tor-security@lists.torproject.org
  uid tor-security@lists.torproject.org
  uid tor-security@lists.torproject.org
  sub 4096R/C00942E4 2017-03-13

保持联系

tor-project 频道是Tor的成员讨论和协调日常 Tor 工作的地方。它比 #tor 的成员数更少,但更专注于手头上的工作。我们也欢迎您加入这个频道。要想访问 #tor-project,您的昵称必须要注册并验证。

这是如何联系到 #tor-project和其他注册频道的方法。

注册您的昵称

  1. Log onto #tor. See How can I chat with Tor Project teams?

  2. 然后点击屏幕左上方的"Status"字样。

  3. In the window at the bottom of the page, type: /msg nickserv REGISTER yournewpassword youremailaddress

  4. 点击确定。

如果一切顺利,您会收到一条注册成功的信息。

系统可能会将您注册成您的昵称加上“_”,而不仅仅是您的昵称。

如果是这样的话,继续进行操作即可,但要牢记,您是“用户_”而不是“用户”。

每当您登入IRC时,为了验证您的注册昵称,请输入:

/nick yournick

/msg nickserv IDENTIFY YourPassWord

如何验证您的昵称

After registering your nickname, to gain access to the #tor-project and other protected channels, your nickname must be verified.

  1. Go to https://services.oftc.net/ and follow the steps in the 'To verify your account' section

  2. Go back to the IRC webpage where you are logged in and type:

    /msg nickserv checkverify

  3. Click ENTER.

  4. If all is well, you will receive a message that says:

*!NickServ*checkverify

Usermodechange: +R

!NickServ- Successfully set +R on your nick.
`

您的昵称验证成功!

现在,加入 #tor-project,您可以直接键入:

/join #tor-project 并点击确定。

您将会被允许进入频道。如果成功的话,祝贺您!

然而,如果您在某一步中遇到了问题,您可以在#tor channel中寻求帮助。

您可以通过点击IRC窗口左上方不同的频道名称,在频道之间来回切换。

如何登陆 IRC 并和 Tor 的贡献者实时对话:

  1. Enter in OFTC webchat.

  2. 在空白处填入:

    昵称:任何您想取的名字都可以,但要选取您每次使用 IRC 和 Tor 上的人交流时用的同样的昵称。如果您的昵称已经被人使用,您会收到系统的信息,并选择其他昵称。

    频道: #tor

  3. 点击确定

祝贺!您正在使用IRC。

几秒过后,您会自动进入 #tor,这是一个 Tor 的开发者,中继服务器运行者和其他社区成员的聊天室。这里也有些在 #tor 里的随机人员。

您可以在屏幕下方的空白条里输入问题。请您直接输入您的问题,不用输入其他无关内容。

人们也许可以立即做出回复,也可能有所延迟(有些人被列在频道上,但他们可能此刻不在电脑旁,而是记录下频道活动,之后再阅读)。

如果您想和某个特定的人聊天,请以他们的昵称作为您评论的开头,他们通常便会收到通知,告诉他们有个人正试图联系他们。

OFTC often doesn't allow people to use their webchat over Tor. For this reason, and because many people end up preferring it anyway, you should also consider using an IRC client.

Tor 依靠全球用户和志愿者的支持来帮助我们改进我们的软件和资源,因此您的反馈对我们(以及所有 Tor 用户)都非常有价值。

反馈模板

给我们发送反馈或者报告程序问题时,请尽量包含以下信息,越多越好:

  • Operating System you are using
  • Tor 浏览器版本
  • Tor Browser Security Level
  • 请详细叙述您遇到问题的过程和步骤,以便于我们重新还原您遇到的问题。(比如,“我打开了浏览器,输入了一个网页地址,点击了图标,然后我的浏览器就崩溃了。”)
  • 一张有关该问题的截屏。
  • 日志文件

如何与我们联系

有多种方式可以联系我们,请选择对您来说最方便的一种。

GitLab

First, check if the bug is already known. You can search and read all the issues at https://gitlab.torproject.org/. To create a new issue, please request a new account to access Tor Project's GitLab instance and find the right repository to report your issue. We track all Tor Browser related issues at Tor Browser issue tracker. Issues related to our websites should be filed under the Web issue tracker.

电子邮件

给我们发送邮件至frontdesk@torproject.org

In the subject line of your email, please tell us what you're reporting. The more specific your subject line is (e.g. "Connection failure", "feedback on website", "feedback on Tor Browser, "I need a bridge"), the easier it will be for us to understand and follow up. Sometimes when we receive emails without subject lines, they're marked as spam and we don't see them.

For the fastest response, please write in English, Spanish, and/or Portuguese if you can. If none of these languages works for you, please write in any language you feel comfortable with, but keep in mind it will take us a bit longer to answer as we will need help with translation to understand it.

博客文章评论

You can always leave comments on the blog post related to the issue or feedback you want to report. If there is not a blog post related to your issue, please contact us another way.

IRC

You can find us in the #tor channel on OFTC to give us feedback or report bugs/issues. We may not respond right away, but we do check the backlog and will get back to you when we can.

Learn how to connect to OFTC servers.

邮件列表

For reporting issues or feedback using email lists, we recommend that you do so on the one that is related to what you would like to report. A complete directory of our mailing lists can be found here.

想要反馈或有关 Tor 浏览器、Tor 网络和 Tor 开发的其他项目的问题:tor-talk

想要反馈或有关我们网站的问题:ux

想要获得反馈或有关运行 Tor 中继服务器的问题: tor-relays

反馈有关 Tor 浏览器使用手册或支持网站的问题:tor-community-team

报告安全问题

如果您在我们的项目或基础设施里发现了问题,请发邮件至tor-security@lists.torproject.org。 如果您在 Tor或 Tor 浏览器里找到了安全漏洞,请报告给我们的漏洞悬赏项目. 如果您想要加密您的邮件,可以通过与tor-security-sendkey@lists.torproject.org联系或从pool.sks-keyservers.net获取列表的GPG公钥。 这是指纹:

  gpg --fingerprint tor-security@lists.torproject.org
  pub 4096R/1A7BF184 2017-03-13
  Key fingerprint = 8B90 4624 C5A2 8654 E453 9BC2 E135 A8B4 1A7B F184
  uid tor-security@lists.torproject.org
  uid tor-security@lists.torproject.org
  uid tor-security@lists.torproject.org
  sub 4096R/C00942E4 2017-03-13

Debian 资料库

不. 不要使用Ubuntu universe提供的软件包! In the past they have not been reliably updated. That means you could be missing stability and security fixes. Instead, please use Tor Debian repository.

The Tor Project maintains its own Debian package repository. Since Debian provides the LTS version of Tor, this might not always give you the latest stable Tor version. Therefore, it's recommended to install tor from our repository.

如果您需要在您的基于 Debian 的系统中添加 Tor 软件包仓库,请遵循以下指示:

Note: The symbol # refers to running the code as root. This means you should have access to a user account with system administration privileges, e.g your user should be in the sudo group.

Prerequisite: Verify the CPU architecture

The package repository offers amd64, arm64, and i386 binaries. Verify your operating system is capable of running the binary by inspecting the output of the following commend:

  ‪# dpkg --print-architecture

It should output either amd64, arm64, or i386. The repository does not support other CPU architectures.

Note on Raspbian: The package repository does not offer 32-bit ARM architecture (armhf) images. You should either build Tor from source, or install the version Debian offers.

1. 安装 apt-transport-https

To enable all package managers using the libapt-pkg library to access metadata and packages available in sources accessible over https (Hypertext Transfer Protocol Secure).

   ‪# apt install apt-transport-https

2. Create a new file in /etc/apt/sources.list.d/ named tor.list. Add the following entries:

   deb     [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main
   deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main

If you want to try experimental packages, add these in addition to the lines from above (Note, use whatever is the current experimental version instead of 0.4.6.x from the example below):

   deb     [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-experimental-0.4.6.x-<DISTRIBUTION> main
   deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-experimental-0.4.6.x-<DISTRIBUTION> main

或是每晚构建:

   deb     [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-master-<DISTRIBUTION> main
   deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-master-<DISTRIBUTION> main

Replace <DISTRIBUTION> with your Operating System codename. Run lsb_release -c or cat /etc/debian_version to check the Operating System version.

Note: Ubuntu Focal dropped support for 32-bit, so instead use:

   deb     [arch=amd64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org focal main
   deb-src [arch=amd64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org focal main

Warning symptom, when running sudo apt update:

   Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://deb.torproject.org/torproject.org focal InRelease' doesn't support architecture 'i386'

3. Then add the gpg key used to sign the packages by running the following command at your command prompt:

   ‪# wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

4. 安装 tor 和 tor debian 密钥串

我们提供一个 Debian 软件包,以帮助您保持我们的密钥为最新状态。推荐您使用这个软件包。用下列命令安装它:

   ‪# apt update
   ‪# apt install tor deb.torproject.org-keyring

Yes, deb.torproject.org is also served through via an Onion Service: http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/

Note: The symbol # refers to running the code as root. This means you should have access to a user account with system administration privileges, e.g your user should be in the sudo group.

如需通过 Tor 使用apt,需要安装 apt 运载工具。

   ‪# apt install apt-transport-tor

Then you need to add the following entries to /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/:

   # 对于稳定版本。
   deb tor://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org <DISTRIBUTION> main

   # 对于不稳定版本。
   deb tor://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org tor-nightly-master-<DISTRIBUTION> main

Replace <DISTRIBUTION> with your Operating System codename. Run lsb_release -c or cat /etc/debian_version to check the Operating System version.

Now refresh your sources and try to install tor again:

   ‪# apt update
   ‪# apt install tor

Tor 的rpm软件包管理器

The Tor Project maintains its own RPM package repository for CentOS and RHEL and Fedora.

Note: The symbol # refers to be running the code as root. That means you should have access to a user account with system administration privileges, e.g your user should be in the sudo group.

Here's how you can enable Tor Package Repository for both CentOS and RHEL and Fedora:

1. Enable epel repository (only for CentOS and RHEL)

‪# dnf install epel-release -y

2. Add the following to /etc/yum.repos.d/tor.repo

For CentOS or RHEL:

[tor]
name=Tor for Enterprise Linux $releasever - $basearch
baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/centos/public_gpg.key
cost=100

对于 Fedora:

[tor]
name=Tor for Fedora $releasever - $basearch
baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/fedora/public_gpg.key
cost=100

3. Install the Tor package

Then you can install the latest Tor package.

‪# dnf install tor -y

首次使用时,你需要导入GPG公钥。

导入 GPG 公钥 0x3621CD35:
Userid     : "Kushal Das (RPM Signing key) <kushal@torproject.org>"
指纹:999E C8E3 14BC 8D46 022D 6C7D E217 C30C 3621 CD35
来自:https://rpm.torproject.org/fedora/public_gpg.key
Is this ok [y/N]: y

有关滥用的常见问题

很棒! 这就是我们实施出口政策的原因。

每个 Tor 中继拥有一条出口规则,用于指定允许或拒绝何种类型的出站连接通过该中继。 出口政策通过目录传送给 Tor 的客户,所以客户会自动避免挑选会拒绝退出到他们想要到达的目的地的出口中继服务器。 这样一来,每个中继服务器都可以决定服务,主人和它想让连接到达的网络,这些都基于滥用的可能性和它自身的状况。 Read the Support entry on issues you might encounter if you use the default exit policy, and then read Mike Perry's tips for running an exit node with minimal harassment.

默认的出口中继协议允许许多流行服务的获取权(如网页浏览),但出于滥用的潜在风险,限制了一些服务(如邮箱),还有一些是因为流量大小超出了 Tor 网络的承受范围(如默认文件共享端口)。 您可以通过编辑您的torrc文件来更改您自己的出口策略。 If you want to avoid most if not all abuse potential, set it to "reject *:*". 这个设置意味着您的中继服务器只会被用来中继 Tor 网络内部的通讯,而不是外部的网站连接或其他服务。

如果您确实允许任何出口连接,确保域名解析正常(也就是,您的电脑能正确解析网络地址)。 如果有任何您的计算机不能访问的资源(比如您被限制性防火墙或内容过滤器拦住了),请明确的在您的出口节点规定里驳回它们,否则其他 Tor 的用户也会被影响。

Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.

Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that.

Some advocates of anonymity explain that it's just a tradeoff — accepting the bad uses for the good ones — but there's more to it than that. Criminals and other bad people have the motivation to learn how to get good anonymity, and many have the motivation to pay well to achieve it. Being able to steal and reuse the identities of innocent victims (identity theft) makes it even easier. Normal people, on the other hand, don't have the time or money to spend figuring out how to get privacy online. This is the worst of all possible worlds.

So yes, criminals can use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.

Distributed denial of service (DDoS) attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don't require handshakes or coordination.

But because Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can't do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte that the Tor network will send to your destination. So in general, attackers who control enough bandwidth to launch an effective DDoS attack can do it just fine without Tor.

First of all, the default Tor exit policy rejects all outgoing port 25 (SMTP) traffic. So sending spam mail through Tor isn't going to work by default. It's possible that some relay operators will enable port 25 on their particular exit node, in which case that computer will allow outgoing mails; but that individual could just set up an open mail relay too, independent of Tor. In short, Tor isn't useful for spamming, because nearly all Tor relays refuse to deliver the mail.

Of course, it's not all about delivering the mail. Spammers can use Tor to connect to open HTTP proxies (and from there to SMTP servers); to connect to badly written mail-sending CGI scripts; and to control their botnets — that is, to covertly communicate with armies of compromised computers that deliver the spam.

This is a shame, but notice that spammers are already doing great without Tor. Also, remember that many of their more subtle communication mechanisms (like spoofed UDP packets) can't be used over Tor, because it only transports correctly-formed TCP connections.

Not much, in the grand scheme of things. The network has been running since October 2003, and it's only generated a handful of complaints. Of course, like all privacy-oriented networks on the net, it attracts its share of jerks. Tor's exit policies help separate the role of "willing to donate resources to the network" from the role of "willing to deal with exit abuse complaints", so we hope our network is more sustainable than past attempts at anonymity networks.

Since Tor has many good uses as well, we feel that we're doing pretty well at striking a balance currently.

If you run a Tor relay that allows exit connections (such as the default exit policy), it's probably safe to say that you will eventually hear from somebody. Abuse complaints may come in a variety of forms. For example:

  • Somebody connects to Hotmail, and sends a ransom note to a company. The FBI sends you a polite email, you explain that you run a Tor relay, and they say "oh well" and leave you alone. [Port 80]
  • Somebody tries to get you shut down by using Tor to connect to Google groups and post spam to Usenet, and then sends an angry mail to your ISP about how you're destroying the world. [Port 80]
  • Somebody connects to an IRC network and makes a nuisance of himself. Your ISP gets polite mail about how your computer has been compromised; and/or your computer gets DDoSed. [Port 6667]
  • Somebody uses Tor to download a Vin Diesel movie, and your ISP gets a DMCA takedown notice. See EFF's Tor DMCA Response Template, which explains why your ISP can probably ignore the notice without any liability. [Arbitrary ports]

Some hosting providers are friendlier than others when it comes to Tor exits. For a listing see the good and bad ISPs wiki.

For a complete set of template responses to different abuse complaint types, see the collection of templates. You can also proactively reduce the amount of abuse you get by following these tips for running an exit node with minimal harassment and running a reduced exit policy.

You might also find that your Tor relay's IP is blocked from accessing some Internet sites/services. This might happen regardless of your exit policy, because some groups don't seem to know or care that Tor has exit policies. (If you have a spare IP not used for other activities, you might consider running your Tor relay on it.) In general, it's advisable not to use your home internet connection to provide a Tor relay.

A collection of templates for successfully responding to ISPs is collected here.

Sometimes jerks make use of Tor to troll IRC channels. This abuse results in IP-specific temporary bans ("klines" in IRC lingo), as the network operators try to keep the troll off of their network.

This response underscores a fundamental flaw in IRC's security model: they assume that IP addresses equate to humans, and by banning the IP address they can ban the human. In reality, this is not the case — many such trolls routinely make use of the literally millions of open proxies and compromised computers around the Internet. The IRC networks are fighting a losing battle of trying to block all these nodes, and an entire cottage industry of blocklists and counter-trolls has sprung up based on this flawed security model (not unlike the antivirus industry). The Tor network is just a drop in the bucket here.

On the other hand, from the viewpoint of IRC server operators, security is not an all-or-nothing thing. By responding quickly to trolls or any other social attack, it may be possible to make the attack scenario less attractive to the attacker. And most individual IP addresses do equate to individual humans, on any given IRC network at any given time. The exceptions include NAT gateways which may be allocated access as special cases. While it's a losing battle to try to stop the use of open proxies, it's not generally a losing battle to keep klining a single ill-behaved IRC user until that user gets bored and goes away.

But the real answer is to implement application-level auth systems, to let in well-behaving users and keep out badly-behaving users. This needs to be based on some property of the human (such as a password they know), not some property of the way their packets are transported.

Of course, not all IRC networks are trying to ban Tor nodes. After all, quite a few people use Tor to IRC in privacy in order to carry on legitimate communications without tying them to their real-world identity. Each IRC network needs to decide for itself if blocking a few more of the millions of IPs that bad people can use is worth losing the contributions from the well-behaved Tor users.

If you're being blocked, have a discussion with the network operators and explain the issues to them. They may not be aware of the existence of Tor at all, or they may not be aware that the hostnames they're klining are Tor exit nodes. If you explain the problem, and they conclude that Tor ought to be blocked, you may want to consider moving to a network that is more open to free speech. Maybe inviting them to #tor on irc.oftc.net will help show them that we are not all evil people.

Finally, if you become aware of an IRC network that seems to be blocking Tor, or a single Tor exit node, please put that information on The Tor IRC block tracker so that others can share. At least one IRC network consults that page to unblock exit nodes that have been blocked inadvertently.

Even though Tor isn't useful for spamming, some over-zealous blocklisters seem to think that all open networks like Tor are evil — they attempt to strong-arm network administrators on policy, service, and routing issues, and then extract ransoms from victims.

If your server administrators decide to make use of these blocklists to refuse incoming mail, you should have a conversation with them and explain about Tor and Tor's exit policies.

We're sorry to hear that. There are some situations where it makes sense to block anonymous users for an Internet service. But in many cases, there are easier solutions that can solve your problem while still allowing users to access your website securely.

First, ask yourself if there's a way to do application-level decisions to separate the legitimate users from the jerks. For example, you might have certain areas of the site, or certain privileges like posting, available only to people who are registered. It's easy to build an up-to-date list of Tor IP addresses that allow connections to your service, so you could set up this distinction only for Tor users. This way you can have multi-tiered access and not have to ban every aspect of your service.

For example, the Freenode IRC network had a problem with a coordinated group of abusers joining channels and subtly taking over the conversation; but when they labeled all users coming from Tor nodes as "anonymous users", removing the ability of the abusers to blend in, the abusers moved back to using their open proxies and bot networks.

Second, consider that hundreds of thousands of people use Tor every day simply for good data hygiene — for example, to protect against data-gathering advertising companies while going about their normal activities. Others use Tor because it's their only way to get past restrictive local firewalls. Some Tor users may be legitimately connecting to your service right now to carry on normal activities. You need to decide whether banning the Tor network is worth losing the contributions of these users, as well as potential future legitimate users. (Often people don't have a good measure of how many polite Tor users are connecting to their service — you never notice them until there's an impolite one.)

At this point, you should also ask yourself what you do about other services that aggregate many users behind a few IP addresses. Tor is not so different from AOL in this respect.

Lastly, please remember that Tor relays have individual exit policies. Many Tor relays do not allow exiting connections at all. Many of those that do allow some exit connections might already disallow connections to your service. When you go about banning nodes, you should parse the exit policies and only block the ones that allow these connections; and you should keep in mind that exit policies can change (as well as the overall list of nodes in the network).

If you really want to do this, we provide a Tor exit relay list or a DNS-based list you can query.

(Some system administrators block ranges of IP addresses because of official policy or some abuse pattern, but some have also asked about allowing Tor exit relays because they want to permit access to their systems only using Tor. These scripts are usable for allowlisting as well.)

Tor 开发者没有追踪 Tor 用户的手段。 The same protections that keep bad people from breaking Tor's anonymity also prevent us from figuring out what's going on.

Some fans have suggested that we redesign Tor to include a backdoor. There are two problems with this idea. First, it technically weakens the system too far. Having a central way to link users to their activities is a gaping hole for all sorts of attackers; and the policy mechanisms needed to ensure correct handling of this responsibility are enormous and unsolved. Second, the bad people aren't going to get caught by this anyway, since they will use other means to ensure their anonymity (identity theft, compromising computers and using them as bounce points, etc).

This ultimately means that it is the responsibility of site owners to protect themselves against compromise and security issues that can come from anywhere. This is just part of signing up for the benefits of the Internet. You must be prepared to secure yourself against the bad elements, wherever they may come from. Tracking and increased surveillance are not the answer to preventing abuse.

But remember that this doesn't mean that Tor is invulnerable. Traditional police techniques can still be very effective against Tor, such as investigating means, motive, and opportunity, interviewing suspects, writing style analysis, technical analysis of the content itself, sting operations, keyboard taps, and other physical investigations. The Tor Project is also happy to work with everyone including law enforcement groups to train them how to use the Tor software to safely conduct investigations or anonymized activities online.

The Tor Project does not host, control, nor have the ability to discover the owner or location of a .onion address. The .onion address is an address from an onion service. The name you see ending in .onion is an onion service descriptor. It's an automatically generated name which can be located on any Tor relay or client anywhere on the Internet. Onion services are designed to protect both the user and service provider from discovering who they are and where they are from. The design of onion services means the owner and location of the .onion site is hidden even from us.

But remember that this doesn't mean that onion services are invulnerable. Traditional police techniques can still be very effective against them, such as interviewing suspects, writing style analysis, technical analysis of the content itself, sting operations, keyboard taps, and other physical investigations.

If you have a complaint about child abuse materials, you may wish to report it to the National Center for Missing and Exploited Children, which serves as a national coordination point for investigation of child pornography: http://www.missingkids.com/. We do not view links you report.

我们严肃对待滥用。 Activists and law enforcement use Tor to investigate abuse and help support survivors. We work with them to help them understand how Tor can help their work. In some cases, technological mistakes are being made and we help to correct them. Because some people in survivors' communities embrace stigma instead of compassion, seeking support from fellow victims requires privacy-preserving technology.

Our refusal to build backdoors and censorship into Tor is not because of a lack of concern. We refuse to weaken Tor because it would harm efforts to combat child abuse and human trafficking in the physical world, while removing safe spaces for victims online. Meanwhile, criminals would still have access to botnets, stolen phones, hacked hosting accounts, the postal system, couriers, corrupt officials, and whatever technology emerges to trade content. They are early adopters of technology. In the face of this, it is dangerous for policymakers to assume that blocking and filtering is sufficient. We are more interested in helping efforts to halt and prevent child abuse than helping politicians score points with constituents by hiding it. The role of corruption is especially troubling; see this United Nations report on The Role of Corruption in Trafficking in Persons.

Finally, it is important to consider the world that children will encounter as adults when enacting policy in their name. Will they thank us if they are unable to voice their opinions safely as adults? What if they are trying to expose a failure of the state to protect other children?

Tor 指数

We actually don't count users, but we count requests to the directories that clients make periodically to update their list of relays and estimate number of users indirectly from there.

No, but we can see what fraction of directories reported them, and then we can extrapolate the total number in the network.

We put in the assumption that the average client makes 10 such requests per day. A tor client that is connected 24/7 makes about 15 requests per day, but not all clients are connected 24/7, so we picked the number 10 for the average client. We simply divide directory requests by 10 and consider the result as the number of users. Another way of looking at it, is that we assume that each request represents a client that stays online for one tenth of a day, so 2 hours and 24 minutes.

Average number of concurrent users, estimated from data collected over a day. We can't say how many distinct users there are.

No, the relays that report these statistics aggregate requests by country of origin and over a period of 24 hours. The statistics we would need to gather for the number of users per hour would be too detailed and might put users at risk.

Then we count those users as one. We really count clients, but it's more intuitive for most people to think of users, that's why we say users and not clients.

No, because that user updates their list of relays as often as a user that doesn't change IP address over the day.

The directories resolve IP addresses to country codes and report these numbers in aggregate form. This is one of the reasons why tor ships with a GeoIP database.

Very few bridges report data on transports or IP versions yet, and by default we consider requests to use the default OR protocol and IPv4. Once more bridges report these data, the numbers will become more accurate.

Relays and bridges report some of the data in 24-hour intervals which may end at any time of the day.
And after such an interval is over relays and bridges might take another 18 hours to report the data.
We cut off the last two days from the graphs, because we want to avoid that the last data point in a graph indicates a recent trend change which is in fact just an artifact of the algorithm.

The reason is that we publish user numbers once we're confident enough that they won't change significantly anymore. But it's always possible that a directory reports data a few hours after we were confident enough, but which then slightly changed the graph.

We do have descriptor archives from before that time, but those descriptors didn't contain all the data we use to estimate user numbers. Please find the following tarball for more details:

Tarball

For direct users, we include all directories which we didn't do in the old approach. We also use histories that only contain bytes written to answer directory requests, which is more precise than using general byte histories.

Oh, that's a whole different story. We wrote a 13 page long technical report explaining the reasons for retiring the old approach.
tl;dr: in the old approach we measured the wrong thing, and now we measure the right thing.

We run an anomaly-based censorship-detection system that looks at estimated user numbers over a series of days and predicts the user number in the next days. If the actual number is higher or lower, this might indicate a possible censorship event or release of censorship. For more details, see our technical report.

Little-t-tor

Attention: These instructions are to verify the tor source code. Please follow the right instructions to verify Tor Browser's signature.

数字签名是一个确保某个包由其开发人员生成并且未被篡改的过程。 Below we explain why it is important and how to verify that the tor source code you download is the one we have created and has not been modified by some attacker.

Each file on our download page is accompanied by a file labelled "sig" with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures. 它们允许你验证你下载的文件正是我们希望你获取的文件。 This will vary by web browser, but generally you can download this file by right-clicking the "sig" link and selecting the "save file as" option.

For example, tor-0.4.6.7.tar.gz is accompanied by tor-0.4.6.7.tar.gz.asc. These are example file names and will not exactly match the file names that you download.

我们现在展示如何在不同的操作系统上验证下载文件的数字签名。 请注意数字签名是标注该包被签名的时间。 因此,每个新文件上传时,都会生成具有不同日期的新签名。 只要您验证了签名,就不必担心报告的日期可能有所不同。

正在安装 GnuPG

首先你需要安装GnuPG才能验证签名。

对于 Windows 的用户:

如果您使用 Windows, 下载 Gpg4win并运行其安装包。

为了验证签名,您需要在 Windows 命令行(“cmd.exe")中输入一些命令。

对于 macOS 的用户:

如果您正在使用 macOS,您可以安装 GPGTools

为了验证签名,您需要在(“应用程序”下的)终端中输入一些命令

对于 GNU/Linux 的用户:

如果你使用 GNU/Linux,那么可能在你的系统中已经安装了 GnuPG,因为大多数 Linux 发行版都预装了它。

In order to verify the signature you will need to type a few commands in a terminal window. How to do this will vary depending on your distribution.

正在提取 Tor 开发者密钥

Roger Dingledine (0xEB5A896A28988BF5 and 0xC218525819F78451), Nick Mathewson (0xFE43009C4607B1FB) sign Tor source tarballs.

Fetching Nick Mathewson most recent key:

‪$ gpg --auto-key-locate nodefault,wkd --locate-keys nickm@torproject.org

这会向您展示像这样的内容:

gpg: key FE43009C4607B1FB: public key "Nick Mathewson <nickm@torproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2016-09-21 [C] [expires: 2025-10-04]
      2133BC600AB133E1D826D173FE43009C4607B1FB
‪uid           [ unknown] Nick Mathewson <nickm@torproject.org>
sub   rsa4096 2016-09-23 [S] [expires: 2025-10-04]
sub   rsa4096 2016-09-23 [E] [expires: 2025-10-04]

If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work. You might be able to import the key using the Workaround (using a public key) section instead.

After importing the key, you can save it to a file (identifying it by its fingerprint here):

‪$ gpg --output ./tor.keyring --export 0x2133BC600AB133E1D826D173FE43009C4607B1FB

This command results in the key being saved to a file found at the path ./tor.keyring, i.e. in the current directory. If ./tor.keyring doesn't exist after running this command, something has gone wrong and you cannot continue until you've figured out why this didn't work.

验证签名

为了验证你下载的包的签名,除了安装文件本身,你还需要下载相应的“.asc”签名文件,并用一个命令让 GnuPG 验证你下载的文件。

下面的例子假设你已经下载了这样的两个文件到你的"下载"文件夹。 Note that these commands use example file names and yours will be different: you will have downloaded a different version than 9.0 and you may not have chosen the English (en-US) version.

对于 Windows 的用户:

gpgv --keyring .\tor.keyring Downloads\tor-0.4.6.7.tar.gz.asc Downloads\tor-0.4.6.7.tar.gz

对于 macOS 的用户:

gpgv --keyring ./tor.keyring ~/Downloads/tor-0.4.6.7.tar.gz.asc ~/Downloads/tor-0.4.6.7.tar.gz

对于 GNU/Linux 的用户:

gpgv --keyring ./tor.keyring ~/Downloads/tor-0.4.6.7.tar.gz.asc ~/Downloads/tor-0.4.6.7.tar.gz

命令的结果应该与以下输出相似的内容:

gpgv: Signature made Mon 16 Aug 2021 04:44:27 PM -03
gpgv:                using RSA key 7A02B3521DC75C542BA015456AFEE6D49E92B601
‪gpgv: Good signature from "Nick Mathewson <nickm@torproject.org>"

If you get error messages containing 'No such file or directory', either something went wrong with one of the previous steps, or you forgot that these commands use example file names and yours will be a little different.

更多操作(使用公钥)

如果您遇到了无法解决的问题,不妨下载并使用这个公钥来代替。或者,您还可以使用以下指令:

‪$ curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

Nick Mathewson key is also available on keys.openpgp.org and can be downloaded from https://keys.openpgp.org/vks/v1/by-fingerprint/2133BC600AB133E1D826D173FE43009C4607B1FB.

If you're using macOS or GNU/Linux, the key can also be fetched by running the following command:

‪$ gpg --keyserver keys.openpgp.org --search-keys nickm@torproject.org

你也许会想了解更多关于 GnuPG

Alternate Designs We Don't Do (Yet)

This would be handy for a number of reasons: It would make Tor better able to handle new protocols like VoIP. It could solve the whole need to socksify applications. Exit relays would also not need to allocate a lot of file descriptors for all the exit connections.

We're heading in this direction. Some of the hard problems are:

  1. IP packets reveal OS characteristics. We would still need to do IP-level packet normalization, to stop things like TCP fingerprinting attacks. Given the diversity and complexity of TCP stacks, along with device fingerprinting attacks, it looks like our best bet is shipping our own user-space TCP stack.

  2. Application-level streams still need scrubbing. We will still need user-side applications like Torbutton. So it won't become just a matter of capturing packets and anonymizing them at the IP layer.

  3. Certain protocols will still leak information. For example, we must rewrite DNS requests so they are delivered to an unlinkable DNS server rather than the DNS server at a user's ISP; thus, we must understand the protocols we are transporting.

  4. DTLS (datagram TLS) basically has no users, and IPsec sure is big. Once we've picked a transport mechanism, we need to design a new end-to-end Tor protocol for avoiding tagging attacks and other potential anonymity and integrity issues now that we allow drops, resends, et cetera.

  5. Exit policies for arbitrary IP packets mean building a secure Intrusion Detection System (IDS). Our node operators tell us that exit policies are one of the main reasons they're willing to run Tor. Adding an IDS to handle exit policies would increase the security complexity of Tor, and would likely not work anyway, as evidenced by the entire field of IDS and counter-IDS papers. Many potential abuse issues are resolved by the fact that Tor only transports valid TCP streams (as opposed to arbitrary IP including malformed packets and IP floods.) Exit policies become even more important as we become able to transport IP packets. We also need to compactly describe exit policies in the Tor directory, so clients can predict which nodes will allow their packets to exit. Clients also need to predict all the packets they will want to send in a session before picking their exit node!

  6. The Tor-internal name spaces would need to be redesigned. We support onion service ".onion" addresses by intercepting the addresses when they are passed to the Tor client. Doing so at the IP level will require a more complex interface between Tor and the local DNS resolver.

Requiring every Tor user to be a relay would help with scaling the network to handle all our users, and running a Tor relay may help your anonymity. However, many Tor users cannot be good relays — for example, some Tor clients operate from behind restrictive firewalls, connect via modem, or otherwise aren't in a position where they can relay traffic. Providing service to these clients is a critical part of providing effective anonymity for everyone, since many Tor users are subject to these or similar constraints and including these clients increases the size of the anonymity set.

That said, we do want to encourage Tor users to run relays, so what we really want to do is simplify the process of setting up and maintaining a relay. We've made a lot of progress with easy configuration in the past few years: Tor is good at automatically detecting whether it's reachable and how much bandwidth it can offer.

There are four steps we need to address before we can do this though:

  • First, we still need to get better at automatically estimating the right amount of bandwidth to allow. It might be that switching to UDP transport is the simplest answer here — which alas is not a very simple answer at all.

  • Second, we need to work on scalability, both of the network (how to stop requiring that all Tor relays be able to connect to all Tor relays) and of the directory (how to stop requiring that all Tor users know about all Tor relays). Changes like this can have large impact on potential and actual anonymity. See Section 5 of the Challenges paper for details. Again, UDP transport would help here.

  • Third, we need to better understand the risks from letting the attacker send traffic through your relay while you're also initiating your own anonymized traffic. Three different research papers describe ways to identify the relays in a circuit by running traffic through candidate relays and looking for dips in the traffic while the circuit is active. These clogging attacks are not that scary in the Tor context so long as relays are never clients too. But if we're trying to encourage more clients to turn on relay functionality too (whether as bridge relays or as normal relays), then we need to understand this threat better and learn how to mitigate it.

  • Fourth, we might need some sort of incentive scheme to encourage people to relay traffic for others, and/or to become exit nodes. Here are our current thoughts on Tor incentives.

Please help on all of these!

No, you cannot trust the network to pick the path. Malicious relays could route you through their colluding friends. This would give an adversary the ability to watch all of your traffic end to end.

It would be nice to let relay operators say things like reject www.slashdot.org in their exit policies, rather than requiring them to learn all the IP address space that could be covered by the site (and then also blocking other sites at those IP addresses).

There are two problems, though. First, users could still get around these blocks. For example, they could request the IP address rather than the hostname when they exit from the Tor network. This means operators would still need to learn all the IP addresses for the destinations in question.

The second problem is that it would allow remote attackers to censor arbitrary sites. For example, if a Tor operator blocks www1.slashdot.org, and then some attacker poisons the Tor relay's DNS or otherwise changes that hostname to resolve to the IP address for a major news site, then suddenly that Tor relay is blocking the news site.