Tor 浏览器

警告: 千万不要遵循任何让你手动编辑你的 torrc 文件的建议/教程!!! 这样做会使攻击者通过对 torrc 的恶意配置来破坏您的安全性和匿名性。

Tor uses a text file called torrc that contains configuration instructions for how Tor should behave. The default configuration should work fine for most Tor users (hence the warning above.)

To find your Tor Browser torrc, follow the instructions for your operating system below.

运行于 Windows 或 Linux:

  • The torrc is in the Tor Browser Data directory at Browser/TorBrowser/Data/Tor inside your Tor Browser directory.

运行于macOS:

  • The torrc is in the Tor Browser Data directory at ~/Library/Application Support/TorBrowser-Data/Tor.
  • 注意库文件夹在新版的macOS中是被隐藏的。在访达中访问这个文件夹,需要选择”前往“菜单中的”前往文件夹...“。
  • Then type "~/Library/Application Support/" in the window and click Go.

在修改您的torrc之前关闭Tor 浏览器,否则Tor 浏览器可能会擦除您的修改。 Some options will have no effect as Tor Browser overrides them with command line options when it starts Tor.

Have a look at the sample torrc file for hints on common configurations. For other configuration options you can use, see the Tor manual page. 记住,在torrc中所有以“#”开头的行都会被视为注释并且不会影响Tor的配置。

它们的名字很具有误导性,但“隐身模式”(或隐私模式)无法让你在互联网上匿名化。 它们在你关闭浏览器后删除你计算机上所有与你的浏览会话相关的信息,但是它们在隐匿你的网络痕迹方面毫无作为。 这表示一个窃听者可以和任何普通浏览器一样获取你的网络通信流量。

Tor Browser offers all the amnesic features of private tabs while also hiding the source IP, browsing habits and details about a device that can be used to fingerprint activity across the web, allowing for a truly private browsing session that's fully obfuscated from end-to-end.

For more information regarding the limitations of Incognito mode and private tabs, see Mozilla's article on Common Myths about Private Browsing.

我们强烈不推荐把 Tor 和 Tor 浏览器以外的浏览器搭配使用。 在其它浏览器中使用 Tor 可能会使你置于没有 Tor 浏览器提供的隐私保护的风险中。

Tor 浏览器可以帮助人们访问所在地区被封锁的网站。 大多数时候,只需下载 Tor 浏览器,您就可以使用它去访问被屏蔽的网站。 在被严重监视的地区,我们提供许多规避监管的选项,譬如 可插拔传输

参阅 Tor 浏览器用户手册 关于 审查 的章节获得更多信息。

Sometimes websites will block Tor users because they can't tell the difference between the average Tor user and automated traffic. The best success we've had in getting sites to unblock Tor users is getting users to contact the site administrators directly. Something like this might do the trick:

"Hi! I tried to access your site xyz.com while using Tor Browser and discovered that you don't allow Tor users to access your site. I urge you to reconsider this decision; Tor is used by people all over the world to protect their privacy and fight censorship. By blocking Tor users, you are likely blocking people in repressive countries who want to use a free internet, journalists and researchers who want to protect themselves from discovery, whistleblowers, activists, and ordinary people who want to opt out of invasive third party tracking. Please take a strong stance in favor of digital privacy and internet freedom, and allow Tor users access to xyz.com. Thank you."

In the case of banks, and other sensitive websites, it is also common to see geography-based blocking (if a bank knows you generally access their services from one country, and suddenly you are connecting from an exit relay on the other side of the world, your account may be locked or suspended).

If you are unable to connect to an onion service, please see I cannot reach X.onion!

你当然可以在使用 Tor 浏览器时使用其它的浏览器。 不过你应该清楚其他浏览器不能提供和 Tor 浏览器一样的隐私保护。 不过在切换浏览器时要多加小心,你也许会不小心在普通浏览器里执行要在 Tor 浏览器中执行的操作。

You can set Proxy IP address, port, and authentication information in Tor Browser's Network Settings. If you're using Tor another way, check out the HTTPProxy and HTTPSProxy config options in the manual page, and modify your torrc file accordingly. You will need an HTTP proxy for doing GET requests to fetch the Tor directory, and you will need an HTTPS proxy for doing CONNECT requests to get to Tor relays. (It's fine if they're the same proxy.) Tor also recognizes the torrc options Socks4Proxy and Socks5Proxy.

Also, read up on the HTTPProxyAuthenticator and HTTPSProxyAuthenticator options if your proxy requires auth. We only support basic auth currently, but if you need NTLM authentication, you may find this post in the archives useful.

If your proxies only allow you to connect to certain ports, look at the entry on Firewalled clients for how to restrict what ports your Tor will try to access.

Please see the Installation section in the Tor Browser Manual.

Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.

In general, this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by its rightful owner.

Even though this may be a byproduct of using the service via Tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory, only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.

And if somebody did steal your google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor Browser, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

More recently, Gmail users can turn on 2-Step Verification on their accounts to add an extra layer of security.

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.

When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.

如果您真的想看英文版的 Google,你可以点击提供此内容的链接。不过我们认为这是 Tor 的一项特性,而不是漏洞——互联网并非处处相同,实际上,根据您所在的位置,它看上去确实有所不同。 此功能使人们想起了这一事实。

Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. On a query this looks like:

https://encrypted.google.com/search?q=online%20anonymity&hl=en

Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on.

Tor Browser is built using Firefox ESR, so errors regarding Firefox may occur. 请确认你只有一个 Tor 浏览器在运行并且你的 Tor 浏览器安装在一个有正确权限的文件夹里。 If you are running an anti-virus, please see My antivirus/malware protection is blocking me from accessing Tor Browser, it is common for anti-virus / anti-malware software to cause this type of issue.

Tor 浏览器6.0.6及之后版本使用 DuckDuckGo 作为内置搜索引擎。 我们以前在 Tor 浏览器使用的 Disconnect 已经不能再从 Google 获得搜索结果。 虽然 Disconnect 是一个允许用户使用不同的搜索提供商的元搜索引擎,它使用 Bing 作为后备,而 Bing 的搜索结果质量并不理想。

Tor 浏览器中,每一个新的羽毛会分配到一条独立的链路。 The Design and Implementation of Tor Browser document further explains the thinking behind this design.

Tor 浏览器是为和 Tor 一起使用而定制的 Firefox 。 Tor 浏览器做了很多工作,例如加入强化隐私和安全的补丁。 虽然你可以同时使用 Tor 浏览器和其他的浏览器,但是同时使用其他浏览器会暴露你的身份信息。我们强烈建议您不要使用其他浏览器。 Learn more about the design of Tor Browser.

有时重度依赖 JavaScript 的网站无法在 Tor 浏览器中正确运作, The simplest fix is to click on the Security icon (the small gray shield at the top-right of the screen), then click "Advanced Security Settings..." 把安全等级设置为“标准”。

使用 Tor 浏览器时,没人能看见你在浏览的网站。 不过你的网络提供商或网络管理员也许可以发现你在使用 Tor,但他们无法知道你浏览的具体网站。

We want everyone to be able to enjoy Tor Browser in their own language. Tor Browser is now available in 30 different languages, and we are working to add more. Want to help us translate? Become a Tor translator!

You can also help us in testing the next languages we will release, by installing and testing Tor Browser Alpha releases.

我们不建议运行多个 Tor 浏览器实例,在很多平台中这样做可能会导致运行不正常。

十分不幸,有些网站要求 Tor 用户填写验证码,我们对此无能为力。 最有效的方法往往是联系网站管理员,告诉他们验证码给像你一样的用户带来的不便。

因为禁用 JavaScript 会让很多网站无法工作, Tor 浏览器内置的 NoScript 默认允许 JavaScript。 默认禁用 JavaScript 造成的不便过于严重,也许会让大多数用户直接放弃使用 Tor 。 原则上来说,我们不仅想让 Tor 浏览器尽可能安全,还想让大多数人都可以使用。所以按照目前状态, Tor 浏览器会继续默认启用 JavaScript。

For users who want to have JavaScript disabled on all HTTP sites by default, we recommend changing your Tor Browser's "Security Level" option. This can be done by navigating the Security icon (the small gray shield at the top-right of the screen), then clicking "Advanced Security Settings...". The "Standard" level allows JavaScript, but the "Safer" and "Safest" levels both block JavaScript on HTTP sites.

运行 Tor 浏览器不会使你成为网络中的一个中继节点。 这意味着你的电脑不会用于中继其他人的流量。 If you'd like to become a relay, please see our Tor Relay Guide.

目前没有设置 Tor 浏览器为默认浏览器的方法。 Tor 浏览器做了大量工作使它和你的操作系统的其他部分相互隔离,以及设置为默认浏览器的过程并不可靠。 This means sometimes a website would load in the Tor Browser, and sometimes it would load in another browser. This type of behavior can be dangerous and break anonymity.

Tor 浏览器目前在 WindowsLinuxmacOS上可用。

Tor 浏览器有一个适用于[安卓](https://www.torproject.org/download/#android)的版本,[The Guardian Project](https://guardianproject.info)也提供了应用 [Orbot](https://play.google.com/store/apps/details?id=org.torproject.android),以通过 Tor 网络在 Android 设备上路由其他应用。

Tor 还没有官方的 iOS 版本,但是我们推荐Onion Browser

Tor 浏览器会让你的网络活动看起来像是来自于世界各个不同地区的网络连接。 有时候某些像是银行或电子邮件服务的网站会认为您的帐号被他人盗用了,因此自动将您的帐号锁定。

要解决此情况的唯一方式是利用网站服务提供的帐号恢复功能,或直接向该网站服务的提供业者说明您的情况。

如果你所使用服务的提供商支持比基于 IP 的验证更安全的双因素认证选项的话,你也许能规避这种场景。 联系你的服务提供商询问它们有没有支持双因素验证。

Tor 浏览器防止人们获知您访问过的网站。 有些机构,例如您的互联网服务提供商,也许会知道您正在使用 Tor 。不过他们将不会知晓您正在使用 Tor 做些什么。

Tor 浏览器有两种方法改变你的中继线路 —— “新身份”和“为该站点使用新 Tor 线路”。

两个选项都在菜单中,你也可以从地址栏的网站信息菜单中选择“新的 Tor 线路”选项。

新身份

这个选项在你不想让你接下来的浏览活动和以前的关联时会很有用。

运行此功能将会关闭所有已经打开的浏览器窗口及标签页,清除所有的浏览器 Cookie 与历史记录等个人信息,并且为后续所有的网络连接创建新的洋葱路由回路。

Tor 浏览器会提示你所有的活动和下载会被终止,在你点击“新身份”时考虑这一点。

Tor Browser Menu

为此站点使用新 Tor 线路

这个选项在出口节点无法访问你请求的网站或显示不正常时会有用。 选择它会在新的 Tor 线路上加载当前标签页。

在其它标签或窗口打开的相同的网站会在重新加载后使用新的线路。

这个选项不会清除任何私密信息或者取消关联你的活动,也不会影响你当前与其它网站的连接。

New Circuit for this Site

Please see the HTTPS Everywhere FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.

Please see the NoScript FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.

Please see the DuckDuckGo support portal. If you believe this is a Tor Browser issue, please report it on our bug tracker.

DuckDuckGo is the default search engine in Tor Browser. DuckDuckGo does not track its users nor does it store any data about user searches. Learn more about DuckDuckGo privacy policy.

使用 Tor 浏览器有时会比其他浏览器慢。 The Tor network has over a million daily users, and just over 6000 relays to route all of their traffic, and the load on each server can sometimes cause latency. And, by design, your traffic is bouncing through volunteers' servers in various parts of the world, and some bottlenecks and network latency will always be present. 您可以通过[运行您自己的中继](https://community.torproject.org/relay/)或鼓励他人这样做来帮助提高网络速度。 For the much more in-depth answer, see Roger's blog post on the topic and Tor's Open Research Topics: 2018 edition about Network Performance. 也就是说, Tor 比以前快的多了,你未必会注意到和其它浏览器相比的速度变化。

当 Tor 浏览器第一次连接到网络时,点击窗口下方的“复制 Tor 日志到剪贴板”按钮。 If Tor Browser is already open, click on the Torbutton icon (the small gray onion at the top-right of the screen), then "Tor Network Settings", then "Copy Tor Log To Clipboard". 当你复制了日志以后,你就可以粘贴到文字编辑器或邮件客户端中里。

造成 Tor 浏览器连接失败的最常见的问题之一是系统时间设置错误。 请确认你的时钟,日期和时区设置正确。 如果这个问题还没有被解决,请查看位于 Tor 浏览器用户手册 的故障排查界面。

这是 Tor 的正常操作。 你连接的中继回路中的第一个节点通常被称为“入口节点”或是“中转节点"。 它是一个快速且稳定的节点,并且将会在您的中继回路中维持两到三个月,用来抵挡破解匿名攻击。 其余的中继会在你每次访问新网站时改变,这三个 Tor 中继会一起提供完整的隐私保护。 For more information on how guard relays work, see this blog post and paper on entry guards.

你所用的网络可能存在封锁,因此你应该试试使用桥。 有一些网桥是 Tor 浏览器内置的,在第一次启动 Tor 浏览器时你可以通过点击 Tor Launcher 中的“设置”(并遵循提示)来使用这些网桥。 如果您需要其他的桥接,你可以从桥接网站 上查询。 关于网桥的更多信息请参阅 Tor 浏览器用户手册

抱歉,我们没有官方支持 *BSD 系统上的 Tor 浏览器。 There is something called the TorBSD project, but their Tor Browser is not officially supported.

如果您同时使用 Tor 浏览器和其他浏览器,这不会影响 Tor 的安全性和私密性。 但请注意,其他浏览器不能让您的活动保持私密,您可能会错误地使用非私密浏览器来执行您在 Tor 浏览器中的操作。

强烈不推荐自行修改 Tor 线路。 让 Tor 选择路由会给你带来最高的安全性,修改中继节点可能会破坏你的匿名性。 如果你只想访问只在某些国家或地区提供的服务,你可能更应该去使用 VPN 而不是 Tor。 请注意,VPN 和 Tor 在隐私属性上是有区别的,但是 VPN 可以解决一些区域限制问题。

很不幸,我们目前还没有 Chrome OS 版本的 Tor。 You could run Tor Browser for Android on Chrome OS. Note that by using Tor Mobile on Chrome OS, you will view the mobile (not desktop) versions of websites. However, because we have not audited the app in Chrome OS, we don't know if all the privacy features of Tor Browser for Android will work well.

强烈建议不要在 Tor 浏览器上安装新的附加组件,因为这可能会损害你的隐私和安全。

安装新的拓展可能会意外影响 Tor 浏览器,并使得您的 Tor 浏览器的浏览器指纹变得独一无二。 如果您的 Tor 浏览器副本拥有独特标记,您的浏览活动可以被反匿名并被追踪,即使您正在使用 Tor 浏览器。

简单来说,所有浏览器的设置与特性都会创造一个叫“浏览器指纹”的东西。 大多数浏览器不经意间为每一个用户创建独一无二的浏览器指纹,那可以被用来在全网追踪该用户。 Tor 浏览器经过特殊设计来使得所有用户拥有近乎相同的浏览器指纹(人无完人!)。 这意味着每一个 Tor 浏览器用户看起来都跟其他 Tor 浏览器用户一样,使得追踪一个单独的用户变得困难。

新的插件也有可能增加Tor 浏览器遭到攻击的几率。 这可能会允许敏感信息被泄露或允许攻击者感染 Tor 浏览器。 插件本身可能就被恶意设计用于监控您。

Tor Browser already comes installed with two add-ons — HTTPS Everywhere and NoScript — and adding anything else could deanonymize you.

想要了解更多有关浏览痕迹?在 Tor 博客中有一篇文章介绍了所有有关它的内容。

只有 Tor 浏览器的流量会通过 Tor 网络传输。 你操作系统上的其他程序(包括其他的浏览器)的连接不会使用 Tor 网络,也不会被保护。 需要单独配置来使用 Tor。 If you need to be sure that all traffic will go through the Tor network, take a look at the Tails live operating system which you can start on almost any computer from a USB stick or a DVD.

Flash在Tor 浏览器中被关闭,并且我们推荐您不要打开它。 我们认为 Flash 在任何浏览器上都是是极不安全的 —— 它可以轻易盗取你的个人信息或者给你安装恶意软件。 幸运的是,大多数网站、设备,还有其它浏览器都正在淘汰 Flash。

你下载或运行的文件会提示你选择一个目标位置。 如果您忘记了它位于哪里,那么最大的可能性它会位于桌面或者下载文件夹。

Windows 安装包中的默认设置也会为您在您的桌面上创建一个快捷方式,但请注意,您可能无意中取消了创建快捷方式的选项。

如果你在文件夹中找不到,请再次下载并注意询问你下载位置的提示。 选择一个你能简单记住的目录,下载完成后你能在选择的目录中看到 Tor 浏览器文件夹。

大多数防病毒软件允许你将某些进程添加到白名单中。 请打开你的防病毒软件(或反恶意软件工具)中的设置,寻找白名单或类似的选项。 接下来,执行以下步骤:

  • Windows
    • firefox.exe
    • tor.exe
    • obfs4proxy.exe (如果你使用网桥)

*对于 macOS

  • Tor 浏览器
  • tor.real
  • obfs4proxy (如果你使用网桥)

最后,重新启动 Tor 浏览器。 这应该能解决你遇到的问题。 请注意,卡巴斯基之类的防病毒软件可能会在防火墙层面封锁 Tor。

当新的 Tor 浏览器稳定版本发布时,我们将会写一篇包括新的特性与已知问题的博文。 如果您在升级了 Tor 浏览器后遇到了问题,请在blog.torproject.org查阅有关最新稳定版本的Tor 浏览器的博客,您的问题可能被包含在其中。 If your issue is not listed, please file a bug report about what you're experiencing.

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing), a technique developed by Mozilla and presented earlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.

数字签名是一个确保某个包由其开发人员生成并且未被篡改的过程。 下面我们解释为什么它很重要,以及如何验证您下载的 Tor 程序是我们创建的,并且未被某些攻击者修改过的程序。

我们下载页面上的每个文件都附带一个与包名称相同的文件和扩展名“.asc”。这些.asc文件就是 OpenGPG 签名。 它们允许你验证你下载的文件正是我们希望你获取的文件。

For example, torbrowser-install-win64-9.0_en-US.exe is accompanied by torbrowser-install-win64-9.0_en-US.exe.asc.

我们现在展示如何在不同的操作系统上验证下载文件的数字签名。 请注意数字签名是标注该包被签名的时间。 因此,每个新文件上传时,都会生成具有不同日期的新签名。 只要您验证了签名,就不必担心报告的日期可能有所不同。

正在安装 GnuPG

首先你需要安装GnuPG才能验证签名。

对于 Windows 的用户:

如果您使用 Windows, 下载 Gpg4win并运行其安装包。

为了验证签名,您需要在 Windows 命令行(“cmd.exe")中输入一些命令。

对于 macOS 的用户:

如果您正在使用 macOS,您可以安装 GPGTools

为了验证签名,您需要在(“应用程序”下的)终端中输入一些命令

对于 GNU/Linux 的用户:

如果你使用 GNU/Linux,那么可能在你的系统中已经安装了 GnuPG,因为大多数 Linux 发行版都预装了它。

为了验证签名,您需要在终端窗口中输入一些命令。如何进行此操作将取决于您的发行版。

正在提取 Tor 开发者密钥

Tor 浏览器团队为 Tor 浏览器发行版签名。 导入Tor 浏览器开发者登录密钥(0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

这会向您展示像这样的内容:

gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]

在导入密钥完成后,您可以将其另存为一个文件(通过指纹来鉴定它):

gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

验证签名

为了验证你下载的包的签名,除了安装文件本身,你还需要下载相应的“.asc”签名文件,并用一个命令让 GnuPG 验证你下载的文件。

下面的例子假设你已经下载了这样的两个文件到你的"下载"文件夹。

对于 Windows 的用户:

gpgv --keyring .\tor.keyring Downloads\torbrowser-install-win64-9.0_en-US.exe.asc Downloads\torbrowser-install-win64-9.0_en-US.exe

对于 macOS 的用户:

gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-9.0-osx64_en-US.dmg{.asc,}

对于 GNU/Linux 的用户(如果您有32位的安装包,请将64转为32)

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz{.asc,}

命令的结果应该与以下输出相似的内容:

gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time
gpgv: using RSA key EB774491D9FF06E2
gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"

Workaround (using a public key)

If you encounter errors you cannot fix, feel free to download and use this public key instead. Alternatively, you may use the following command:

curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

你也许会想了解更多关于GnuPG