Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis. Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and just ordinary citizens.

Tor protects people by bouncing their communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching their Internet connection from learning what sites they visit, and it prevents the sites they visit from learning their physical location. Tor works with many existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Tor doesn't magically encrypt all Internet activities, though. You should understand what Tor does and does not do for you.

Tor's security improves as its user base grows and as more people volunteer to run relays. It isn't nearly as hard to set up as you might think, and can significantly enhance your own security.

>=Running a Relay on the Plug=

In order to run a Tor relay on your plug, you need to do the following: download and compile the Tor Debian package, make sure you have two TCP ports open, and finally setup Tor for relaying.

Help the Tor network reach 5,000 relays in 2010!

Contents 1 Download the Debian package 2 Open TCP Ports 3 Setting up Tor relay 4 Make sure it is working 5 When it's working 6 Additional torrc options 7 Brief Relay Type Description

Download the Debian package

These instructions are based on Tor Project's Debian/Ubuntu instructions.

Do not use the packages in Ubuntu's universe or Debian Lenny. They are unmaintained and out of date. That means you'll be missing stability and security fixes.

You'll need to set up the Tor Project's package repository before you can fetch Tor. First, you need to figure out the name of your distribution. If you're using Ubuntu 9.10, it's "karmic", while 9.04 is "jaunty", 8.10 is "intrepid", and 8.04 is "hardy". If you're using Debian Etch, it's "etch", and Debian Lenny is "lenny". Then add this line to your /etc/apt/sources.list file:

<nowiki>deb-src http://deb.torproject.org/torproject.org <DISTRIBUTION> main</nowiki>

where you substitute the above word (etch, lenny, sid, karmic, jaunty, intrepid, hardy) in place of <DISTRIBUTION>.

Then add the gpg key used to sign the packages by running

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

If you want to use the development branch of Tor instead (more features and more bugs), you need to add a different set of lines to your /etc/apt/sources.list file:

<nowiki>deb-src http://deb.torproject.org/torproject.org <DISTRIBUTION> main

deb-src http://deb.torproject.org/torproject.org experimental-<DISTRIBUTION> main</nowiki>

You also need to install the necessary packages to build your own debs and the packages needed to build Tor:

apt-get install build-essential fakeroot devscripts
apt-get build-dep tor

Then you can build Tor in ~/debian-packages:

mkdir ~/debian-packages; cd ~/debian-packages
apt-get source tor
cd tor-*
debuild -rfakeroot -uc -us
cd ..

Now you can install the new packages:

sudo dpkg -i tor*.deb

Open TCP Ports

Make sure that the Internet has access to at least two TCP ports.

If you are using a firewall, open a hole in your firewall so incoming connections can reach the ports you configured (ORPort, plus DirPort if you enabled it). If you have a hardware firewall (Linksys box, cablemodem, etc) you might like portforward.com. Also, make sure you allow all outgoing connections too, so your relay can reach the other Tor relays.

Expose your Tor relay on port 443 (HTTPS) so that people whose firewalls restrict them to HTTPS can still get to it. Also, you should expose your directory mirror on port 80 (that even works if Apache is already listening there - see the Tor Project website for more info).

You could do this by just setting orport to 443 and dirport to 80 in your relay's torrc, but this isn't a very hot idea. Binding to ports under 1024 usually requires you to run as root, and running Tor as root is not recommended (in case there are unknown exploitable bugs). Instead, you should configure Tor to advertise its orport as 443, but really bind to another port (such as 9001). Then, set up your computer to forward incoming connections from port 443 to port 9001.

Exception: if you use the version of Tor packaged for Debian (or Debian-based distributions like Ubuntu), Tor starts as root, then drops its privileges and becomes a normal user. That means you can set orport to 443 and dirport to 80, and you don't need any local port forwarding.

Setting up Tor relay

Before you set up a Tor relay, verify that your clock and timezone are set correctly. If possible, synchronize your clock with public time servers.

Edit the <tt>/etc/tor/torrc</tt> file, uncomment and edit these options:

ORPort <maybe 443>
Nickname <nickname>
ContactInfo <email>
DirPort <maybe 80>
ExitPolicy reject *:*

Your plug will now work as a Tor relay, published to the directory authorities. This means that the software will only connect within the Tor network (not making any "exit" connections). The Tor network is in grave need of Exit Nodes, please consider volunteering. The relay can be made into an Exit Node by removing this line mentioned above:

<del>

ExitPolicy reject *:*

</del>

After editing <tt>torrc</tt>, restart your relay by running:

/etc/init.d/tor restart

If it logs any warnings in <tt>/var/log/tor/log</tt>, address them.

Make sure it is working

As soon as your relay manages to connect to the network, it will try to determine whether the ports you configured are reachable from the outside. This step is usually fast, but may take up to 20 minutes. Look for a log entry like <tt>Self-testing indicates your ORPort is reachable from the outside. Excellent.</tt> If you don't see this message, it means that your relay is not reachable from the outside — you should re-check your firewalls, check that it's testing the IP and port you think it should be testing, etc. It could also be that your Tor software is too old.

When it decides that it's reachable, it will upload a "server descriptor" to the directories, to let clients know what address, ports, keys, etc your relay is using. You can load one of the network statuses manually and look through it to find the nickname you configured, to make sure it's there. You may need to wait a few seconds to give enough time for it to make a fresh directory.

When it's working

The Tor Project has more recommendations. Do backup your Tor relay's private key.

Additional torrc options

If you're running off flash memory you might want to add this:

## AvoidDiskWrites: If non-zero, try to write to disk less frequently
## than we would otherwise.  This is useful when running on flash
## memory or other media that support only a limited number of writes.
## (Default: 0)
AvoidDiskWrites 1

See <tt>man 8 tor</tt> for more options. Here are some options of extra value if you have limited bandwidth:

AccountingStart
AccountingMax
RelayBandwidthRate
RelayBandwidthBurst

If you're not interested in the client features, comment these settings:

SocksPort
SocksListenAddress

Brief Relay Type Description

Relay

A Tor server that relays traffic for other nodes. Published on the public directory authorities.

Bridge Relay

Bridge relays (or "bridges" for short) are like relays except they aren't listed in the public directory authorities. They are listed elsewhere to make it harder to censor. Bridge relays are usually not exit nodes.

Exit Node Digital Learning, eLearning, LMS

Exit nodes connect the Tor network with the rest of the Internet. They make it possible for Tor users to connect to the Internet.