关于 Tor
What attacks remain against onion routing?
As mentioned above, it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model.
In a more limited sense, note that if a censor or law enforcement agency has the ability to obtain specific observation of parts of the network, it is possible for them to verify a suspicion that you talk regularly to your friend by observing traffic at both ends and correlating the timing of only that traffic. Again, this is only useful to verify that parties already suspected of communicating with one another are doing so. In most countries, the suspicion required to obtain a warrant already carries more weight than timing correlation would provide.
Furthermore, since Tor reuses circuits for multiple TCP connections, it is possible to associate non anonymous and anonymous traffic at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications.
What protections does Tor provide?
Internet communication is based on a store-and-forward model that can be understood in analogy to postal mail: Data is transmitted in blocks called IP datagrams or packets. Every packet includes a source IP address (of the sender) and a destination IP address (of the receiver), just as ordinary letters contain postal addresses of sender and receiver. The way from sender to receiver involves multiple hops of routers, where each router inspects the destination IP address and forwards the packet closer to its destination. Thus, every router between sender and receiver learns that the sender is communicating with the receiver. In particular, your local ISP is in the position to build a complete profile of your Internet usage. In addition, every server in the Internet that can see any of the packets can profile your behavior.
The aim of Tor is to improve your privacy by sending your traffic through a series of proxies. Your communication is encrypted in multiple layers and routed via multiple hops through the Tor network to the final receiver. More details on this process can be found in this visualization. Note that all your local ISP can observe now is that you are communicating with Tor nodes. Similarly, servers in the Internet just see that they are being contacted by Tor nodes.
Generally speaking, Tor aims to solve three privacy problems:
First, Tor prevents websites and other services from learning your location, which they can use to build databases about your habits and interests. With Tor, your Internet connections don't give you away by default -- now you can have the ability to choose, for each connection, how much information to reveal.
Second, Tor prevents people watching your traffic locally (such as your ISP or someone with access to your home wifi or router) from learning what information you're fetching and where you're fetching it from. It also stops them from deciding what you're allowed to learn and publish -- if you can get to any part of the Tor network, you can reach any site on the Internet.
Third, Tor routes your connection through more than one Tor relay so no single relay can learn what you're up to. Because these relays are run by different individuals or organizations, distributing trust provides more security than the old one hop proxy approach.
Note, however, that there are situations where Tor fails to solve these privacy problems entirely: see the entry below on remaining attacks.
Tor 是什么?
“Tor” 这一名称可用于多个不同的组件。
Tor 是一个您能运行在您的电脑上,保护您在互联网上安全的程序。 它会将您的通信在一个由多个中继站组成的分散网络内不断传递,这些中继站被来自世界各地的志愿者们运营,并以此来保护您:这阻止了某些人通过您访问了哪些网址来得知您的网络链接,也防止了您访问的网站获取您的地理位置。 这些由志愿者搭建的中继被成为 Tor 网络。
大多数人通过 Tor 浏览器使用 Tor。Tor 浏览器基于火狐浏览器开发,并修复了许多隐私问题。 您可以在我们的关于页面了解更多信息。
Tor 项目是一个非盈利性(慈善)组织,它维护和开发 Tor 软件。
Tor 与其他代理有什么不同?
一个传统的代理提供商会在互联网的某处搭建一台服务器并允许您使用它来中继您的流量。 这构建一个简单的,容易维护的架构。 所有用户都通过同一台服务器来通讯。 提供者可以对代理的使用进行收费,或者通过服务器上的广告来支付其成本。 通过最简单的配置,您不需要安装任何东西。 您只需要将您的浏览器指向他们的代理服务器。 如果您不希望在线保护自己的隐私和匿名性,并且您相信提供者不会做坏事,那么简单的代理提供者就是很好的解决方案。 一些简单的代理提供程序使用SSL来保护您与它们之间的连接,从而保护您免受本地窃听者的侵害,例如在带有免费wifi上网的咖啡馆中。
简易的代理服务商也可能会造成单点故障。 供应商知道您是谁,也知道您在互联网上正浏览什么。 在您的流量经过他们的服务器时,他们可以看见您的流量。 在某些情况下,当他们使你的加密流量依赖于银行网点或者电商商店,他们甚至可以看到你其中的加密流量。 您不得不信任您的供应商不监控您的流量,注入他们自己的广告或者记录您的个人信息。
在您的流量抵达目的地前,Tor将它传递通过至少三台不同服务器。 因为这三层中的每一层都附加了互相独立的加密,监视您的的网络连接的人将无法修改或读取你发送给 Tor 网络的信息。 您的流量在 Tor 客户端(在您的计算机上)与世界其他地方弹出的站点之间进行了加密。
第一台服务器不知道我是谁吗?
有可能。 三台服务器中的第一台服务器里的不良服务器可能会看到来自计算机的加密 Tor 流量。 它仍然不知道您是谁,也不知道您正在使用 Tor 做什么。 它仅仅能看到“这个 IP 地址正在使用 Tor”。 仍然可以保护您免受此节点的影响,因为它既无法确定您的身份,也无法确定您在 Internet 上的去向。
第三台服务器看不见我的流量吗?
有可能。 一个恶意的末端服务器可以看到三分之一的你发送给 Tor 的流量。 它不会知道是谁发送的数据。 如果您正在使用加密(例如 HTTPS 协议),它仅能知道目标地点。 See this visualization of Tor and HTTPS to understand how Tor and HTTPS interact.
我可以分发 Tor 吗?
可以。
Tor 软件是免费软件。 这意味着我们给予您权力来再次分发 Tor 软件,无论是修改或未修改的版本,无论是收费或免费。 您不需要向我们要特殊许可。
但是,如果您想要分发 Tor 软件,您必须遵守我们的许可。 特别地,这意味着无论您要发行 Tor 软件哪个部分的发行版,您都需要把我们的[许可]文件和这个该发行版放在一起。
然而问我们这个问题的大多数人不仅仅想为 Tor 软件做出贡献。 他们想分发 Tor 浏览器。 这包括火狐拓展支持,NoScript和HTTPS-Everywhere拓展。 你将需要遵守这些程序的许可。 这些分发的火狐拓展都 GNU 基本公共证书,而火狐企业版的发行则必须有火狐公共证书。 遵从他们的许可证的最简单方式就是把源代码包含进这些程序里面,只要你打包了这些软件。
同时,你应该确保不让你的读者对这些问题迷惑:什么是 Tor?是谁做的?它能提供什么功能?(以及不提供什么?) 查看我们的商标常见问题来获取详细信息。
我可以使用什么软件来使用 Tor?
还有很多其他应用程序能与 Tor 搭配使用,但我们还没能彻底地研究这些应用的应用层面匿名性问题,因此我们无法推荐一个较为安全的配置方法。 我们的 Wiki 包含社区维护的 Torify 特定应用程序说明列表。 请补充这个名单,帮助我们保持它的准确性!
很多人使用Tor 浏览器,因为使用Tor来浏览网页能够保证一切安全。 Using Tor with other browsers is dangerous and not recommended.
Tor 中有后门吗?
Tor 中完全没有后门。
我们知道一些聪明的律师,他们说在我们的司法权生效的地方(美国),不太可能有人让我们添加后门。 如果他们的确让我们这样做,我们会和他们抗争,(律师说)我们可能会赢。
我们永远不会在 Tor 中植入后门。 我们认为,在 Tor 中使用后门程序对我们的用户将是极为不负责任的,对于一般的安全软件而言,这是一个不好的先例。 如果我们故意在我们的安全软件中设置了后门程序,那会使我们的专业名誉受损。 没有人会有充分的理由再次信任我们的软件。
但是,尽管如此,人们仍然可以尝试进行攻击。 可能有人冒充我们,或破解我们的计算机,或类似的事情。 Tor 是开源项目,您应当总是检查源代码(或至少此版本和上个发行版的源代码之间的差异),以确认没有可疑的迹象。 如果我们(或者 Tor 的经销商)拒绝向您提供源代码的获取方式,那么这其中肯定有蹊跷。 You should also check the PGP signatures on the releases, to make sure nobody messed with the distribution sites.
同时,Tor 中也可能会有意外性漏洞并影响您的匿名性。 我们定期发现并修复匿名性相关的漏洞,所以请确保您的 Tor 是最新版本。
What are Entry Guards?
Tor (like all current practical low-latency anonymity designs) fails when the attacker can see both ends of the communications channel. For example, suppose the attacker controls or watches the Tor relay you choose to enter the network, and also controls or watches the website you visit. In this case, the research community knows no practical low-latency design that can reliably stop the attacker from correlating volume and timing information on the two sides.
So, what should we do? Suppose the attacker controls, or can observe, C relays. Suppose there are N relays total. If you select new entry and exit relays each time you use the network, the attacker will be able to correlate all traffic you send with probability around (c/n)2. But profiling is, for most users, as bad as being traced all the time: they want to do something often without an attacker noticing, and the attacker noticing once is as bad as the attacker noticing more often. Thus, choosing many random entries and exits gives the user no chance of escaping profiling by this kind of attacker.
The solution is "entry guards": each Tor client selects a few relays at random to use as entry points, and uses only those relays for their first hop. If those relays are not controlled or observed, the attacker can't win, ever, and the user is secure. If those relays are observed or controlled by the attacker, the attacker sees a larger fraction of the user's traffic - but still the user is no more profiled than before. Thus, the user has some chance (on the order of (n-c)/n) of avoiding profiling, whereas they had none before.
You can read more at An Analysis of the Degradation of Anonymous Protocols, Defending Anonymous Communication Against Passive Logging Attacks, and especially Locating Hidden Servers.
Restricting your entry nodes may also help against attackers who want to run a few Tor nodes and easily enumerate all of the Tor user IP addresses. (Even though they can't learn what destinations the users are talking to, they still might be able to do bad things with just a list of users.) However, that feature won't really become useful until we move to a "directory guard" design as well.
Tell me about all the keys Tor uses
Tor uses a variety of different keys, with three goals in mind: 1) encryption to ensure privacy of data within the Tor network, 2) authentication so clients know they're talking to the relays they meant to talk to, and 3) signatures to make sure all clients know the same set of relays.
Encryption: first, all connections in Tor use TLS link encryption, so observers can't look inside to see which circuit a given cell is intended for. Further, the Tor client establishes an ephemeral encryption key with each relay in the circuit; these extra layers of encryption mean that only the exit relay can read the cells. Both sides discard the circuit key when the circuit ends, so logging traffic and then breaking into the relay to discover the key won't work.
Authentication: Every Tor relay has a public decryption key called the "onion key". Each relay rotates its onion key once a week. When the Tor client establishes circuits, at each step it demands that the Tor relay prove knowledge of its onion key. That way the first node in the path can't just spoof the rest of the path. Because the Tor client chooses the path, it can make sure to get Tor's "distributed trust" property: no single relay in the path can know about both the client and what the client is doing.
Coordination: How do clients know what the relays are, and how do they know that they have the right keys for them? Each relay has a long-term public signing key called the "identity key". Each directory authority additionally has a "directory signing key". The directory authorities provide a signed list of all the known relays, and in that list are a set of certificates from each relay (self-signed by their identity key) specifying their keys, locations, exit policies, and so on. So unless the adversary can control a majority of the directory authorities (as of 2021 there are 10 directory authorities), they can't trick the Tor client into using other Tor relays.
How do clients know what the directory authorities are?
The Tor software comes with a built-in list of location and public key for each directory authority. So the only way to trick users into using a fake Tor network is to give them a specially modified version of the software.
How do users know they've got the right software?
When we distribute the source code or a package, we digitally sign it with GNU Privacy Guard. See the instructions on how to check Tor Browser's signature.
In order to be certain that it's really signed by us, you need to have met us in person and gotten a copy of our GPG key fingerprint, or you need to know somebody who has. If you're concerned about an attack on this level, we recommend you get involved with the security community and start meeting people.
How often does Tor change its paths?
Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)
But note that a single TCP stream (e.g. a long IRC connection) will stay on the same circuit forever. We don't rotate individual streams from one circuit to the next. Otherwise, an adversary with a partial view of the network would be given many chances over time to link you to your destination, rather than just one chance.