The Tor Project develops and maintains the Tor, a software that allows users to browse the web anonymously and securely. Tor was originally developed for the purpose of protecting government communications. Today, it is used by a wide variety of people for different purposes. An estimated 500,000 people use Tor on a daily basis; some use Tor to keep websites from tracking them and their family members, some use Tor to research sensitive topics, and some use Tor to connect to news sites and instant messaging services when these are blocked by their local Internet providers.

Karen Reilly (puffin_net) is the Development Director at The Tor Project, responsible for fundraising, advocacy, general marketing, and policy outreach programs for Tor.

Runa A. Sandvik (runasand) is a developer and researcher working on a range of different projects, from blocking analysis and quality assurance, to outreach and support.

Karen and I will be answering all your questions throughout the day, so feel free to ask us anything you'd like relating to Tor and the Tor Project.

edit: Here is some proof from our Twitter account: proof 1, proof 2, proof 3, and from my personal twitter account: proof 4.

edit: People currently answering questions, in addition to Karen and myself, are Roger Dingledine (arma-tor), Nick Mathewson (nickm_tor), Jacob Appelbaum (ioerror), and Erinn Clark (sakhalin).

edit: I have attempted to summarize some of the most popular questions/answers and collect all this useful info in one place.

Comments: 2408 • Responses: 50  • Date: 

throwawayagin1870 karma

We run the only exit node in Iceland at the moment. Everyone working at a university or running a hackerspace should consider running an exit node or at least a relay. For those that care about real freedom of speech this is the most direct way you can help. Thanks again to the Tor Devs for helping change the world for the better.

runasand790 karma

Can't upvote this enough. Thanks for running an exit relay!

blahdeblah88254 karma

Aren't there significant legal risks to allowing people to proxy through your IP address?

Call me stupid, but isn't it like lending random strangers your passport and a mask that looks like your face?

runasand247 karma

Aren't there significant legal risks to allowing people to proxy through your IP address?

Potentially, yes, and you need to be aware of this risk before setting up an exit relay. I recommend that you read Tips for Running an Exit Node with Minimal Harassment if you want to run an exit relay. If you just want to contribute in some way, consider setting up a bridge using Tor Cloud.

taterballs138 karma

Are the exit node and relay something that can be done at home or do they require a larger setup?

runasand180 karma

If you want to help out but don't want to run an exit relay, or can't run a relay from home, consider setting up a bridge in the Amazon cloud using Tor Cloud.

krokodil_hodil27 karma

so if 20 redditors set up TOR on free Amazon EC2 as an exit node then general speed of network increase significantly?

runasand68 karma

The ToS for Amazon EC2 does not allow Tor exit relays. Running a non-exit relay is pretty expensive, which is why we have created bridge-by-default images.

IT_Derp30 karma

I have a VPS with a "shared" 100Mb port. I ran it as an exit node and was suprised at how little bandwidth it was using. It was limited to 2Gb a day, and wasn't hitting that.

I don't know if I configured it properly...

runasand39 karma

Please email [email protected] if you want some help configuring and testing your relay.

derpingtonz36 karma

I would love to run and manage a relay or exit node at the University I work at, but I'm sure something like that will get me fired and have other repercussions as well

runasand53 karma

Try talking to the IT department?

derpingtonz24 karma

It will be very hard (not to mention awkward) for me to justify setting up a tor node on campus. Have any recommendations on what I should say?

I run IT for our lab but the University-wide IT has the final say on what we can and can't have set up.

Edit: spelling

runasand36 karma

You would have to explain what Tor is, how it works, what running a relay means, what the implications are, and justify why you should be allowed to set up one on campus. I'd be happy to help any way I can.

pub571723 karma

Thank you; Thank you and Thank you; from ( Hell = Iran ).

runasand205 karma

You're welcome! Please email [email protected] if you have any questions about Tor (outside of this iAmA) and/or need help.

mr_e_on_the_net412 karma

No question, just a big thank you from Dubai!

runasand206 karma

You're welcome! :)

Ogrebushi396 karma

As far as I understand as a TOR newbie, the foundations of TOR were a United States Navy project. What can you offer to refute that TOR is simply an intelligence honeypot?

runasand377 karma

You are correct. Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. To help convince you that Tor is not an intelligence honeypot:

  • The code is open source and available online. You can find it on gitweb.torproject.org.
  • Tor's protocol specifications are also available online.
  • If we were to introduce a backdoor in our own software, we would not only have a broken tool, but a trashed reputation as well.
  • Tor is used by 500,000 people daily, including core members of the Tor Project.
  • Volunteers all over the world run 3000 relays in total. Your client will pick three relays at random when sending traffic through the network.

pauloat113 karma

i heard that the Navy discover that the only way the tool be usefull is if a lot of diferent people use it, and thats the reason they free the code. This is true?

runasand161 karma

Tor is more useful if lots of people use it, otherwise you stand out as the only person making an encrypted connection to a known Tor relay. I don't know if this is the reason why Tor is now open source, though.

Alacritous9 karma

Any idea if the military uses it?

pauloat393 karma

Hi!

I was fire for my work for recomend the use of Tor (and change my mail to Riseup, using DuckDuckGo and being a member of the Argentinian Pirate Party). Im in this moment in the middle of a legal dispute about that. My friends allways said to me that talk to the guys in Tor and in the EFF about this. But I dont really know if you can do something from the US to help me here in Argentina. Do you have contacts with lawyers or someone in Argentina that can help me in my case??

thanks!

runasand576 karma

Please email me at [email protected] with some details, and I will try to put you in touch with the right people.

runasand265 karma

Dear lho, I don't know who you are, but you are being very helpful and giving correct answers to lots of questions. Do you want a Tor t-shirt and some stickers? Message me :)

the_third_guy233 karma

Firstly, thank you for Tor, I use it a lot for just general browsing. I suppose my only question is is there anything I can contribute to the project as a C#/android developer?

runasand201 karma

Our volunteer page contains information about our projects and how you can help us. I would also recommend you check out our projects page to see if there is anything that interests you. You can also get in touch with the developers at The Guardian Project. They do lots of awesome work on Android.

SlasherPunk193 karma

Now it's a known fact that Tor browsing speeds are quite low. Can we expect higher speeds in the future? Also, is the Tor Project entirely dependent on donations? And do you experience a shortage/surplus of funds?

runasand235 karma

The short answer for why Tor is slow is that there are 500,000 people using Tor daily and only 3000 relays in the network. You are sending your traffic through three relays somewhere in the world, and each relay have different amounts of bandwidth donated to Tor users. We need more people who can run relays and help the network grow even bigger.

If you want the longer answer to your question, then I suggest you read the blog post called Why Tor is slow and what we're going to do about it written by Roger in 2009.

To answer the second part of your question; yes, we depend on grants, donations, volunteers who help us with development, testing, documentation etc. All companies (non-profit or not) go through stages where there's a shortage of funds, and the Tor Project is no different. That said, I am really excited that we recently won the Knight News Challenge on Networks.

Salanderson66 karma

Is there any way you can make some sort of dummies guide to setting up a relay?

Or could it never be that simple?

runasand70 karma

You can set up a Tor bridge in the Amazon cloud with Tor Cloud.

emperorpotatoketchup29 karma

Why do you set up a donation site where the money goes into a fund that buys Tor bridges? I'm sure some wouldn't mind a giving a buck to that and it doesn't require any technical knowledge.

runasand13 karma

We have our donation site, but the Tor Project does not run bridges and relays. If you want to donate specifically for that purpose, check out torservers.net and Noisetor.

apolotary179 karma

First of all, thank you for your efforts! What's you opinion on anonymous linux distros like tails?

runasand232 karma

Thanks! Tails is actually an official Tor project, and we are working with the developers to ensure that all traffic is safely routed through Tor and no trace is left on the system. I, personally, think Tails is a great distro and have used it a few times while traveling.

apolotary32 karma

sorry, didn't know that. Actually I can't even open torproject websites and bridges, since my traffic comes from Kazakhstan that seems to block all tor-related websites :(

runasand26 karma

You can use the latest Tor Browser Bundle with one of the following three bridges to connect to the network: 213.138.103.17:443, 107.21.149.216:443 46.137.226.203:55440.

To receive the English Tor Browser Bundle for Windows, send an email to [email protected] with windows in the body of the message. You can leave the subject blank.

p_gargleblaster164 karma

How likely (/unlikely) is it that some government agency runs enough TOR nodes to do traffic analysis and/or compromise the network?

selflessGene131 karma

I think it's likely they are doing this at some scale. The OP said there are only 3000 exit nodes. I'm almost certain some government has put up at least 40 exit nodes to sample the type of data coming through the network. They may not be able to trace the information to the source, but finding emails saying 'let's organize a protest in Tianamen square on July 1, 2012' could be useful to a government.

Tor gives you anonymity not security.

runasand148 karma

Tor gives you anonymity not security.

The Tor Browser Bundle provides some security, but we recommend that you encrypt files, emails etc with GPG if you're sending/receiving something sensitive.

Aleroniponi10 karma

How would emails encrypted through Gmail?

BSscience29 karma

Type the text on notepad, encrypt it, send it.

runasand23 karma

This is the best way to do it, forget about add-ons and other browsers.

ampernand129 karma

Hello Tor Devs, I have (loosely) been a part of another anonymity project called i2p that actually complements tor quite well in my opinion. what would happen if tor project suddenly got 15k new bridges overnight, I am playing with the idea of having i2p implement enough of tor's functionality to have each i2p node act as a bridge relay at the least.

( on a side note I2P and Tor really should get together sometime )

runasand90 karma

You should read What if the Tor network had 50,000 bridges? (pdf) and email [email protected] with your ideas.

iLikeCode13 karma

Okay, now I'm impressed! You guys seem to have an article ready for any question that could be asked.

runasand8 karma

We try! :)

eastwards124 karma

How safe is it exactly to run an exit node? I am from Europe and have a ton of unused bandwidth, but I can't even be bothered to open my mail - let alone deal with any legal stuff that might be brought on by me running one.

runasand122 karma

It really depends on what you are worried about and what you count as safe. Either way, I think it's important to first understand what running a Tor exit relay really means, and you will want to consider hosting it somewhere other than in your own home. The Tips for Running an Exit Node with Minimal Harassment post is a good source for information, and you can find a list of Tor-friendly hosting providers on our wiki.

eastwards90 karma

First of all, I highly appreciate what you guys are doing. Even though I rarely use TOR myself, I believe that maintaining uncensored Internet access is one of the most important factors to improving the global human condition.

That being said, stories such as this one scare me. For me, this reduces the question of whether or not to run an exit node into "Am I willing to potentially face prosecution just because some asshole decided to browse kiddie porn at my expense?"

I'm sure this is one of the main concerns that holds people back from running an exit node. The suggestions that you list make a lot of sense, but they are mostly reactive. Are there proactive means to fight this? I guess any form of technical counter-measure can be interpreted as a form of censorship..

runasand64 karma

I'm afraid I don't really have a good answer to that. We don't want exit relay operators to censor users, but we don't want to see operators run into trouble either. We try to communicate with law enforcement and relay operators when something happens, and we can write letters confirming that IP address x.x.x.x was in fact a Tor exit relay at time y. All of this is just something you have to consider if you're looking to set up a Tor exit relay.

whateverradar115 karma

What % of your exit nodes do you believe to be gov't sponsered?

runasand165 karma

You have access to as much information about the network as I have. You tell me?

JesusWasADrugdealer94 karma

What's your opinion about the depraved things TOR can and are being used to search? I don't judge you guys and I think it's an awesome program, just curios.

runasand229 karma

People search for depraved things on the normal Internet too, Tor is no exception.

[deleted]69 karma

Is it true that government intelligence agencies like the CIA, FBI, and NSA each own several exit nodes?

runasand102 karma

How would I know? :)

Dumper-Dash66 karma

Seeing as Tor was originally designed for government use, what is Tor's stance, ethically and professionally, on co-operating with governments, in particular when requested to help identify users.

runasand220 karma

We do not log, track, or identify our users and we therefore have no data to give out whatsoever.

ANAL_POWER_GENERATOR59 karma

[deleted]

runasand44 karma

Can your anonymity using Tor be compromised if you disconnect and then reconnect from a wifi network whilst loading a page through the Tor network?

What are you worried about? That the URL of the site you are browsing is going to leak because it's loading before you have reconnected to the Tor network? Or that someone watching both you and the site you are connecting to can identify your user from all the other users?

How anonymous are exit node operators? I know some people run exit nodes on their home networks, and this seems very risky considering some of the stuff people use Tor for.

The IP address of each relay in the network is publicly available on sites like torstatus.blutmagie.de, including contact information for each relay operator (if set in the Tor config file). I can recommend reading the blog post Tips for Running an Exit Node with Minimal Harassment.

ANAL_POWER_GENERATOR18 karma

What are you worried about? That the URL of the site you are browsing is going to leak because it's loading before you have reconnected to the Tor network? Or that someone watching both you and the site you are connecting to can identify your user from all the other users?

The first one, I suppose. Would you start loading the site before the Tor network, or would you reconnect to Tor without the URL of the site leaking?

runasand48 karma

Tor will only work as long as you have Internet access. Tor Browser will not allow you to browse a page if Tor is not running and connected to the network.

cjhazza45 karma

Hi guys, big thanks for this great service you have provided. Just out of interest do you guys use your own service as standard when on the internet?

Also how do you feel about the fact that a large number of Onion domains are used for transactions and sharing of illegal goods and services? Does this corrupt the original purpose of Tor or was it something you expected to go hand in hand with the project?

runasand66 karma

Just out of interest do you guys use your own service as standard when on the internet?

I do, yes, and I know other Tor developers who do it as well. It's actually quite easy to get used to the difference in speed when switching over to the Tor Browser completely.

Also how do you feel about the fact that a large number of Onion domains are used for transactions and sharing of illegal goods and services? Does this corrupt the original purpose of Tor or was it something you expected to go hand in hand with the project?

I think it's interesting to see people claim that a major part of hidden services is illegal content, without having any proof that this is really the case. We hear about all the bad things because that's what media likes to write about, but that doesn't mean there aren't a ton of good hidden services out there as well.

I can't really comment on the original purpose or if this was something that was expected. What I can say is that we are working hard to explain what Tor is and is not, and I think Karen's response in r/TOR regarding law enforcement and hidden services is a good one.

randomthrow96830129413 karma

You say you use it for all your browsing. I thought this was unsafe? I read explicitly NOT to use it when doing things like checking my personal email and logging into my Twitter account. Am I wrong? Or how do you go about using it for everything safely?

runasand40 karma

Where did you read that? I use Tor for email, twitter, and all the other things I do. Just make sure that the websites you log on to are using https/ssl, enable two factor authentication in gmail etc.

ether_a_gogo45 karma

I really like using TOR, but I sometime feel bad doing so. I like my anonymity on the web, but don't really need it. Given the bandwidth squeeze, I feel like that could be better used by someone else. Do you guys discourage people from using TOR for general web surfing? What's the general feeling on this?

[deleted]63 karma

No, you should be proud to use Tor. The more "normal" people use it, the better. Anonymity loves company :)

runasand51 karma

Yep, everyone's welcome to use Tor.

procrastinat0r39 karma

1 - Is it truly annonymous? Aka is there a way to track which websites were visited?

2 - Given that the scipts are turned off (thanks for the useful button) and you don't download anything - how big of a risk is it to get infected by a virus/trojan/malware?

3 - Why is there no major google-type search engine on .onion? The community seems to be tech savvy and decent in size, think that they could make something usefull.

runasand70 karma

Is it truly annonymous? Aka is there a way to track which websites were visited?

We cannot guarantee that you will always be anonymous, but we do our best to make sure that this is the case. You should be using the latest Tor Browser Bundle with its default settings, and you should follow the recommendations in the warning section on our download page.

Given that the scipts are turned off (thanks for the useful button) and you don't download anything - how big of a risk is it to get infected by a virus/trojan/malware?

Assuming you define virus/trojan/malware as something that runs on your computer; You won't be infected unless you download an unknown piece of software that you choose to run on your computer.

Why is there no major google-type search engine on .onion? The community seems to be tech savvy and decent in size, think that they could make something usefull.

Oh there is; http://3g2upl4pq6kufc4m.onion/ is the Tor hidden service set up by DuckDuckGo (source 1, source 2).

sdfghjkiuy33 karma

Is there a way people who have only just started programming or studying computer science can contribute?

runasand45 karma

You can help with anything you want, such as development, testing, documentation, support, running a relay etc. Our volunteer page contains information about our projects and how you can help us. I would also recommend you check out our projects page to see if there is anything that interests you.

You can find us in #tor and #tor-dev on irc.oftc.net :)

sdfghjkiuy16 karma

Thanks! I'll check out the IRC channel. Do you think a beginner coder will be able to contribute anything worthwhile?

runasand9 karma

Yes, definitely. You should also consider applying for Google Summer of Code next year!

runasand30 karma

Hi everyone! I'd like to thank you for the encouragement and all the kind words, and for asking us lots of good questions. I wanted to try and summarize some of the most popular questions/answers and collect all this useful info in one place. If you have more questions after this IAmA, please email us at [email protected] and we will reply as soon as we can.

What Tor is: Tor is a network of virtual tunnels that allows you to improve your privacy and security on the Internet. Tor works by sending your traffic through three random servers (also known as relays) in the Tor network, before the traffic is sent out onto the public Internet. Tor will anonymize the origin of your traffic, and it will encrypt everything between you and the Tor network. Tor will also encrypt your traffic inside the Tor network, but it cannot encrypt your traffic between the Tor network and its final destination. Please read the short user manual for more information about what Tor is and how you use it. Another good source is the information on our overview page

The Tor Browser Bundle and who can see what: Tor Browser Bundle is a software package that contains everything you safely need to browse the Internet. This bundle is pre-configured and does not require installation. You download the bundle, extract the archive, and start Tor. You need to make sure that you do all your Tor-relevant browsing in the Tor browser window, and not in your normal Firefox or any other browser. I also recommend that you read the warning section on our website regarding file downloads and such. Another good source is the Tor Browser Bundle design document. When using the Tor Browser Bundle, your ISP will only see that you are connecting to Tor, not what you are doing or which websites you are visiting.

How to get involved and help out: There are many ways you can contribute to the Tor Project, not all of them require you to write code. A good start is to look at our projects page and our volunteer page for a project that interests you. I also recommend signing up to our mailing lists, especially tor-talk and tor-dev. You can also join us in #tor and #tor-dev on irc.oftc.net. You can also help review code, test software (become a volunteer QA tester for the Tor Browser Bundle, for example), write documentation, help with support, run bridges and relays and encourage others to do the same, or donate.

Running a Tor relay does not mean you have to run an exit relay: When you set up a Tor relay, you can choose whether you want this to be a bridge, a non-exit relay, or an exit relay. A bridge or non-exit relay will only send traffic on to other relays in the Tor network, while an exit relay will send traffic on to the public Internet. There are some risks involved with running a Tor exit relay, and I strongly recommend that you read Tips for Running an Exit Node with Minimal Harassment first. Running a bridge or a relay is just as helpful as running an exit relay. Documentation for how to set up a bridge or relay can be found here and here. Setting up a bridge in the Amazon cloud using Tor Cloud is cheap and easy (and, in some cases, free for the first year). You can even run a bridge or relay on your Raspberry Pi! Another option is to donate to organizations who spend the money on Tor relays, such as Noisetor and torservers.net (both non-profits, so you get a tax writeoff. Same when donating directly to the Tor Project).

Bad people can do bad things on the Internet: I know a lot of you asked how we feel about bad people using Tor to do bad things, and I don't think we answered all of you. I really recommend reading Karen's comment on that topic.

dClauzel29 karma

What is the current status of IPv6 support in TOR ? What changes does it requiere in the routing models when it comes to preserving anonymity?

runasand38 karma

In 2011, Nick wrote a blog post called IPv6 is the future, I hear outlining the things we need to make Tor+IPv6 happen. In December last year, Linus sent an email to the tor-dev mailing list explaining how you can configure your Tor client to connect to a Tor IPv6 bridge.

gilbatron19 karma

is there a way to find out which region could use more relays ?

also, is there a list of companies that let you rent a server for a TOR relay without bitching about it (and maybe even let you rent it anonymously ?)

runasand30 karma

is there a way to find out which region could use more relays ?

We need more bridges and relays outside the US.

also, is there a list of companies that let you rent a server for a TOR relay without bitching about it (and maybe even let you rent it anonymously ?)

Yes, check out the list of Tor-friendly hosting providers on our wiki.

odei17 karma

You guys are rad.

With recent events such as the megaupload shutdown, what do you think is the best way to protect shared/hosted data?

runasand40 karma

Never keep copy of material on one single site. Ideally, you would want to have local and off-site backup.

tardy4datardis14 karma

My experience with tor is that you have to be pretty high brow tech savvy to get the full experience, anyway this is likely to change in the future? Allowing it to become customizable , safe yet noob friendly?

runasand18 karma

You get the full experience if you use the latest Tor Browser Bundle and leave the settings as they are. Users are more likely to do something wrong and deanonymize themselves if they are allowed to customize things too much.

[deleted]14 karma

First of all thank you very much for developing tor. I have only recently discovered it and am very happy with it.

Now for the question. Have you ever been contacted by law enforcement regarding the use of tor for illicit activities? Have they tried taking legal action to take it down.

What is the future of tor? Will we see a return to having easier access to a standalone vidalia or is it more integration into the tor browser bundle?

edit: there still is a standalone vidalia but you need to get an addon into Firefox to make it work and change proxy settings in Google chrome to make it work. Personally I could not get chrome to work but Firefox is fine.

runasand28 karma

Have you ever been contacted by law enforcement regarding the use of tor for illicit activities? Have they tried taking legal action to take it down.

Legal action against who in this case? A single relay operator or the Tor Project as a company? We often meet with or talk to law enforcement to explain what Tor is and is not, and what we can and cannot do to help them.

What is the future of tor? Will we see a return to having easier access to a standalone vidalia or is it more integration into the tor browser bundle?

We are going to discontinue the standalone Vidalia eventually and focus on the Tor Browser Bundle. We are also focusing more on trainings, support, a forum etc.

there still is a standalone vidalia but you need to get an addon into Firefox to make it work and change proxy settings in Google chrome to make it work. Personally I could not get chrome to work but Firefox is fine.

Please do not use Tor with Google Chrome :(

Wisey12 karma

Please do not use Tor with Google Chrome :(

I'm fairly new to all this, so sorry if this is a stupid question, but why? Is it basically "because Google"? Something to do with the data sync and it saving your visited sites on Google's cloud server?

runasand29 karma

It is technically possible to use Tor with other browsers, but by doing so you open yourself up to potential attacks. We do our best to make sure that Tor is safe to use with the Tor Browser (Firefox with some extra patches), but we simply don't know how Tor behaves with other browsers.

Andpointedsticks10 karma

Are you winning?

runasand17 karma

Yes.

incompetent_troll10 karma

I run a bridge and have noticed that the majority of users are coming from the United States. Is there any way i can limit use of my bridge to users who actually need it. i.e. people in Syria, Iran, etc.?

runasand13 karma

There is no way to keep your bridge accessible only to users in country x, y, and z. The best you can do is set up a private bridge and give out the address to trusted people in those countries, and hope they don't spread it too far. Upvote for username.

runasand9 karma

I really wish Shitty_Watercolour would check out this IAmA.

defiancecp9 karma

There was recently a story about a child pornography investigation (FBI) which was abandoned because the FBI had trouble tracking through TOR. A TOR spokesperson was quoted as saying that TOR helped FBI by providing them exploits the the TOR system to utilize, but this was later clarified with the following: "he TOR Project has clarified that it does not in fact instruct law-enforcement agents on how to exploit vulnerabilities in the service"

Can you clarify how TOR does help law enforcement in cases such as this?

Thank you!

runasand10 karma

Karen was badly misquoted in that article. We help law enforcement understand what Tor is and is not, and we point out that a Tor hidden service can be vulnerable to attack if the software it is running is vulnerable. I recommend you read Karen's long answer on r/TOR for details.

RatherDashing8 karma

is the raspberry pi powerful enough to run a tor relay? I have one that I use as a SSH SOCKS proxy to browse anonymously at work (and get around the filter) but wouldn't mind if it also acted as a relay.

runasand7 karma

I'm not sure. I've been meaning to set up mine as a bridge, but haven't had the time. Give it a try and let me know how it goes? :)