TOR The Onion Router

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication

The Onion Router

Tor (The Onion Router) is free, open-source software and a global volunteer overlay network that enables anonymous communication on the Internet. Tor protects users’ privacy by routing traffic through a sequence of relays and encrypting data multiple times (onion encryption). Tor also enables hosting services as Onion Services (formerly hidden services) that do not reveal the host’s IP address.

This document provides background and quick links. For deep dives see the linked subpages below.

Quick links:

• Onion Services: Onion Services guide
• Running a Relay: Relay guide
• Operations & Security: Ops & Security

1. History & Overview

• Tor originated from research in the mid-1990s and the Tor Project was formed to maintain and develop the software and network.
• The network uses onion routing: messages are wrapped in layers of encryption, and each relay peels one layer to learn only the previous and next hop.
• Tor consists of client software (Tor client, Tor Browser), a directory system, and volunteer-operated relays (guard/entry, middle, exit) and onion service introduction points.

Official resources:

• Tor Project: https://www.torproject.org/
• Tor Documentation: https://2019.www.torproject.org/docs/

2. How Tor works

• Circuit construction: a Tor client builds a three-hop circuit (guard -> middle -> exit) using information from directory authorities.
• Layered encryption: the client encrypts data in layers so that each relay only decrypts its layer and learns only its predecessor and successor on the circuit.
• Onion Services: services bind to a hidden address (v3 .onion) and accept inbound connections through introduction/relay circuits without revealing server IPs.

3. Installation

Choose your role before installation: “client” (Tor Browser or system Tor), “relay” (non‑exit or exit), or “onion service”. Running an exit relay has legal and operational implications; consider running a non-exit (relay) or bridge if you want to help the network without carrying exit traffic.

3.1 Tor Browser (recommended for privacy-aware users)

• Download the official Tor Browser bundle from the Tor Project website for Windows, macOS, or Linux. Verify signatures where possible.
• Launch the Tor Browser; it runs a bundled Tor client and configures the browser to use Tor via a SOCKS5 proxy.

### 3.2 System Tor (Debian/Ubuntu)

sudo apt update
sudo apt install -y tor deb.torproject.org-keyring

Start and enable the Tor service:

sudo systemctl enable --now tor
sudo systemctl status tor

3.3 System Tor (Rocky/CentOS/RHEL)

Install the Tor Project repository and package, then enable the service. Refer to https://www.torproject.org/docs/debian for distro-specific instructions.

3.4 Docker and containers

• Tor can run in containers for isolated deployments; ensure persistent storage for any data you rely on and restrict container capabilities (no NET_ADMIN unless required).

4. Configuration basics (torrc)

The main Tor configuration file is torrc (location varies by distro: /etc/tor/torrc or /etc/torrc). Below are common examples.

4.1 Client (basic) torrc snippet

SocksPort 9050
Log notice file /var/log/tor/notices.log
RunAsDaemon 1

4.2 Non-exit relay (recommended for most volunteers)

ORPort 9001
ExitPolicy reject *:*    # no exits
Nickname my-relay
ContactInfo admin@example.com
RelayBandwidthRate 100 KB
RelayBandwidthBurst 200 KB
Log notice file /var/log/tor/notices.log

4.3 Exit relay (requires careful legal review)

ORPort 9001
ExitPolicy accept *:80, accept *:443, reject *:*  # example: allow HTTP/HTTPS only
Nickname my-exit
ContactInfo admin@example.com

4.4 Bridge (to help censored users)

BridgeRelay 1
ORPort 443
ContactInfo admin@example.com

4.5 Onion service (v3) — publish a web service on Tor

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:8080

After starting Tor, the service will write the service’s .onion hostname into HiddenServiceDir/hostname.

5. Roles explained: client, bridge, relay, exit, onion service

• Client: uses Tor to route application traffic (via SOCKS). The Tor Browser is the recommended client for web browsing.
• Guard/Entry: the first hop in your circuit; clients pick a small set of stable guard relays to reduce exposure.
• Middle: forwarder relay between entry and exit.
• Exit: the last hop that makes connections to the public internet on behalf of the client; exit operators may receive abuse complaints and should understand local law.
• Bridge: unlisted relay used by censored users to connect to the network.
• Onion Service: service that accepts inbound Tor connections without exposing its network location.

6. Use cases

• Privacy-preserving browsing (reduce tracking and fingerprinting).
• Censorship circumvention — access blocked content via bridges or Tor.
• Secure communication for journalists, activists, and whistleblowers.
• Hosting services that require strong anonymity guarantees (publishers, secure dropboxes).
• Research and network measurement (observe Tor performance, but follow ethical and Tor research guidelines).

7. Deep web vs. Dark web

• “Deep web” refers to content not indexed by conventional search engines (private databases, intranets, paywalled content, and dynamically generated pages). Much of the internet is “deep” in this sense — it is simply not searchable by crawlers and is often benign (bank portals, corporate intranets, private APIs).

• “Dark web” commonly refers to intentionally hidden networks and services that require special software or configuration to access (for example, Tor Onion Services, I2P, Freenet). The dark web includes a wide spectrum: privacy-enhancing services used by journalists, NGOs, and activists; research and whistleblowing platforms; and, regrettably, marketplaces and forums used for illegal activity.

Guiding principles and safety

• Legality: laws vary by country. Accessing an .onion address is not itself illegal in most jurisdictions, but interacting with or participating in criminal activity is illegal. Know local law before exploring.
• Verification: only visit .onion addresses obtained from trusted sources (official clearnet sites, verified social media accounts, or reputable indexes). Malicious sites often spoof names and copy content.
• Hygiene: use the Tor Browser, keep it updated, avoid downloading/running unknown binaries, and prefer TLS (HTTPS) or end-to-end encrypted services when possible.

Examples of reputable .onion services (verify on the organization’s clearnet site before visiting)

• The New York Times (example): https://www.nytimes3xbfgragh.onion — official clearnet NYT pages list their onion address.
• BBC News (example): http://www.bbcnewsv2vjtpsuy.onion — verified by the BBC.
• Facebook / Meta (example): https://www.facebookcorewwwi.onion — offered by Facebook to provide an official access point.

Note: the above addresses are provided as illustrative, public-facing examples of how established organizations offer onion services. Always verify addresses via the organization’s official channels before using them.

Finding onion services and indexes

• Ahmia (https://ahmia.fi/) is a clearnet index and search portal that indexes public onion services and filters obvious illegal content; it can be a starting point for locating reputable services.
• The Tor Project maintains documentation and guidance for discovering and verifying onion services: https://support.torproject.org/onion-services/

Ethics and research

• If you study the dark web for research, follow ethical guidelines and institutional review requirements. Avoid interacting with illicit marketplaces and do not collect or distribute illegal content.

8. Threat model & limitations

• Tor protects against network-level observers between you and the destination but cannot protect against end-to-end correlation by powerful adversaries who can observe both entry and exit points simultaneously.
• Tor does not anonymize the endpoints: if you log into an account, that service may deanonymize you.
• Browser fingerprinting and plugins (Flash, Java) can deanonymize users — use Tor Browser and keep it up to date.
• Malicious exit nodes can observe traffic leaving the network; always use end-to-end encryption (HTTPS) for sensitive traffic.

9. Operational security when using Tor

• Use the Tor Browser bundle rather than piping arbitrary applications through Tor unless you understand their network behavior.
• Avoid mixing identities across Tor and clearnet (e.g., logging into personal accounts while using Tor for anonymity).
• Keep software up to date and verify Tor Browser signatures when possible.
• For running relays: monitor resource use, keep logs limited to necessary information, provide contact info, and subscribe to the Tor operators’ mailing lists for advisories.

10. Running a relay vs exit node: legal & operational considerations

• Non-exit relays generally have lower legal risk; they contribute to the network by forwarding encrypted Tor traffic.
• Exit relays carry traffic to the public internet and may attract abuse complaints or legal requests; consult local laws and your ISP terms before operating an exit.
• Consider registering your contact details in the ContactInfo field so you can respond to abuse reports.

11. Example commands & quick reference

• Verify Tor Browser download and signature: see https://www.torproject.org/download/
• Start Tor service on systemd systems: sudo systemctl enable --now tor.
• View Tor logs: journalctl -u tor or check /var/log/tor/notices.log.

12. Resources & further reading

• Tor Project — https://www.torproject.org/
• Tor Documentation — https://2019.www.torproject.org/docs/
• Running a Tor relay — https://community.torproject.org/relay/setup/
• Onion Service introduction — https://support.torproject.org/onion-services/
• Research and legal guidance for operators — https://community.torproject.org/relay/faq/