TOR Operations & Security

Tor Operations & Security

This page collects operational best practices: logging, updates, backups, legal and incident handling, and monitoring.

Patching and updates

  • Run Tor from the official packages provided by the Tor Project where possible; subscribe to security announcements and apply updates quickly.
  • For containerized deployments, rebuild and redeploy images with updated base images and Tor package versions.

Logging and privacy

  • Keep Tor logs minimal (notice level) to avoid storing excessive client-identifying information.
  • For relays, log only what you need for debugging; avoid prolonged retention of connection-level logs.

Backups

  • Back up torrc and any web application content or nginx configs used behind onion services.
  • Back up the HiddenServiceDir only if you plan to keep the same onion address; storing private keys means you must protect the backup securely.

Monitoring

  • Monitor CPU, memory, disk and network; set alerts for high load or disk saturation.
  • Use Prometheus exporters or custom scripts to collect metrics; Tor has control port APIs for stats and management.

Incident response & abuse handling

  • Have a contact and process for abuse requests; non-exit operators can usually point complainants to the Tor Project.
  • For exits, prepare a standard response and legal contact and consult local counsel before taking actions.

Research & ethics

  • If performing active measurements or research on Tor, follow Tor Research Guidelines (contact the Tor Research Safety Board) and obtain appropriate approvals.
me

My name is Adam Lichonvsky and I'm proud father and researcher.

         

Recent Posts