There is a drawback, though. Since the traffic in Tor is routed through multiple onion relays, it can significantly reduce your browsing speed. Also, ISPs can restrict or throttle Tor traffic without prior warning. Tor FAQs say that their main focus is security and not speed. That being said, the following tips below will help speed up the Tor browser and make Tor faster.
Frequent experience suggests updating the Tor browser allows you to achieve faster speeds. Here you can check for any updates. Thus, it is better to stay frequently updated. This would make it more difficult for anyone monitoring your traffic to determine that you are using this anonymous browser.
Tor cannot use a bridge if a proxy was set by you. It will still be slower than your regular ISP speeds. You can also request a new bridge from torproject. Sometimes no new bridges are available. After a successful bridge connection, you can enjoy regular or higher Tor speeds independent of your ISP restrictions.
If your webpage is not loading fast enough, it can be due to several reasons, such as social networking buttons, analytical tools, advertisements, and other factors. To solve these issues, Tor has a new feature which allows the website or active window to be reloaded over a new Tor circuit. This menu item can be accessed from the three-bar menu. Every time your web page refuses to load quickly, you can click this option for a new circuit.
Of course, for this option to be visible, you need to update your Tor browser. This is also a nice security feature, as it prevents your subsequent browser activity from being linkable to what you were doing before. To ensure that speed issues are minimal, you need to ensure that your system clock and time zone are set correctly. It is better to disable any antivirus software affecting your system tray.
Also, disable your firewall, and if you are using a new Tor browser version, uninstall the old one. Do not overwrite the old program. If another Tor is running, it can severely impact your connection speeds. You should configure Tor to isolate cookies and delete your browsing history after each session.
Go to about:preferences privacy in Tor and make sure you enable these privacy preferences. It can be accessed from Settings and is disabled by default. Enable it to ensure proper speeds that are supported by your device. One shortcut to speeding up Tor is to edit your Torrc file. However, this method may not work for everyone and results may vary. You can download a new Torrc file at this link. It has been tested to be virus-free. This option overrides that behavior.
IPv4 is the default. Tell the tor client to only connect to. The corresponding NoOnionTrafficOnly flag is not supported. Tells the client to remember all DNS answers we receive from exit nodes via this connection. Tells the client to use any cached IPv4 DNS answers we have when making requests via this connection. Use with care! Tells the client to use any cached IPv6 DNS answers we have when making requests via this connection.
Tells the client to use any cached DNS answers we have when making requests via this connection. When serving a hostname lookup request on this port that should get automapped according to AutomapHostsOnResolve , if we could return either an IPv4 or an IPv6 answer, prefer an IPv6 answer. On by default. Flags are processed left to right. If flags conflict, the last flag on the line is used, and all earlier flags are ignored.
No error is issued for conflicting flags. The policies have the same form as exit policies below, except that port specifiers are ignored. Any address not matched by some entry in the policy is accepted. Let a socks connection wait NUM seconds handshaking, and NUM seconds unattached waiting for an appropriate circuit, before we fail it.
Default: 2 minutes. NUM must be between 1 and , inclusive. Note that the configured bandwidth limits are still expressed in bytes per second: this option only affects the frequency with which Tor checks to see whether previously exhausted connections may read again.
Default: msec. For each value in the comma separated list, Tor will track recent connections to hosts that match this value and attempt to reuse the same exit node for each. This option is useful if you frequently connect to sites that will expire all your authentication cookies i. Note that this option does have the disadvantage of making it more clear that a given history is associated with a single user. However, most people who would wish to observe this will observe it through cookies or other protocol-specific means anyhow.
Since exit servers go up and down, it is desirable to expire the association between host and exit server after NUM seconds. The default is seconds 30 minutes. When set along with UseBridges , Tor will try to fetch bridge descriptors from the configured bridge authorities when feasible.
It will fall back to a direct request if the authority responds with a When set, Tor will fetch descriptors for each bridge listed in the "Bridge" config lines, and use these relays as both entry guards and directory guards. If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. In these cases, the this option is ignored.
V3 authoritative directories only. Configures the location of the guardfraction file which contains information about how long relays have been guards. Default: unset. This torrc option specifies whether clients should use the guardfraction information found in the consensus during path selection. If nonzero, and UseEntryGuards is set, minimum time to keep a guard before picking a new one. If zero, we use the GuardLifetime parameter from the consensus directory. No value here may be less than 1 month or greater than 5 years; out-of-range values are clamped.
Specifically, these are socks4 and socks5 when not doing remote DNS. When this option is enabled, Tor will make a notice-level log entry for each connection to the Socks port indicating whether the request used a safe socks protocol or an unsafe one see above entry on SafeSocks. This helps to determine whether an application using Tor is possibly leaking DNS requests.
Defaults: When providing proxy server service to a network of computers using a tool like dns-proxy-tor, change the IPv4 network to " The default VirtualAddrNetwork address ranges on a properly configured machine will route to the loopback or link-local interface.
The maximum number of bits for the network prefix is set to for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length. For local use, no change to the default VirtualAddrNetwork setting is needed. When this option is disabled, Tor blocks hostnames containing illegal characters like and : rather than sending them to an exit node to be resolved.
This helps trap accidental attempts to resolve URLs and so on. Set the port to "auto" to have Tor pick a port for you. Open this port to listen for transparent proxy connections. TransProxyType may only be enabled when there is transparent proxy listener enabled. Set this option to "ipfw" to use the FreeBSD ipfw interface. Detailed information on how to configure pf to use divert-to rules can be found in the pf.
Default: "default". See SocksPort for an explanation of isolation flags. This option is only for people who cannot use TransPort. When this option is enabled, and we get a request to resolve an address that ends with one of the suffixes in AutomapHostsSuffixes , we map an unused virtual address to that address, and return the new virtual address.
This is handy for making ". A comma-separated list of suffixes to use with AutomapHostsOnResolve. The ". If true, Tor does not believe any anonymously retrieved DNS answer that tells it that an address resolves to an internal address like This option prevents certain browser-based attacks; it is not allowed to be set on the default network.
If true, Tor does not try to fulfill requests to connect to an internal address like If true, Tor downloads and caches "extra-info" documents. These documents contain information about servers other than the information in their regular server descriptors. Tor does not use this information for anything itself; to save bandwidth, leave this option turned off. Tells Tor to issue a warnings whenever the user tries to make an anonymous connection to one of these ports.
This option is designed to alert users to services that risk sending passwords in the clear. Default: 23,,, Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor will instead refuse to make the connection. Default: None. When this option is set, and Tor is using an exit node that supports the feature, it will try optimistically to send data to the exit node without waiting for the exit node to report whether the connection succeeded.
This can save a round-trip time for protocols like HTTP where the client talks first. When this option is set, Tor connects to hidden services non-anonymously. This option also disables client connections to non-hidden-service hostnames through Tor. It must only be used when running a tor2web Hidden Service web proxy. To enable this option the compile time flag --enable-tor2web-mode must be specified. Since Tor2webMode is non-anonymous, you can not run an anonymous Hidden Service on a tor version compiled with Tor2webMode.
A list of identity fingerprints, nicknames, country codes and address patterns of nodes that are allowed to be used as RPs in HS circuits; any other nodes will not be used as RPs. If no nodes in Tor2webRendezvousPoints are currently available for use, Tor will choose a random node when building HS circuits. A list of identity fingerprints, nicknames, country codes, and address patterns of nodes that are allowed to be used as the second hop in all client or service-side Onion Service circuits.
This option mitigates attacks where the adversary runs middle nodes and induces your client or service to create many circuits, in order to discover your primary guard node. Default: Any node in the network may be used in the second hop. Rend, HSDir, and Intro point selection is not affected by this option. Hence it does not do load balancing if fewer than 20 nodes are selected, and if no nodes in HSLayer2Nodes are currently available for use, Tor will not work.
Please use extreme care if you are setting this option manually. A list of identity fingerprints, nicknames, country codes, and address patterns of nodes that are allowed to be used as the third hop in all client and service-side Onion Service circuits. This option mitigates attacks where the adversary runs middle nodes and induces your client or service to create many circuits, in order to discover your primary or Layer2 guard nodes.
Default: Any node in the network may be used in the third hop. Hence it does not do load balancing if fewer than 20 nodes are selected, and if no nodes in HSLayer3Nodes are currently available for use, Tor will not work. Microdescriptors are a smaller version of the information that Tor needs in order to build its circuits. Using microdescriptors makes Tor clients download less directory information, thus saving bandwidth. For legacy reasons, auto is accepted, but it has the same effect as 1.
To try to find broken or misbehaving guard nodes, Tor looks for nodes where more than a certain fraction of circuits through that guard fail to get built. The PathBiasCircThreshold option controls how many circuits we need to build through a guard before we make these checks. When we have seen more than PathBiasScaleThreshold circuits through a guard, we scale our observations by 0.
By default, or if a negative value is provided for one of these options, Tor uses reasonable defaults from the networkstatus consensus document. If no defaults are available there, these options default to ,. Where as the path bias parameters govern thresholds for successfully building circuits, these four path use bias parameters govern thresholds only for circuit usage.
Circuits which receive no stream usage are not counted by this detection algorithm. A used circuit is considered successful if it is capable of carrying streams or otherwise receiving well-formed responses to RELAY cells. If no defaults are available there, these options default to 20,. If this option is set to 0, Tor will avoid connecting to directory servers and entry nodes over IPv4. If this option is set to 1, Tor might connect to directory servers or entry nodes over IPv6.
If this option is set to 1, Tor prefers a directory port with an IPv6 address over one with IPv4, for direct connections, if a given directory server has both. If this option is set to auto, clients prefer IPv4. Other things may influence the choice.
This option breaks a tie to the favor of IPv6. If this option is set to auto, Tor bridge clients prefer the configured bridge address, and other clients prefer IPv4. If this option is set to a fraction between 0. Note that setting this option too low can make your Tor client less anonymous, and setting it too high can prevent your Tor client from bootstrapping.
If this option is negative, Tor will use a default value chosen by the directory authorities. If the directory authorities do not choose a value, Tor will default to 0. Only used by clients fetching from a list of fallback directory mirrors. This schedule is advanced by potentially concurrent connection attempts, unlike other schedules, which are advanced by connection failures. Default: 6, 11, , , , , , Default: 0, 1, 4, 11, , , , , , Default: 0, 3, 7, , , , , , Try this many simultaneous connections to download a consensus before waiting for one to complete, timeout, or error out.
Default: 3. The IPv4 address of this server, or a fully qualified domain name of this server that resolves to an IPv4 address. You can leave this unset, and Tor will try to guess your IPv4 address. This option is used when bootstrapping a new Tor network.
If AuthoritativeDirectory is also set, this option instructs the dirserver to bypass remote reachability testing too and list all connected servers as running. Sets the relay to act as a "bridge" with respect to relaying connections from bridge users to the Tor network. It mainly causes Tor to publish a server descriptor to the bridge database, rather than to the public directory authorities.
If set along with BridgeRelay, Tor will include a new line in its bridge descriptor which indicates to the BridgeDB service how it would like its bridge address to be given out. Until BridgeDB is updated to obey this option, your bridge will make this request, but it will not yet be obeyed.
Administrative contact information for this relay or bridge. This line can be used to contact you if your relay or bridge is misconfigured or something else goes wrong. Note that we archive and publish all descriptors containing these lines and that Google indexes them, so spammers might also collect them.
ContactInfo must be set to a working address if you run more than one relay or bridge. Really, everybody running a relay or bridge should set it. Tells Tor whether to run as an exit relay. If Tor is running as a non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to exit according to the ExitPolicy option or the default ExitPolicy if none is specified.
If ExitRelay is set to 0, no traffic is allowed to exit, and the ExitPolicy option is ignored. If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but warns the user if this would cause traffic to exit. In a future version, the default value will be 0. Set an exit policy for this server.
For example, "accept Tor also allows IPv6 exit policy entries. Using an IPv4 address with accept6 or reject6 is ignored and generates a warning. To specify all IPv4 and IPv6 internal and link-local networks including 0.
Private addresses are rejected by default at the beginning of your exit policy , along with any configured primary public IPv4 and IPv6 addresses. These private addresses are rejected unless you set the ExitPolicyRejectPrivate config option to 0. Policies are considered first to last, and the first match wins.
If you want to use a reduced exit policy rather than the default exit policy, set "ReducedExitPolicy 1". If you want to replace the default exit policy with your custom exit policy, end your exit policy with either a reject : or an accept :. The default exit policy is:.
See above entry on ExitPolicy. Reject all IPv4 and IPv6 addresses that the relay knows about, at the beginning of your exit policy. This option is off by default, because it lists all public relay IP addresses in the ExitPolicy, even those relay operators might prefer not to disclose. If set, use a reduced exit policy rather than the default one. The reduced exit policy is an alternative to the default exit policy.
It allows as many Internet services as possible while still blocking the majority of TCP ports. Currently, the policy allows approximately 65 ports. This reduces the odds that your node will be used for peer-to-peer applications. The reduced exit policy is:. If we have more onionskins queued for processing than we can process in this amount of time, reject new ones. This option can be repeated many times, for convenience in defining large families: all fingerprints in all MyFamily lines are merged into one list.
Do not list any bridge relay as it would compromise its concealment. If you run more than one relay, the MyFamily option on each relay must list all other relays, as described above. How many processes to use at once for decrypting onionskins and other parallelizable operations.
Advertise this port to listen for connections from Tor clients and servers. This option is required to be a Tor server. Set it to 0 to not run an ORPort at all. This option can occur more than once. Default: 0 Tor recognizes these flags on each ORPort:.
By default, we bind to a port and tell our users about it. If PortForwarding is set, use this executable to configure the forwarding. If set to a filename, the system path will be searched for the executable. If set to a path, only the specified path will be executed. Default: tor-fw-helper. This option specifies which descriptors Tor will publish when acting as a relay.
You can choose multiple arguments, separated by commas. If this option is set to 0, Tor will not publish its descriptors to any directories. Otherwise, Tor will publish its descriptors of all type s specified. The default is "1", which means "if running as a relay or bridge, publish descriptors to the appropriate authorities". After NUM seconds, we exit. Default: 30 seconds. When creating a link certificate for our outermost SSL handshake, set its lifetime to this amount of time. If set to 0, Tor will choose some reasonable random defaults.
Log a heartbeat message every HeartbeatPeriod seconds. This is a log level notice message, designed to let you know your Tor server is still alive and doing useful things. Settings this to 0 will disable the heartbeat. Otherwise, it must be at least 30 minutes. Default: 6 hours. Log main loop statistics every HeartbeatPeriod seconds. Limits the max number of bytes sent and received within a set time period using a given calculation rule see: AccountingStart, AccountingRule.
Useful if you need to stay under a specific bandwidth. By default, the number used for calculation is the max of either the bytes sent or received. It will only hibernate once one of the two reaches 1 GByte. When the number of bytes remaining gets low, Tor will stop accepting new connections and circuits. When the number of bytes is exhausted, Tor will hibernate until some time in the next accounting period. To prevent all servers from waking at the same time, Tor will also wait until a random point in each period before waking up.
If you have bandwidth cost issues, enabling hibernation is preferable to setting a low bandwidth, since it provides users with a collection of fast servers that are up some of the time, which is more useful than a set of slow servers that are always "available". How we determine when our AccountingMax has been reached when we should hibernate during a time interval. Set to "max" to calculate using the higher of either the sent or received bytes this is the default functionality.
Set to "sum" to calculate using the sent plus received bytes. Set to "in" to calculate using only the received bytes. Set to "out" to calculate using only the sent bytes. Default: max. Specify how long accounting periods last. If month is given, each accounting period runs from the time HH:MM on the dayth day of one month to the same day and time of the next.
The relay will go at full speed, use all the quota you specify, then hibernate for the rest of the period. The day must be between 1 and If week is given, each accounting period runs from the time HH:MM of the dayth day of one week to the same day and time of the next week, with Monday as day 1 and Sunday as day 7.
If day is given, each accounting period runs from the time HH:MM each day to the same time on the next day. All times are local, and given in hour time. Default: "month 1 ". Overrides the default DNS configuration with the configuration in filename. The file format is the same as the standard Unix " resolv.
This option, like all other ServerDNS options, only affects name lookups that your server does on behalf of clients. Defaults to use the system DNS configuration. If this option is false, Tor exits immediately if there are problems parsing the system DNS configuration or connecting to nameservers. Otherwise, Tor continues to periodically retry the system nameservers until it eventually succeeds. If set to 1, then we will search for addresses in the local search domain. For example, if this system is configured to believe it is in "example.
This option only affects name lookups that your server does on behalf of clients. When this option is set to 1, we will test periodically to determine whether our local nameservers have been configured to hijack failing DNS requests usually to an advertising site. If they are, we will attempt to correct this. Default: "www. When this option is disabled, Tor does not try to resolve hostnames containing illegal characters like and : rather than sending them to an exit node to be resolved.
When this option is enabled and BridgeRelay is also enabled, and we have GeoIP data, Tor keeps a per-country count of how many client addresses have contacted it so that it can help the bridge authority guess which countries have blocked access to it. When this option is set, Tor sets the case of each character randomly in outgoing DNS requests, and makes sure that the case matches in DNS replies.
This so-called "0x20 hack" helps resist some types of DNS poisoning attack. Relays only. When this option is enabled, Tor collects statistics about cell processing i. Onion router operators may use the statistics for performance monitoring. If ExtraInfoStatistics is enabled, it will published as part of extra-info document. When this option is enabled, Tor collects statistics for padding cells sent and received by this relay, in addition to total cell counts. These statistics are rounded, and omitted if traffic is low.
This information is important for load balancing decisions related to padding. Relays and bridges only. When this option is enabled, a Tor directory writes statistics on the number and response time of network status requests to disk every 24 hours. Enables relay and bridge operators to monitor how much their server is being used by clients to learn about Tor network.
When this option is enabled, Tor writes statistics on the number of directly connecting clients to disk every 24 hours. Enables relay operators to monitor how much inbound traffic that originates from Tor clients passes through their server to go further down the Tor network. If ExtraInfoStatistics is enabled, it will be published as part of extra-info document. Exit relays only. When this option is enabled, Tor writes statistics on the number of relayed bytes and opened stream per exit port to disk every 24 hours.
Enables exit relay operators to measure and monitor amounts of traffic that leaves Tor network through their exit node. When this option is enabled, Tor writes statistics on the amounts of traffic it passes between itself and other relays to disk every 24 hours. Enables relay operators to monitor how much their relay is being used as middle node in the circuit. When this option is enabled, a Tor relay writes obfuscated statistics on its role as hidden-service directory, introduction point, or rendezvous point to disk every 24 hours.
If ExtraInfoStatistics is also enabled, these statistics are further published to the directory authorities. When this option is enabled, Tor includes previously gathered statistics in its extra-info documents that it uploads to the directory authorities.
When this option is enabled, Tor will connect to relays on localhost, RFC addresses, and so on. Tor will always allow connections to bridges, proxies, and pluggable transports configured on private addresses. Enabling this option can create security issues; you should probably leave it off. Do not set this option too low, or your relay may be unreliable under load.
This option only affects some queues, so the actual process size will be larger than this. This option disables the code that closes connections when Tor notices that it is running low on sockets. Right now, it is on by default, since the existing out-of-sockets mechanism tends to kill OR connections more than it should. For how long should each Ed signing key be valid?
Tor uses a permanent master identity key that can be kept offline, and periodically generates new "signing" keys that it uses online. This option configures their lifetime. Default: 30 days. If non-zero, the Tor relay will never generate or load its master secret key.
Store secret keys in DIR. Default: the "keys" subdirectory of DataDirectory. The following options are useful only for directory servers. Relays with enough bandwidth automatically become directory servers; see DirCache for details. Now relay operators can provide a disclaimer without needing to set up a separate webserver. If this option is nonzero, advertise the directory service on this port.
This option can occur more than once, but only one advertised DirPort is supported: all but one DirPort must have the NoAdvertise flag set. Default: 0 The same flags are supported here as are supported by ORPort. Set an entrance policy for this server, to limit who can connect to the directory ports.
The policies have the same form as exit policies above, except that port specifiers are ignored. When this option is set, Tor caches all current directory documents except extra info documents, and accepts client requests for them. If DownloadExtraInfo is set, cached extra info documents are also cached. When this option is nonzero, Tor caches will not try to generate consensus diffs for any consensus older than this amount of time. If this option is set to zero, Tor will pick a reasonable default from the current networkstatus document.
You should not set this option unless your cache is severely low on disk space or CPU. If you need to set it, keeping it above 3 or 4 hours will help clients much more than setting it to zero. The mitigations take place at relays, and are as follows:. If a single client address makes too many concurrent connections this is configurable via DoSConnectionMaxConcurrentCount , hang up on further connections.
If a client asks to establish a rendezvous point to you directly ex: Tor2Web client , ignore the request. In doubt, do not change those values. The following options are useful only for a public relay. They control the Denial of Service mitigation subsystem described above. Enable circuit creation DoS mitigation.
If set to 1 enabled , tor will cache client IPs along with statistics in order to detect circuit DoS attacks. If an address is positively identified, tor will activate defenses against the address. This is a client to relay detection only. If not defined in the consensus, the value is 0. Minimum threshold of concurrent connections before a client address can be flagged as executing a circuit creation DoS. In other words, once a client address reaches the circuit rate and has a minimum of NUM concurrent connections, a detection is positive.
If not defined in the consensus, the value is 3. The allowed circuit creation rate per second applied per client IP address. If this option is 0, it obeys a consensus parameter. The allowed circuit creation burst per client IP address. If the circuit rate and the burst are reached, a client is marked as executing a circuit creation DoS. If not defined in the consensus, the value is This is the type of defense applied to a detected client address.
The possible values are: 1: No defense. If not defined in the consensus, the value is 2. The base time period in seconds that the DoS defense is activated for. If not defined in the consensus, the value is seconds 1 hour. Enable the connection DoS mitigation. If set to 1 enabled , for client address only, this allows tor to mitigate against large number of concurrent connections made by a single IP address.
The maximum threshold of concurrent connection from a client IP address. This is the type of defense applied to a detected client address for the connection mitigation. Refuse establishment of rendezvous points for single hop clients. The following options enable operation as a directory authority, and control how Tor behaves as a directory authority.
When this option is set to 1, Tor operates as an authoritative directory server. Instead of caching the directory, it generates its own list of good servers, signs it, and sends that to the clients. Unless the clients already have you listed as a trusted directory, you probably do not want to set this option.
When this option is set in addition to AuthoritativeDirectory , Tor generates version 3 network statuses and serves descriptors, etc as described in dir-spec. When this option is set to 1, Tor adds information on which versions of Tor are still believed safe for use to the published directory. Each version 1 authority is automatically a versioning authority; version 2 authorities provide this service optionally.
The list is included in each directory, and nodes which pull down the directory learn whether they need to upgrade. This option can appear multiple times: the values from multiple lines are spliced together. When this is set then VersioningAuthoritativeDirectory should be set too. This information is used to vote on the correct URL and digest for the released versions of different Tor-related packages, so that the consensus can certify them.
This line may appear any number of times. This information is included in version 2 directories. If this is not set then the value of RecommendedVersions is used. When this option is set in addition to AuthoritativeDirectory , Tor accepts and serves server descriptors, but it caches and serves the main networkstatus documents rather than generating its own. Minimum uptime of a v2 hidden service directory to be accepted as such by authoritative directories.
Default: 25 hours. If set to 1, Tor will accept server descriptors with arbitrary "Address" elements. Otherwise, if the address is not an IP address or is a private IP address, it will reject the server descriptor. Additionally, Tor will allow exit policies for private networks to fulfill Exit flag requirements. Authoritative directories only.
A set of address patterns for servers that will be listed as bad exits in any network status document this authority publishes, if AuthDirListBadExits is set. A set of address patterns for servers that will never be listed as "valid" in any network status document that this authority publishes.
A set of address patterns for servers that will never be listed at all in any network status document that this authority publishes, or accepted as an OR address in any descriptor submitted for publication by this authority.
If set to 1, this directory has some opinion about which nodes are unsuitable as exit nodes. Do not set this to 1 unless you plan to list non-functioning exits as bad; otherwise, you are effectively voting in favor of every declared exit as an exit. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". Default: 2. If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or more.
Default: KBytes. If non-zero, this advertised capacity or more is always sufficient to satisfy the bandwidth requirement for the Guard flag. Default: 2 MBytes. In all cases, Tor records every keypair it accepts in a journal if it is new, or if it differs from the most recently accepted pinning for one of the keys it contains.
Switch for the shared random protocol. If non-zero default , the flag "shared-rand-participate" is added to the authority vote indicating participation in the protocol. If this option is set to 0, then we treat relays as "Running" if their RSA key is correct when we probe them, regardless of their Ed key.
We should only ever set this option to 0 if there is some major bug in Ed link authentication that causes us to label all the relays as not Running. If set, contains an HTTP authenticator that tells a bridge authority to serve all requested bridge information.
Used by the only partially implemented "bridge community" design, where a community of bridge relay operators all use an alternate bridge directory authority, and their target user audience can periodically fetch the list of available community bridges to stay up-to-date. Default: 1 hour. Configures the number of VotingIntervals for which each consensus should be valid for.
Choosing high numbers increases network partitioning risks; choosing low numbers increases directory traffic. Must be at least 2. If set, the directory authority will sign consensuses not only with its own signing key, but also with a "legacy" key and certificate with a different identity. This feature is used to migrate directory authority keys in the event of a compromise. Default: 24 hours. A total value, in abstract bandwidth units, describing how much measured total bandwidth an authority should have observed on the network before it will treat advertised bandwidths as wholly unreliable.
Every hidden service must have a separate directory. You may use this option multiple times to specify multiple services. Do not rely on this behavior; it is not guaranteed to remain the same in future versions. You may use this option multiple times; each time applies to the service using the most recent HiddenServiceDir. By default, this option maps the virtual port to the same port on You may override the target port, address, or both by specifying a target of addr, port, addr:port, or unix: path.
Unix paths may be quoted, and may use standard C escapes. A list of rendezvous service descriptor versions to publish for the hidden service. Currently, versions 2 and 3 are supported. If configured, the hidden service is accessible for authorized clients only.
Only clients that are listed here are authorized to access the hidden service. If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using HidServAuth.
This option is only for v2 services. If set to 1, then connections to unrecognized ports do not cause the current hidden service to close rendezvous circuits. Setting this to 0 is not an authorization mechanism; it is instead meant to be a mild inconvenience to port-scanners. The maximum number of simultaneous streams connections per rendezvous circuit. The maximum value allowed is Setting this to 0 will allow an unlimited number of simultaneous streams.
If set to 1, then exceeding HiddenServiceMaxStreams will cause the offending rendezvous circuit to be torn down, as opposed to stream creation requests that exceed the limit being silently ignored. Every time the specified period elapses, Tor uploads any rendezvous service descriptors to the directory servers.
This information is also uploaded whenever it changes. Minimum value allowed is 10 minutes and maximum is 3. If this option is set to 1, allow the filesystem group to read the hidden service directory and hostname file. If the option is set to 0, only owner is able to read the hidden service directory. Default: 0 Has no effect on Windows.
Number of introduction points the hidden service will have. Experimental - Non Anonymous Hidden Services on a tor instance in HiddenServiceSingleHopMode make one-hop direct circuits between the onion service server, and the introduction and rendezvous points. Onion service descriptors are still posted using 3-hop paths, to avoid onion service directories blocking the service.
This option makes every hidden service instance hosted by a tor instance a Single Onion Service. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. However, the fact that a client is accessing a Single Onion rather than a Hidden Service may be statistically distinguishable.
It is best practice to create a new hidden service directory, key, and address for each new Single Onion Service and Hidden Service. It is not possible to run Single Onion Services and Hidden Services from the same tor instance: they should be run on different servers with different IP addresses.
Makes hidden services non-anonymous on this tor instance. Enables direct connections in the server-side hidden service protocol. If set to 1, Tor adjusts default values of the configuration options below, so that it is easier to set up a testing Tor network. May only be set if non-default set of DirAuthorities is set. Cannot be unset while Tor is running. Like V3AuthVotingInterval, but for initial voting interval before the first consensus has been created.
Changing this requires that TestingTorNetwork is set. Default: 30 minutes. Like V3AuthVoteDelay, but for initial voting interval before the first consensus has been created. Like V3AuthDistDelay, but for initial voting interval before the first consensus has been created.
Directory authorities offset voting start time by this much. After starting as an authority, do not make claims about whether routers are Running until this much time has passed. Clients try downloading server descriptors from directory caches after this time. Minimum value for the Fast flag. Overrides the ordinary minimum taken from the consensus when TestingTorNetwork is set. Schedule for when servers should download things in general. Default: 0, 0, 0, 60, 60, , , , Schedule for when clients should download things in general.
Default: 0, 0, 60, , , Schedule for when servers should download consensuses. Default: 0, 0, 60, , , , , , , , , Schedule for when clients should download consensuses. Schedule for when clients should download each bridge descriptor when they know that one or more of their configured bridges are running. Default: , , , , Schedule for when clients should download each bridge descriptor when they have just started, or when they can not contact any of their bridges.
Default: 0, 30, 90, , , , , , , When directory clients have only a few descriptors to request, they batch them until they have more, or until this amount of time has passed. Let a directory connection stall this long before expiring it. A list of identity fingerprints, country codes, and address patterns of nodes to vote Exit for regardless of their uptime, bandwidth, or exit policy. In order for this option to have any effect, TestingTorNetwork has to be set.
If True 1 , a node will never receive the Exit flag unless it is specified in the TestingDirAuthVoteExit list, regardless of its uptime, bandwidth, or exit policy. A list of identity fingerprints and country codes and address patterns of nodes to vote Guard for regardless of their uptime and bandwidth. If True 1 , a node will never receive the Guard flag unless it is specified in the TestingDirAuthVoteGuard list, regardless of its uptime and bandwidth.
A list of identity fingerprints and country codes and address patterns of nodes to vote HSDir for regardless of their uptime and DirPort. In order for this option to have any effect, TestingTorNetwork must be set. Sets a lower-bound for assigning an exit flag when running as an authority on a testing network.
Overrides the usual default lower bound of 4 KB. Overrides the default lifetime for the certificates used to authenticate our X link cert with our ed signing key. Default: 2 days. TestingLinkKeySlop N seconds minutes hours. TestingAuthKeySlop N seconds minutes hours. How early before the official expiration of a an Ed signing key do we replace it and issue a new key? Default: 3 hours for link and auth; 1 day for signing.
Other options of this type are documented in control-spec. End-users should mostly ignore them. These underscore-prefixed options are variants of the regular Port options. The delay can be configured with the ShutdownWaitLength config option.
The signal instructs Tor to reload its configuration including closing and reopening logs , and kill and restart its helper processes if applicable. Switch all logs to loglevel debug. Tor receives this signal when one of its helper processes has exited, so it can clean up. This file holds downloaded directory key certificates that are used to verify authenticity of documents generated by Tor directory authorities. These files hold downloaded router statuses. Some routers may appear more than once; if so, the most recently published descriptor is used.
Lines beginning with -signs are annotations that contain more information about a given router. As "cached-descriptors", but holds optionally-downloaded "extra-info" documents. Relays use these documents to send inessential information about statistics, bandwidth history, and network health to the authorities.
These files hold downloaded microdescriptors. Obsolete versions of cached-descriptors and cached-descriptors. A set of persistent key-value mappings. These are documented in the file. These include:. Authority only. State file used to record information about the current status of the shared-random-value voting state. Directory cache only. Holds older consensuses, and diffs from older consensuses to the most recent consensus of each type, compressed in various ways.
Each file contains a set of key-value arguments describing its contents, followed by a single NUL byte, followed by the main file contents. Used to track bandwidth accounting values when the current period starts and ends; how much has been read and written so far this period.
|Tor browser свой браузер hidra||253|
|Hydra tor browser hudra||Перестал работать браузер тор hyrda вход|
|Tor browser заработок gidra||Firefox настроить tor browser gidra|