Skip to content

Tor and its network

The software for Tor is under active development therefore some things change overtime.

Last update 24th March 2013

You can learn a lot about Tor on its project page.

The overview is great help.

The documentation gives answers to various questions.

This page here should give you a short overview, instead of listing every detail.


The client and its connection.

Tor transports TCP traffic. It currently doesn’t support UDP. It’s still able to turn hostnames into IP addresses.

Your Tor client downloads the list of all relays. This list is called consensus. From that list your client picks three entry guards. Those guards will be your first hop, for some time. This should ensure that only a small faction of the network learns about you. From the list your client picks three relays it connects through to reach its destination you just picked.

Let’s say you want to visit and use the TorBrowserBundle (TBB). You start it up and Tor builds an encrypted connection to the first hop, one of the guards it picked, then it uses that connection to connect to the second hop, called middle node, over that you connect to the third hop, called exit node. All connections to and between each hop are encrypted. You type in the address-bar and Tor passes the request through the circuit your client has built. The exit resolves the hostname to an IP address. You get connected to the destination through the circuit your client created. The website appears in your browser.

Tor will anonymize the origin of your traffic. For that purpose it uses three relays to reach the destination. Every relay knows its predecessor and its successor, but not the full path.

The first hop will see where the traffic is coming from, but can’t see the destination, the second hop will see that the traffic is coming from another node and goes to another node that happens to be an exit; the exit can see the destination, but does not know where it originated; it sees only the second hop.

Tor encrypts the traffic from you to the first hop. It’s encrypted in the network as well. Of course the traffic has to leave the network at the exit how it was before Tor encrypted it. You should enable https:// to avoid anyone to looking at the exit to figure out who you are and where the traffic came from. When possible use encryption all the time for any service.

The TorBrowserBundle includes HTTPS-Everywhere, it rewrites the request to https:// when there’s a rule for the destination hostname. It’s a great help, but you should try to use https:// yourself.

The EFF provides an interactive graphic to illustrate what others can see in case of HTTP, HTTPS and Tor as well as any combination.


The network

The Tor network is a set of relays, run by volunteers, and authorities run by trusted people.

Every relay reports it’s state to an authority by a so-called descriptor. The descriptor contains the name, IP address, port to connect, port to mirror the directory, the platform, the tor version, when the descriptor was published, the fingerprint, the uptime, the bandwidth, the public keys and a contact info. Once an hour the authorities get together and create a consensus, a snapshot of the network at that time. They publish the consensus, so clients can download it and therefore learn about the network.

Learn about the network

Please read the documentation and the design specification to learn more details.

To learn about the network you can look at the graphs about it and fast exits.

To learn about users of the network you can look at graphics about them. They are counted in a privacy preserving way. Bridge users might not be counted accurately enough, but this is subject to change without decreasing anonymity.

There are also graphics about the performance of the network.

The metrics are configurable, however there is an interactive version.

The data behind all these graphs can be found here.

%d bloggers like this: