Skip to content


I’m not sure if it’s wise to sort it alphabetically, but I guess it will help. I’ll add “In the case of” because those words have other meanings as well.

This glossary should avoid that you have to search the web for terms I use. Sometimes you still have to do that. Wikipedia should be helpful for general terms, while the documentation should be what you looking at, when it’s a term that’s used for software or a product.


Adversary – In the case of Tor, someone who opposes Tor in one way or the other. He may try to monitor users entering the network or leaving it. He may try to block access to it or tries to de-anonymize users with passive attacks. He also could set up nodes and mess with the traffic.


Attacker – In the case of Tor, someone who is like an adversary. You may like to separate passive and active attackers. While a passive attacker is just watching the traffic an active attacker is messing with the traffic or the network.


Bandwidth authority – Judging about the bandwidth of each node. Each node reports what bandwidth is available, the bandwidth authority validates that.


Bridge – In the case of Tor, a bridge is a relay, that serves as entry point, which is not publicly listed. This should avoid easy blocking.

Browser Bundle – A Bundle containing Tor, Vidaia, and a patched (modified) Firefox, that got re-branded to Tor Browser, along with extensions for that Browser. Up to June 2012 this is the most recommendable way to use Tor for browsing without risking anonymity due to browser features. (I said June 2012, maybe things change and the Tor Project comes up with even better ways to use Tor or all browsers are patched to not hurt your anonymity. You better check, when this seems outdated.)

Circuit – In the case of Tor, a circuit is a connection through three (or more) Tor nodes.

Client – Generally a client is the computer that uses the service. In the case of Tor it is the server that connects to the Tor network.

Consensus – The directory authorities publish a list of relays in the network, this is called the consensus. It’s a snapshot of the network at a specific time, containing information about the routers at this time. The client picks it’s path from the consensus.

CSS – CSS stand for Cascading Style Sheets. It’s used to describe “how a website looks”. It exists to enable the separation of content and layout. Could stand for Closed Source Software.

Descriptor – In the case of Tor each relay publishes its descriptors. The descriptor contains the name, IP address, port to connect, port to mirror the directory, the platform, the tor version, when the descriptor was published, the fingerprint, the uptime, the bandwidth, the public keys and a contact info.

Directory authority – Abbreviated with DirAuth. A DirAuth is judging each relay and assigns flags to it. The DirAuths “get together” and create a consensus.

Directory Guard – Your Entry Guards (see below) serve as Directory Guards. You will communicate with Directory authorities over your Guards instead of communicating directly with them. This does only apply if your are a client, not when you are a bridge or relay. It also requires a not outdated consensus.”

DNS – Domain Name System. Turns domain names into IP addresses.

DPI – Deep-Packet-Inspection. A traffic analysis through looking into the packages rather than just at the header(s). (Could mean Dots-Per-Inch)

Entry – In the case of Tor the first node in a circuit, where the traffic enters the Tor network.

Entry Guard – In the case of Tor a node with high bandwidth and high uptime gets a guard flag assigned. Clients pick three (entry) guards as their entry points. This should prevent that a client exposes itself to a big part of the network. The clients rotate the guards over time.
For more information see “Explain me… Entry Guards!

Exit – In the case of Tor the last node in a circuit, where the traffic leaves the Tor network.

Flags – In the case of Tor flags get assigned to relays by DirAuths. Those flags can be, running, named, fast, guard, exit, bad exit, valid, stable, maybe more.

Forward secrecy – Forward secrecy describes the use of session keys in a way, that makes it impossible to decrypt captured traffic, when an attacker gets access to the key(s) the session key was derived from. It’s not in the original onion routing, but got added to Tor.

Global adversary – The same as an adversary, but with the ability to watch all traffic. Sometimes called “The man.”

Guard – Stable relays that have higher bandwidth than the median at least 250kb/s get the Guard Flag. Please see Entry Guard.

Hidden Service – A hidden service can “run” on a tor node or client, to protect the publisher from revealing it’s location. Abbreviated with HS.

Hop – In the case of a network a hop describes a way-point. In case of Tor, it’s like this. The client connect to the entry (node); that’s the first hop, then to the middle (node); that’s the second hop and then to the exit (node), the last hop.

Lawful interception – Spying on someone, while being backed-up by law.

Middle – In the case of Tor the node(s) between the entry and the exit. Sometimes called relay.

Node – In the case of Tor another name for relay. Entry node, Middle node and Exit node.

Path – In the case of Tor the set of relays that the client picks to create a circuit.

Pluggable Transports modify the traffic flow in order to hinder traffic analysis or fool the DPI system. Pluggable Transports allow to (re-)encrypt the traffic or modulate how it looks like. They are called “pluggable” because you can plug them in and out and replace them quickly with each other. With Tor they can be used to evade censorship by blocking due to DPI.

Please see Explain me… Pluggable Transports for more information.


Race Condition – In multi-threaded processes two or more threads that try to access the same shared data. This may lead to unexpected results, which can lead to significant problems. For example a thread frees memory and another thread tries to access the data that were supposed to be there, but obviously fails.

Relay – In the case of Tor another name for nodes. The middle node is called relay sometimes. Which gives you entry, relay and exit.

Same origin policy – The same origin policy restricts JavaScript (for example) from accessing content on a website unless it gets served from the same origin.


Side Channel Attack – In cryptography it means obtaining information about the cryptographic process by attacking side channels, like CPU usage, memory usage, energy consumption or timing information rather than attacking the actual algorithm.

SOP – Stands for same origin policy. See the above description.

Tails – a live system that aims to preserve your privacy and anonymity. The amnesic incognito live system.

Tor – an acronym for The Onion Router. It’s spelled Tor instead of TOR.

Tor network – The set of relays and the directory authorities. The network clients connect to it and build circuits through this network.

Tor Project Inc. – The non-profit organization behind Tor and related projects.

torrc – The configuration file of Tor.

Vidalia – The name of a graphical cross-platform controller for Tor. It’s contained in the bundles and used to see how Tor performs.

XSS – XSS stands for cross-site-scripting. The reason why XSS is used instead of CSS is that CSS is taken. It stands for Cascading Style Sheets. Cross-site-scripting is a security vulnerability that bypasses restrictions like the same origin policy.

Please comment on a blog entry or use the feedback form, when I use something that is not covered in this “Glossary” and you think I should include it or improve what’s already there.