tor

Connect to the Tor network

$ tor

$ tor --config

$ tor --status

$ tor --client

$ tor --relay

$ tor --bridge

$ tor --hidden-service

tor [OPTIONS]
Most commonly, tor is run as a system service (e.g., using systemctl start tor or service tor start) and configured via its configuration file, typically /etc/tor/torrc. Command-line options can override or supplement the settings in the configuration file.

-f file, --torrc-file file
    Specifies an alternative configuration file to use instead of the default.

--hash-password password
    Generates a hashed password suitable for use with configuration options like HashedControlPassword.

--run-as-daemon mode
    Configures Tor to run as a background daemon. Modes include 0 (foreground), 1 (daemonize), and 2 (daemonize, but don't exit if we fail).

--pid-file file
    Specifies the path where Tor should write its process ID (PID) file.

--data-directory directory
    Sets the main data directory for Tor, where it stores keys, state, and other persistent data.

--socks-port port
    Specifies the port on which Tor's SOCKS proxy will listen for connections from applications. Multiple ports can be specified.

--control-port port
    Specifies the port on which Tor's control interface will listen for connections from controller applications (e.g., Stem or OnionShare).

--version
    Displays the version information of the Tor daemon and exits.

--help
    Prints a summary of command-line options and exits.

--dump-config
    Prints the current Tor configuration, including default and overridden values, to standard output.

The tor command runs the Tor daemon, which enables anonymous communication by routing Internet traffic through a worldwide volunteer overlay network. Tor, short for "The Onion Router," encrypts data and relays it through multiple servers (relays) to conceal the user's IP address and location, making it difficult to trace online activities. It acts as a SOCKS proxy, allowing applications configured to use it to send their traffic anonymously. While providing strong privacy, it is crucial to understand that Tor alone does not guarantee absolute anonymity and works best when used in conjunction with other security practices, such as HTTPS, and with applications specifically configured to proxy their traffic through it. It can also function as a relay or exit node for the network.

Using Tor effectively for anonymity requires careful consideration. It does not encrypt traffic between the exit node and the destination server, meaning unencrypted traffic (e.g., plain HTTP) can be monitored at the exit node. Tor also introduces latency, making it unsuitable for applications requiring high speed. While designed to protect against traffic analysis, sophisticated adversaries may still be able to correlate traffic. Always ensure your applications are correctly configured to use the Tor SOCKS proxy.

The primary configuration for the tor daemon is handled through its configuration file, typically located at /etc/tor/torrc. This file contains directives for network configuration, relay settings, security features, and more. Command-line parameters provided to the tor command can override settings specified in this file.

On most Linux distributions, tor is installed as a system service. It is commonly managed using systemd (e.g., systemctl start tor, systemctl stop tor, systemctl enable tor) or traditional SysVinit scripts (e.g., service tor start). Running tor directly from the command line is usually for testing or specific use cases, rather than continuous operation.

The Tor project originated in the mid-1990s at the U.S. Naval Research Laboratory, initially developed for protecting U.S. intelligence communications. It was released under a free license in 2002. In 2006, The Tor Project, Inc. was founded as a non-profit organization to maintain and develop the software. Since then, Tor has evolved into a globally recognized tool for privacy, anti-censorship, and secure communication, used by activists, journalists, and everyday citizens worldwide.

torrc(5), privoxy(1), systemd(1), service(8)