Tor是誰開發的，這玩意兒真的安全？

05-20

聽說是美國軍方開發的，

安全倒是挺安全的，畢竟是美國海軍和國防部開發的。不過也要注意一些使用習慣。例如攻擊者可以通過js腳本或者Flash漏洞查到你。

以下內容來自官網：

You need to change some of your habits, as some things wont work exactly as you are used to.

Use Tor Browser

Tor does not protect all of your computers Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser. It is pre-configured to protect your privacy and anonymity on the web as long as youre browsing with Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.

Dont torrent over Tor

Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because thats how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

Dont enable or install browser plugins

Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy.

Use HTTPS versions of websites

Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website. Also see EFFs interactive page explaining how Tor and HTTPS relate.

Dont open documents downloaded through Tor while online

Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files, unless you use the PDF viewer thats built into Tor Browser) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.

Use bridges and/or find company

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that youre using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

Be smart and learn more. Understand what Tor does and does not offer. This list of pitfalls isnt complete, and we need your help identifying and documenting all the issues.

看英文比較累，我用谷歌翻譯給大家翻譯一下：

你需要改變一些你的習慣，因為有些事情不會像以前那樣正常工作。

使用Tor瀏覽器

Tor在運行時不會保護您計算機的所有Internet流量。 Tor只保護正確配置為通過Tor發送其Internet流量的應用程序。為了避免Tor配置出現問題，我們強烈建議您使用Tor瀏覽器。只要您使用Tor瀏覽器瀏覽本機，就可以預先配置為保護您的隱私和網路匿名。幾乎任何其他Web瀏覽器配置可能與Tor不兼容。

不要在Tor的洪流

觀察到Torrent文件共享應用程序忽略代理設置，甚至在被告知要使用Tor時也可以進行直接連接。即使您的Torrent應用程序僅通過Tor連接，您也會經常在跟蹤器GET請求中發送真實的IP地址，因為它是如何工作的。您不僅可以通過這種方式取消您的洪流流量和您的其他同步Tor網路流量，還可以讓所有其他人減慢整個Tor網路。

不要啟用或安裝瀏覽器插件

Tor瀏覽器將阻止諸如Flash，RealPlayer，Quicktime等瀏覽器插件：可以操作它們來顯示您的IP地址。同樣，我們不建議在Tor瀏覽器中安裝額外的插件或插件，因為這些可能會繞過Tor，否則會損害您的匿名和隱私。

使用HTTPS版本的網站

Tor將加密您的到達和在Tor網路內的流量，但是您的流量加密到最終目的地網站取決於該網站。為了幫助確保對網站的私有加密，Tor瀏覽器包括HTTPS Everywhere，強制使用支持HTTPS的主要網站進行HTTPS加密。但是，您仍然應該觀看瀏覽器網址欄，以確保您提供敏感信息的網站顯示藍色或綠色URL欄按鈕，在URL中包含https：//，並顯示網站的正確預期名稱。另請參閱EFF的互動頁面，解釋Tor和HTTPS的關係。

在線時不要打開通過Tor下載的文檔

Tor瀏覽器會在自動打開由外部應用程序處理的文檔之前發出警告。不要忽略此警告。通過Tor（特別是DOC和PDF文件）下載文檔時，您應該非常小心，除非您使用Tor瀏覽器中內置的PDF查看器，因為這些文檔可以包含將由Tor打開的應用程序將在Tor外部下載的Internet資源。這將顯示您的非Tor IP地址。如果您必須使用DOC和/或PDF文件，我們強烈建議您使用斷開連接的計算機，下載免費的VirtualBox，並使用虛擬機鏡像禁用網路或使用Tails。然而，在任何情況下都不用安全地使用BitTorrent和Tor。

使用橋樑和/或找到公司

Tor嘗試防止攻擊者了解您連接到的目標網站。但是，默認情況下，它不會阻止某人觀看您的互聯網流量，從而學習使用Tor。如果這對您很重要，您可以通過配置Tor使用Tor橋接器，而不是直接連接到公共Tor網路來減少此風險。最終最好的保護是一種社會方式：您附近的Tor用戶越多，他們的興趣越多樣化，那麼您就是其中之一就不那麼危險了。說服別人也用Tor！

聰明，學習更多。了解什麼是Tor並不提供。這個陷阱列表不完整，我們需要您的幫助來識別和記錄所有問題。

美國海軍研究室贊助開發，後來變成電子前哨基金會的專案。

目前應該是地球上最安全的網路了，這就是為什麼它會變成犯罪的溫床，也就是為什麼史諾登選擇用它，也就是為什麼美國國家安全局亟欲攻破它了。

tor是一種技術，只要你不露出馬腳就沒有問題，重要的是相信自己，之前的「絲綢之路」好像是因為一張帶有GPS信息的自拍泄露的

tor也不是絕對安全，如果attacker在exit-node里放蜜罐，剛好你用了這個exit-node，而且你訪問的網站不帶 HTTPS，exit-node就把明文密碼搞到了。

系統安全，不一定硬體就好，機子能撐多久，做工用料怎麼樣