Why Tor is slow and what we're going to do about it

by arma | March 13, 2009

I've just finished writing up an explanation of all the various reasons why the Tor network is slow, and what we can do about each. Part of it comes down to design flaws; some of it is that a handful of users are overloading the network; and there's also simply not enough capacity to go around.

Specifically, we've identified six categories of problems to address, and laid out some steps to resolve each of them.

You can read the pdf here:
https://svn.torproject.org/svn/projects/roadmaps/2009-03-11-performance.pdf

Andrew has also put together a real live press release to go with it.

Now all that remains is to do everything. So if you want to help, or especially if you know any organizations that can help with funding, please help us make this happen!

[Edit, 19 August 2009: you can watch the HAR2009 video explaining our key performance plans, if you aren't a fan of 25-page pdfs.]

Comments

Please note that the comment area below has been archived.

March 13, 2009

Permalink

Build teams of Tor operators is very nice idea. As a contributor in BOINC project I know, that competition is big motivation for running own node and also finding next members to my team. I expect that it can do huge work with a little effort in case of Tor project.

March 13, 2009

Permalink

Just one note to "Reachable clients become relays automatically". Do this pure automatically is bad idea - and you wrote good reasons by self. But you can something by little change of Vidalia GUI. Currently, settings of relay is just one of tab in Vidalia.

Showing message box (Run Tor relay/exit? Relay/Exit/No,thanks) with short and clever arguments, why is running tor relay good for user will make a lot of effort and without upsetting users, who cannot run relay for serious reason.

There is plenty of good reasons to run relay/exit. One of them is to mix my non-tor communication with other traffic, so Im a little bit anonymous (traffic of my IP is not fully linkable to myself) even I don't use Tor at the moment.

I think many people dont run Tor relay because they a) dont know why b) dont know, that it is really so simple :).

Sorry for my English.

Yes, asking the user if they want to be a relay is a good thing to do. We could ask if they want to be a bridge or a full relay and let the user decide.

March 13, 2009

Permalink

Greetings:

I gather when running as a relay server, there is a publicly exposed listener.
Is it vulnerable to a buffer exploit?
if so, what kind of protective firewalling does it need in order for the server
machine to host it safely?

Thanks,

wlarip

Not that we know of. But we do periodically find bugs that might allow things like that. That's why you should always keep up with the latest Tor versions. (Everybody should be on the or-announce list at http://archives.seul.org/or/announce/ .)

Firewalling (i.e. blocking incoming connections) isn't going to do anything. What you want is to make sure that it isn't running with privileges (how to do that depends on your OS, but most default ways to set up Tor are fine). If you want to be extra careful, you can run it in a chroot or jail or the like.

Some links to look at include
https://wiki.torproject.org/noreply/TheOnionRouter/OperationalSecurity
https://wiki.torproject.org/noreply/TheOnionRouter/TorInChroot
https://wiki.torproject.org/noreply/TheOnionRouter/OpenbsdChrootedTor
depending on your OS.

March 15, 2009

Permalink

SOME people would feel that this is nazism. I disagree.
I have stated my position.
Thank you for TOR.

Bittorrent can run on a wide variety of ports, which would make it difficult for exit nodes to block, since exit nodes generally rely on port-based blocking.

All that can be done, so far as I know, is to better educate people about why they should not use Tor with bittorrent, and what they should do instead.

To that end:
* Tor was not designed to run with bittorrent. By using bittorent over Tor, you are hurting the Tor network.
* Your downloads will be very slow.
* Bittorrent clients were not designed to be secure with Tor, and may leak information about you.
* If you are using Tor for censorship evasion, not anonymity, you may have better luck using a client like Azureus / Vuze which supports encryption.
* If you are using Tor for anonymity, but still for legal purposes, i2p was better designed for this sort of thing and there are several custom clients trusted to work with i2p. I2PSnark comes bundled with i2p, and a few others are available. Unfortunately, you can only use i2p to access i2p torrents. You can help i2p by uploading legally distributable torrents to their trackers.
* If you are using Tor for illegal purposes, we cannot help besides to suggest that you stop doing so.

P.S. These CAPTCHAs are difficult even for a human to read!

March 18, 2009

Permalink

There's a rumour that the Anti-Counterfeiting Trade Agreement might illegalise anonymising programs like Tor and JonDo.

I can live with a slow Tor, but I'd be devastated if I lost it all together.

Does the Tor Project have any plans to campaign against ACTA, either in conjunction with other anonymity projects or by itself?

phobos

March 21, 2009

In reply to by Anonymous (not verified)

Permalink

There's so little known about it from actual documents it's difficult to properly form a legal opinion. We're paying attention to it and offering assistance to other orgs as they try to get more information on it.

April 02, 2009

Permalink

A lot of home users, including myself, shut our computers down each night to save electricity and save our computers from overheating or getting burned out too quickly. If I ran Windows, I would also run into software stability problems if I left it up for long, but it my case that isn't the problem.

I would like to contribute to the Tor network, but given that a node has to be up for many days before it starts being well used, I feel like it isn't really worth it.

Apparently i2p is able to handle such a situation. On the first run, an i2p router has to be left up for a number of hours to become "well-integrated", meaning a lot of other i2p clients know about the i2p router and the i2p router knows about a lot of other i2p routers. However, once the i2p router is well-integrated, the other i2p clients will keep it in their database for 24 hours after it goes offline, so as long as you don't leave it offline for more than 24 hours, it will take only a few hours for it to be fully utilised on future runs. Thus, home users who only run i2p routers for some number of hours each day are still able to contribute significantly to the i2p network.

Would it be possible to implement something like this in Tor? I know there are problems with the directory being too large. Maybe the directory could be broken into bite-sized chunks upon request from slower clients.

For the project ! Bravissimo...
But some features could be fixed. For example, it's impossible to use One Swarm in Firefox when TOR is running. It's a serious problem to be really anonymous in France (context of security called HADOPI) while sharing files in a friend to friend network.
I'm sure a developper or TOR Project could fix this !

Thx a lot for the last stable version for DEBIAN.
Don't forget you can visit my homepage for detail about HADOPI in France.
Have a nice day.

April 03, 2009

Permalink

I understand the project, but, i would like to now if it's a configuration's problem, or the network, but i can spend 3 or more minutes to open a google web page..

Is there a solution?

Thanks.

If you don't, there could be incompatibility problems between you and the rest of the network.

If you do, then it is probably a network problem. There's a great deal of chance in building Tor circuits: some are faster than others. You could reduce the amount of chance, but that would also decrease anonymity.

The best case scenario, if improvements to Tor's speed are successful, is that such things will happen less often, but will still happen.

I think it can be a network problem...
The fact is we use networks all over the world.

I would like to know if it's possible to connect to users only in specific countries?

I mean, i live in Europe, and i would like to know if i can connect only in Europe, rather than going to us or brazil users, which are far away, and reduce my latence?

Thanks (:

If you manually edit your torrc, there are EntryNodes and ExitNodes options that you can use to specify which nodes you want to use for your Entry and Exit nodes. *If* Tor is integrated with GeoIP, you can specify by country which nodes you do and do not want to use. You would have to list country codes for all European countries. I don't know how you can control the middle node. I don't remember if this is implemented in the stable version yet or only in the alpha.

I think the feature was mainly intended for people who do not trust the privacy laws of a particular country. For example, if a country implements a data retention law that you think is too severe, you tell Tor not to use nodes and nodes in that country as entry or exit nodes.

April 04, 2009

Permalink

Hum,

Ok,
But i'm sorry, I really don't know where i can configure the entry nodes, and exit nodes...

as you can see :

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

# If set, Tor will accept connections from the same machine (localhost only)
# on this port, and allow those connections to control the Tor process using
# the Tor Control Protocol (described incontrol-spec.txt).
ControlPort 9001
# Serve directory information from this port, and act as a directory cache.
DirPort 9030
# Address/port ranges for which to accept or reject outgoing connections on
# behalf of Tor users.
ExitPolicy accept *:80,reject *:*
HashedControlPassword XXXXXXXXXXXXXXXXXX
# Where to send logging messages. Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Set the server nickname.
Nickname Ed53d
# Advertise this port to listen for connections from Tor clients and servers.
ORPort 9001
RelayBandwidthBurst 131072
RelayBandwidthRate 65536

^^

Any idea?

April 04, 2009

Permalink

Instead of $fingerprint you can also specify a 2 letter ISO3166 country code in curly braces (for example {de}),

so....

# A list of preferred nodes to use for the last hop in the circuit, if possible.
excludenodes {us},{br},{jp},{ca},{au},{cn}
# A list of preferred nodes to use for the first hop in the circuit, if possible.
entrynodes {fr},{gb},{en},{de},{es}

But I have un error... It says me the syntax is wrong...

April 24, 2009

Permalink

This was a thorough, well-thought out and much needed analysis. I enjoyed reading the sections discussing the tradeoffs between latency and throughput.

Since file-sharing is not going away but has clear implications for the performance of the network, it seems pretty straightforward that the network needs to be optimized for lower latency and for the web-browsing type use. Those individuals using the system for file-sharing can still make use of it but will learn to expect slower speeds.

If broadband speeds continue to improve and/or fiber-optic networks to the home become more mainstream around the world, this should help with the throughput issues I would think.

May 18, 2009

Permalink

It would be nice to have an overwiew about the rights , the Do's and the Don'ts an TOR-Relayer must do, to keep him/her safe too against the local goverment.
Maybe a policy and some documents will help, This will also encourage people to do more voluntary work by hosting an qon tor relay server.
best wishes
Tommy,

July 27, 2009

Permalink

I should hire you guys to send my monthly reports...You're very organized and attentive to details. Now let's just pray you'll get the necessary funds and help to get things done.

I think its ok for what we get for free service like yours, i believe also your team will working on it with the best effort. Shared with thousand people around the world for better safer surfing needs lot resources. Thanks for your GREAT job! I will use TOR always.

Regards,
Donna

August 14, 2009

Permalink

HI AM NEW TO THE TOR CAN ANYONE HELP ME ON HOW TO CONFIGURE TOR ESPECIALLY IN NIGERIA.

September 25, 2009

Permalink

Implementing a function that prevents the occupation or usage of tor and bittorrent programs would be an easy and effective first step. Limiting the use of tor to critical uses would be another(websites, ssl, e-mail). Implementing a more robust system and separating critical needs over non-critical needs and then forcing tor to give a higher priority to those functions.

October 29, 2009

Permalink

Please do you know how I could configure bittorrent to work with tor? thanks in advance

You should NOT ever use Tor for torrents.
See here: https://blog.torproject.org/blog/why-tor-is-slow#comment-831

A small quote from there:
* Tor was not designed to run with bittorrent. By using bittorent over Tor, you are hurting the Tor network.
* Your downloads will be very slow. (I can confirm, VERY SLOW. And also Tor nodes can ban you so you can't use Tor either for torrents or for other purposes, e.g. browsing)
* Bittorrent clients were not designed to be secure with Tor, and may leak information about you.
* If you are using Tor for censorship evasion, not anonymity, you may have better luck using a client like Azureus / Vuze which supports encryption.

If you want to use anonymous filesharing, I suggest to use:
1) http://en.wikipedia.org/wiki/I2P#BitTorrent - connect to I2P network and start sharing there using I2PSnark
2) Forget about any special networks, either Tor or i2p or any else, - and just use programs that can obfuscate or encrypt your peering connections: http://www.emule-project.net for eDonkey2000 network (I recommend) or Azureus / Vuze for torrents.

February 21, 2010

Permalink

It's a pity that tor is slowing down the surfing process. But you need to pay for every good thing. You can't take only pluses, and do not take any of the minuses of a technology http://ampaportalnou.org/

March 25, 2010

Permalink

is there a way to pick and choose which relay you want to use? using the vidalia network map? i've went through the tor faqs and played with the program for a while, but i havent been able to answer that question. i keep getting routed through an overseas relay, and would like to use one near me. thanks.

April 24, 2010

Permalink

Tor seriously sucks. On average it take ten minutes for me to load one single web page. Then god forbid I want to post something I have to wait another ten minutes. Programs like Jap are okay, but also really slow at times. Ghost Surf is great but you have to pay for it.

July 02, 2010

Permalink

hi i am new using of tor, can you please help me? can tor compatible to use of yahoo messenger (YM)? thanks a lot..