Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes USB ISO (coming soon) More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Introduction[edit]

Users often complain that the Tor network is slow or has inconsistent speed. This page briefly describes some reasons for affected Tor throughput and how to create a Whonix-Gateway^™ with a different set of guards for testing purposes. Interested readers can also refer to the Tor Project FAQ (.onion) and relevant research for a more detailed explanation of this topic.

Factors Affecting Tor Throughput[edit]

DDoS Attacks on the Tor Network[edit]

DDoS attacks are being conducted against the Tor network. See The Tor Project's blog post Tor is slow right now. Here is what is happening.

Misuse of the Tor Network[edit]

Some actors misuse the Tor network, either purposefully or due to a lack of knowledge. For instance, Tor is sometimes used to conduct DDoS attacks. By doing this, the Tor relays are the ones who actually suffer from the attack, instead of the intended target. Some people use peer-to-peer software (like BitTorrent) through Tor which slows down the network for all users. ^[1]

Relay Quality[edit]

Tor relays are run by volunteers ^[2] in a decentralized way. Consequently, relays do not have uniform quality; some are big and fast, while others are smaller and slower. As a whole, the network could be faster if it had more capacity (.onion). To improve the capacity of the Tor network, users can either run a Tor relay (.onion) or help existing relays.

Tor Circuits Lengthen Connections[edit]

When navigating to clearnet resources, Tor provides anonymity by building circuits with three relays. So instead of connecting directly to the destination server, a connection is made between each relay of the circuit and this takes more time. In the case of onion services, a six-relay arrangement is used in the connection -- three picked by the user and three picked by the onion service.

In addition to using multiple relays, Tor tries to build circuits with relays in different geographical locations. This necessarily causes connections to travel further and slows down the fetching of resources.

Other Factors[edit]

Research by computer scientists Roger Dingledine ^[3] and Steven Murdoch has noted several other factors that affect Tor throughput.

Table: Tor Throughput Factors ^{[4] [5]}

Whonix has Slowed Tor Connections Dramatically![edit]

This is likely an incorrect assumption. Since Whonix does not modify the Tor package directly, nor attempt to improve the Tor routing algorithm, any sudden drop in network speed is almost certainly related to:

• User (mis)configurations relating to a VPN, proxy or other relevant settings.
• Tor network anomalies.
• Tor entry guards which are:
  • malicious
  • overloaded
  • under attack
  • misconfigured
• A change in the Tor guard selection which has resulted in poor throughput due to capacity issues.

Before posting about the issue in forums, first use one of the following two methods to create a test Whonix-Gateway with a different set of guards.

Easy: Whonix-Gateway Clone[edit]

This procedure is less useful for Whonix debugging.

Moderate Difficulty: Manual Regeneration of the Tor State File[edit]

This procedure is more useful for Whonix debugging.

Interpreting the Test Results[edit]

There is no guarantee the test VM / new Tor state will be faster. However, if there is a significant difference in speed between the test and normal Whonix-Gateway VMs / Tor state, then this can be attributed to the Tor guards that are normally in use. This also means there is no bug in Whonix.

If the test VM / new Tor state does not speed up, the user may have selected Tor guards with poor throughput, or it could be a bug in Whonix. Before reporting the problem in the forums, regenerate the Tor state file and test the Tor throughput again. If it is still slow, then this may indicate a Whonix bug or other issue.

It is strongly discouraged to use the Whonix-Gateway-test VM / new Tor state (with a new Tor guard set) for activities other than testing, even if it is faster. It is feasible that adversaries might try to induce the user to switch their guards. By switching, the probability that a new chosen guard set is adversary-controlled increases, aiding end-to-end correlation attacks that deanoymize connections.

License[edit]

Whonix Why is Tor Slow? wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix Why is Tor Slow? wiki page Copyright (C) 2014 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code. This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

Footnotes[edit]

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!