Why is Tor Slow?
Users often complain that the Tor network is slow or has inconsistent speed. This page briefly describes some reasons for affected Tor throughput and how to create a Whonix-Gateway ™ with a different set of guards for testing purposes. Interested readers can also refer to the Tor Project FAQ (.onion) and relevant research for a more detailed explanation of this topic.
Factors Affecting Tor Throughput
DDoS Attacks on the Tor Network
DDoS attacks are being conducted against the Tor network. See The Tor Project's blog post Tor is slow right now. Here is what is happening.
Misuse of the Tor Network
Some actors misuse the Tor network, either purposefully or due to a lack of knowledge. For instance, Tor is sometimes used to conduct DDoS attacks. By doing this, the Tor relays are the ones who actually suffer from the attack, instead of the intended target. Some people use peer-to-peer software (like BitTorrent) through Tor which slows down the network for all users. 
Tor relays are run by volunteers  in a decentralized way. Consequently, relays do not have uniform quality; some are big and fast, while others are smaller and slower. As a whole, the network could be faster if it had more capacity (.onion). To improve the capacity of the Tor network, users can either run a Tor relay (.onion) or help existing relays.
Tor Circuits Lengthen Connections
When navigating to clearnet resources, Tor provides anonymity by building circuits with three relays. So instead of connecting directly to the destination server, a connection is made between each relay of the circuit and this takes more time. In the case of onion services, a six-relay arrangement is used in the connection -- three picked by the user and three picked by the onion service.
In addition to using multiple relays, Tor tries to build circuits with relays in different geographical locations. This necessarily causes connections to travel further and slows down the fetching of resources.
Research by computer scientists Roger Dingledine  and Steven Murdoch has noted several other factors that affect Tor throughput.
Table: Tor Throughput Factors  
|Directory Information Download Overhead||Users with low bandwidth (like those on cell phones) have to spend too much time downloading directory information. Tor protocols need to be optimized for efficiency.|
|Excessive User Load||Some users put excessive traffic load on the Tor network relative to their network contributions. Methods of limiting these effects and prioritizing other users need to be implemented. |
|Tor Congestion Control||Tor's mechanism does not work well in combining high-volume (bulk transfer) and low-volume (browsing) streams.|
|Tor Latency Failures||Tor is inefficient in handling connection failures or high / variable latency. Better heuristics to move away from bad circuits and a more uniform latency response is required.|
|Tor Load Distribution||Tor's current path selection algorithms do not effectively distribute the network load. The properties of relays need to be more accurately estimated so relays do not become over or under-loaded. |
|Tor Network Capacity||As noted earlier, the total capacity of the Tor network is insufficient relative to unmet privacy demand. A significant boost in the overall number of relays is required. |
Whonix ™ has Slowed Tor Connections Dramatically!
This is likely an incorrect assumption. Since Whonix ™ does not modify the Tor package directly, nor attempt to improve the Tor routing algorithm, any sudden drop in network speed is almost certainly related to:
- User (mis)configurations relating to a VPN, proxy or other relevant settings.
- Tor network anomalies.
- Tor entry guards which are:
- under attack
- A change in the Tor guard selection which has resulted in poor throughput due to capacity issues.
Before posting about the issue in forums, first use one of the following two methods to create a test Whonix-Gateway ™ with a different set of guards.
Easy: Whonix-Gateway ™ Clone
This procedure is less useful for Whonix ™ debugging.
1. Create a clone of the slow Whonix-Gateway ™ (
sys-whonix) and name it Whonix-Gateway ™-test VM (
- VirtualBox: follow these instructions to create a VM snapshot.
- Qubes-Whonix ™:
Right-click on sys-whonix→
2. Regenerate the Tor State File.
3. Retest the speed of Tor connections.
Moderate Difficulty: Manual Regeneration of the Tor State File
This procedure is more useful for Whonix ™ debugging.
1. Copy the Whonix-Gateway ™ Tor state folder to a temporary folder.
Run the following terminal commands.
sudo systemctl stop tor@default
sudo mv /var/lib/tor /tmp
sudo systemctl restart tor@default
2. Retest the speed of Tor connections.
After testing Tor throughput, run these terminal commands to restore the Tor state folder to its original settings.
sudo systemctl stop tor@default
sudo rm -r /var/lib/tor
sudo mv /tmp/tor /var/lib
sudo systemctl restart tor@default
Interpreting the Test Results
There is no guarantee the test VM / new Tor state will be faster. However, if there is a significant difference in speed between the test and normal Whonix-Gateway ™ VMs / Tor state, then this can be attributed to the Tor guards that are normally in use. This also means there is no bug in Whonix ™.
If the test VM / new Tor state does not speed up, the user may have selected Tor guards with poor throughput, or it could be a bug in Whonix ™. Before reporting the problem in the forums, regenerate the Tor state file and test the Tor throughput again. If it is still slow, then this may indicate a Whonix ™ bug or other issue.
It is strongly discouraged to use the Whonix-Gateway ™-test VM / new Tor state (with a new Tor guard set) for activities other than testing, even if it is faster. It is feasible that adversaries might try to induce the user to switch their guards. By switching, the probability that a new chosen guard set is adversary-controlled increases, aiding end-to-end correlation attacks that deanoymize connections.
Whonix ™ Why is Tor Slow? wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix ™ Why is Tor Slow? wiki page Copyright (C) 2014 - 2021 ENCRYPTED SUPPORT LP <firstname.lastname@example.org>
This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code. This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.
- ↑ A large file downloaded through BitTorrent can translate to several hours of browsing for the regular Tor Browser user.
- ↑ And hostile actors.
- ↑ Roger Dingledine is the co-creator of the first alpha version of Tor.
- ↑ https://svn.torproject.org/svn/projects/roadmaps/2009-03-11-performance.pdf
- ↑ As the research is dated, some of these issues may have been fully or partially mitigated by now.
- ↑ This may involve targeting specific user profiles (e.g. throttling certain protocols) so the original Tor design of high throughput and good latency properties can be realized.
- ↑ Capacity is currently estimated by observing the largest traffic burst seen in the past day. This bandwidth capacity is advertised in the directory information, leading clients to preference their path selection based upon a relay's estimated bandwidth.
- ↑ Economics suggests increased supply will lead to more users arriving to fill the void.
- ↑ Alternatively follow the instructions to use Multiple Whonix-Gateway ™.
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!