Electronic Frontier Foundation

For university officials

Your university is a beacon of free thought. Naturally, you have been asked to allow a Tor relay on your campus. But should you?

Yes you should! We think running a Tor relay is a safe and legal way to help support free speech and democracy all over the world. But it’s not just us, thousands of Tor relay operators have run Tor relays for years all over the world.

If this all sounds too technical, don’t worry. All you’ll need is: a computer, bandwidth, some basic networking and system administration skills from your interested students or professors, and depending on the relay, you may need some help from the IT department. Once it’s set up, a Tor relay requires very little maintenance, but will help millions of people.

You may have many legal, technical, and policy questions. We tried to answer many of these types of questions below, but if you have other questions we would like to hear from you. 

Setting up a Tor relay not only benefits the world, it signals to others that your university is a defender of free speech and intellectual freedom. Running a Tor relay  can help your university in all sorts of ways, including:


  • Provide hands-on cybersecurity experience: setting up and maintaining a Tor relay means students can practice this knowledge in a real environment while helping real people.
  • Show students various career paths: by getting more involved with Tor and running a Tor relay, students get to learn about EFF, Tor Project, Citizen Lab, Access Now, and many more civil society and non-profit organizations.
  • Get students thinking about global policy, law, and society: Tor is more than a technology project. People around the world use Tor for many different reasons, from safe censorship circumvention to simple good data hygiene. Understanding these reasons is a great way to learn about what’s going on in the wider world.
  • Help refine privacy advocacy skills: operating a Tor relay as part of the Tor community creates opportunities to explain the importance of privacy and security, both inside the university and outside it.


  • Connect student groups to professors and research groups: one of the great community-building aspects of running a relay at a university is the process of finding and cultivating allies. Enthusiastic students often need a faculty connection to endorse their relay plans, while faculty are always looking for great students to join their research projects.
  • Support freedom of speech and freedom of learning: universities have long been bastions of learning and cutting-edge thinking. Just as universities have libraries to help maintain and improve knowledge, they can also support more modern equivalents for safe learning. 
  • Increase capacity of the Tor network: the Tor network is made up of volunteer organizations and individuals all around the world who share Tor’s values and are in a position to contribute time and bandwidth.


  • Help the Tor network stay strong so people can use it for research: the sciences of anonymous communication and censorship-resistance are active research fields. Having a testbed is critical to understanding real-world factors ranging from user behavior to network connectivity. 
  • Get a “competitive advantage” over your peer institutions: recruiting the best grad students and faculty is challenging for universities. Being able to point to your participation in Tor—with its impacts on education, community, and research—is a factor that can set your institution apart.
  • Have access to your own Tor relay: some research simply can’t be done without direct access to pieces of the Tor network. But be careful, since you want to make sure that your research isn’t putting users or the network at risk. See the Tor Research Safety Board guidelines to learn more about safe and ethical Tor research.

We hope you’re excited to have a Tor relay on your campus, but if you have questions or want to learn more, please get in touch with us!

Email Us

Frequently Asked Questions

General FAQ
Why are universities a good place to run relays?

Universities are ideal candidates for hosting Tor relays as they tend to have good network connectivity, lots of technical expertise to run relays (including professors, students, and IT teams), and generally value freedom of thought and expression. By running a Tor relay, universities can directly promote themselves as defenders of intellectual freedom and vanguards against censorship.

I’m ready to run a relay at my university, but I don’t want to run an exit relay.

That’s fine! The Tor network needs relays of all types to be healthy. By default the relay you set up will act as an entry or middle relay, only relaying traffic to other Tor nodes. This is the most low maintenance form of relay and it ensures you will not have to deal with any complaints or other issues. You can also additionally consider running a bridge or a snowflake proxy to help people access Tor where it is censored.

I’d run a relay, but I don’t want to deal with abuse issues.

Great. That’s exactly why we implemented exit policies.

Each Tor relay has an exit policy that specifies what sort of outbound connections are allowed or refused from that relay. The exit policies are propagated to Tor clients via the directory, so clients will automatically avoid picking exit relays that would refuse to exit to their intended destination. This way each relay can decide the services, hosts, and networks it wants to allow connections to, based on abuse potential and its own situation. Read the support entry on issues you might encounter if you use the default exit policy, and then read Mike Perry’s tips for running an exit node with minimal harassment.

The default exit policy allows access to many popular services (e.g. web browsing), but restricts some due to abuse potential (e.g. mail) and some since the Tor network can’t handle the load (e.g. default file-sharing ports). You can change your exit policy by editing your torrc file. If you want to avoid most if not all abuse potential, set it to “reject *:*”. This setting means that your relay will be used for relaying traffic inside the Tor network, but not for connections to external websites or other services.

If you do allow any exit connections, make sure name resolution works (that is, your computer can resolve internet addresses correctly). If there are any resources that your computer can’t reach (for example, you are behind a restrictive firewall or content filter), please explicitly reject them in your exit policy otherwise Tor users will be impacted too.

Doesn’t Tor enable criminals to do bad things?

Tor’s mission is to advance human rights with free and open-source technology, empowering users to defend against mass surveillance and internet censorship. We hate that there are some people who use Tor for nefarious purposes, and we condemn the misuse and exploitation of our technology for criminal activity.

It’s essential to understand that criminal intent lies with the individuals and not the tools they use. Just like other widely available technology, Tor can be used by individuals with criminal intent. And because of other options they can use it seems unlikely that taking Tor away from the world will stop them from engaging in criminal activity. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and be used by law enforcement to investigate crime and help support survivors.

What about distributed denial of service attacks?

Distributed denial of service (DDoS) attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don’t require handshakes or coordination.

But because Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can’t do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn’t allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte that the Tor network will send to your destination. So in general, attackers who control enough bandwidth to launch an effective DDoS attack can do it just fine without Tor.

What about spammers?

First of all, the default Tor exit policy rejects all outgoing port 25 (SMTP) traffic. So sending spam mail through Tor isn’t going to work by default. It’s possible that some relay operators will enable port 25 on their particular exit node, in which case that computer will allow outgoing mails; but that individual could just set up an open mail relay too, independent of Tor. In short, Tor isn’t useful for spamming, because nearly all Tor relays refuse to deliver the mail.

Of course, it’s not all about delivering the mail. Spammers can use Tor to connect to open HTTP proxies (and from there to SMTP servers); to connect to badly written mail-sending CGI scripts; and to control their botnets — that is, to covertly communicate with armies of compromised computers that deliver the spam.

This is a shame, but notice that spammers are already doing great without Tor. Also, remember that many of their more subtle communication mechanisms (like spoofed UDP packets) can’t be used over Tor, because it only transports correctly-formed TCP connections.

Does Tor get much abuse?

Tor has implemented exit policies. Each Tor relay has an exit policy that specifies what sort of outbound connections are allowed or refused from that relay. This way each relay can decide the services, hosts, and networks it wants to allow connections to, based on abuse potential and its own situation. We also have a dedicated team, Network Health, to investigate bad relays behavior and kick them out of the network.

It is important to note that while we can combat some type of abuse like bad relays in our network, we can’t see or manage what users do on the network and that is by design. This design overwhelmingly allows for beneficial uses by providing human rights activists, journalists, domestic violence survivors, whistleblowers, law enforcement officers, and many others with as much privacy and anonymity as possible. Learn more about our users here: https://community.torproject.org/user-research/personas/.

So what should I expect if I run an exit relay?

If you run a Tor relay that allows exit connections (such as the default exit policy), it’s probably safe to say that you will eventually hear from somebody. Abuse complaints may come in a variety of forms. For example:

  • Somebody connects to Hotmail, and sends a ransom note to a company. The FBI sends you a polite email, you explain that you run a Tor relay, and they say “oh well” and leave you alone. [Port 80]
  • Somebody tries to get you shut down by using Tor to connect to Google groups and post spam to Usenet, and then sends an angry mail to your ISP about how you’re destroying the world. [Port 80]
  • Somebody connects to an IRC network and makes a nuisance of himself. Your ISP gets polite mail about how your computer has been compromised; and/or your computer gets DDoSed. [Port 6667]
  • Somebody uses Tor to download a Vin Diesel movie, and your ISP gets a DMCA takedown notice. See EFF’s Tor DMCA Response Template, which explains why your ISP can probably ignore the notice without any liability. [Arbitrary ports]

Some hosting providers are friendlier than others when it comes to Tor exits. For a listing see the good and bad ISPs wiki.

For a complete set of template responses to different abuse complaint types, see the collection of templates. You can also proactively reduce the amount of abuse you get by following these tips for running an exit node with minimal harassment and running a reduced exit policy.

You might also find that your Tor relay’s IP is blocked from accessing some Internet sites/services. This might happen regardless of your exit policy, because some groups don’t seem to know or care that Tor has exit policies. (If you have a spare IP not used for other activities, you might consider running your Tor relay on it.) In general, it’s advisable not to use your home internet connection to provide a Tor relay.

How do I respond to my ISP about my exit relay?

A collection of templates for successfully responding to ISPs is collected here.

How does Tor manage the misuse of Tor technology?

We condemn the misuse and exploitation of our technology for criminal activity and nefarious purposes. We built Tor to advance human rights and will act to the best of our abilities whenever we detect malicious activity – or activity that violates our code of conduct and mission statement – by our relay operators. However, because of the design of Tor, we are incapable of tracking users and managing their use of our technology. While we can ban bad relays, we can’t ban users.

Please consider that our software is used every day for a wide variety of purposes by human rights activists, journalists, domestic violence survivors, whistleblowers, law enforcement officers, and many others. Unfortunately, the protection that our software can provide to these groups of people can also be abused by criminals and malware authors.

Technical FAQ

For technical questions we recommend reviewing the Tor relay operators FAQ and the Tor community portal for relay operators.

If your questions aren’t answered there please contact us.