Debian tor.service explained?

What is the Debian tor service and what does it do ?

On boot, after ehternet connects:

$ sudo nethogs
891 debian.. /usr/bin/tor     enx00e      0.000       0.117 KB/sec


# sudo service tor status
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
   Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
   Active: active (exited) since Wed 2019-08-07 08:42:57 PDT; 12min ago
  Process: 694 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 694 (code=exited, status=0/SUCCESS)

Aug 07 08:42:57 *** systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)
Aug 07 08:42:57 *** systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master)

The Debian tor service you refer to is actually just a tor service file which is owned by the debian user. The service file is part of systemd and allows you to start and stop tor as well as get its status as you’ve done with ‘sudo service tor status’ You can get the same output with systemctl status tor.

The service file allows you to launch tor efficiently at boot time, or for tor to be launched by other services. You can also disable tor from running with systemctl if you so wish. More information on that is in the systemctl man page; man systemctl look for ‘disable’.

Tor itself, the process that tor.service launches, is described this way -

Basically, Tor provides a distributed network of servers or relays (“onion routers”). Users bounce their TCP streams — web traffic, ftp, ssh, etc. — around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream.

There’s more information on Tor’s web site. Hope this helps.


Thanks for the thorough reply @jeremiah - I’m looking for the reason that the tor process is installed and operating.
How is it the otherwise quiet system using it and why is the service running?
I know systemctl/service as well as tor and its uses, but I’m not sure about the how/why of a tor process on boot like this.
Another way of saying it: Why is the system running and using a tor process outside of a user initiated action?

The reason tor is on the system and enabled to run per default is because it is a valuable security and privacy tool. It also makes it easier for users unaccustomed in using the Tor Browser Bundle to get started. In addition, there are some tools that you it, like a plugin for apt. You have to enable these plugins but they’re in PureOS.

You can disable tor this way;
systemctl stop tor
systemctl disable tor

@jeremiah, I’m not sure that having Tor enabled by default is a good idea, because (unfortunately) shipping a device with enabled Tor may compromise your customers in some countries.

For example, Russian government swiftly issues draconian laws, related to VPNs, proxies, and so on. Currently, any such service, providing access to websites, forbidden in Russia, is outlaw (e.g. see

I’m not sure, whether penalties are currently applied only to providers of such services, or to the users of these services too, but the latter anyway may become true at any moment. This means, that shipping Tor enabled by default may put the customers from Russia in danger even without their knowledge - you order the laptop, you run it, the system starts Tor, and you automatically violate the law.

Could you reconsider this carefully?

Absolutely, I’ll bring this up for careful reconsideration.

Tor is not included per default on a plain installation of PureOS. If it is installed however, it is enabled.


@jeremiah thanks for checking this!