What is Tor (Browser) & How does it work?


How does Tor work?

Tor is a network made up of thousands of volunteer nodes, also called relays. A relay is a computer inside Tor, listed in the main directory, that receives internet signals from another relay and passes that signal on to the next relay in the path. For each connection request (e.g. website visited) the path is randomly generated. None of the relays keep records of these connections, so there is no way for any relay to report on the traffic that it has handled.

The Tor network (or simply “Tor”) is made up of close to 7,000 relays and 3,000 bridges at the time of writing.

When you connect to the Tor network, say, through

When you connect to the Tor network, say, through the Tor browser, all the data you send and receive goes through this network, passing through a random selection of nodes. Tor encrypts all that data several times before it leaves your device, including the IP address of the next node in the sequence. One layer of encryption is removed each time the data reaches another node until it reaches the final exit node, a process called onion routing. This means no one, not even the people running the nodes, can see the contents of the data nor where it’s headed.

A bridge is a hidden relay, meaning it is not listed in the main Tor directory of relays. These are provided for people who are unable to access Tor with the normal setup. This can be because the network they are using has a proxy (a sort of intermediary between the user’s computer and the internet gateway) that has been configured to block Tor traffic.

The last relay in the path is the exit node. The exit node is the only part of the network that actually connects to the server that the user is trying to access and is, therefore, the only bit that the server sees and it can only log the IP address of that relay.

Anyone who intercepts the data won’t be able to trace it back to an individual. At best, they can determine the entry or exit node, but never both. This makes it impossible to track the user’s activity and browsing history. All of the relays and bridges are run, believe it or not, by volunteers–people donating some of their bandwidth and computing power to expand Tor’s capabilities.

Tor is setup this way to allow an internet user to

Tor is setup this way to allow an internet user to surf the web anonymously by hiding their internet address (IP address) from the website and search engines that they access via Tor and by hiding their internet traffic from anyone monitoring their end of the connection. An observer will only see that the user is connected to Tor, and not see any other websites or online resources being sent to the user’s computer.

Also, as another part of the overall network, Tor offers certain hidden services in the form of .onion sites and an instant messaging server. The .onion sites are websites hosted on Tor servers and hidden by randomly generating paths to them from “introductory points” in the network. This allows users to access the sites, but not pinpoint the location of the servers hosting them.


Alternatives to Tor

One thing that is obvious is that Tor is not finished. In spite of that, some of you are already asking yourselves “Ok. What else is out there?” Well, you’re in luck. As it so happens there are other tools out there for those who wish to avoid being tracked. Here are a few of the most popular that are currently available.


I2PSimilar to Tor, I2P, or the Invisible Internet Project, uses a distributed network database and peer selection for anonymous traffic. Also susceptible to traffic analysis attacks, I2P does have some benefits over Tor. The peers are selected through continuous profiling and ranking performance. It is also small enough that few, if any, active blocks are in place to prevent access.


FreenetUnlike Tor, Freenet does not rely on dedicated entry and exit points. Instead, users connect to Freenet preferably through their friends’ computers. If you don’t have any friends on Freenet, you do have the option of connecting through strangers’ computers, but that is considered less secure than connecting to the computers of trusted friends. Freenet also is a file distribution service where encrypted files are stored on computer hard drives throughout the network. Due to the encryption, it is unlikely that a user would be able to determine what that file actually is.


JonDoFoxAnother onion routing-type anonymizer for web surfing, JonDoFox is a profile for Mozilla Firefox or Firefox ESR. The user’s computer connects to a series of Mix operators that anonymize the user’s web traffic and wrap it in several layers of encryption. Just like Freenet, the network size is considerably smaller than Tor’s. This is primarily due to their certification process. In order for you to become a mix operator, you must go through their certification process. Theoretically, this could lower the chances of an attacker sneaking in modified servers, but such a claim would have to be tested in a simulated environment.


GNUnetGNUnet is a peer-to-peer file sharing tool that relies on large groups to obfuscate the identities of those that are attached to the group. An individual in the group is virtually indistinguishable from any other user by anyone but the initiator of the group.

How to protect yourself when using Tor

  1. Don’t log into your usual accounts – especially Facebook or Google.
  2. Try not to follow any unique browsing patterns that may make you personally identifiable.
  3. Turn the Tor Browser’s security level up to the max. This will disable JavaScript on all sites, disable many kinds of fonts and images, and make media like audio and video click-to-play. This level of security significantly decreases the amount of browser code that runs while displaying a web page, protecting you from various bugs and fingerprinting techniques.
  4. Use the HTTPS Everywhere extension. This will ensure you’re only browsing HTTPS websites and protect the privacy of your data as it goes between the final node and the destination server.
  5. As a general rule, never use BitTorrent over Tor. Although people illegally pirating copyrighted content may wish to obscure their real identity, BitTorrent is extraordinarily difficult to use in a way that does not reveal your real IP address. Tor is relatively slow, so BitTorrent is hardly worth using over Tor anyway.
  6. Most importantly, always keep Tor Browser (and any extensions) updated, reducing your attack surface.

Does Tor still work?

Questions about Tor’s use by good and/or bad guys are one thing, but as more people become aware of it, another sensible question is whether it works, particularly in the light of the NSA repeatedly developing attacks against Tor. That appears to have been a frustrating task.

“We will never be able to de-anonymise all Tor users all the time,” said “Tor Stinks”, an NSA presentation from June 2012. “With manual analysis we can de-anonymise a very small fraction of Tor users, however, no success de-anonymising a user … on demand.”

For its part, Roger Dingledine, the president of the Tor project, said following the Guardian’s publication of that presentation that “there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network”, while reminding users that humans remain the weak links in online communications.

“Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard. Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.”

The NSA’s attacks against Tor included targeting security holes in the Firefox web browser. Tor encourages users of its Tor Browser Bundle to upgrade to the latest version regularly, to ensure they have the latest security fixes for the software.

Does Tor work on mobile?

The Tor browser is only available for Windows, MacOS, and Linux operating systems which might be disappointing if you’re looking to connect to the Tor network from a mobile device.

If you’re an Android user, you’re in luck. Orbot, a free proxy app sends your traffic through the Tor network.

There’s also an Android browser available called O

There’s also an Android browser available called Orfox, which is built on Firefox.

If you’re an iOS user, things aren’t as simple. Th

If you’re an iOS user, things aren’t as simple. There is a fairly popular free Onion Browser app available for iOS, but this is not considered as secure as Orfox, and doesn’t offer a great user experience. It is possible to connect to the Tor network manually, but you’ll need to jailbreak your device first.

Tor keeps you safe from the Tor network

What if an attacker gave up on eavesdropping, and instead set up a Tor relay node of their own? After all, if you can’t beat ‘em, join their decentralized network. You don’t need to prove your identity or good character in order to run a Tor relay, and the attacker could almost certainly keep their true intentions secret for a long time. The attacker’s new relay would eventually become an accepted part of the network, and Tor users would start using it as part of their circuits. It’s therefore not enough for Tor to protect its users from external eavesdroppers; it also has to protect its users from other participants in the Tor network.

This is not a theoretical threat. There almost certainly exist Tor relay nodes run by organizations that wish the network harm. However, so long as the fraction of Tor relay nodes controlled by adversaries remains low and manageable, Tor remains statistically secure.

Tor’s definition of security is that no one (apart from the Tor end-user) is able to discover the IP addresses of both the origin and destination of a Tor circuit. If this property holds, Tor is secure, even if traffic sometimes flows through relay nodes controlled by an adversary. If traffic flows through an adversary-controlled relay, but does not help this adversary learn the IP addresses of both the origin and destination of a Tor circuit, then the Tor Foundation simply thanks the adversary for their generous donation of network bandwidth.

Let’s see how Tor keeps its users safe from the Tor network itself. Let’s look at what happens when Alice uses Tor to browse topsecret.com, and consider what each node in her circuit knows about her.

Alice’s first (or guard) node knows her IP address, but it has no idea who she is talking to. The guard node is not responsible for communicating directly with the topsecret.com server, and it only ever forwards Alice’s traffic to the middle node of the circuit. It has no way of knowing what the middle node does next.

The middle node knows nothing of any importance at all. It knows the IP address of the guard node and the exit node, but it has no idea who is on the other sides of either of them. It doesn’t know that it is transporting Alice’s traffic, and it doesn’t know that this traffic is eventually headed to topsecret.com.

Finally, the exit node knows that someone is using Tor to browse topsecret.com. But since it only ever communicates with the middle node, it has no idea who this someone is.

All of this means that if Alice builds a circuit that passes through a single adversary-controlled node, she remains entirely safe. This is an impressive property that makes attacking the Tor network difficult, but it is not the end of the story. If Alice gets unlucky and chooses adversary-controlled nodes for both her guard and her exit nodes, she is back in danger of being deanonymized. We’ll look more at this later.

How do I download Tor on my Iphone?


  1. Open the App Store. It’s a blue app icon that contains a white “A” inside a white circle.
  2. Tap Search. It’s the magnifying glass icon at the bottom of the screen.
  3. Tap the search bar. It’s at the top of the screen.
  4. Type “TOR” and tap Search.
  5. Select a TOR-enabled browser.
  6. Tap GET.
  7. Tap INSTALL.
  8. Tap Open.

How do I install Tor on Ubuntu?

Extract and Launch Tor Browser

  1. Locate The Download. From the Ubuntu desktop, click on the grey file cabinet icon in the left side menu and then navigate into the Downloads folder.
  2. Extract The Files. If you right-click on the archive a menu appears.
  3. Enter The Folder.
  4. Tor Time.
  5. Connect to the Network.

Is using Tor legal?

It’s true that the nature of Tor makes it a popular choice among criminals wanting to access some of the shadier parts of the darknet and conduct criminal activities. This includes buying or selling illegal products or services, or participating in forums that spread hate speech and encourage extremism.

However, as outlined above there are plenty of reasons non-criminals would want to use Tor. Indeed, it is perfectly legal to use Tor, although it has been or is currently blocked in certain countries. Plus, there is still a stigma attached to it, so you probably shouldn’t assume you can use it trouble-free.

ISPs have been reported to throttle the bandwidth of Tor users and have even contacted customers to tell them to stop using the Tor browser. Users may be questioned by ISPs regarding which websites they are connecting to through Tor.

Authorities themselves could become suspicious of Tor users and conduct investigations into their activities on those grounds alone. Although, there haven’t actually been reports of fines or charges related to the use of Tor.

Who created Tor?

The concepts underpinning Tor — namely, onion routing — were developed by the United States government in the 1990s. It was originally designed to protect the communications of US intelligence agencies across the Internet. The original code for Tor was released under a free and open-source software license by the United States Naval Research Laboratory, allowing other people and organizations to contribute to the project.

Since 2006, a nonprofit called The Tor Project has been responsible for maintaining Tor and the Tor Browser. Financial support comes from corporations like Google, organizations such as Human Rights Watch, and many others.

How Do I Safely Use Tor?

There are plenty of dangers waiting for you when you’re considering changing your browser to Tor. These dangers range from privacy risks to more serious attacks on your safety, such as viruses and other forms of malware. In both cases, it’s important to arm yourself as well as possible.

Here are a few tips that’ll help you get there.

1. Use the security level settings within the browser

Turn this option in your settings all the way up to ‘Safest.’ This ensures you remain unscarred if Tor is hacked by means of JavaScript. It also helps to minimize online tracking.

Some websites won’t work as well when you’ve got maximum security enabled, but that’s a relatively small price to pay for protection.

2. Install good antivirus software

Even with the safety settings of the Tor browser optimized, weird things can happen. This is especially dangerous on the dark web.

If you use a trustworthy antivirus program, a lot of these problems can be prevented. Once you have installed good antivirus software, always make sure it’s up to date so you’ve got the best and most recent protection.

3. Use Tor alongside a good VPN

Combining two privacy solutions ensures maximum protection. A VPN encrypts and anonymizes your online data traffic. This means none of your information will be visible, and neither can any of it be traced back to you.

A good VPN, combined with the options the Tor browser offers, provides you with double protection, making surfing a lot safer. Indeed, they’re the most basic tools recommended to users who want to explore the dark web. You can’t have just one or the other; you need both.

For more information, you can consult our a list of our recommended VPNs.

How do I use Tor?

To use Tor, you’ll need a client, or a piece of software, that interacts with the Tor network.

The basic example is the Tor Browser Bundle, which the Tor Project distributes. The Tor Browser Bundle is preconfigured to send and receive all Web traffic (but not stand-alone email messages or instant-messaging traffic) through the anonymizing Tor network.

You can configure most browsers to work with Tor using the plugins available in the bundle, but if you use Tor’s browser to access the Internet, you don’t have to worry about the proper setup.

Plenty of other pieces of software, both enterprise and open source, use Tor’s protocol to enable anonymous Web browsing, but not all of them have gone through the same rigorous peer review as the Tor Browser Bundle.

In addition, to use Tor properly you should disable all Flash plugins and other scripts on your browser, such as RealPlayer and QuickTime. These provide access points to your Internet activity that an outside snoop could exploit.

What Are Bridge Nodes? 🌉#

I’m not sure if you saw it earlier, but I made the distinction between nodes in the directory services and nodes that aren’t.

If a repressive state wants to block Tor, it uses the directory nodes. Directory nodes keep up-to-date lists of Tor relay nodes and are publicly available for anyone to download.

The state can query a directory node for a list of active Tor relays, and censor all traffic to them.

Tor keeps an up-to-date listing of countries where it is possibly blocked (censored) if you’re interested.

Tor helps its users circumvent the censorship by hiding the fact they are using Tor. They do this through a proxy known as a Bridge Node. Tor users send their traffic to the bridge node, which forwards the traffic onto the user’s chosen guard nodes.

The full list of Bridge nodes is never published,

The full list of Bridge nodes is never published, making it difficult for states to completely block Tor. You can view some bridge nodes here. If this doesn’t work, Tor suggests:

Another way to get bridges is to send an email to bridges@. Please note that you must send the email using an address from one of the following email providers: Riseup or Gmail.

It’s possible to block Tor another way. Censoring states can use Deep Packet Inspection (DPI)to analyse the shape, volume, and feel of each packet. Using DPI states can recognise Tor traffic, even when they connect to unknown IP addresses or are encrypted.

To circumvent this, Tor developers have made Pluggable Transports (PT). These transform Tor traffic flow between the client and the bridge. In the words of Tor’s documentation:

This way, censors who monitor traffic between the client and the bridge will see innocent-looking transformed traffic instead of the actual Tor traffic. External programs can talk to Tor clients and Tor bridges using the pluggable transport API, to make it easier to build interoperable programs.

Is Tor Browser legal?

For most people reading this article, Tor Browser is completely legal to use. In some countries, however, Tor is either illegal or blocked by national authorities. China has outlawed the anonymity service and blocks Tor traffic from crossing the Great Firewall. Countries such as Russia, Saudi Arabia and Iran, are working hard to prevent citizens from using Tor. Most recently, Venezuela has blocked all Tor traffic.

It’s easy to see why a repressive regime hates Tor. The service makes it easy for journalists to report on corruption and helps dissidents organize against political repression.

The freedom to communicate, publish, and read anonymously is a prerequisite for freedom of expression online, and thus a prerequisite for democracy today. Using and supporting Tor helps support freedom of expression around the world. Technically sophisticated users are encouraged to donate bandwidth to the Tor network by running a relay.

Tor’s Safety Breached

Several court cases have shown that illegal activities on the dark web can sometimes be traced back to specific individuals using Tor browser. Hence, it seems possible to discover and collect a user’s data — including their IP address — even when they are being protected by Tor. In the past, Tor users have been found out because the National Security Agency (NSA) in the U.S. owned a huge part of the Tor nodes. The NSA could clearly see who used those nodes. This was problematic for users who concern themselves with illegal practices. The moment those users are identifiable, the police can track them down and arrest them.

Tor is no longer as safe as it once was. Hackers constantly attempt to breach Tor’s security. Many groups, organizations, and individuals want access to the information Tor browser is hiding and try to get that time and again.

In 2014, one group of researchers succeeded. Financed by the government, they took a closer look at Tor browser and were able to collect information from the browser for months on end.

Weaknesses in the Tor software can surface in less compromising ways, as well: in 2017, users found a leak that could easily make IP addresses of Linux and macOS users visible.

Of course, Tor didn’t sit around to watch all this happen: whenever a possible leak in the system was discovered, those leaks were patched as soon as possible.

Is Tor secure?

Good question! Security and anonymity go hand in hand on the Internet. As an online anonymizer, Tor was designed to be secure.

However, documents leaked by former National Security Agency (NSA) contractor Edward Snowden show that the NSA has tried to crack, infiltrate or weaken any encryption that the agency does not itself control.

In light of this news, nearly all independent encryption and online communication services have become suspect, including Tor.

MORE: Best Password Managers

“The online anonymity network Tor is a high-priority target for the National Security Agency,” cryptography expert Bruce Schneier, who is helping British newspaper The Guardian analyze its archive of leaked Snowden documents, wrote in a piece for the newspaper.

But despite this warning, another Snowden document published by The Guardian suggests that the NSA can’t crack Tor after all, although the agency has developed some workarounds.

“We will never be able to de-anonymize all Tor users all the time,” reads the document, a PowerPoint presentation used internally at the NSA and its British equivalent GCHQ.

Instead, the NSA exploited a vulnerability in Firefox browsers (on which the Tor Browser is based) to monitor individual users’ Tor activity. That vulnerability has since been patched in Firefox and recent Tor Browser Bundle updates.

“The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network,” wrote The Tor Project on its blog in response to The Guardian’s article.

“Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.”