Back to Tutorials
ONLINE SAFETY

Tor Browser: Anonymous Browsing Guide

18 min read Intermediate

The Tor Browser is one of the most powerful privacy tools available to ordinary internet users. It allows you to browse the web with a high degree of anonymity, protecting you from surveillance, tracking, and censorship. This guide explains what Tor is, how it works, how to use it safely, and when it is (and is not) the right tool for the job.

Tip: Using Tor is legal in most countries. It is a legitimate privacy tool used by journalists, activists, security researchers, and ordinary people who value their privacy. You do not need to be doing anything secretive to benefit from using Tor.

What Is Tor?

Tor stands for The Onion Router. It is both a network of volunteer-operated servers (called relays or nodes) and a specially configured web browser that routes your internet traffic through that network. The Tor Project, which develops and maintains this technology, is a nonprofit organization dedicated to advancing human rights and freedoms through free and open-source anonymity and privacy technologies.

The Tor network was originally developed by the United States Naval Research Laboratory in the 1990s for protecting government communications. It was released as open-source software in 2002, and the Tor Project was founded in 2006. Today, the network is run by thousands of volunteers worldwide and is used by millions of people every day.

How Onion Routing Works

Onion routing is the core technology behind Tor. The name refers to the multiple layers of encryption applied to your data, like the layers of an onion. Here is how the process works step by step:

Step 1: Building a Circuit

When you open the Tor Browser and request a webpage, the Tor software selects three relays from the network to create a "circuit" -- a path for your data to travel. These three relays are:

  • Guard (Entry) Node: The first relay that receives your encrypted data. It knows your real IP address but cannot see what you are accessing.
  • Middle Node: The second relay that passes data between the guard and exit nodes. It knows neither your identity nor your destination.
  • Exit Node: The final relay that sends your request to the destination website. It can see the destination but does not know who you are.

Step 2: Layered Encryption

Before your data leaves your computer, it is encrypted three times -- once for each relay. As the data passes through each relay, one layer of encryption is removed (peeled off, like an onion layer). Each relay can only decrypt its own layer, revealing only the instructions for where to send the data next.

Step 3: No Single Point of Knowledge

The critical security property is that no single relay knows both your identity and your destination. The guard knows who you are but not where you are going. The exit knows where you are going but not who you are. The middle relay knows neither. This separation provides strong anonymity.

Step 4: Circuit Rotation

Tor automatically changes your circuit (selects new relays) approximately every ten minutes. This prevents any pattern analysis that might link your different browsing activities together.

Installing Tor Browser Safely

The most important rule for installing Tor Browser is: only download it from the official Tor Project website. Malicious versions of the Tor Browser have been distributed through unofficial channels, and these modified versions may log your activity or contain malware.

  1. Visit the official Tor Project website at torproject.org
  2. Download the Tor Browser for your operating system (Windows, macOS, Linux, or Android)
  3. Verify the download signature if possible (the Tor Project provides instructions for this)
  4. Install or extract the browser to your chosen location
  5. Launch the Tor Browser and wait for it to connect to the Tor network
Important: Never download the Tor Browser from third-party websites, app stores (except the official listing on Google Play for Android), or file-sharing services. Fake Tor browsers are a common attack vector used to steal your data while making you think you are anonymous.

Security Levels in Tor Browser

The Tor Browser includes three built-in security levels that you can adjust based on your needs. You can change the security level by clicking the shield icon next to the address bar.

Standard

The default setting. All browser features and website functionality are enabled. This provides the best browsing experience but the least additional security beyond what Tor's routing provides. Suitable for general privacy-focused browsing on trusted websites.

Safer

JavaScript is disabled on non-HTTPS sites. Some fonts and math symbols are disabled. Audio and video media become click-to-play instead of auto-playing. This level provides significantly better protection against browser exploits while still allowing most websites to function.

Safest

JavaScript is completely disabled on all sites. Some images, fonts, and icons may not display. Many modern websites will not function properly at this level. This setting provides the highest security and is recommended when visiting untrusted websites or when maximum protection is needed.

Tip: For most users, the "Safer" setting provides a good balance between security and usability. Switch to "Safest" when visiting unfamiliar or potentially dangerous websites. You can always temporarily switch back to "Standard" for specific trusted sites that require JavaScript.

What Tor Protects (And What It Does Not)

Tor Does Protect:

  • Your IP address from websites: Websites you visit see the exit node's IP address, not yours
  • Your browsing activity from your ISP: Your internet service provider can see that you are using Tor, but cannot see what sites you visit
  • Against network surveillance: Observers watching your local network cannot determine what you are accessing
  • Against browser fingerprinting: The Tor Browser is designed so that all users look identical to websites, preventing tracking
  • Access to blocked content: Tor can bypass many forms of internet censorship

Tor Does NOT Protect:

  • Information you voluntarily share: If you log into Facebook over Tor, Facebook still knows who you are
  • Against malware: Tor does not prevent you from downloading viruses or malicious files
  • Against end-to-end timing attacks: A powerful adversary monitoring both your connection and the destination could theoretically correlate traffic
  • Non-Tor traffic: Only traffic routed through the Tor Browser is protected. Other applications on your computer are not affected
  • Against user error: If you reveal your identity through your behavior, Tor cannot help you

Common Mistakes Tor Users Make

The biggest threat to Tor users is not a weakness in Tor itself but rather mistakes in how people use it. Here are the most common errors:

  1. Logging into personal accounts: Accessing your personal email, social media, or banking over Tor links your real identity to your Tor session. If you need anonymity, never log into accounts associated with your real identity.
  2. Downloading and opening files: Documents (especially PDFs and Word files) can contain embedded content that connects to the internet outside of Tor, revealing your real IP address. If you must download files, disconnect from the internet before opening them.
  3. Using Tor with other browsers simultaneously: Traffic from your regular browser can be correlated with your Tor traffic by a network observer. If anonymity is important, close all other browsers while using Tor.
  4. Installing browser extensions: Add-ons can bypass Tor's protections and make your browser uniquely identifiable. The Tor Browser is carefully configured -- do not add extensions to it.
  5. Maximizing the browser window: Your screen resolution can be used for fingerprinting. The Tor Browser opens at a specific size deliberately. Avoid resizing or maximizing it.
  6. Ignoring HTTPS: While Tor encrypts traffic within its network, the exit node can see unencrypted traffic. Always use HTTPS websites to add end-to-end encryption.
  7. Torrenting over Tor: BitTorrent traffic often leaks your real IP address and puts enormous strain on the Tor network. Never use Tor for torrenting.
Warning: Many people have been de-anonymized not because Tor failed, but because they made one of these mistakes. The tool is only as strong as the person using it. If you need strong anonymity, study operational security carefully before relying on Tor for protection.

Tor vs. VPN: When to Use Which

Tor and VPNs both enhance privacy, but they work differently and are suited for different situations.

Use Tor When:

  • You need strong anonymity and do not want any single entity to know both who you are and what you are doing
  • You are accessing content that could put you at risk (journalism, activism, whistleblowing)
  • You want to access .onion sites
  • You do not trust any single VPN provider with your browsing data
  • Speed is not a priority

Use a VPN When:

  • You want to encrypt all traffic from your device (not just browser traffic)
  • You need faster connection speeds for streaming or large downloads
  • You want to bypass geographic content restrictions
  • You trust a specific VPN provider and want convenience
  • You want to hide your activity from your ISP without needing full anonymity
Tip: A VPN requires you to trust the VPN provider not to log or misuse your data. Tor requires you to trust no single entity -- the anonymity comes from the architecture itself. For the highest-risk situations, Tor is the better choice. For everyday privacy enhancement, a reputable VPN may be more practical.

Tor Bridges: Accessing Tor in Censored Regions

In some countries, access to the Tor network is blocked by government firewalls. The entry points to the Tor network (the IP addresses of guard nodes) are publicly listed, which makes it possible for censors to block them. Tor bridges solve this problem.

Bridges are unlisted Tor relays whose IP addresses are not publicly available. Because censors do not know their addresses, they cannot block them. There are several types of bridges:

  • obfs4 bridges: The most commonly used type. They disguise Tor traffic to look like random data, making it difficult for censors to identify and block.
  • Snowflake bridges: Use WebRTC peer-to-peer connections through volunteers' browsers to create temporary entry points into the Tor network. Because the entry points constantly change, they are very difficult to block.
  • meek bridges: Disguise Tor traffic as connections to major cloud services (like Microsoft Azure), making it very costly for censors to block without disrupting legitimate cloud service traffic.

To use bridges, open the Tor Browser's connection settings before connecting. You can request bridges directly from the Tor Project or enter bridge addresses you have obtained through other channels. The Tor Browser makes this process straightforward through its built-in connection assistant.

Summary

The Tor Browser is a powerful tool for protecting your privacy online. It uses onion routing to prevent any single entity from knowing both who you are and what you are accessing. However, it is not magic -- it requires proper usage habits to be effective. Always download it from the official source, use appropriate security settings, avoid common mistakes that could reveal your identity, and understand both its strengths and its limitations.

Whether you are a journalist protecting a source, an activist in a repressive country, or simply someone who values privacy, the Tor Browser gives you meaningful control over who can observe your online activity. Used correctly, it is one of the strongest privacy tools available to anyone, anywhere, for free.

Previous: Understanding the Dark Web Next: Dark Web Navigation