How to Use Tor to Protect Your Privacy

This comprehensive guide will teach you everything you need to know about using Tor, including setting up a proxy, sharing files, and more.

how to use tor

With this handy guide, you’ll be using Tor in no time!

 

Jump to…

Connect to the Dark Web With the Tor Browser
Practice Safe Browsing Habits
Set Up Tor as a Proxy
Connect to Tor Via Bridges and VPN When Tor Is Blocked
How to Securely Share Files Using Tor
Coming Soon: Private Messaging With Tor Messenger
Safe Tools for Whistleblowers
Tor for Android
Tor for iOS
Tor for Tails
Even With Tor, You Are Still At Risk
How to Contribute to Tor
Alternatives to the Tor Browser

 

Connect to the Dark Web With the Tor Browser

The most common way for you to access the dark web or use the Tor network is through the Tor Browser. The browser looks and feels like Firefox, but comes optimized for security and privacy. It has the NoScript and HTTPS Everywhere extensions pre-installed to protect you from malicious Flash or Javascript exploits. It also makes sure cookies are deleted at startup and websites don’t have access to any information that can be used to identify you.

The Tor Browser is easy to run. In fact, it doesn’t require any installation at all and you can just run the .exe or .dmg files direct from your USB stick. This makes it possible to bring the browser into an environment where you cannot install software, such as your school or office.

After starting the browser, it will ask you about your network. If your network is clear from censorship you can start surfing the Internet immediately. Otherwise, you will be asked to give more information, such as your local proxy service, which will help the browser circumvent the censorship.

You can navigate websites in the same way you are used to. Additionally, you can resolve addresses on the dark web. These are addresses ending in .onion where the server cannot easily be identified, censored or seized. The online publication ProPublica (http://propub3r6espa33w.onion/) and Facebook (https://facebookcorewwwi.onion) both operate such servers, for example.

The Tor Browser makes it easy to be secure and private, but we still need to make sure not to voluntarily hand over information that could compromise us.

Back to top

 

Practice Safe Browsing Habits

The Tor Browser will not do everything your regular browser can do, but that’s for good reason. Don’t be tempted to install plug-ins or add-ons, because they might connect back to servers outside of the Tor network, revealing your IP address and other information about your browsing history.

In the Tor Browser, you need to make more sure than usual that you are connecting to websites using HTTPS. Just like on public Wi-Fi, there is no way to know who is running the exit node, or whether it is secure. There is also no way of telling what the node is doing. It could be reading, intercepting, or even altering your information. The exit node might even try to strip Transport Layer Security (TLS) from the site entirely, so always check if the lock in the address bar is visible! Otherwise, a malicious exit node might establish an encrypted connection between itself and the server you are connecting to, meaning the exit node can read the traffic between you and your server.

While the Tor Browser deletes your cookies and history upon each startup, surfing the web could trigger compromising cookies to be loaded on your machine. For example, logging into Facebook in one tab will set cookies that can identify you to other pages as a specific Facebook user.

Also be aware of any content you download. Even PDFs and Word documents might contain little snippets of code that could reveal your personal Internet protocol (IP) address. The safest thing to do is to open such documents on a virtual machine, or when your computer is offline.

The Tor network protects your metadata by hiding it among all the other traffic. If your load on the Tor network is very high (i.e. you operate a very popular dark web site), you might be identifiable due to your heavy traffic.

Back to top

 

Set Up Tor as a Proxy

Browsing is not the only thing you can do with Tor. It can also be set up as a proxy service, so that any data you point to gets routed through the network.

Many applications support the SOCKS5 proxy that Tor uses. Pidgin, Adium, Dropbox, and Bitcoin wallets like Core and Electrum all allow you to route your traffic through the Tor network,  so you can stay anonymous. For a truly anonymous solution, though, you need to make sure to sign up for all your accounts while connected to Tor, download all the software through Tor, and never connect to these services through the regular Internet.

You can also use Tor the other way (a reverse proxy), i.e., make the services on your web server available through a .onion address, for example.This protects both you and your users from bad exit nodes and unwanted server location reveals.

It’s not recommended to torrent through the Tor network. Modern bittorrent clients use UDP as a protocol, which does not work over Tor. As a result, your data will either not be transmitted at all or transmitted outside of Tor, revealing your IP address in the process.

Back to top

 

Connect to Tor Via Bridges and VPN When Tor Is Blocked

Many networks ban any kind of Tor traffic through their systems by blacklisting all known entry nodes. To get around this ban, you can connect to a bridge. A bridge functions similarly to an entry node, except that you have to obtain IP addresses manually. Using a bridge to connect to the Tor network does not have any significant drawbacks, but in many situations will not be able to circumvent Tor obstructions. For better results, first connect to your VPN, then to the Tor network.

When you are connected with a VPN, neither the sites you are visiting nor the Tor entry nodes will know your true location, though the VPN company will. However, the VPN company cannot see the content of your traffic, even if they tried to, as the traffic is encrypted between you and the Tor entry node.

Theoretically, there is also the option of connecting first to the Tor network, then tunnelling a VPN through it. This makes it impossible for your VPN provider to know where you are, and ensures exit nodes can’t read or alter your traffic. Unfortunately most VPN providers do not support this function.

Depending on whether you use Tor, VPN, or a combination of the two, sites and networks can see different information about you. Check the table below to find a solution that best suits your needs.

Only TorTor first, then VPNVPN first, then TorVPN only
Local network or ISP can read your trafficNoNoNoNo
Local network knows your locationYesYesYesYes
Local network or ISP sees you are a Tor userYesYesNoN/A
Tor entry nodes can see your locationYesYesNoN/A
Tor exit nodes can read your trafficYesNoYesN/A
VPN can read your trafficN/AYesNoYes*
VPN knows your locationN/ANoYesYes*

*Note: A trustworthy VPN service provider never stores any information about your traffic. You can find out if your VPN provider logs your data by reading their terms of service agreement.

Back to top

 

How to Securely Share Files Using Tor

While you shouldn’t (and often can’t) use the Tor network to hide your torrent traffic, the Tor network provides you with one of the most convenient ways to share files with other people. It’s called OnionShare and was developed by Micah Lee. It is very secure, and much more convenient than sending email attachments and or using Dropbox.

With Onionshare, you just select the file on your computer and a link to it is generated. You can then share this link with the intended recipient, via any application. You and the recipient will need to keep the Tor browser open during the entire process. Sharing files using Tor ensures that the sender and recipient never know each other’s locations.

Onionshare is the one truly anonymous file sharing method. Take note, however, that anyone with the link will be able to download the file, so you should share the link in an encrypted fashion, for example with OTR (Off-The-Record).

There is also a neat option that allows you to close the server after the item has been downloaded. That way you can be absolutely certain that the item is only accessed once. If your contact received it, you can be sure no one else did.

Back to top

 

Coming Soon: Private Messaging With Tor Messenger

The Tor Messenger is still in beta and doesn’t yet promise full security. It is built on Mozilla’s Instantbird and serves solely as a client for your existing chat accounts, such as Jabber, Twitter, IRC, and Yahoo.

Tor Messenger includes OTR encryption protocol and will reliably hide the contents of your messages from even the most advanced hackers. It is preconfigured to route all your traffic through the Tor network, hiding your location from the server. Be cautious, though, as the server can still collect metadata, and could possibly be used to attempt man-in-the-middle attacks.

Back to top

 

Safe Tools for Whistleblowers

SecureDrop (originally called DeadDrop) is software that makes it easier to safely leak information to the press over the Tor network. It was originally developed by Aaron Swartz and is currently being maintained by the Freedom of the Press Foundation. It has been adopted by ProPublica, The Intercept, and The Guardian, amongst others.

SecureDrop runs on a server belonging to a journalist or news organization that is only reachable via Tor. The whistleblower can upload any kind of document to this server, for which they receive a code. This unique code can later be used to submit more information, or communicate securely and anonymously with the journalists.

Back to top

 

Tor for Android

Orbot, the Tor browser for Android, can be found in the Google Play store and the Guardian Project official app repository. You can also use Orbit as a proxy to configure other apps, such as Chat Secure, to route traffic through the Tor network. This combination gives you similar protections as using the Tor messenger on desktop.

Back to top

 

Tor for iOS

Tor is not officially available on iOS devices, although system-wide Tor apps might now become possible with new features introduced in iOS 9.

Back to top

 

Tor for Tails

The Amnesic Incognito Live System is an operating system based on Linux that you can run from a DVD or USB stick. It comes preinstalled with the most important encryption software, like Pretty Good Privacy (PGP) and OTR. It will route all your traffic through the Tor network by default. This makes it far easier to remain truly anonymous, and it also mitigates threats of bugs or attacks.

You can easily carry it with you and it does not need to be installed on the computer you are running. The Amnesic Incognito Live System lets you safely and easily maintain a separate identity on your own computer or a public device.

Back to top

 

Even With Tor, You Are Still At Risk

While the Tor network is generally considered secure, it should not be overestimated in regards of what it does. Applications like the Tor Browser and Tor Messenger come preconfigured to route your traffic through the Tor network and minimize your risk of leaking personal information, but there are still many ways in which your identity might be compromised by a malicious third-party entity.

In the past, attacks have lured users to compromised websites where a javascript exploit bypasses the Tor network and reveals the user’s IP address.

If an attacker is able to gain control of a large portion of the network, they could perform network analysis to correlate traffic on the entry nodes with traffic on the exit nodes.The attacker could then work out who is viewing what content.

This is especially risky for operators of big and popular sites on the dark web who want to keep their location anonymous. The more traffic they attract, the easier it is for an adversary to figure out where their traffic is going.

Back to top

 

How to Contribute to Tor

While the Tor network is still primarily funded by the United States government, it relies on the efforts of activists and volunteers to stay secure. Additional resources to the project will make it more balanced and less dependent on government and military support. You can help out by doing any of the following.

  • Use Tor. You will get Internet privacy yourself, and also help to establish the network as an important tool for everyday users.
  • Become a Tor developer. It is worth major street cred to build on top of the leading anonymity network! You can help bring in whatever skill you have to increase the Tor Project’s security, documentation, and features.
  • Donate to the Tor project. The Tor project accepts Paypal, Dwolla, and Bitcoins. There is still so much to be done!
  • Donate to a node provider. If a relay doesn’t have a Bitcoin address entered in its contact field, you can donate directly with this tool.
  • Run a relay. If you have extra bandwidth available, you can run a relay from home or your own server.

Back to top

 

Alternatives to The Tor Browser

Tor is not the only project attempting to make the Internet a safer and more anonymous space, although it is by far the most tested and used.
Here are other projects committed to maintaining your Internet privacy, security, and freedom:

  • Ultrasurf is a proxy system for Windows. It is used primarily to evade censorship, although it also offers some privacy protection with  the use of encryption. Like Tor, it is also largely funded by the United States government. Unlike Tor, the source code is not open.
  • Freegate is another proxy system for Windows, used to evade censorship. The Freegate network is called Dynaweb and is also funded by the US government.
  • Java Anon Proxy is an open-source proxy network written in Java. It was developed by a group of  researchers in German universities. Users should be wary of using it though. Java Anon Proxy contains a feature which allows law enforcement to issue surveillance orders for certain servers. Such features carry risk of abuse similar to that possible on unsecured networks, and call the advertised anonymity features into question.
  • GTunnel is a product by the Canadian NGO, Garden Networks. It is aimed at circumventing censorship rather than protecting your Internet privacy. Unfortunately, GTunnel is no longer actively developed.

Back to top

 

Further Reading

Find out more about Tor with these articles:

Featured image: denisk999 / Dollar Photo Club

4 thoughts on “How to Use Tor to Protect Your Privacy

  1. My internet security provider, viz 360 has reservations about Tor and in fact, alerts potential users like me, warning potential users of the criminal user aspect and their ability to use Trojans to infiltrate and either create damage or steal vital personal information.

    As a potential user but with these two reservations, I would appreciate your opinion, advice and clarification regarding the above.

    Thanks

    Neville K

    1. Dear Neville,
      The Tor Browser is not more or less safe than other browsers like Chrome or Firefox. But it comes with certain features enabled by default that make it difficult to track you, and it routes all your traffic through the Tor Network by default, making it easier for you to anonymously serve the web. Once you are connected, you will still have to be aware of not downloading suspicious software, trojans and other malware, just like with your regular browser.
      Lexie

  2. Hackers have taken over my devices for use as a conduit to transmit their data for 12 months now, in effect leaving my pc and iPhone in a hijacked status. My devices are being used to train hackers, to disseminate pornography and for gaming purposes. They gained access when l gave permission for a remote screen sharing session, but they were masquerading under a trusted site name (microsoft) and l believed them. l have seen over 4,200+ messages d/loading onto my pc so they are numbered in their thousands. Once they had my IP address BANG! They knew everything, even though l had bought new devices. l now have the VPN and Tor as of today. Am l safe now? Can they still monitor, access and use my devices? Is there anything more l can do to block them and keep myself safe? Or is this where the buck stops? The number of OS X specific hacks are astounding. They will know l now have this d/loaded, although my VPN was running at the time, can they override these settings as they have with others? PLEASE HELP ME!

    1. Hi Sue,
      Since the attackers came through teamviewer, make sure that application is removed. However, you cannot be sure that they didn’t load other malware onto your computer that allows them to remote control it.
      You should back up all your data onto an external drive and reinstall your operating system. This is not necessarily difficult, but you will need to find some guides depending on your operating system and computer model. The place you got your computer from can likely help you too.
      Your computer will not only feel “like new”, it will also be clean of any viruses or malware. Make also sure to change all passwords of your online accounts, such as email, social media and banking. Be careful with what software you are installing. Only install software that you trust. It will also be a good idea to not install software like teamviewer. If you really have to, get some guidance on how to set it up securely!
      Lexie

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>