This comprehensive guide will teach you everything you need to know about using Tor, including setting up a proxy, sharing files, and more.
Connect to the Dark Web With the Tor Browser
Practice Safe Browsing Habits
Set Up Tor as a Proxy
Connect to Tor Via Bridges and VPN When Tor Is Blocked
How to Securely Share Files Using Tor
Coming Soon: Private Messaging With Tor Messenger
Safe Tools for Whistleblowers
Tor for Android
Tor for iOS
Tor for Tails
Even With Tor, You Are Still At Risk
How to Contribute to Tor
Alternatives to the Tor Browser
Connect to the Dark Web with the Tor browser
The Tor Browser is easy to run. In fact, it doesn’t require any installation at all and you can just run the .exe or .dmg files direct from your USB stick. This makes it possible to bring the browser into an environment where you cannot install software, such as your school or office.
After starting the browser, it will ask you about your network. If your network is clear from censorship you can start surfing the internet immediately. Otherwise, you will be asked to give more information, such as your local proxy service, which will help the browser circumvent the censorship.
You can navigate websites in the same way you are used to. Additionally, you can resolve addresses on the dark web. These are addresses ending in .onion where the server cannot easily be identified, censored or seized. The online publication ProPublica (http://propub3r6espa33w.onion/) and Facebook (https://facebookcorewwwi.onion) both operate such servers, for example.
The Tor Browser makes it easy to be secure and private, but we still need to make sure not to voluntarily hand over information that could compromise us.
Practice safe browsing habits
The Tor Browser will not do everything your regular browser can do, but that’s for good reason. Don’t be tempted to install plug-ins or add-ons, because they might connect back to servers outside of the Tor network, revealing your IP address and other information about your browsing history.
In the Tor Browser, you need to make more sure than usual that you are connecting to websites using HTTPS. Just like on public Wi-Fi, there is no way to know who is running the exit node, or whether it is secure. There is also no way of telling what the node is doing. It could be reading, intercepting, or even altering your information. The exit node might even try to strip Transport Layer Security (TLS) from the site entirely, so always check if the lock in the address bar is visible! Otherwise, a malicious exit node might establish an encrypted connection between itself and the server you are connecting to, meaning the exit node can read the traffic between you and your server.
While the Tor Browser deletes your cookies and history upon each startup, surfing the web could trigger compromising cookies to be loaded on your machine. For example, logging into Facebook in one tab will set cookies that can identify you to other pages as a specific Facebook user.
Also be aware of any content you download. Even PDFs and Word documents might contain little snippets of code that could reveal your personal Internet protocol (IP) address. The safest thing to do is to open such documents on a virtual machine, or when your computer is offline.
The Tor network protects your metadata by hiding it among all the other traffic. If your load on the Tor network is very high (i.e. you operate a very popular dark web site), you might be identifiable due to your heavy traffic.
Set up Tor as a proxy
Browsing is not the only thing you can do with Tor. It can also be set up as a proxy service, so that any data you point to gets routed through the network.
Many applications support the SOCKS5 proxy that Tor uses. Pidgin, Adium, Dropbox, and Bitcoin wallets like Core and Electrum all allow you to route your traffic through the Tor network so you can stay anonymous. For a truly anonymous solution, though, you need to make sure to sign up for all your accounts while connected to Tor, download all the software through Tor, and never connect to these services through the regular internet.
You can also use Tor the other way (a reverse proxy), i.e., make the services on your web server available through a .onion address, for example.This protects both you and your users from bad exit nodes and unwanted server location reveals.
It’s not recommended to torrent through the Tor network. Modern bittorrent clients use UDP as a protocol, which does not work over Tor. As a result, your data will either not be transmitted at all or transmitted outside of Tor, revealing your IP address in the process.
Connect to Tor via bridges and VPN when Tor is blocked
Many networks ban any kind of Tor traffic through their systems by blacklisting all known entry nodes. To get around this ban, you can connect to a bridge. A bridge functions similarly to an entry node, except that you have to obtain IP addresses manually. Using a bridge to connect to the Tor network does not have any significant drawbacks, but in many situations will not be able to circumvent Tor obstructions. For better results, first connect to your VPN, then to the Tor network.
When you are connected with a VPN, neither the sites you are visiting nor the Tor entry nodes will know your true location, though the VPN company will. However, the VPN company cannot see the content of your traffic, even if they tried to, as the traffic is encrypted between you and the Tor entry node.
Theoretically, there is also the option of connecting first to the Tor network, then tunneling a VPN through it. This makes it impossible for your VPN provider to know where you are, and ensures exit nodes can’t read or alter your traffic. Unfortunately most VPN providers do not support this function.
Depending on whether you use Tor, VPN, or a combination of the two, sites and networks can see different information about you. Check the table below to find a solution that best suits your needs.
|Only Tor||Tor first, then VPN||VPN first, then Tor||VPN only|
|Local network or ISP can read your traffic||No||No||No||No|
|Local network knows your location||Yes||Yes||Yes||Yes|
|Local network or ISP sees you are a Tor user||Yes||Yes||No||N/A|
|Tor entry nodes can see your location||Yes||Yes||No||N/A|
|Tor exit nodes can read your traffic||Yes||No||Yes||N/A|
|VPN can read your traffic||N/A||Yes||No||Yes*|
|VPN knows your location||N/A||No||Yes||Yes*|
*Note: A trustworthy VPN service provider never stores any information about your traffic. You can find out if your VPN provider logs your data by reading their terms of service agreement.
How to securely share files using Tor
While you shouldn’t (and often can’t) use the Tor network to hide your torrent traffic, the Tor network provides you with one of the most convenient ways to share files with other people. It’s called OnionShare and was developed by Micah Lee. It is very secure, and much more convenient than sending email attachments and or using Dropbox.
With Onionshare, you just select the file on your computer and a link to it is generated. You can then share this link with the intended recipient, via any application. You and the recipient will need to keep the Tor browser open during the entire process. Sharing files using Tor ensures that the sender and recipient never know each other’s locations.
Onionshare is the one truly anonymous file sharing method. Take note, however, that anyone with the link will be able to download the file, so you should share the link in an encrypted fashion, for example with OTR (Off-The-Record).
There is also a neat option that allows you to close the server after the item has been downloaded. That way you can be absolutely certain that the item is only accessed once. If your contact received it, you can be sure no one else did.
Coming soon: Private messaging with Tor Messenger
The Tor Messenger is still in beta and doesn’t yet promise full security. It is built on Mozilla’s Instantbird and serves solely as a client for your existing chat accounts, such as Jabber, Twitter, IRC, and Yahoo.
Tor Messenger includes OTR encryption protocol and will reliably hide the contents of your messages from even the most advanced hackers. It is preconfigured to route all your traffic through the Tor network, hiding your location from the server. Be cautious, though, as the server can still collect metadata, and could possibly be used to attempt man-in-the-middle attacks.
Safe tools for whistleblowers
SecureDrop (originally called DeadDrop) is software that makes it easier to safely leak information to the press over the Tor network. It was originally developed by Aaron Swartz and is currently being maintained by the Freedom of the Press Foundation. It has been adopted by ProPublica, The Intercept, and The Guardian, amongst others.
SecureDrop runs on a server belonging to a journalist or news organization that is only reachable via Tor. The whistleblower can upload any kind of document to this server, for which they receive a code. This unique code can later be used to submit more information, or communicate securely and anonymously with the journalists.
Tor for Android
Orbot, the Tor browser for Android, can be found in the Google Play store and the Guardian Project official app repository. You can also use Orbot as a proxy to configure other apps, such as Chat Secure, to route traffic through the Tor network. This combination gives you similar protections as using the Tor messenger on desktop.
Tor for iOS
Tor is not officially available on iOS devices, although system-wide Tor apps might now become possible with new features introduced in iOS 9.
Tor for Tails
The Amnesic Incognito Live System is an operating system based on Linux that you can run from a DVD or USB stick. It comes pre-installed with the most important encryption software, like Pretty Good Privacy (PGP) and OTR. It will route all your traffic through the Tor network by default. This makes it far easier to remain truly anonymous, and it also mitigates threats of bugs or attacks.
You can easily carry it with you and it does not need to be installed on the computer you are running. The Amnesic Incognito Live System lets you safely and easily maintain a separate identity on your own computer or a public device.
Even with Tor, you are still at risk
While the Tor network is generally considered secure, it should not be overestimated in regards of what it does. Applications like the Tor Browser and Tor Messenger come pre-configured to route your traffic through the Tor network and minimize your risk of leaking personal information, but there are still many ways in which your identity might be compromised by a malicious third-party entity.
If an attacker is able to gain control of a large portion of the network, they could perform network analysis to correlate traffic on the entry nodes with traffic on the exit nodes. The attacker could then work out who is viewing what content.
This is especially risky for operators of big and popular sites on the dark web who want to keep their location anonymous. The more traffic they attract, the easier it is for an adversary to figure out where their traffic is going.
How to contribute to Tor
While the Tor network is still primarily funded by the United States government, it relies on the efforts of activists and volunteers to stay secure. Additional resources to the project will make it more balanced and less dependent on government and military support. You can help out by doing any of the following.
- Use Tor. You will get internet privacy yourself, and also help to establish the network as an important tool for everyday users.
- Become a Tor developer. It is worth major street cred to build on top of the leading anonymity network! You can help bring in whatever skill you have to increase the Tor Project’s security, documentation, and features.
- Donate to the Tor project. The Tor project accepts Paypal, Dwolla, and Bitcoins. There is still so much to be done!
- Donate to a node provider. If a relay doesn’t have a Bitcoin address entered in its contact field, you can donate directly with this tool.
- Run a relay. If you have extra bandwidth available, you can run a relay from home or your own server.
Alternatives to the Tor browser
Tor is not the only project attempting to make the internet a safer and more anonymous space, although it is by far the most tested and used.
Here are other projects committed to maintaining your internet privacy, security, and freedom:
- Ultrasurf is a proxy system for Windows. It is used primarily to evade censorship, although it also offers some privacy protection with the use of encryption. Like Tor, it is also largely funded by the United States government. Unlike Tor, the source code is not open.
- Freegate is another proxy system for Windows, used to evade censorship. The Freegate network is called Dynaweb and is also funded by the U.S. government.
- Java Anon Proxy is an open-source proxy network written in Java. It was developed by a group of researchers in German universities. Users should be wary of using it though. Java Anon Proxy contains a feature which allows law enforcement to issue surveillance orders for certain servers. Such features carry risk of abuse similar to that possible on unsecured networks, and call the advertised anonymity features into question.
- GTunnel is a product by the Canadian NGO, Garden Networks. It is aimed at circumventing censorship rather than protecting your Internet privacy. Unfortunately, GTunnel is no longer actively developed.
Find out more about Tor with these articles: