Tor Browser: What it is and is it safe?

Tips & tricks
20 mins
tor red onion symbol

Tor (originally called The Onion Router because it layers your traffic like an onion) is generally considered safe to use. The free network of servers, or “nodes,” can significantly increase a user’s privacy and anonymity online. In internal documents, the NSA has even referred to Tor as “the king of high-secure, low-latency internet anonymity.”

In this guide, we will explain how the Tor browser works, how you can make use of it and contribute to it, and the many other little things Tor enables us to do online.

Jump to…
What is Tor?
Is Tor safe?
What is Tor Browser?
How the Tor browser works
What is the Tor browser used for?
Pros and cons of using the Tor browser
How to use the Tor browser
How to stay safe while using the Tor browser
How to contribute to Tor
Alternatives to the Tor browser
Bonus: The unlikely history of Tor

What is Tor?

Tor, short for “The Onion Routeris a free, open-source software that enables anonymous communication over the internet. Similar to a VPN, you can use Tor to hide your IP address and anonymize your internet traffic. This is because Tor directs internet traffic through a worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. This makes it difficult for anyone to track your internet activity or determine your physical location.

Tor provides access to the dark web—a part of the internet that is not accessible using normal browsers. It is often viewed negatively by the press and law enforcement agencies, due to its use to conduct illegal activity, but it has many positive benefits. Journalists and their sources rely on it to communicate securely and anonymously, without fear of government monitoring. Secure communication is essential in whistleblowing cases, providing anonymity to people “on the inside. Similarly, Tor is important for law enforcement as it allows for covert operations and investigations online. Tor currently has about two million daily users worldwide, most of them originating from the United States, Germany, and Russia.

Is it safe to use Tor?

Yes, from a privacy standpoint, Tor is safe because it anonymizes your internet activity and hides your location. This is done by routing your data through multiple servers around the world, making it hard to trace back to you. The Tor Browser and Tails (an operating system that prioritizes privacy and anonymity) are both set up to use the Tor network right from the start, which helps prevent accidental leaks of your personal information.

However, the content on the dark web can be seen as dangerous, filled with scams and marketplaces selling illegal goods. Users can also be tricked into downloading malware or revealing information about themselves.

What is Tor Browser?

Tor Browser is a web browser specifically designed for you to access the dark web or use the Tor network. The browser looks and feels like Firefox, but comes optimized for security and privacy. It has the NoScript extensions pre-installed to protect you from malicious Flash or Javascript exploits. 

Here’s what else sets it apart:

  • Anonymity: Tor Browser routes your web traffic through the Tor network, making it difficult to trace your internet activity back to you. This helps protect your personal privacy and freedom.
  • Access to dark web: The Tor browser allows access to .onion websites, which are part of the dark web and not indexed by regular search engines.
  • No tracking: It doesn’t track your browsing history and clears your cookies after each session.
  • Blocks trackers: The browser automatically blocks many third-party trackers and ads that can follow you across websites.
  • Fingerprint resistance: It makes all Tor browser users look identical, which makes it more challenging for you to be fingerprinted based on your browser and device information.
  • Free and open source: It’s freely available for anyone to use or modify.

It’s important to note, however, that the Tor browser will not anonymize all your web traffic. This is why it is commonly run alongside a VPN. More on this below.

How the Tor browser works

Imagine the internet as a postal system. If you want to buy a book, you send a postcard to a publisher. The downside? Everyone who handles your postcard knows what you’re reading. This is similar to how the internet works—your online requests can be tracked.

To keep your request private, you could think of using a sealed envelope, representing encryption. It hides what’s inside (your online request) but still shows where it’s going and where it’s from (metadata). This is like basic encryption on the internet, indicated by a lock icon in your browser.

Tor’s layered security: nodes

Tor Browser takes privacy further. When you send a request, it goes through a chain of three randomly chosen nodes (servers) before reaching the destination:

  • An entry node can see who you are, but not what you request or who you request it from.
  • A middle node cannot see anything. It is important because it separates the exit and entry nodes from each other.
  • An exit node can only see what you request, but not who you are. 

infographic: what is a tor network?

What is the Tor browser used for? 

Because Tor Browser allows you to browse the internet without revealing your identity or location, it’s primarily used for enhancing online privacy and security.

Here are a few examples of what Tor Browser is commonly used for:

  • Anonymous browsing: It’s ideal for those who want to keep their internet activities private. Whether you’re a journalist, activist, or just a privacy-conscious individual, Tor Browser ensures that your browsing habits and location remain anonymous.
  • Accessing restricted content: In countries where the internet is heavily censored, Tor Browser can bypass these restrictions. This allows users to access blocked websites and information freely.
  • Secure communication: For whistleblowers or individuals needing to communicate sensitive information securely, Tor provides a platform where they can share data without the risk of being traced.
  • Researching sensitive topics: Researchers or individuals exploring sensitive or controversial topics can use Tor to protect themselves from surveillance and potential backlash.
  • eCommerce and cryptocurrency transactions: Some use Tor for more secure online transactions, especially when dealing with cryptocurrencies or when anonymity is a priority.
  • Accessing the dark web: Tor is the gateway to the dark web, a part of the internet not indexed by traditional search engines. It’s used for both legitimate and illicit activities, ranging from free speech forums to marketplaces for illegal goods.

Pros and cons of using the Tor browser

While Tor Browser provides enhanced privacy, it’s not infallible. Here are some of its advantages and disadvantages:

Pros of using Tor BrowserCons of using Tor Browser
Enhanced privacy: Keeps your browsing private, protecting your identity and location.Slower speed: Due to traffic being routed through multiple nodes, browsing can be slower.
Access to restricted content: Bypasses censorship and allows access to blocked websites.Limited anonymity: The Tor browser will not anonymize all your web traffic, which is why it is commonly run alongside a VPN. More on this below.
Free and open source: Tor is free to use and its source code is open for review, enhancing trust.Complexity for average users: Can be less user-friendly compared to mainstream browsers.
Improves security: Provides an extra layer of security, especially on public Wi-Fi networks.Misuse concerns: Sometimes associated with illegal activities due to the anonymity it offers.
Dark web access: Enables access to .onion sites, which are not indexed by standard search engines.Limited plugin use: To ensure privacy, the use of plugins and extensions is restricted, which can limit functionality.
Useful for sensitive research: Ideal for journalists, activists, and researchers working on sensitive topics.Website compatibility issue: Some websites may not work properly or block Tor users.

Accessing .onion sites through Tor Browser

Another potential downside of using Tor can be the risk associated with malicious exit nodes. These nodes, managed by volunteers, become a point of vulnerability if the end site lacks robust encryption, potentially exposing your data to viewing or alteration. However, this risk can be mitigated by using .onion addresses within the Tor browser, which don’t require exit nodes.

.onion domains, distinct and not part of the regular DNS, offer mutual anonymity for both the user and the site. Numerous well-known websites offer .onion versions; for instance, Facebook’s is facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion. These addresses are also useful for bypassing strict network firewalls.

Read more: What is an .onion address on Tor, and how to get one

How to use Tor browser

The Tor Browser is easy to run. In fact, it doesn’t require any installation at all and you can just run the .exe or .dmg files directly from your USB stick. This makes it possible to bring the browser into an environment where you cannot install software, such as your school or office.

1. Download the Tor Browser

The Tor Project onion site, viewed through the Tor Browser.

The Tor Browser is available for Windows, Mac, Linux, and Android.

Download the file and save it. Installation is quick and easy.

In Windows, double-click the .exe file and select a destination folder. This can also be a USB stick.

In Mac OS X, you have to double-click the .dmg file and drag the containing file into a separate folder, such as the application folder or USB stick.

In Linux, you have to unpack the .tar.xz file with the command below.

tar -czvf tor-browser-linux64-[…].tar.xz

On Android, you can install the app from the Google Play store or download one of several APK files from the website.

2. Start the Tor Browser

When you start the Tor Browser for the first time, you will be asked how you want to connect. If you are unsure if your network requires further configuration (mostly it doesn’t), click on continue. Otherwise, click on “configure” and answer the questions.

Pro Tip: If Tor does not connect, or if you do not want your ISP to know you are using Tor, connect to your VPN first, then open the Tor Browser.

3. Browse the web anonymously

Congratulations, you are now using Tor! You can now browse the internet anonymously. To make full use of Tor’s security features, have a look at their FAQ.

Tor Browser for Android

Android is now officially supported by the Tor Project, with multiple APK files available for download on the Tor Browser website.

Tor Browser for iOS

Tor is not officially available on iOS devices, but the Tor Project recommends iPhone and iPad users use the Onion Browser instead. Some apps, such as the Zap Bitcoin wallet also come with Tor capabilities included.

Tor Browser for Mac, Windows, and Linux

The Tor Project’s website also hosts the latest builds of Tor Browser for Mac, Windows, and Linux, along with updated release announcements, download instructions, and a guide to verifying digital signatures.

Tor Browser for Tails

Tails (The Amnesic Incognito Live System) is an operating system based on Linux that you can run from a DVD or USB stick. It comes pre-installed with the most important encryption software, like Pretty Good Privacy (PGP) and OTR. It will route all your traffic through the Tor network by default. This makes it far easier to remain truly anonymous, and it also mitigates threats of bugs or attacks.

You can easily carry it with you and it does not need to be installed on the computer you are running. Tails lets you safely and easily maintain a separate identity on your own computer or a public device.

How to stay safe while using the Tor browser

Cyber threats like surveillance, tracking, and malicious software can still pose risks when you’re using Tor Browser—especially on less secure or unregulated parts of the internet. By adopting safety practices, you can safeguard against these risks, ensuring your browsing remains private and secure. 

  • Keep Tor updated: Regularly update the Tor Browser to the latest version for security patches and improvements.
  • Practice safe browsing: Avoid installing plugins or add-ons as they might connect to servers outside of Tor, compromising your IP address and browsing history.
  • Always check for HTTPS: Ensure you’re connecting to websites using HTTPS. Traffic through exit nodes can be monitored if the destination site isn’t secured with an HTTPS lock.
  • Avoid personal information: Don’t share personal details such as your real name, address, or phone number.
  • Limit downloading files: Be cautious when downloading files, as they can contain malware or compromise your anonymity when opened. Even PDFs and Word documents might contain little snippets of code that could reveal your personal Internet protocol (IP) address.
  • Be mindful of your digital footprint: Remember that heavy traffic on the Tor network, like running a popular dark web site, might make you more identifiable.
  • Avoid torrenting over Tor: It’s not recommended to torrent through the Tor network. Modern BitTorrent clients use UDP as a protocol, which does not work over Tor. As a result, your data will either not be transmitted at all or transmitted outside of Tor, revealing your IP address in the process.
  • Disable JavaScript (if feasible): Consider disabling JavaScript to prevent revealing your real IP address, though this may affect website functionality.
  • Be cautious with .onion links: Only visit trusted .onion sites, as others may host harmful content.
  • Avoid opening documents downloaded through Tor while online: Opening documents externally can reveal your real IP address.
  • Utilize NoScript: Utilize NoScript and other secure extensions included in Tor to manage what runs on your browser.
  • Be mindful of cookies and history: Tor Browser deletes cookies and history upon startup, but be cautious about triggering compromising cookies during your session.

Use a VPN when connecting to Tor Browser

Using a VPN in combination with Tor can significantly enhance your online privacy and security. When you use Tor, your internet service provider can see that you are using Tor. A VPN encrypts your internet traffic, hiding it from your internet service provider and other local snoopers. Tor, on the other hand, anonymizes your connection and makes it difficult to trace your online activities back to you. Combining these tools fortifies your digital privacy, making it an ideal setup for those who prioritize confidentiality.

There are two primary methods to use Tor and a VPN at the same time:

  1. VPN then Tor (recommended method): First, connect to your VPN, which encrypts your traffic. Then, use the Tor Browser. This method safeguards you from potentially malicious exit nodes on the Tor network and hides your Tor usage from your local network. It’s a straightforward approach, enhancing your privacy without overly complicating the process.
  2. Tor then VPN (less common): Here, you connect to the Tor network first and then to a VPN. This setup is less common and not widely recommended. It provides an additional encryption layer but doesn’t significantly enhance anonymity. Also, this method can slow down your connection more than the first method.

The level of information visible to websites and networks differs based on whether you use Tor, a VPN, or both. To decide the best solution for your needs, consider what you prioritize more—speed and simplicity or maximum privacy and security.

Only TorTor then VPNVPN then TorOnly VPN
Local network or ISP can read your trafficNoNoNoNo
Local network knows your locationYesYesYesYes
Local network or ISP sees you are a Tor userYesYesNoN/A
Tor entry nodes can see your locationYesYesNoN/A
Tor exit nodes can read your trafficYesNoYesN/A
VPN can read your trafficN/AYesNoYes*
VPN knows your locationN/ANoYesYes*

*Note: A trustworthy VPN service provider never stores any information about your traffic. You can find out if your VPN provider logs your data by reading their terms of service agreement.

How to securely share files using Tor Browser

While you shouldn’t (and often can’t) use the Tor network to hide your torrent traffic, the Tor browser provides you with one of the most convenient ways to share files with other people. It’s called OnionShare and was developed by Micah Lee. In addition to its security, it is much more convenient than sending email attachments and or using a service like Dropbox.

With Onionshare, you just select the file on your computer, and a link to it is generated. You can then share this link with the intended recipient, via any application. You and the recipient will need to keep the Tor browser open during the entire process. Sharing files using Tor ensures that the sender and recipient never know each other’s locations.

Onionshare is a truly anonymous file-sharing method. Take note, however, that anyone with the link will be able to download the file, so you should share the link in an encrypted fashion, for example with OTR (Off-The-Record).

There is also a neat option that allows you to close the server after the item has been downloaded. That way you can be absolutely certain that the item is only accessed once. If your contact received it, you can be sure no one else did.

Privacy tools for whistleblowers

SecureDrop (originally called DeadDrop) is software that makes it easier to safely leak information to the press over the Tor network. It was originally developed by Aaron Swartz and is currently being maintained by the Freedom of the Press Foundation. It has been adopted by ProPublica, The Intercept, The Guardian, even ExpressVPN.

SecureDrop runs on a server belonging to a journalist or news organization that is only reachable via Tor. The whistleblower can upload any kind of document to this server, for which they receive a code. This unique code can later be used to submit more information or communicate securely and anonymously with the journalists.

Read more: ExpressVPN’s Digital Rights Center offers support for activists and journalists

How to contribute to Tor

While the Tor network is still primarily funded by the United States government, it relies on the efforts of activists and volunteers to stay secure. Additional resources to the project will make it more balanced and less dependent on government and military support. You can help out by doing any of the following.

  • Use Tor. You will get internet privacy yourself, and also help to establish the network as an important tool for everyday users.
  • Join the Tor community. It’s a platform with useful resources on how you can contribute your skills.
  • Become a Tor developer. It is worth major street cred to build on top of the leading anonymity network! You can help bring in whatever skill you have to increase the Tor Project’s security, documentation, and features.
  • Donate to the Tor Project. The Tor project accepts PayPal, cryptocurrency, credit card, and more. There is still so much to be done!
  • Support initiatives like the Library Freedom Project, which aims to place Tor relays, especially exit nodes, within public libraries.
  • Run a relay. If you have extra bandwidth available, you can run a relay from home or your own server.

Alternatives to the Tor browser

Tor is not the only project attempting to make the internet a safer and more anonymous space, although it is by far the most tested and used.

Here are other projects committed to maintaining your internet privacy, security, and freedom:

  • Ultrasurf is a proxy system for Windows. It is used primarily to evade censorship, although it also offers some privacy protection with the use of encryption. Like Tor, it is also largely funded by the United States government. Unlike Tor, the source code is not open.
  • Freegate is another proxy system for Windows, used to evade censorship. The Freegate network is called Dynaweb and is also funded by the U.S. government.
  • Java Anon Proxy is an open-source proxy network written in Java. It was developed by a group of researchers in German universities. Users should be wary of using it though. Java Anon Proxy contains a feature that allows law enforcement to issue surveillance orders for certain servers. Such features carry the risk of abuse similar to that possible on unsecured networks and call the advertised anonymity features into question.
  • Astoria, a product of joint research between American and Israeli teams, is a Tor client that minimizes the risk of “timing attacks” that adversaries can use to deanonymize Tor traffic.

Bonus: The unlikely history of Tor

Tor: The early years

The United States armed forces have always relied on a vast network of spies around the globe to gather information. As this information became increasingly digital in the 1990s, the agencies realized how valuable it would be for their assets to communicate online.

No longer would spies need bulky radios, or have to decipher messages in newspapers to receive information. But the U.S. military was also aware that the way the internet was constructed posed serious threats to the identity and security of their sources. It would be very easy to detect who was communicating with servers operated by U.S. intelligence or military.

Imagine an NGO discovering one of their members frequently logs into the members-only forum of a military base, or a large corporation noticing that an employee is frequently opening up the website of a government agency. Without a global network providing anonymity, spies, police, and other government organizations wouldn’t be able to effectively communicate with their sources or carry out covert investigations.

In the mid-1990s, the U.S. Naval Research Laboratory began to work on a solution. They started to develop a way to route encrypted data through a network of computers placed all around the world. This routing method would hide both the origin and the destination of all the data. After 1997, the project was further developed by the Defense Advanced Research Projects Agency (DARPA).

But how would such a network authenticate its users? And how would such a network remain undetected? Who else could profit from being able to access the uncensored internet in an anonymous way?

Public tool instead of secret weapon

We can wildly speculate about these questions, but for historians, it is difficult to determine what debates the military and intelligence organizations involved went through, and which arguments convinced them to release the software for public use, under a free license, in 2002. The responsibility to maintain the project was handed over to the Electronic Frontier Foundation (EFF), which then handed control to The Tor Project. The majority of its funds still come from the United States government, though the government of Sweden also contributes significantly.

The reasons for the government’s involvement in the Tor Project might appear contradictory. The government wants to continue to use the Tor network to obfuscate the source of its attacks, to infiltrate civil rights movements, and to enable its spies to communicate intelligence securely and effectively. On the other hand, they gave the public a tool that would allow anyone to obfuscate the source of their attacks and hide, or information, from the government.

Graph showing total relay bandwidth of the Tor Network 2010 to 2020

With and against the government

But to be able to use this tool without raising suspicion, the government needs to promote the Tor network as a liberating and empowering technology for those who want to break free from authoritarian control. They needed to not just promote it by spreading the word, but also by making the software genuinely effective and endorsed by the same people the government wishes to gather information on.

The government needed to give up power to maintain power. This complicated balance is probably also the reason the U.S. government has become both an avid supporter and forceful attacker of this technology.

Organizations like the U.S. government are not entirely homogeneous, and no doubt consist of actors who honestly try to protect civil rights, as well as those who wish to strengthen authoritarian structures.

Can a balance be struck between power and freedom?

FAQ: Tor Browser

Can Tor be hacked?
Can you be tracked on Tor?
Why does Tor have a bad reputation?
Is it illegal to use the Tor Browser?
What’s the difference between Tor and a VPN?
Is Tor Browser safer than VPN?
How can I connect to Tor when it’s blocked?
Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
I like hashtags because they look like waffles, my puns intended, and watching videos of unusual animal friendships. Not necessarily in that order.