What is the Tor browser and is it safe?
Online privacy and security have become increasingly important issues for web users. Governments, corporations, and data brokers continue to monitor online activities, and users are becoming aware of the need to protect their identities and browsing history. The Tor browser has emerged as a powerful tool for anonymous web browsing, providing users with a high degree of security and privacy.
You might’ve come across the Tor browser in one of our “best private browser” lists or maybe somewhere in the media, probably in a context involving the dark web. Accessing the dark web is the main thing the Tor browser was designed for, but it has its uses on the clearnet as well.
The Tor project protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents individuals, companies, and governments from watching what you do on the internet (for example, reading this article), or learning who you are and where you’re located.
What is the Tor browser
The Tor browser is a valuable tool for maintaining online privacy and security while browsing the web. Through its decentralized network of servers and multiple layers of encryption, it offers a high degree of anonymity and protection from online tracking. While Tor may be vulnerable to certain attacks, following recommended security practices can help you use the browser safely. It is important to understand the legal implications of using Tor and to use it only for lawful activities.
What does Tor enable you to do online?
The Tor web browser allows you to browse the internet anonymously. It works by using multiple layers of encryption to protect your data, making it difficult for anyone to trace where you’re going and what you’re doing online. This means you can do a wide range of things without fear of censorship or surveillance.
Tor can be used to access the dark web, which contains “hidden” websites that aren’t available through traditional search engines like Google or Bing or regular web browsers, like Chrome or Safari. These sites are often used for things like buying illegal goods or exchanging sensitive information (like medical records).
It also allows you to access blocked websites and bypass censorship imposed by governments and internet service providers. This is particularly useful for people living in countries with restricted access to information. Tor enables you to use online services anonymously, preventing websites from tracking your browsing history and IP addresses.
Related: What can someone do with your IP address?
How Tor protects your privacy
The biggest hint to how the Tor browser protects your privacy is right there in the name. Tor is actually an acronym that stands for The Onion Router. This is the name of a free and open-source protocol that wraps digital communications in multiple layers of encryption, like the layers of an onion.
Tor bounces your connection through a series of servers, called relays. There are three kinds of servers involved in the Tor network: entry nodes, middle relays, and exit nodes. This makes it difficult for anyone to trace the path of your internet connection back to you, and it also makes it very hard for an attacker who gets ahold of that information to figure out which sites you’re visiting.
Each time your information packets pass through a node, a layer of encryption is shed. The innermost layer of encryption is shed as your traffic passes through the final relay, called the exit node. It’s then passed to the website you were trying to reach, unencrypted by Tor.
Tor relays are run by volunteers around the world. This makes for a completely decentralized network that can’t be surveilled by simply gaining access to a single, central point. Even if an individual relay is compromised, the data packets passing through it are encrypted by Tor and of little use to the attacker.
Tor browser offers a high level of privacy and security. When using Tor, your browsing history, cookies, and other identifying data are encrypted and never stored on your device. This ensures that your online activities remain private and cannot be traced back to you.
The fact that Tor uses multiple relays and encrypts web pages individually makes it nearly impossible for anyone to track your activity on the internet. More on the limitations of the Tor protocol towards the end of this article.
How to install the Tor browser
You can use the Tor browser on your smartphone or tablet as long as your device has a compatible operating system onboard. Tor works on Linux, Windows, and Mac computers. Android smartphones on Android 5.0 or later can run the Tor browser, as can most custom Android ROMs, like Lineage OS.
Things are far less rosy on iOS devices, though. Apple does not currently allow iOS users to install and use the Tor browser on its devices. There are alternatives for iOS users, though, like the open-source Onion Browser, available on the Apple App Store. Both Android and iOS users will need to install Orbot in addition to either the Tor browser or Onion browser, respectively.
Orbot is a free and open-source proxy app. You need it to route web traffic from other apps (like web browsers, email clients, and navigation apps) through the Tor network on both Android and iOS.
Here’s how to get the Tor browser up and running on your devices.
Tor on Linux
Linux is the least popular operating system on the list, so why start with it? If you need to use Tor for legitimate reasons, like protecting journalistic sources, bypassing authoritarian censorship, or whistleblowing, then you can’t afford to take any chances.
The last thing you need is your operating system spying on you or leaking your data and GNU/Linux distributions are among the most privacy-respecting operating systems out there. Both Microsoft and Apple have been caught collecting data on their users and neither can be trusted.
For maximum protection, use Qubes OS (an example of a Converged Multi-Level Secure (MLS) System), Whonix, or Whonix on Qubes. If all this sounds quite technical, that’s because it is. The privacy advantages are unmatched, though, and depending on your threat model, you mightn’t have much of a choice.
Your “threat model” comes down to who or what it is that you’re protecting yourself from, what vulnerabilities you have, and what tools and tactics your adversaries have at their disposal. Extreme precautions are unlikely to be necessary if your threat model is limited to predatory advertisers, for example.
So, for most people, a regular, dependable, and well-documented Linux distribution like Ubuntu, Pop!_OS, or Mint with some extra precautions like a VPN (virtual private network) will still stand head and shoulders above Windows and macOS when it comes to security, transparency, and privacy.
Here’s how to install Tor Browser on a regular Linux distribution:
- Go to the Tor project website at https://www.torproject.org/download/ and click on “download for Linux.”
- Verify the signature using GnuPG.
- Go to where you downloaded the *.tar.xz file and extract the archive using the `tar -xf` command.
- In the extracted directory, make the *.desktop file executable by running `chmod +x start-tor-browser.desktop`.
- Launch Tor Browser by running `./start-tor-browser.desktop`.
You might also find Tor Browser in your distribution’s repositories, but make sure that you can trust the package maintainer before installing. Some distros, like Ubuntu, offer the `torbrowser-launcher` package to make downloading and launching the Tor Browser Bundle easier.
Tor on Windows
Looking for privacy on a Windows machine is never a winning policy. You might still be able to use Tor relatively safely from a Windows PC if you’re extremely tech savvy and careful, though. Here’s how to install Tor Browser on Windows:
- Go to the Tor project website at https://www.torproject.org/download/ and click on “download for Windows.”
- Verify the signature using GnuPG.
- Go to where you downloaded the *.exe file and double-click on it.
- Follow the on-screen instructions to complete the installation.
- Launch Tor Browser by double-clicking on the desktop icon or finding it in the Start Menu.
Although not a guarantee, you might be able to boost your safety by connecting to a reputable VPN before launching the Tor Browser. There’s not much you can do when you can’t trust your operating system, though.
Tor on macOS
Apple might have the better marketing department, but that doesn’t make it any more advisable to entrust your safety to a Big Tech company like this.
- Go to the Tor project website at https://www.torproject.org/download/ and click on “download for macOS.”
- Verify the signature using GnuPG.
- Go to where you downloaded the *.dmg file and double-click on it.
- Follow the on-screen instructions to complete the installation.
- Launch Tor Browser like you would any other app.
Like with Windows, do some extra research and take whatever extra precautions you can to shore up your safety while accessing the Tor network from macOS.
Using the Tor browser on a phone or tablet
Smartphones and other mobile devices aren’t the safest in general, with vulnerabilities and backdoors being discovered all the time. The Israeli mercenary hacking operation NSO Group has zero-click exploits for sale for both iPhone and Android phones, for example. And that’s just what we know about.
If you need convenient access to the dark web and your threat model allows for additional, unknown risk, then Tor on your mobile device might be right for you. Here’s how to get connected to the Tor network from either an Android or iOS device.
Tor on Android
There are a number of methods you can use to install the Tor browser on Android. The safest and easiest way is to install it through the F-Droid app store. It’s a few extra steps to install F-Droid first, but it’ll come in handy for installing other privacy-respecting, open-source apps down the line.
You can also use the Google Play Store, but you run the risk of Alphabet manipulating the app, interfering with updates, or flagging your Google account. Downloading the *.apk and side-loading it is another possibility, but you’d miss out on automated updates this way.
To install Tor on Android using F-Droid:
- Install the F-Droid app store from the official website.
- Open F-Droid and, in the lower, right-hand corner, open “settings.”
- Go to “repositories” under the “my apps” section.
- Enable “Guardian Project official releases.”
- Wait for F-Droid to finish synchronizing with the Guardian Project’s repository (this may take a while).
- Tap back on your device.
- Tap on “latest” in the lower, left-hand corner of the screen.
- Tap on the magnifying glass in the lower, right-hand corner.
- Search for “Tor Browser for Android“.
- Install the Tor browser by following the on-screen instructions.
Tor on iOS
Apple doesn’t allow its iOS users to install the Tor browser, but there’s an alternative app called Onion Browser that you can, for now, install from the App Store. Here’s how:
- Open the App Store on your device and search for “Onion Browser.”
- Install the app like you would any other.
- Open Onion Browser by tapping on the icon.
- Follow the in-app instructions to install Orbot and set up Onion Browser.
It’s not recommended that you use Tor on iOS devices for anything that could put you at risk—too little is known about how much surveillance iOS users are under to ensure your privacy on this platform.
Is Tor safe to use?
Tor is certainly safe to use as long as you understand its limitations. Tor is neither 100% secure nor 100% private, so the first step to using it safely is understanding that it cannot and does not provide a magical cloak of anonymity online.
Tor is safe in the sense that it doesn’t contain any malware. We know this thanks to the open-source nature of the project: the source code is freely available and has been scrutinized by countless people for any nefarious anti-features. The big caveat here is that you download Tor (the Tor Browser Launcher) from an official repository or the official website if you’re on Windows or Mac.
The only ways in which the Tor browser can be considered unsafe to use boil down to two categories: the things you do on Tor and the things you might come across on the dark web. The “dark” in “dark web” might seem like a reference to all the terrible things you’ve probably heard about on the dark web, but that’s not the case.
The dark web refers to a “hidden” part of the internet that can only be accessed using specific software or configurations. It’s hidden in the sense that it can’t be accessed by regular search engines or web browsers. The dark web isn’t inherently bad, but the fact that it provides a very high degree of anonymity means that people looking to do illegal things tend to gravitate towards it.
So Tor can be unsafe. If you try to buy a product or service on the dark web, you’ll almost certainly end up getting scammed. Interacting with the wrong people or clicking on the wrong link could end with you getting hacked, doxxed, or reported to law enforcement. The other major danger with the dark web is that you could end up seeing things that will stay with you in the worst possible way.
That said, most people use the dark web for perfectly legitimate reasons and never encounter anything mentally scarring or illegal. The trick to using Tor safely is being aware of the Wild West nature of the dark web and adjusting your online behavior accordingly.
Is Tor Browser anonymous?
Tor Browser is not completely anonymous, nothing online is, but it is very close to being anonymous. Whether it’s anonymous enough for you or not depends on what your threat model is—in short, who or what it is that you’re hiding your internet activity from.
If “all” you want to do is keep the websites you visit private from your government or internet service provider, then you can certainly use Tor Browser to do so. Unlike private browsing or incognito modes in a regular browser, Tor can actually obfuscate your IP address, making it the “more anonymous” option by far.
Related: How to open private mode on Mac
Tor Browser limitations
Tor, the browser and the protocol, have some technical limitations, like any other technology. Governments, state-sponsored actors, and others with the means and motivation to do so, often run Tor exit nodes to monitor the internet traffic that flows through them. The exit node is the last one through which your server request passes before reaching an *.onion or clearnet website.
So any actor—whether a group, organization, or individual—can run an exit node and use techniques like internet traffic analysis to gain some insight into what you’re doing on Tor. Your ISP (internet service provider) can also figure out that you’re using Tor by examining your data usage.
That said, you can still use Tor to browse the web anonymously as long as you understand your threat model and how to look after your operational security (OpSec). This means not leaving any identifiable information behind and modifying your behavior in ways that make it less likely that you’ll be identified or traced.
Legal implications of using the Tor browser
The first question you need to answer for yourself is: is using the Tor browser legal where you live? If it isn’t, then your internet service provider might be obligated by law to report suspected Tor traffic to the authorities. Seek legal counsel before installing the Tor browser or accessing the dark web if you’re at all unsure of the legality of either in your jurisdiction.
Tor browser myths and misconceptions
There are several myths and misconceptions about the Tor browser that persist in popular culture. One common misconception is that using Tor is only for illegal activities, such as accessing child sexual abuse material (CSAM) or darknet marketplaces (that offer illicit drugs and stolen data).
However, Tor can be used for legal activities, like maintaining online privacy and security, as well as potentially illegal but not unethical reasons, like bypassing censorship. Another myth is that Tor usage is always a red flag, but this is untrue, as many legitimate users choose to use Tor for various reasons.
Here are some of the most common myths and misconceptions concerning Tor:
Tor is only used for illegal activities
Journalists, whistle-blowers, and political dissidents all need the kinds of protections that something like the Tor network provides. People living under repressive regimes can use Tor to access information their government doesn’t want them to see.
Tor is completely anonymous and untraceable
No interaction between people is completely anonymous and untraceable. The anonymity provided by Tor can be broken under certain circumstances, but this would require a state or state-sponsored actor to target you specifically. Even then, their success wouldn’t be guaranteed.
Governments are known to run Tor exit nodes in order to intercept communications as they leave the Tor relay network to connect to clearnet servers. They combine this with sophisticated traffic analysis techniques to break the anonymity of targeted individuals. You would already have to be on their radar for them to justify the expense of doing all this, though.
Tor is a hacking tool
Hackers might use Tor, but this doesn’t mean that Tor is primarily a hacking tool any more than a keyboard is. Tor is just a networking protocol that protects users’ privacy. The Tor browser is just one way of interacting with that network. Hackers use regular browsers far more often than they use Tor.
Tor is slow and difficult to use
Tor is slow. Encrypting traffic multiple times and then decrypting each layer as it passes through each relay or node takes time. Just routing traffic through multiple servers scattered across the world and run by volunteers takes even more time. But difficult to use? Tor can be more difficult to set up than a regular browser, but using it is essentially the same.
Tor is only for tech-savvy individuals
You don’t have to be very tech-savvy to install and use Tor. If you can confidently install and set up a browser like Firefox or Brave, then you should be able to get Tor up and running without any problems. You do need to be tech-savvy if your safety depends on you maintaining your anonymity online, though.
Tor is constantly monitored by law enforcement
This is more of a misconception than a myth: law enforcement is constantly active on Tor and is rumored to run exit nodes as “honey pots” or test-points for traffic analysis. But, given that Tor is a decentralized network, it’s not like law enforcement can set up blanket surveillance operations on the network.
Tor is only for accessing the dark web
Another misconception: the Tor browser is designed primarily as a dark web browser, this is true, but it can be used to access the clearnet, and provides users with several privacy advantages over other browsers when used this way.
Tor is not safe and could compromise your computer
Tor cannot compromise your computer. The Tor browser can’t either. Both the protocol and the browser are completely open-source and no one has discovered anything in the source code that would suggest this kind of scenario. Dark-web hackers can definitely compromise your computer, though.
Tor, as a technology, is safe. What you do when visiting websites and interacting with people on the Tor network or through the Tor browser won’t necessarily be safe, though. This is the same as with regular browsers and the clearnet. The only difference being that regular browsers will compromise your computer.
Tor is only used by “bad guys” and criminals
Tor is used by “bad guys” and criminals, but it’s also used by regular, law-abiding people. Governments, militaries, law enforcement agencies, academics, journalists, whistle-blowers, and activists all use Tor for various legitimate reasons.
Tor is unnecessary if you have nothing to hide
This is a huge misconception surrounding privacy in general. Saying you don’t need privacy because you have nothing to hide is like saying you don’t need freedom of speech because you have nothing to say. Everyone has things they don’t want to be made public, and those things need not be bad or embarrassing.