Tor Browser is the gold standard of browser privacy — and also the most misunderstood privacy tool in existence. It is far stronger than any VPN, immune to nearly all fingerprinting techniques, and free to use. But it has trade-offs: it is slow, some sites block it, and it requires understanding what it does and does not protect. This guide explains how Tor Browser actually works, what threats it defeats, what it cannot protect against, and when to use it versus other privacy tools.
What Is Tor Browser?
Tor Browser is a privacy-focused web browser based on Mozilla Firefox, developed by the Tor Project. It routes all your traffic through the Tor network — a distributed system of more than 7.000 volunteer-run relays around the world — before reaching the website you are visiting. Each request bounces through at least three relays, with each relay only knowing the previous and next hop. The result: no single party can see both who you are and what you are doing.
Beyond the network anonymization, Tor Browser includes anti-fingerprinting features that make every Tor user look identical to every other Tor user — defeating the canvas fingerprinting, WebGL fingerprinting, and other tracking techniques that defeat ordinary browsers.
How Tor Works: The Three-Hop Routing
Every Tor connection passes through three relays:
Guard relay (entry) — your computer connects here. The guard sees your real IP but does not know what website you are visiting. Tor uses the same guard for weeks to limit exposure to attackers who run many relays.
Middle relay — receives traffic from the guard and passes it to the exit. It only sees encrypted blobs going in and out. Knows neither your IP nor your destination.
Exit relay — decrypts the final layer and forwards your request to the actual website. It sees the website you are visiting but not your real IP.
The encryption is layered: your traffic is wrapped in three encryption layers, and each relay peels off one layer (hence the name "onion routing"). No single relay has both your identity and your destination. The Wikipedia article on Tor explains the protocol in more depth.
What Tor Browser Protects Against
Tor Browser is the strongest defense available against:
IP-based tracking and geolocation. Websites see the exit relay's IP, not yours. Your real location is hidden.
Browser fingerprinting. All Tor users look identical — same User-Agent, same screen resolution (letterboxed), same fonts, same canvas fingerprint, same WebGL fingerprint. See our browser fingerprinting guide for the full context on what fingerprinting tries to do.
ISP surveillance. Your ISP sees that you are using Tor but cannot see which websites you visit or what you send to them.
Network-level tracking. Government surveillance, employer monitoring on shared networks, and Wi-Fi snooping all see only encrypted Tor traffic.
WebRTC leaks, DNS leaks, IPv6 leaks. Tor Browser disables WebRTC, routes DNS through Tor, and ignores IPv6 entirely. Our WebRTC leak test and DNS leak test guides explain these issues in detail.
Canvas, WebGL, audio, font fingerprinting. All standardized or disabled in Tor Browser. The canvas fingerprint test will return the same result for all Tor users.
What Tor Browser Does NOT Protect Against
This is where most users go wrong. Tor protects the connection — it does not make you invisible online. Specifically:
Logging into accounts. If you log into Google, Facebook, or any account, that company knows it is you regardless of Tor. Tor only hides where you connect from, not who you are.
Malware and tracking inside files. Downloaded PDFs, Word documents, and image files can contain tracking that activates when you open them. Tor warns you about this.
Browser exploits. Bugs in Firefox can be exploited to deanonymize Tor users. Tor Browser is patched aggressively, but zero-days exist.
Compromised exit relays. If you visit an unencrypted HTTP site through Tor, the exit relay can see and modify the content. Always use HTTPS.
End-to-end traffic correlation. A powerful adversary monitoring both your entry and exit traffic can correlate timing to deanonymize you. The NSA, China, and similar can do this for specific targets.
You giving away identifying information. Writing in your distinctive style, mentioning where you live, posting your real name — Tor does not change any of this.
Tor Browser vs VPN
| Aspect | VPN | Tor Browser |
|---|---|---|
| Anonymization layers | 1 (just the VPN provider) | 3 (three independent relays) |
| Who can see your traffic | VPN provider knows everything | No one knows both IP and destination |
| Speed | Fast (5–20% reduction) | Slow (often 50–80% reduction) |
| Anti-fingerprinting | None | Industry-leading |
| Site compatibility | Excellent | Some sites block Tor exit relays |
| Best for | Streaming, region bypass, fast browsing | Maximum privacy, sensitive research |
| Trust model | Trust one company | Trust no one (math instead) |
Many users combine the two — using a VPN to connect to Tor (a "VPN over Tor" or "Tor over VPN" setup). This is rarely necessary and can actually weaken privacy if not configured carefully.
Installing Tor Browser
Always download Tor Browser from the official source: torproject.org. Never from third parties — fake "Tor Browser" downloads have been used to deliver malware in the past. Verify the signature if you are in a high-risk situation (the Tor Project provides PGP signatures for every release).
Installation is identical to any browser: download, install, launch. On first launch, Tor Browser asks whether you can connect directly or need to configure a bridge (for users in countries that block Tor like China, Russia, or Iran). For most users, "Connect" works immediately.
Using Tor Browser Correctly
Follow these practices to maintain Tor's protections:
Do not maximize the window. Tor Browser uses letterboxing — keeping the window size standardized to prevent screen-size fingerprinting. Maximizing the window leaks your real screen size.
Do not install extensions. Even privacy extensions break the "everyone looks the same" property. Tor Browser ships with the only extensions it needs.
Use the security level slider. Standard mode allows JavaScript; "Safer" disables some risky features; "Safest" disables JavaScript entirely. For sensitive use, use Safest.
Do not log into accounts that link to your real identity. If you log into your Gmail or Facebook, you have just tied your Tor activity to your real identity.
Use "New Identity" between sessions. The New Identity function (menu) generates a fresh Tor circuit and clears all session data. Use it between unrelated browsing tasks.
Always use HTTPS. Tor Browser shows a clear warning for HTTP sites. The exit relay can read or modify unencrypted traffic.
Bridges: Using Tor Where It Is Blocked
Some governments and ISPs block known Tor relay IPs. Tor counters this with bridges — unlisted Tor entry points that censors do not know about. Bridges come in three flavors:
obfs4 — disguises Tor traffic as random data. Works against most blocking.
meek — disguises Tor traffic as connections to Microsoft Azure or Cloudflare. Works against deep-packet inspection.
Snowflake — uses temporary volunteer relays through WebRTC. Works in countries that block other bridges.
You can request bridges through Tor Browser's settings, by email ([email protected]), or by visiting bridges.torproject.org.
Onion Services: Hidden Sites Inside Tor
Tor's anonymization works for both users and servers. A website can run as an "onion service" (with a .onion domain) that is only reachable through Tor. The connection between user and site never leaves Tor — meaning the site does not know the user's real IP, and the user does not know the site's real IP. Both are anonymized.
Real-world onion services include: secure leaks platforms (SecureDrop), major news organizations (The New York Times, BBC, ProPublica), social networks (Facebook has an onion service), and the Tor Project itself. The "dark web" headlines focus on criminal use, but legitimate onion services serve millions of users every day for legitimate privacy needs.
Tor Browser on Mobile
Tor Browser is available for Android (in the Google Play Store and F-Droid) and works identically to the desktop version. There is no official Tor Browser for iOS due to Apple restrictions on WebKit-based browsers; the closest alternative is Onion Browser, which uses iOS Safari's engine. Onion Browser provides Tor routing but cannot match Tor Browser's anti-fingerprinting on iOS.
Common Misconceptions
"Tor is illegal." No. Tor is legal in nearly every country. China, Russia, and Iran try to block it but cannot ban its use. Using Tor is a normal privacy choice.
"Tor makes you invisible." No. Tor anonymizes connections, not behavior. Logging into your accounts or revealing personal information defeats Tor.
"Tor is only for the dark web." No. Most Tor traffic is normal users browsing normal websites with extra privacy.
"Tor is slow because it is bad." No. Tor is slow because it routes through three relays for security. The slowdown is the price of the privacy.
"Tor is broken / the NSA monitors it." Partially. The NSA can deanonymize specific targets with significant resources. For mass surveillance and routine threats, Tor remains highly effective.
Frequently Asked Questions
Is Tor Browser safe for everyday browsing?
Yes. The main downside is slow page loads. If you can tolerate that, Tor Browser is safer than any other browser for general privacy.
How slow is Tor Browser really?
Pages typically load in 5–20 seconds instead of 1–3. Video streaming works but in lower quality. File downloads take longer. The slowdown is acceptable for browsing, frustrating for media-heavy use.
Why do some websites block Tor?
Tor exit relay IPs are public, and some sites block them to prevent abuse (spam, fraud, scraping). Cloudflare-protected sites often show CAPTCHAs to Tor users. Some banks and shopping sites block Tor entirely.
Can I use Tor for streaming Netflix or YouTube?
YouTube works but slowly. Netflix blocks Tor exit IPs. Other streaming services vary. If streaming is your priority, use a VPN instead.
Does using Tor get me on a government watch list?
Internal NSA documents leaked in 2014 showed metadata collection on Tor users. However, with millions of Tor users worldwide (journalists, researchers, privacy enthusiasts), being on a list provides little operational signal to investigators.
Is Tor Browser the same as the Tor network?
No. The Tor network is the routing infrastructure. Tor Browser is a customized Firefox that uses the Tor network and adds anti-fingerprinting. Other applications can use Tor too (Tails OS, Tor Messenger, mobile apps), but Tor Browser is the primary entry point.
Should I run a Tor relay?
If you have bandwidth to spare and want to support the network, yes. Running a middle relay is low-risk; running an exit relay is higher-risk because you appear as the source of all Tor user traffic to law enforcement. Most home users should not run exit relays.
What is Tails OS?
Tails (The Amnesic Incognito Live System) is a Linux distribution designed to be booted from a USB stick and to leave no trace on the host computer. Every internet connection from Tails goes through Tor by default. It is the choice for the highest-privacy use cases.
Does Tor work with my regular VPN?
Yes, you can use both. "Tor over VPN" (VPN first, then Tor) hides Tor use from your ISP but creates a single point of failure at the VPN provider. "VPN over Tor" is more complex and only helps if you specifically need Tor to mask which VPN you use. Most users do not need either combination.
How do I know my Tor connection is working?
Tor Browser shows a Tor circuit indicator (a connection icon) for every site. Visit check.torproject.org — it confirms whether you are using Tor and shows your exit relay's IP. Run our IP address lookup to confirm the Tor IP differs from your real IP.
The Bottom Line
Tor Browser is the strongest privacy tool freely available. It defeats fingerprinting, ISP surveillance, and most network-level tracking. It is not a magic invisibility cloak — if you log into your accounts or reveal personal information, Tor cannot help. Use it correctly (no maximizing, no extensions, no logins to identity-linked accounts) and it provides industry-leading privacy that no VPN can match.