The original onion-routing browser that bounces traffic through three encrypted relays worldwide — the strongest tool for anonymous web browsing at the cost of speed.
This toolkit is for informational purposes. Security needs vary by situation. No tool guarantees complete privacy or anonymity.
Three layers of encryption through independent relays; each node only knows the previous and next hop, never the full path.
The gold standard for anonymous browsing — designed to defeat traffic analysis with a global network of volunteer relays.
Fully open source project maintained by the Tor Project; one of the most scrutinized codebases in privacy technology.
Tor Project is a US 501(c)(3), but the decentralized relay network spans every jurisdiction with no central data collection.
Operating since 2002; used by journalists, activists, and intelligence agencies; funded by US government and private donors.
Noticeably slow due to multi-hop routing; many websites block Tor exit nodes; requires understanding of safe browsing habits.
Windows, Mac, Linux, and Android; no official iOS version due to Apple restrictions on custom browser engines.
Completely free to download and use; no account, registration, or payment required.
Tor Browser is a modified version of Firefox that routes all traffic through the Tor network — a global, volunteer-operated system of over 7,000 relays that anonymizes your internet traffic by encrypting it in multiple layers and bouncing it through three random nodes before it reaches its destination. No single relay in the chain knows both who you are and what you're accessing. Developed and maintained by the Tor Project, a 501(c)(3) nonprofit, Tor Browser is the most proven tool for anonymous web access and has been the backbone of internet freedom for journalists, dissidents, and whistleblowers since its public release in 2008.
For crisis scenarios, Tor Browser serves two critical functions. First, it allows you to browse the web without revealing your IP address or location to the websites you visit or to anyone monitoring your network connection. Second, it can circumvent internet censorship — even in countries that actively block VPNs and filter internet traffic, Tor's pluggable transports (obfs4, Snowflake, meek) can disguise Tor traffic as regular HTTPS, making it extremely difficult to detect and block. If you're in a situation where the internet is being surveilled or restricted, Tor Browser may be your only path to unrestricted access.
Tor Browser is not a replacement for a VPN — it's a different tool with a different threat model. A VPN hides your traffic from your local network and ISP but requires trusting the VPN provider. Tor eliminates the need to trust any single entity at the cost of slower browsing speeds. Use Tor for sensitive searches, accessing onion services (like ProtonMail's .onion address), and any browsing where anonymity is more important than speed.
Tor uses a layered encryption system called onion routing. When your Tor Browser connects to a website, it selects three relays: a guard node (entry), a middle relay, and an exit node. Your traffic is encrypted three times — once for each relay's key — before leaving your device. The guard node peels off the first layer of encryption and learns your IP address but not your destination. The middle relay peels off the second layer and knows only the guard node and the exit node. The exit node peels off the final layer and sees the destination website but not your IP address. At no point does any single node know both ends of the connection.
Each relay uses TLS for transport encryption and Curve25519 for key exchange. The circuit (the specific path through three relays) is rotated every 10 minutes by default, and new circuits can be requested on demand. For connections to Tor hidden services (.onion addresses), the traffic never exits the Tor network at all — it's encrypted end-to-end between your browser and the hidden service through a rendezvous point, providing six hops of onion encryption instead of three. This is why accessing ProtonMail via its .onion address is more private than accessing it via the regular web.
Tor Browser is designed for maximum anonymity. There is no account, no registration, no login, and no identifier associated with your usage. Every time you close Tor Browser, all cookies, history, and session data are automatically deleted. The browser includes anti-fingerprinting measures that make all Tor users look identical to websites — the same window size, the same user agent, the same fonts, the same JavaScript behavior. This prevents websites from identifying you based on your browser's unique characteristics.
Tor's anonymity depends on mixing your traffic with other users. The more people use Tor, the stronger everyone's anonymity. The network currently handles approximately 2 million daily users. Your ISP can see that you're using Tor (though not what you're doing on it), which is why combining Tor with a VPN or using pluggable transports to disguise Tor traffic can be important in certain threat models. Tor Browser does not collect any telemetry or usage data and does not phone home to the Tor Project.
Tor Browser and the entire Tor network software are fully open source under various free software licenses. The Tor Project has been audited by numerous security firms and academic institutions over its 20+ year history. The core anonymity protocols have been the subject of hundreds of academic papers, making Tor the most studied anonymity system in existence. Regular security audits are conducted by firms like Cure53 and Radically Open Security, with results published on the Tor Project's website.
The Tor Browser is built on Firefox ESR (Extended Support Release), inheriting Mozilla's robust security practices while adding Tor-specific modifications for anonymity. These modifications — including the Torbutton extension, NoScript integration, and anti-fingerprinting patches — are all open source and reviewed by both the Tor development team and external contributors. Bug bounty programs through HackerOne incentivize responsible disclosure of vulnerabilities. The transparency of the project is total: anyone can run a Tor relay, inspect the relay directory, and verify the software.
The Tor Project is a 501(c)(3) nonprofit registered in the United States. While U.S. jurisdiction raises theoretical concerns, the Tor Project does not operate the Tor network — it develops the software. The network itself is operated by thousands of independent volunteers in dozens of countries. There is no central server to seize, no user database to subpoena, and no logs to compel. The Tor Project cannot identify Tor users because the architecture makes this impossible without controlling a significant portion of the network.
The Tor Project receives funding from multiple sources including the U.S. State Department (which has historically supported Tor as a tool for foreign dissidents), the Swedish government (via SIDA), and private donations. This mixed funding model is sometimes criticized, but it also means no single funder can exert undue influence. The use of Tor is legal in most countries, though some authoritarian regimes (China, Russia, Iran) attempt to block it — pluggable transports exist specifically to circumvent these blocks.
Tor has been operational in some form since 2002, making it one of the oldest and most battle-tested privacy tools in existence. It has been used to protect communications in every major political crisis of the 21st century — the Arab Spring, Hong Kong protests, Iranian Green Movement, Russian dissent, and ongoing journalist source protection worldwide. The Tor network has never been fundamentally broken, though individual attacks have been demonstrated in academic research, typically requiring significant resources (e.g., controlling both the entry and exit nodes for a specific circuit).
Known attacks against Tor have been traffic correlation attacks by entities (like nation-states) that can observe both ends of a circuit simultaneously. These attacks are resource-intensive and targeted, not mass surveillance tools. The Tor Project has responded to each known attack with protocol improvements. The 2014 Carnegie Mellon attack (used by the FBI to identify Silk Road users) exploited a now-patched vulnerability and required running malicious relays. Tor's response included improved relay vetting and the "guard node" system to reduce vulnerability to this type of attack. Edward Snowden's leaked NSA documents revealed that the NSA considered Tor one of the biggest obstacles to internet surveillance.
Tor Browser installs like any regular application — download, double-click, run. There is no configuration required for basic use. The browser opens with a connection screen where you click "Connect" (or "Configure" if you need pluggable transports for censorship circumvention). Once connected, the browser looks and functions like Firefox. You can browse the web, use search engines, check email, and access most websites normally. The address bar accepts both regular URLs and .onion addresses.
The primary usability trade-off is speed. Because your traffic passes through three relays in different parts of the world, page loads are noticeably slower than direct browsing — typically 3-10 seconds for a page load versus under 1 second on a regular browser. Streaming video is impractical, and large downloads are slow. Some websites block Tor exit nodes or present extra CAPTCHAs. JavaScript-heavy sites may not function perfectly due to the security-focused NoScript configuration. For text-based communication, research, and accessing privacy services, the speed is manageable. For general daily browsing, Brave or a VPN-protected regular browser is more practical.
Tor Browser is available for Windows, macOS, Linux, and Android. The desktop versions are full-featured and functionally identical. The Android version (available on Google Play and F-Droid) provides the same onion routing protection on mobile, though the interface is adapted for touch screens. There is no official iOS version — Apple's App Store restrictions prevent the necessary Firefox modifications, though the Onion Browser app (a separate project endorsed by the Tor Project) provides Tor access on iOS with some limitations.
Tor can also be used at the operating system level through Tails OS (which routes all traffic through Tor by default) or through the tor daemon on Linux for routing arbitrary applications through the network. For portable use, Tor Browser can run from a USB drive without installation — download it to a flash drive, plug it into any computer, and browse anonymously without leaving traces on the host machine. This portability makes it particularly valuable for crisis scenarios where you may not have your own device.
Tor Browser is completely free. The Tor Project is funded by grants, government contracts, and donations. There is no payment of any kind associated with downloading, installing, or using Tor Browser. No account, no subscription, no premium tier. The full anonymity protection of the Tor network is available to every user at no cost.
The Tor Project accepts donations via credit card, PayPal, and cryptocurrency (Bitcoin and several altcoins), but donations are entirely optional and have no connection to your use of the browser. There is no way for the Tor Project to know who is using their software, and there is no financial relationship between users and the project. This makes Tor Browser maximally accessible — the only cost is bandwidth and patience.
Download Tor Browser only from the official website: torproject.org. Verify the download by checking the PGP signature (instructions are on the download page) to ensure the file hasn't been tampered with. On Windows and macOS, run the installer. On Linux, extract the archive and run the start-tor-browser script. Tor Browser does not require installation — it can run from any directory, including a USB drive, making it useful when you don't have administrator access to a computer.
Launch Tor Browser. If you're in a country that doesn't censor Tor, click "Connect" and wait 10-30 seconds for the browser to establish a circuit through the network. If you're in a country that blocks Tor (China, Russia, Iran, Turkmenistan, and others), click "Configure" and select a pluggable transport: Snowflake is the easiest and works in most censored environments, while obfs4 bridges provide stronger obfuscation. You can request bridge addresses from bridges.torproject.org or by emailing bridges@torproject.org from a Gmail or Riseup address.
Once connected, test your anonymity by visiting check.torproject.org — it should confirm you're using Tor and display an IP address that is not yours. Set the security level to "Safest" (click the shield icon in the toolbar) for maximum protection — this disables JavaScript by default, which breaks some websites but prevents the most common browser exploits. For everyday anonymous browsing, "Safer" mode (which allows JavaScript on HTTPS sites) is a reasonable compromise. Never maximize the Tor Browser window (it makes your screen resolution fingerprintable), never install additional extensions (they can break anonymity), and never log into accounts that are linked to your real identity. Each browsing session should be treated as a separate anonymous identity — when you're done, close the browser, and everything is wiped.