Tor routes your traffic through three relays before it reaches the destination. Each relay sees only the previous and next hop — no single relay knows both who you are and what you’re accessing. This protects against network-level surveillance, but Tor doesn’t protect you from browser fingerprinting, cookies, logging into accounts, or downloading files that call home.
This guide focuses on what actually matters for day-to-day safe Tor usage.
Download and Verify Tor Browser
Always download from the official source: https://www.torproject.org/download/
Verify the signature before installing:
# Import Tor Project signing key
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
# Verify the downloaded file
gpg --verify tor-browser-linux-x86_64-13.0.tar.xz.asc tor-browser-linux-x86_64-13.0.tar.xz
A valid signature shows:
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"
Do not skip verification. Fake Tor Browser downloads exist and contain malware.
First Launch: Choose the Right Security Level
After installing, set the security level before browsing:
Shield icon (top-right) > Change > choose one:
- Standard — All browser features enabled. Provides Tor’s network anonymity but maximum attack surface.
- Safer — JavaScript disabled on HTTP sites. Disables WebGL, some fonts, math rendering. Recommended default.
- Safest — JavaScript disabled everywhere. Only static content loads. Required for high-risk users.
Most users should start at Safer. Switch to Safest if you’re accessing sensitive material or sites that might try to exploit browser vulnerabilities.
Connection: Bridges and Censorship Circumvention
In countries where Tor is blocked (China, Russia, Iran, etc.), use bridges — unlisted relays that don’t appear in the public Tor directory.
In Tor Browser:
- Connection settings (before connecting or via Settings > Tor)
- “Use a bridge”
- Select a built-in bridge type:
- obfs4 — traffic obfuscation, widely effective
- Snowflake — uses WebRTC, looks like video conferencing traffic
- meek-azure — routes through Azure CDN, effective but slower
For custom bridges (obtained from https://bridges.torproject.org):
- Request bridges (solve CAPTCHA or use email request)
- Enter them in “Provide a bridge I know”
What Tor Protects and What It Doesn’t
Tor protects:
- Your IP address from the destination website
- Your browsing from passive network surveillance
- Your traffic content from your ISP (they see Tor, not the sites)
- Correlation of your identity with the sites you visit (when used correctly)
Tor does NOT protect:
- Login activity — if you log into Gmail over Tor, Google knows it’s you
- Cookies from before your Tor session
- Downloads that open external applications (PDFs, documents can call home with your real IP)
- JavaScript-based fingerprinting if Security Level is Standard
- Traffic analysis at the exit node (exit nodes see unencrypted HTTP)
- Your identity if you share personal details in the browser
- Metadata in files you upload (EXIF, document properties)
The Golden Rules for Tor Usage
1. Never log into personal accounts
Logging into Gmail, Facebook, or any account tied to your identity defeats Tor. The site now knows who you are, and correlates your browsing to your identity.
If you need to access accounts, use separate dedicated accounts created anonymously and only accessed over Tor.
2. Never open documents while connected to Tor
PDFs, Word documents, videos, and other files can make external requests that bypass Tor and reveal your real IP.
# Instead, download and open in an isolated environment
# Open PDFs in a sandboxed viewer (Tails OS does this automatically)
# Or open files offline after disconnecting from the network
If you must download files: turn off networking before opening them.
3. Never use Tor for BitTorrent
BitTorrent clients often make direct peer connections that bypass Tor, revealing your IP. BitTorrent also puts heavy load on the Tor network.
4. Don’t resize the browser window
Window size is a fingerprinting signal. Tor Browser opens at a standardized size. Maximizing or resizing makes your window unique. Keep it at the default size.
5. Don’t install browser extensions
Extensions change your browser fingerprint. Tor Browser already includes uBlock Origin configured correctly. Adding more extensions makes you more unique, not less.
6. Use HTTPS
Exit nodes can read unencrypted HTTP traffic. Always use HTTPS — look for the padlock. Tor Browser includes HTTPS-Everywhere to enforce this, but check manually for sensitive sites.
Managing Circuits
Tor assigns you a circuit (path through three relays) per tab. You can view and change circuits:
Click the padlock icon next to the URL > “Tor Circuit for this Site”
This shows your three relay hops. If a site is slow or blocked by the exit node’s country:
- Click “New Circuit for this Site” — gets you a new exit node
- Click “New Identity” (in the Tor menu) — completely new circuit for all tabs plus clears browsing data
Use “New Identity” between different browsing sessions (e.g., between researching Topic A and Topic B) to prevent circuit correlation.
Guard Nodes and Anonymity
Tor uses a “guard” (entry) node that stays fixed for 2-3 months. This is intentional — changing the entry node frequently increases the chance that an adversary who controls entry and exit nodes can correlate your traffic.
Don’t worry about your guard node. Don’t try to change it manually. The Tor Project’s research shows this design improves anonymity over time.
Using Tor Browser on Mobile
The official Tor Browser for Android is available on Google Play and as an APK from the Tor Project website.
On iOS, the Tor Project recommends Onion Browser (available on the App Store).
Key differences from desktop:
- No Safest security level equivalent on iOS Onion Browser
- Downloads handled differently — be more careful about opening files
- Same rules apply: no logging in, no window resizing (less of an issue on mobile)
Tails OS: Better Than Tor Browser Alone
If your threat model requires strong anonymity:
- Tails is a live operating system you boot from a USB drive
- All traffic is forced through Tor — no application can leak your real IP
- Leaves no trace on the host computer
- Includes tools for secure deletion, encrypted volumes, and document sanitization
For occasional sensitive research, Tor Browser on your regular OS is adequate. For high-stakes anonymity (journalism, activism, whistleblowing), use Tails.
# Download and verify Tails
curl -O https://download.tails.net/tails/stable/tails-amd64-6.2/tails-amd64-6.2.img
# Verify via https://tails.net/install/download/
Common Mistakes and How to Avoid Them
| Mistake | Why It’s a Problem | Fix |
|---|---|---|
| Logging into personal accounts | Site identifies you | Never do this |
| Opening downloaded PDFs immediately | Can call home with real IP | Open offline or in Tails |
| Using Tor on a compromised device | Malware can bypass Tor | Use Tails or a clean device |
| Visiting the same sites over Tor and clearnet | Timing correlation possible | Keep sessions separate |
| Discussing unique personal details | Content deanonymizes you | Keep browsing impersonal |
| Running Tor in a VM on a shared host | Host can monitor VM traffic | Not sufficient for high-risk use |
Fingerprinting and Circuit Isolation
Browser fingerprinting exploits unique characteristics to identify users. Tor Browser resists this, but understanding the mechanics helps you use Tor more effectively:
#!/usr/bin/env python3
import requests
from urllib.parse import urljoin
class TorBrowserFingerprintTest:
def __init__(self, tor_socks_port=9050):
self.session = requests.Session()
self.session.proxies = {
'http': f'socks5://127.0.0.1:{tor_socks_port}',
'https': f'socks5://127.0.0.1:{tor_socks_port}'
}
def test_fingerprint_vector(self, vector_name, test_url):
"""Test a specific fingerprinting vector."""
try:
response = self.session.get(test_url, timeout=10)
data = response.json()
print(f"{vector_name}: {data}")
return data
except Exception as e:
print(f"Error testing {vector_name}: {e}")
def run_fingerprint_tests(self):
"""Run comprehensive fingerprinting tests."""
tests = {
'User-Agent': 'https://www.browserleaks.com/ua',
'WebGL': 'https://www.browserleaks.com/webgl',
'Canvas': 'https://www.browserleaks.com/canvas',
'WebRTC': 'https://www.browserleaks.com/webrtc',
'DNS': 'https://www.browserleaks.com/dns'
}
for vector, url in tests.items():
self.test_fingerprint_vector(vector, url)
def compare_circuits(self):
"""Compare fingerprints across different Tor circuits."""
for i in range(3):
print(f"\n=== Circuit {i+1} ===")
self.run_fingerprint_tests()
if i < 2:
print("Requesting new circuit...")
# Trigger New Identity between tests
# Usage
tester = TorBrowserFingerprintTest()
tester.run_fingerprint_tests()
Tor Browser Security Level Practical Comparison
Understand real-world impact of each security level:
| Feature | Standard | Safer | Safest |
|---|---|---|---|
| JavaScript | Enabled | Disabled on HTTP | Disabled globally |
| WebGL | Enabled | Disabled | Disabled |
| DOM Fonts | Enabled | Disabled | Disabled |
| CSS Animations | Enabled | Enabled | Disabled |
| SVG Rendering | Enabled | Enabled | Disabled |
| HTML5 Audio/Video | Auto-play | No auto-play | Disabled |
| User-agent JS | Exposed | Spoofed | Spoofed |
Practical recommendations:
- Casual browsing: Standard is fine
- Accessing sensitive content: Use Safer
- Whistleblowing/activism: Use Safest (accept broken sites)
# Set security level via torrc configuration
# ~/.tor-browser/profile.default/prefs.js
user_pref('extensions.torbutton.security_level', 2); # 0=Standard, 1=Safer, 2=Safest
Advanced: Using Tails OS for Tor
For maximum security, use Tails (The Amnesic Incognito Live System):
#!/bin/bash
# tails-setup.sh - Prepare USB for Tails OS
# Download Tails image
curl -O https://download.tails.net/tails/stable/tails-amd64-6.2/tails-amd64-6.2.img
# Verify signature
curl -O https://download.tails.net/tails/stable/tails-amd64-6.2/tails-amd64-6.2.img.sig
curl -O https://download.tails.net/tails/stable/tails-amd64-6.2/SHA256SUMS
curl -O https://download.tails.net/tails/stable/tails-amd64-6.2/SHA256SUMS.asc
# Verify with GPG
gpg --verify SHA256SUMS.asc SHA256SUMS
sha256sum -c SHA256SUMS
# Write to USB (WARNING: destroys data)
sudo dd if=tails-amd64-6.2.img of=/dev/sdX bs=4M status=progress oflag=sync
sync
echo "Tails USB ready. Boot from USB for amnesic Tor session"
Tails advantages for Tor usage:
- All traffic forced through Tor (no leaks possible)
- Automatic connection to Tor on boot
- Built-in tools for document analysis (metadata removal)
- Amnesic: leaves no traces on host computer
Monitoring Your Tor Connection Health
Verify Tor is functioning correctly:
#!/bin/bash
# tor-health-check.sh
echo "=== TOR CONNECTION HEALTH CHECK ==="
# 1. Verify Tor is running
if pgrep -x "tor" > /dev/null; then
echo "[OK] Tor daemon running"
else
echo "[FAIL] Tor daemon not running"
exit 1
fi
# 2. Check control port accessibility
nc -zv 127.0.0.1 9051 && echo "[OK] Control port accessible" || echo "[FAIL] Control port unreachable"
# 3. Monitor bandwidth
echo ""
echo "Tor Bandwidth Usage:"
curl --socks5 127.0.0.1:9050 -s https://api.ipify.org | head -c 50
# 4. Check circuit establishment
stem_test=$(python3 -c "
import stem.control
controller = stem.control.Controller.from_port()
controller.authenticate()
circuits = controller.get_circuits()
print(f'Active circuits: {len(circuits)}')
" 2>&1)
echo "$stem_test"
# 5. Verify exit node
echo ""
echo "Current exit node:"
curl -s --socks5 127.0.0.1:9050 https://api.ipify.org
# 6. Check for DNS leaks
echo ""
echo "DNS leak test:"
nslookup example.com | grep "^Server:" | head -1
# 7. Monitor Tor logs for errors
echo ""
echo "Recent Tor errors:"
journalctl -u tor@default -n 10 -p err 2>/dev/null || grep "ERROR\|WARN" ~/.tor/log.txt | tail -5
echo ""
echo "=== HEALTH CHECK COMPLETE ==="
Onion Site Access Best Practices
Safely accessing Tor hidden services (.onion):
#!/bin/bash
# onion-safety-guidelines.sh
echo "=== ONION SITE SAFETY ==="
# 1. Verify .onion domain authenticity
# Use published lists and PGP verification
# 2. Check site SSL certificate
echo "Verifying SSL certificate..."
openssl s_client -connect TARGET.onion:443 < /dev/null | grep "Issuer:"
# 3. Check for mixed content
# Visit site and look for warnings about insecure resources
# 4. Test download safety
echo "Download safety scan..."
# Use VirusTotal or similar (accessed via Tor)
# 5. Verify site legitimacy
echo "Cross-reference with known good sources"
# Never access onion sites from clearnet sources
# 6. Use latest Tor Browser version
tor --version
Building Tor from Source for Maximum Security
For users concerned about binary distribution integrity:
#!/bin/bash
# build-tor-from-source.sh
# Download Tor source
wget https://dist.torproject.org/tor-0.4.8.1.tar.gz
wget https://dist.torproject.org/tor-0.4.8.1.tar.gz.asc
# Verify signature
gpg --keyserver keys.openpgp.org --recv-key D1EB2BE98C3A68F133EFC116DB7C54C589B36717
gpg --verify tor-0.4.8.1.tar.gz.asc
# Extract and build
tar xzf tor-0.4.8.1.tar.gz
cd tor-0.4.8.1
./configure --disable-asciidoc
make
sudo make install
# Verify installation
tor --version
Emergency Procedures
If you suspect your Tor session is compromised:
#!/bin/bash
# tor-emergency.sh
echo "EMERGENCY: Suspected Tor compromise"
# 1. Immediate actions
pkill -9 firefox tor-browser
pkill -9 tor
# 2. Isolate session
sudo iptables -F
sudo iptables -X
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP
# 3. Preserve logs for forensics (BEFORE cleaning)
sudo journalctl -e > /tmp/forensics.log
# 4. Secure wipe sensitive data
shred -vfz -n 35 ~/.config/Tor\ Browser/*
shred -vfz -n 35 ~/.*history*
# 5. Reboot to clean state
echo "System isolated. Secure wipe in progress..."
read -p "Press Enter after ensuring backups are safe, then system will reboot"
sudo reboot -h now
Related Articles
- How to Use Tor Safely in Country That Criminalizes Its Use
- Tor Hidden Services: How to Access Safely
- Best Browser for Tor Network 2026: A Technical Guide
- Best Browser To Use With Tor Hidden Services
- How To Use Tor Browser For Creating Anonymous Accounts Witho
Built by theluckystrike — More at zovo.one