VPN & Proxy

Tor (The Onion Router)

About 5 min read

Last updated: 2026-03-12

What Is Tor

Tor (The Onion Router) is an anonymous communication network that routes internet traffic through multiple relay servers (nodes), making it extremely difficult to link the source and destination of communications. Originally developed by the U.S. Naval Research Laboratory, it is now maintained by the nonprofit organization The Tor Project.

To use Tor, you use the dedicated Tor Browser. Based on Firefox, Tor Browser includes settings designed to enhance anonymity, such as browser fingerprint countermeasures and JavaScript restrictions.

How Onion Routing Works

The core technology of Tor is "onion routing." Communication data is wrapped in multiple layers of encryption, like the layers of an onion, and passes through three nodes in sequence.

  1. Guard node (entry node): Knows the user's real IP address but does not know the destination. The same node is used for an extended period (2-3 months) to reduce the risk of encountering a malicious node.
  2. Middle node (relay node): Only knows the IP addresses of the nodes before and after it. Cannot determine either the user's IP or the destination.
  3. Exit node: Makes the final connection to the destination server. Knows the destination but does not know the user's IP address.

Each node can only decrypt its own layer of encryption, and no single node can see the complete picture of the communication. This design ensures that anonymity is maintained even if a single node is compromised. However, the connection between the exit node and the destination is not encrypted, so the exit node operator can see the content of traffic to non-HTTPS sites.

Limitations of Tor's Anonymity

Tor is a powerful anonymization tool, but it is not infallible.

  • Traffic analysis attacks: An adversary capable of monitoring both the entry and exit nodes (such as a nation-state) may be able to correlate communications by analyzing timing and data volume patterns.
  • Browser vulnerabilities: If a zero-day vulnerability exists in Tor Browser itself, the user's real IP address could be leaked through JavaScript or other means. The FBI has used this technique to identify criminals in the past.
  • DNS leaks: If applications other than Tor Browser send DNS queries without going through Tor, anonymity is compromised.
  • Behavioral identification: Even when using Tor, logging into the same account or entering personally identifiable information destroys anonymity.

To maximize Tor's anonymity, operational precautions are necessary: do not change Tor Browser's default settings, do not resize the browser window, and do not log into personal accounts through Tor.

Legitimate Use Cases for Tor

Tor is often misunderstood as a tool for criminal activity, but it has many legitimate use cases.

  • Protecting journalist sources: A means for whistleblowers to safely provide information to media outlets. Platforms like SecureDrop, which are built on Tor, are operated by major media organizations.
  • Circumventing censorship: Used by citizens in countries with strict internet censorship to access blocked websites and services.
  • Privacy protection: For situations where you do not want third parties to know your browsing history, such as searching for medical information or researching politically sensitive topics.
  • Security research: Conducting security investigations and penetration testing while maintaining anonymity.

Using a VPN with Tor (Tor over VPN) is effective when you want to hide the fact that you are using Tor from your ISP. However, speed is significantly reduced, making it unsuitable for everyday use.

To learn more about this topic, see What Is Tor Browser? How Anonymous Communication Works.

Common Misconceptions

Using Tor is illegal
Using Tor is legal in most countries, including Japan and the United States. Tor is a privacy protection tool, and its use itself poses no legal issues. However, illegal activities conducted through Tor are still subject to prosecution.
Using Tor guarantees your identity will never be revealed
Tor significantly enhances anonymity but is not perfect. Browser vulnerabilities, operational mistakes (such as logging into personal accounts), and advanced traffic analysis can potentially lead to identification.

Tor vs. VPN Comparison

Tor

Triple encryption with multi-hop relaying for high anonymity. Free. Speed is significantly reduced (around a few Mbps). No need to trust a single provider.

VPN

Hides IP via a single server. Paid services recommended. Minimal speed reduction. Requires trusting the VPN provider. Suitable for everyday use.

Share

Related Terms

VPN (Virtual Private Network) A technology that encrypts internet traffic and routes it through a server in an… Proxy Server A server positioned between the client and the internet that relays communicatio… Browser Isolation A security technology that separates web content rendering from the user's endpo… DNS Leak A phenomenon where DNS queries bypass the encrypted VPN tunnel and are sent dire… Browser Fingerprint A technique that identifies and tracks users based on unique combinations of bro… Obfuscation (VPN) A technique that disguises VPN traffic as regular HTTPS traffic to evade detecti…

Related Articles

What Is Tor Browser? How Anonymous Communication Works Learn how the Tor network enables anonymous communication, how to use Tor Browser, and its advantage… What Is a VPN? How It Works, Benefits, and How to Choose One A comprehensive guide to VPN technology, including how it works, the benefits of using one, types of… How to Hide Your IP Address - VPN, Tor, and Proxy Compared Compare four methods to hide your IP address (VPN, Tor, proxy, network switching) by anonymity, spee…
← Glossary