Everything you need to know about Tor

The decade in internet scamming
From Yahoo boys to Caroline Calloway, scammers were a big part of the 2010s.

See all Editor's Picks

No matter what you’ve heard about the Tor network, the basics of the service are simple: Tor keeps anyone who uses it safe, secure, and anonymous on the Internet.

Originally created by the U.S. Navy, Tor can be used to browse the Web anonymously, send and receive private communications, or make other computer software anonymous by integrating it with Tor software.

Tor’s reputation, however, is less straightforward. Many equate the anonymity the network provides with those who decide to use it for illegal purposes. From terms like “Dark Net” and ”Deep Web” to who actually uses the privacy software, here’s everything you need to know about Tor.

What Tor does and where to get it

Tor is developed and maintained by the Tor Project. You can download the latest version of the Tor software here.

Once you have Tor, it’s as simple to use as Chrome or Firefox. (In fact, the Tor browser is a tweaked version of Firefox.) You can view most websites as you would with any other browser—the main difference is that now those websites won’t know who you are. You won’t be identified and tracked the way that you are around the Internet with other browsers.

Tor lets you do plenty of other stuff, too. Using the Tor browser or working with other programs, you can chat anonymously or share files without giving up your identity. One of the most interesting uses of Tor is accessing so-called hidden services, anonymous websites that only exist within the Tor network. In the same way that Tor hides your identity, a hidden service website’s location and the identity of its owner is also hidden thanks to Tor’s technology.

What is the Dark Net and Deep Web?

When anyone talks about Tor, it’s crucial to understand a few key definitions.

People often confuse the Deep Web and Dark Net. Adding further confusion is that these names are not used universally. Some call the Dark Net the Dark Web or the Deep Web the Deep Net. We use Dark Net and Deep Web. Here’s what each term truly means:

The Deep Web is information on the Internet that is not available by standard search engines. This is a vast stretch of cyberspace because it includes private databases, administrative portals, emails, archives, and more. The Dark Net is a subsection of the Deep Web.

The Dark Net or Dark Web are networks like Tor, I2P, or FreeNet that can only be accessed using specialized software and are often motivated by hiding certain data. When you’re talking about the Dark Net, the “normal Internet”—the one you used to access this article—is known as the Clear Net.

What’s a hidden service?

Tor has many uses, including allowing a person to browse the normal Internet (Clear Net) from behind an anonymized connection.

A hidden service, however, is an anonymized website that’s accessed over that anonymous Tor connection. Consider it an extra layer on Tor’s protective onion.

Hidden services range from blogs to forums to black markets to Facebook itself.

Anyone can run their own hidden service, allowing them to host a Web service (maybe a site or a server) while benefiting from the anonymity Tor provides. Try Tor’s own instructions if you’re interested in the most up-to-date advice.

Important: There is no such thing as perfect security anywhere, including Tor or its hidden services. There’s a lot to learn about successfully running hidden services without giving yourself away. As with any technology, the more complex a service, the easier it can fail.

Who uses Tor and why

Tor’s user base is diverse and, by design, it’s virtually impossible to know everyone who is on the network. Tor’s foundational purpose is to allow everyone, from spies to political dissidents, to surf the Web in such a way that no one can know who they are.

Now, thousands of normal computer users utilize Tor in order to protect themselves from ads, tracking, and surveillance. Journalists use Tor to protect their sources and themselves. Both law enforcement and criminals use Tor in order to hide what they’re doing online. Businesses protect their Internet traffic using Tor. In countries like Iran and China, Tor is used to evade censorship and surveillance.

How Tor works

Tor works by encrypting a user’s traffic and then sending it through a “virtual tunnel” to three randomly selected relays (other Tor-connected computers) in the Tor network before finally reaching the final destination, like dailydot.com. While other proxy services exist, Tor is far more secure and private.

Each relay only “knows” the location of the relay before it and the next relay so that it can pass on the data, but no one relay knows both the user and her destination. That means the data cannot be traced or read thanks to strong encryption. At least, that’s the goal.

Can Tor be broken?

Repeat after me: There is no such thing as perfect security.

Tor is subject to the same laws of the universe as any other technology. It’s excellently built, all technologists agree on that, but do not presume Tor to be perfect or even close to it. That thought has spelled trouble before.

Even when Tor works exactly as designed, there are potential pitfalls that can erase your anonymity.

Don’t log into your real life accounts, like Facebook or Gmail or your bank’s website. Don’t skimp on end-to-end encryption because eavesdropping is perfectly possible, even on Tor. Don’t resize your window or use JavaScript, which can expose identifying data. Here’s a good list of activities to avoid that will begin to inform you on the perils at play.

The best—but also perhaps most difficult—move is to have a computer dedicated entirely to Tor that doesn’t cross over with your everyday machine, the one you use for Facebook and banking. Very few people can successfully compartmentalize like this, but it’s an extra layer of safety if you can.  

Because of Tor’s origins within and continued connections to the U.S. military, there’s been much skepticism directed towards it throughout the years. If the Tor Project gets money from the U.S. government every year—which it does—wouldn’t that government insert a backdoor so it could spy on Tor’s users?

Tor is open source, which means that every line of code that makes the program run is available for you to read right here. That code is written and audited by security professionals to make sure Tor does what they say it does: Keep users safe and secure from everyone, even the U.S. government.

Despite understandable skepticism about the project’s connections to the U.S. government, no one has ever spotted a backdoor in Tor. On the contrary, no critic has ever really criticized the code in significant ways. The world’s top security professionals swear by Tor.

Still, Tor is not perfect—no computer program is, and Tor has had vulnerabilities that affect users’ privacy in the past—but there’s little reason to seriously suspect that Tor does anything except provide some of the most comprehensive protection an Internet user can get.

But even when Tor is firing on all cylinders, it is not a panacea. Tor is a big step toward privacy, but there’s plenty more you can do, like using end-to-end encrypted messaging while also using Tor.

Illustration by Max Fleishman

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.