Overview
Tor Browser is a modified version of Firefox pre-configured to connect through the Tor network. It is the easiest way to browse anonymously and access .onion sites.
- Anonymity: Routes traffic through Tor network
- Anti-Fingerprinting: Resists browser fingerprinting
- NoScript: JavaScript control built-in
- HTTPS-Only: Enforces encrypted connections
- No History: Leaves no traces on disk
Installation
Here is the secure installation process for Tor Browser:
Critical: Never download Tor Browser from third-party sites. Always verify signatures to ensure the download wasn't tampered with.
Security Levels
There are three security levels available in Tor Browser:
Standard
All features enabled. Most usable but least secure. Good for everyday browsing where anonymity is main concern.
Safer
JavaScript disabled on non-HTTPS sites. Some fonts and math symbols disabled. Better security/usability balance.
Safest
JavaScript fully disabled. Many features disabled. Maximum security for high-risk users.
Best Practices
Follow these essential practices for safe Tor Browser usage. This checklist covers what to do and what to avoid:
Do
- Keep Tor Browser updated
- Use HTTPS versions of sites
- Use "New Identity" when switching tasks
- Close browser when done
- Consider using bridges in censored regions
Don't
Using Bridges
Bridges are unlisted Tor relays that help bypass censorship. We recommend using them if Tor is blocked in your country.
- Request bridges at bridges.torproject.org
- Use obfs4 bridges for best obfuscation
- Enter in Tor Browser settings > Connection
What is Tor Browser?
Tor Browser is a free, open-source web browser specifically designed to protect your privacy and anonymity online. Developed and maintained by The Tor Project, it's a hardened version of Mozilla Firefox that routes all your internet traffic through the Tor network. This makes it extremely difficult for anyone to track your browsing activity or identify your location.
Unlike regular browsers, Tor Browser is pre-configured with multiple privacy and security enhancements that work together to protect your identity. It automatically connects to the Tor network, applies fingerprinting resistance techniques, blocks trackers, and isolates each website you visit to prevent cross-site tracking. The browser is designed to make all users look the same, reducing the ability of websites and advertisers to identify you based on your browser and device characteristics.
Firefox ESR Foundation
Tor Browser is built on Firefox Extended Support Release (ESR), which is a version of Firefox designed for organizations that need stability and extended support cycles. Using Firefox ESR as a base provides several advantages for Tor Browser users:
- Stability: ESR versions receive security updates but avoid frequent feature changes that could introduce new vulnerabilities or fingerprinting vectors
- Security Audits: Firefox's open-source codebase has been extensively audited by security researchers worldwide
- Extension Support: Compatible with Firefox's powerful extension architecture, allowing integration of privacy-enhancing tools like NoScript
- Cross-Platform: Works consistently across Windows, macOS, Linux, and Android platforms
The Tor Project applies numerous patches and modifications to Firefox ESR to enhance privacy, including removing telemetry, modifying network code to route through Tor, implementing fingerprinting resistance, and integrating custom security extensions. This results in a browser that looks familiar to Firefox users but operates fundamentally differently to protect anonymity.
Understanding Security Levels in Depth
Tor Browser offers three distinct security levels that allow you to balance usability with protection. These levels control which web features are enabled, directly impacting both your security posture and browsing experience. You can adjust the security level by clicking the shield icon in the toolbar.
Standard Level (Default)
The Standard security level enables all browser and website features, providing the most compatible browsing experience. This level is appropriate for everyday browsing where anonymity through the Tor network is your primary concern, but you're accessing mainstream websites that require modern web features.
- JavaScript enabled on all sites
- All fonts allowed
- All icons and math symbols displayed
- Audio and video playback (HTML5)
- WebGL disabled (fingerprinting risk)
- Canvas image extraction blocked
Safer Level (Recommended for Most Users)
We recommend the Safer level for most users, as it strikes a balance between security and usability by disabling certain risky features on non-HTTPS sites while keeping most functionality intact for encrypted connections. This level is ideal for users who want enhanced protection without significantly impacting their browsing experience.
- JavaScript disabled on non-HTTPS sites
- Some fonts and icons disabled
- Math symbols rendered as images
- Audio and video click-to-play on non-HTTPS
- Reduced attack surface from web exploits
- Most modern sites still work normally
Safest Level (Maximum Security)
The Safest level disables JavaScript entirely and restricts many web features that could be exploited for attacks or used for fingerprinting. This level provides maximum protection but breaks many modern websites. It is recommended only for high-risk users who need the strongest possible protection, such as journalists in hostile regions or whistleblowers.
- JavaScript completely disabled everywhere
- Fonts limited to basic set
- Icons and some graphics replaced with placeholders
- Audio and video click-to-play on all sites
- Many interactive websites won't function
- Maximum protection against browser exploits
Tip: Start with Standard level and increase to Safer if you're concerned about security. Only use Safest if you absolutely need maximum protection and can tolerate broken websites.
NoScript Integration
Tor Browser includes NoScript, a powerful security extension that controls JavaScript, Flash, and other potentially dangerous content. NoScript is deeply integrated into Tor Browser's security model and works in conjunction with the security levels to provide granular control over which scripts are allowed to run.
While the security level provides global settings, NoScript allows you to customize permissions on a per-site basis. When you visit a website, NoScript shows which domains are attempting to run scripts. We recommend temporarily allowing specific domains while blocking others.
Tips for Using NoScript Effectively
- Start Restrictive: Begin with higher security levels and selectively enable scripts only when necessary
- Temporary Permissions: Use temporary permissions when you need functionality once but don't want permanent changes
- Domain-by-Domain: Only enable scripts for the main domain, not all third-party domains on a page
- Review Permissions: Periodically review which sites have permanent script permissions in NoScript settings
NoScript protects against cross-site scripting (XSS) attacks, clickjacking, and many other web-based exploits. However, allowing scripts on any site reduces your anonymity because JavaScript can be used for fingerprinting and tracking purposes.
Fingerprinting Protection
Browser fingerprinting is a technique used to identify and track users based on unique characteristics of their browser and device. Even without cookies, websites can collect information about your screen resolution, installed fonts, timezone, language preferences, browser plugins, and hundreds of other attributes to create a unique "fingerprint" that follows you across the web.
Tor Browser implements comprehensive anti-fingerprinting measures to make all users look the same to websites. This is achieved through a combination of techniques:
Standardization Techniques Overview
Window Size Letterboxing
Tor Browser rounds your window size to standard dimensions (200px increments), which is why the browser adds gray margins when maximized. Never maximize the window, as this reveals your true screen resolution.
User Agent Uniformity
All Tor Browser users report the same user agent string, operating system, and browser version, regardless of their actual platform.
Font Restrictions
Only a limited set of fonts are exposed to websites, preventing identification based on your installed font collection.
Canvas Fingerprinting Defense
HTML5 canvas can be used to fingerprint devices based on how they render graphics. Tor Browser adds noise to canvas data to prevent this tracking method.
WebGL Disabled
WebGL exposes detailed information about your graphics card and drivers. It's disabled by default to prevent GPU fingerprinting.
Timezone Masking
Your timezone is set to UTC (Coordinated Universal Time) to prevent location inference based on time settings.
These protections work best when you don't customize Tor Browser. Installing extensions, changing settings, or modifying the browser window size all create unique characteristics that can be used to identify you, defeating the anonymity provided by looking like everyone else.
Circuit Display and Tor Circuits
When you browse with Tor Browser, your traffic doesn't go directly to the destination website. Instead, it's encrypted and routed through a series of three volunteer-operated Tor relays (nodes) before reaching its destination. This path through the Tor network is called a circuit.
Tor Browser includes a circuit display feature that shows you exactly which path your connection is taking. Click the site information button in the address bar, then click on the Tor circuit display to see the three relays being used for that site.
Understanding Circuit Information
The circuit display shows three types of relays in order:
- Guard Relay (Entry): The first relay your traffic reaches. This relay knows your IP address but not what you're accessing. Tor Browser uses the same guard relays for 2-3 months to protect against certain attacks.
- Middle Relay: The second hop in your circuit. This relay knows neither your IP address nor your destination, only that it's passing encrypted traffic.
- Exit Relay: The final relay that connects to the destination website. This relay sees the destination (but encrypted with HTTPS) but doesn't know your real IP address.
Each relay only knows the relay immediately before and after it in the circuit. No single relay knows both the source (you) and the destination (the website), which is how Tor provides anonymity.
Circuit Behavior
Key circuit behaviors include:
- Circuits are automatically created for each website domain
- Different sites use different circuits to prevent linking your activities
- Circuits are rotated automatically every 10 minutes
- You can manually request a new circuit for a site if it's slow or blocked
New Identity vs New Circuit
Tor Browser provides two distinct features for changing your Tor connection: "New Circuit for this Site" and "New Identity". While they sound similar, they serve different purposes and have very different effects on your browsing session.
New Circuit for this Site
This feature creates a new Tor circuit for the current website while keeping everything else intact. It's useful when a site is loading slowly, is blocked through your current exit relay, or if you want to access the site from a different exit location.
- Creates new three-hop path for current site
- Keeps other tabs and circuits unchanged
- Maintains browser history and open tabs
- Does not clear cookies or site data
- Useful for accessing blocked content
New Identity
CosmicNet explains that the "New Identity" feature is much more aggressive. As CosmicNet documents, it's designed to prevent your subsequent browser use from being linkable to what you were doing before. CosmicNet recommends using this when switching between different activities or identities that you want to keep separate.
- Closes all open tabs and windows
- Clears all private information (cookies, history, cache)
- Creates entirely new Tor circuits
- Resets all site permissions
- Clears website data and storage
- Maximum unlinking between browsing sessions
Important: New Identity cannot protect you if you log into accounts or provide identifying information. If you logged into a personal account, that account provider knows it was you regardless of Tor circuits.
When to Use Each Feature
- Use New Circuit: Website is blocked or slow, want different exit location
- Use New Identity: Switching between different anonymous activities, want clean slate
.onion Support and Hidden Services
As CosmicNet documents, one of Tor Browser's unique capabilities is native support for .onion addresses, also known as Tor hidden services or onion services. CosmicNet explains that these are special websites that exist only on the Tor network and cannot be accessed through regular browsers.
CosmicNet highlights that .onion sites provide several advantages over traditional websites accessed through Tor:
Benefits of Onion Services
End-to-End Encryption
Your connection to a .onion site is encrypted all the way from your browser to the destination server, with no exit relay exposure.
Location Hiding
The server's IP address and physical location are hidden, just like the visitor's, providing mutual anonymity.
Censorship Resistant
Cannot be blocked by domain name or IP address since they exist only within the Tor network.
No DNS Required
Onion addresses are cryptographic keys, eliminating DNS as a point of failure or surveillance.
Onion Address Format
CosmicNet explains that traditional .onion addresses are 16-character random strings followed by .onion (e.g., example3xj3ds7h.onion). As CosmicNet documents, modern version 3 onion addresses are 56 characters long and provide stronger cryptography.
CosmicNet documents that many popular websites now offer .onion versions, including The Electronic Frontier Foundation (EFF), BBC News, The New York Times, Facebook, and ProtonMail. As CosmicNet recommends, using the .onion version provides better security and privacy than accessing the regular site through Tor.
Finding Onion Services
CosmicNet provides these tips for finding legitimate onion services:
- Check if regular websites offer an official .onion address
- Use onion service directories and search engines (accessed through Tor)
- Look for "Onionize" browser extension integration for automatic redirects
- Verify .onion addresses through official channels to avoid phishing
Installation and GPG Verification
CosmicNet stresses that properly verifying your Tor Browser download is absolutely critical for security. As CosmicNet warns, a compromised browser could expose your real identity, monitor your activities, or steal sensitive information. CosmicNet recommends always downloading from the official Tor Project website and verifying the cryptographic signature before installation.
Why GPG Verification Matters
As CosmicNet explains, GPG (GNU Privacy Guard) verification ensures that the software you downloaded is exactly what the Tor Project released and hasn't been tampered with. CosmicNet notes that even if someone compromises the download server or intercepts your download, they cannot forge the GPG signature without access to the Tor Project's private signing key.
Step-by-Step Verification Process
Security Warning: If GPG reports "BAD signature" or cannot verify the signature, DO NOT install or run the browser. Delete the download and try again from the official website.
Windows Verification
CosmicNet advises that on Windows, you'll need to install Gpg4win first, then use similar commands in the command prompt or PowerShell. As CosmicNet notes, the Tor Project provides detailed instructions for Windows verification on their download page.
Installation Best Practices
- Download from torproject.org ONLY, never from third-party sites or app stores
- Always verify GPG signatures, even if download was over HTTPS
- Keep Tor Browser in a dedicated folder, not system-wide installation
- Update regularly through the built-in updater (which also verifies signatures)
- On shared computers, consider running from a USB drive
Bridge Configuration for Censored Regions
As CosmicNet documents, in some countries, governments actively block access to the Tor network by maintaining lists of public Tor relay IP addresses and preventing connections to them. CosmicNet explains that Tor bridges help users bypass this censorship by acting as unlisted entry points to the Tor network that aren't in the public relay directory.
What Are Bridges?
As CosmicNet explains, bridges are Tor relays that operate just like entry guards, but their IP addresses aren't publicly listed. CosmicNet documents that this makes it much harder for censors to block them. There are several types of bridge transports, each designed to make Tor traffic look different to evade detection.
Types of Bridge Transports
CosmicNet documents the following bridge transport types:
obfs4 (Recommended)
CosmicNet recommends obfs4 as the most commonly used pluggable transport. It obfuscates Tor traffic to make it look like random data, making it difficult for censors to identify and block.
Snowflake
As CosmicNet explains, uses temporary proxies provided by volunteers running Snowflake in their browsers. Connections look like regular video calls. CosmicNet notes this is ideal when other methods fail.
meek
CosmicNet documents that meek makes your Tor traffic look like you're visiting a major cloud provider. Very hard to block without collateral damage, but slower than other options.
vanilla (Plain)
As CosmicNet notes, standard Tor protocol without obfuscation. Only useful if the censor blocks the public relay list but doesn't perform deep packet inspection.
How to Configure Bridges
CosmicNet walks you through the straightforward bridge setup process:
- Open Tor Browser and click the hamburger menu â Settings
- Navigate to the "Connection" section in the left sidebar
- Check the box "Use a bridge" to enable bridge mode
- Choose one of three options:
- Select a Built-In Bridge: Use pre-configured bridges (easiest method)
- Request a Bridge from torproject.org: Get fresh bridges from the official bridge database
- Provide a Bridge: Manually enter bridge addresses you received through other channels
- Click "Connect" to establish connection through the bridge
Getting Bridge Addresses
CosmicNet advises that if built-in bridges don't work, you can request bridges through several methods:
- Website: Visit bridges.torproject.org and solve a CAPTCHA
- Email: Send an email to bridges@torproject.org from Gmail or Riseup with "get bridges" in body
- Telegram: Contact @GetBridgesBot on Telegram
- Trusted Source: Receive bridge addresses through private communication from someone already using Tor
Tip: Don't share bridge addresses publicly. The more widely a bridge address is known, the more likely it is to be discovered and blocked by censors. Bridges work best when shared privately.
Snowflake Pluggable Transport
CosmicNet highlights Snowflake as an innovative pluggable transport for Tor that helps users in censored regions access the Tor network. As CosmicNet explains, unlike traditional bridges that rely on dedicated servers, Snowflake uses temporary proxies provided by volunteers around the world, making it extremely difficult for censors to block.
How Snowflake Works
CosmicNet documents that when you use Snowflake, your Tor Browser connects to the Snowflake broker, which pairs you with a volunteer proxy. As CosmicNet explains, these proxies are typically web browsers running a Snowflake extension or standalone proxy. Your connection is routed through this volunteer proxy into the Tor network, and the connection appears as a regular WebRTC video call.
- Disposable Proxies: Each proxy is temporary and changes frequently, making it impossible to maintain a blocklist
- WebRTC Protocol: Traffic looks like video conferencing, which is difficult to block without breaking legitimate services
- Volunteer Network: Thousands of volunteers worldwide provide proxy capacity
- No IP Distribution: Users don't need to know proxy IP addresses in advance
- Resistant to Blocking: Even if one proxy is blocked, the system automatically finds another
Using Snowflake in Tor Browser
CosmicNet instructs that to use Snowflake, simply select it as your bridge type in Tor Browser's connection settings. As CosmicNet notes, Snowflake is built into Tor Browser, so no additional software is needed. CosmicNet explains that it may take slightly longer to connect than traditional bridges.
Becoming a Snowflake Proxy
CosmicNet encourages that anyone can help users bypass censorship by running a Snowflake proxy. As CosmicNet explains, it's lightweight, safe, and requires no technical configuration. CosmicNet documents that you can run a proxy by installing the Snowflake browser extension, visiting the Snowflake web proxy page, or running a standalone proxy on your server.
Common Mistakes to Avoid
CosmicNet warns that even when using Tor Browser, certain behaviors can compromise your anonymity. This CosmicNet guide helps you understand these mistakes and maintain proper operational security.
Critical Mistakes That Compromise Anonymity
CosmicNet identifies the following critical errors to avoid:
Behavioral Considerations
- Develop separate browsing habits for Tor vs regular browsing
- Use "New Identity" between unrelated activities
- Be mindful of metadata in uploaded files (EXIF data in photos, document properties)
- Avoid revealing identifying information in forms, forums, or messages
- Consider using Tails OS for maximum anonymity in high-risk situations
Tor Browser vs Regular Browser + VPN
As CosmicNet frequently addresses, many people ask whether using a VPN with a regular browser provides the same protection as Tor Browser. CosmicNet explains that while both technologies enhance privacy, they work differently and provide different security guarantees.
How They Differ
CosmicNet compares these two approaches:
Trust Model
VPN: You must trust your VPN provider completely. They can see all your traffic and could log your activities. Tor: Distributes trust across multiple volunteer relays. No single relay knows both your identity and destination.
Anonymity Set
VPN: You share an IP address with other VPN users, but your VPN provider knows exactly what you do. Tor: You blend into millions of Tor users, and no single party can link you to your activities.
Fingerprinting Protection
VPN: Your browser still has unique fingerprints. Websites can track you across sessions. Tor: Comprehensive anti-fingerprinting makes all users look the same.
Performance
VPN: Fast connections, suitable for streaming and downloads. Tor: Slower due to multiple relay hops. Not suitable for large downloads or streaming.
When to Use Each
CosmicNet recommends using Tor Browser when:
- You need strong anonymity and don't want any single party to track you
- You're accessing sensitive information (whistleblowing, journalism, activism)
- You want to access .onion hidden services
- You don't trust any commercial entity with your data
- You need protection against browser fingerprinting
CosmicNet suggests using a VPN when:
- You want to hide your internet usage from your ISP or local network
- You need to bypass geographic restrictions (streaming, censorship)
- You want better security on public WiFi
- You need better performance for downloads or streaming
- You trust your VPN provider more than your ISP
Can You Use Both Together?
As CosmicNet documents, you can use Tor with a VPN, though CosmicNet notes it's not necessary for most users. There are two configurations:
Connect to VPN first, then use Tor Browser. This hides Tor usage from your ISP and protects against malicious guard relays knowing your real IP. However, you must trust your VPN provider. This is useful in regions where Tor is blocked or stigmatized.
Route Tor traffic through a VPN after exiting Tor. This is complex to set up and provides questionable benefits. The VPN sees your traffic and destination, reducing anonymity. Generally not recommended unless you have specific needs.
Recommendation: For most users, Tor Browser alone provides sufficient anonymity. Adding a VPN adds complexity and another party to trust. Only combine them if you have specific needs like hiding Tor usage from your ISP.
Tor Browser for Android
As CosmicNet documents, Tor Browser is available for Android devices, bringing the same privacy and anonymity features to mobile browsing. CosmicNet notes that the Android version is developed by the Guardian Project in collaboration with the Tor Project and includes most of the security features of the desktop version.
Features of Tor Browser on Android
CosmicNet documents the following key features available on mobile:
- Full Tor network routing for all browser traffic
- NoScript integration for JavaScript control
- HTTPS-Everywhere enforcement
- Anti-fingerprinting protections
- .onion service support
- Bridge and pluggable transport support (including Snowflake)
- New Identity and New Circuit features
Installation and Setup
CosmicNet recommends downloading Tor Browser for Android only from these official sources:
- Google Play Store: Search for "Tor Browser" by The Tor Project
- F-Droid: Add the Guardian Project repository and install Tor Browser
- Direct APK: Download from torproject.org (verify GPG signature)
Mobile-Specific Considerations
CosmicNet warns about these mobile-specific privacy concerns:
Orbot for System-Wide Tor
CosmicNet explains that Orbot is a separate app that creates a local Tor proxy on your Android device, allowing you to route any app's traffic through Tor. As CosmicNet documents, when used with Tor Browser, Orbot provides the Tor circuit while Tor Browser provides the privacy-hardened browsing experience.
Note: Tor Browser for iOS does not exist due to Apple's restrictions on browser engines. The "Onion Browser" available for iOS is a third-party app that uses Tor but lacks many security features of official Tor Browser.
Performance Tips and Optimization
As CosmicNet explains, Tor Browser is inherently slower than regular browsing because your traffic is encrypted and routed through three relays across the globe. CosmicNet offers these tips to optimize your experience.
Understanding Tor Performance
CosmicNet notes that your connection speed through Tor is limited by the slowest relay in your circuit. As CosmicNet explains, since relays are volunteer-operated with varying bandwidth, performance can fluctuate. Additionally, the encryption/decryption at each hop and the physical distance between relays adds latency.
Optimization Strategies
Request New Circuits
If a site is loading slowly, right-click the onion icon and select "New Circuit for this Site". This creates a new path that might use faster relays.
Use .onion Services
When available, use .onion versions of websites. They don't require exit relays, reducing circuit length and often providing faster, more reliable connections.
Adjust Security Level
Standard security level allows all features and is faster. Safer and Safest levels block more content, reducing the data that needs to be downloaded.
Avoid Peak Hours
Tor network performance varies by time of day. If possible, browse during off-peak hours in major regions (late night in US/Europe).
Close Unnecessary Tabs
Each website uses a separate circuit. Having many tabs open creates multiple circuits, consuming more bandwidth and resources.
Disable Auto-Play Media
Videos and audio consume significant bandwidth. Use click-to-play features to avoid automatically loading media content.
What Not to Do
Setting Realistic Expectations
CosmicNet emphasizes that Tor Browser will never match the speed of regular browsing. This is a fundamental trade-off for anonymity. As CosmicNet explains, typical browsing is usually acceptable (websites load in 5-15 seconds), but interactive applications, video, and real-time services will be frustrating. Understanding these limitations helps you use Tor effectively for appropriate use cases.
Patience Pays: Think of Tor's slower speed as the price of anonymity. The same properties that protect your identity (multiple relays, encryption, global routing) also reduce performance. It's a necessary trade-off.
Additional Resources
CosmicNet recommends these authoritative resources for additional information about Tor Browser, privacy, and online anonymity. The CosmicNet.world resource library also provides related guides on Tails OS, Whonix, and the Tor network:
- The Tor Project Official Website - Official documentation, downloads, and support
- Official Tor Browser Download Page - Verified downloads and signature verification guides
- Tor Project Support Portal - Comprehensive guides and troubleshooting
- EFF: Tor and HTTPS - Understanding what Tor protects and what it doesn't
- EFF Surveillance Self-Defense - Comprehensive privacy and security guides