Tor: how it works, history, and complete guide to the anonymity network

Tor (The Onion Router) is probably the best-known and most widely used anonymization technology in the world. Behind this acronym lies a global network of 8,000 volunteer relays, a sophisticated cryptographic protocol, a client application (Tor Browser) based on Firefox, and a non-profit organization (the Tor Project) that develops the whole system. Tor allows 2-3 million daily users to browse the Internet without revealing their identity or location, to access .onion services inaccessible to regular browsers, and to circumvent censorship in authoritarian regimes. This comprehensive guide explains what Tor actually is, where it comes from, how it works, what it is used for, how to use it, and what its alternatives are.

⚫ Filtered page. The complete catalog is on Tor. Tor access →

What is Tor?

Tor refers simultaneously to a cryptographic protocol, a network of volunteer relays that implement it, and the client software that provides access to it (Tor Browser). The name is an acronym for The Onion Router: onion routing refers to the successive layers of encryption that wrap your requests, each one peeled away by a different relay, like the layers of an onion. In practice, when you use Tor, your Internet traffic passes through at least three relays in different countries before reaching its destination, making it extremely difficult to correlate your identity with your online activities.

Contrary to what some articles suggest, Tor is not "the dark web": Tor is an anonymization technology that allows access among other things to .onion sites (which constitute the dark web), but the majority of Tor traffic is directed toward ordinary clear web sites, browsed anonymously. About 90% of the Tor network's traffic involves sites on .com, .fr, or .org; only 10% targets .onion services.

History and military origins of Tor

The history of Tor begins in US military laboratories before becoming a fundamental mainstream tool for digital privacy. For a detailed account, see our complete article on the history of Tor since 1995.

The Naval Research Laboratory (1995-2002)

The first research on onion routing began in 1995 at the US Navy's Naval Research Laboratory (NRL) in Washington. Three mathematicians — Paul Syverson, David Goldschlag, and Michael Reed — published the first academic paper describing the concept in 1997. The initial military objective was clear: protect the online communications of US intelligence agents. The source code was developed under government contract, but the team quickly realized that anonymity is only useful if many civilian users join the network — a system used only by spies would be trivial to identify.

The birth of the Tor Project (2002-2006)

In 2002, Roger Dingledine and Nick Mathewson, later joined by Paul Syverson, published the alpha version of Tor using the NRL code released under a free license. In 2004, the Electronic Frontier Foundation (EFF) began funding the project. In 2006, Dingledine and Mathewson founded the Tor Project, a non-profit organization based in Seattle, which officially took over the development and support of the network.

Mass adoption (2010-2013)

Tor saw its first mass adoption during the Arab Spring (2010-2011), where it allowed protesters to communicate under authoritarian regimes. Edward Snowden's 2013 revelations about NSA mass surveillance triggered a spectacular surge in users. In 2014, the FBI seized Silk Road (see our complete timeline) and brutally publicized the existence of the dark web. Since then, Tor has been simultaneously celebrated as a tool of freedom and stigmatized as a criminal haven, depending on who is speaking.

Consolidation and version 3 (2017-2026)

In 2017, Tor introduced 56-character .onion v3 addresses, replacing the older 16-character v2 addresses considered cryptographically weak. The transition was completed in October 2021, when v2 addresses were permanently disabled. Since then, the Tor Project has been working on Arti, a complete reimplementation of Tor in the Rust language (safer than the historical C), whose version 1.0 was released in 2022.

How Tor works: onion routing

Tor's operation is based on an elegant principle: rather than trusting a single intermediary (as with a VPN), trust is distributed across several independent relays, each one knowing only part of the information. Let us break down the steps of a typical Tor connection.

Building the circuit

When you launch Tor Browser, your software downloads the list of 8,000 active relays (published by directory authorities, nine trusted servers) and randomly selects three relays to build a circuit: an entry node (guard), a middle node (middle), and an exit node (exit). The selection is not purely random: it favors high-bandwidth relays and applies rules to avoid having all three relays in the same country or operated by the same entity.

Layered encryption

Your request is then encrypted successively with the public keys of the three relays: one layer for the exit node, a second for the middle node, a third for the entry node. You send this triply-encrypted packet to the entry node. It decrypts its layer (learns the next middle node but not the destination), forwards to the middle node which decrypts in turn (learns the exit node but not the destination), which forwards to the exit node that decrypts the last layer and sends the request in plain text toward its final destination.

Result: none of the three relays knows both your identity and your destination. The entry node sees your IP but not where you are going; the exit node sees your destination but not who you are; the middle node sees nothing useful. To deanonymize a Tor user, an attacker would need to control simultaneously the entry and exit nodes, which remains statistically very difficult with 8,000 independently managed relays.

.onion services

.onion sites work differently: traffic never leaves the Tor network. The circuit has six relays in total — three on the user side, three on the server side — which meet at a rendezvous point. Neither the user knows the server's real IP, nor the server knows the user's. This architecture makes .onion services particularly well-suited for journalists, whistleblowers, and activists.

Tor Browser: the client software

Tor Browser is the simplest gateway to the Tor network. It is a modified version of Firefox ESR (Extended Support Release), pre-configured to route all its traffic through Tor and hardened against tracking techniques. Tor Browser is not simply Firefox with Tor enabled: it integrates NoScript, anti-fingerprinting settings, adjustable security levels (Standard, Safer, Safest), and stricter cookie management.

A feature often overlooked: Tor Browser tries to make all its users look alike. The default screen resolution, available fonts, plugin order, time zone — everything is standardized to prevent fingerprinting (browser signature identification). That is why the Tor Project recommends not installing extensions and not maximizing the window: any customization makes you unique and therefore identifiable.

Installing and using Tor

Installing Tor Browser takes a few minutes and requires no particular technical skills. For a detailed step-by-step guide covering all operating systems, see our reference article on how to go on the dark web. Here are the main steps.

  1. Download: go to torproject.org. Never anywhere else — unofficial copies are regularly compromised.
  2. Install: double-click the downloaded file and follow the instructions. No configuration is required.
  3. First launch: click "Connect". Tor builds your first circuit in 10 to 60 seconds.
  4. Browsing: use Tor Browser just like Firefox. DuckDuckGo is the default search engine. Type a .onion address or browse our directory.
  5. Updates: Tor Browser automatically alerts you to new versions. Install them immediately — patched flaws are sometimes actively exploited.

Bridges and pluggable transports

In countries that censor the Internet (China, Iran, Russia, Belarus, Saudi Arabia), the IPs of public Tor relays are blocked. To bypass this blocking, Tor offers bridges: relays not listed publicly, distributed on request. In addition, pluggable transports disguise Tor traffic to make it look like something else.

  • obfs4: disguises Tor traffic as random data indistinguishable by Deep Packet Inspection systems. The most widely used, excellent speed/effectiveness trade-off.
  • meek-azure: routes traffic through the Microsoft Azure CDN. Very effective against blocking, but slow (and Microsoft can see the traffic).
  • Snowflake: uses WebRTC and ephemeral proxies provided by volunteers worldwide. Particularly robust and innovative.

To get a bridge, go to Tor Browser settings → "Bridges" and select a type. You can also send an email to [email protected] from a Gmail or Riseup address to receive private bridges not yet blocked.

Who uses Tor and why

Tor is not a niche tool for paranoid technicians: it is used daily by millions of people with very different profiles.

Journalists and whistleblowers

More than 70 international newsrooms use SecureDrop to receive confidential documents: BBC, New York Times, Washington Post, Guardian, Mediapart, Le Monde, ProPublica, The Intercept, CBC, Bloomberg, Reuters, Forbes. Media outlets also maintain official .onion versions of their sites to protect their readers in censored countries. See our journalists category and our analysis of media on Tor.

Activists and human rights defenders

NGOs such as Amnesty International, Reporters Without Borders, and Access Now recommend Tor to their contacts in authoritarian countries. Edward Snowden, Chelsea Manning, and Iranian, Chinese, Belarusian, and Venezuelan activists use or have used Tor to communicate away from surveillance.

Ordinary citizens

The most numerous users are ordinary citizens who simply want to escape advertising tracking, the commercial profiles aggregated by Google or Meta, or geographic restrictions. Everyday Tor use is perfectly mundane: reading the news, using an encrypted messaging service like ProtonMail, conducting sensitive searches (health, legal) without leaving traces.

Security researchers and engineers

Cybersecurity researchers, threat intelligence teams, red teams, and lawyers working on sensitive cases use Tor professionally. National cybersecurity agencies do not forbid its use, and their agents use it in the course of their missions.

Tor vs VPNs

The question of combining Tor and a VPN is debated. Our complete guide on Tor and VPN analyzes in detail the two configurations (Tor over VPN and VPN over Tor), their advantages and disadvantages. Summary: for most uses, properly configured Tor alone is more than sufficient. Adding a VPN introduces a new point of trust (the VPN provider sees all your traffic before it enters Tor), which can reduce your anonymity depending on the chosen configuration.

The Tor Project itself recommends using bridges (obfs4, Snowflake) to hide the fact of using Tor, rather than an external VPN. This approach has the advantage of being integrated, audited, and free.

Alternatives to Tor: I2P and Freenet

Tor is not the only anonymization network. I2P (Invisible Internet Project) and Freenet (today renamed Hyphanet) offer alternative architectures with their own trade-offs. For an in-depth comparison, see our Tor vs I2P vs Freenet guide. Briefly:

  • Tor: centralized relay network (8,000 relays), excellent for accessing the clear web anonymously. The most widely used.
  • I2P: peer-to-peer network (50,000 to 100,000 nodes), optimized for internal services (eepsites in .i2p). Bidirectional anonymity by default.
  • Freenet/Hyphanet: more of a distributed storage system for publishing censorship-resistant content. Slower but more permanent.

Tails OS: Tor on a USB stick

For users with high security requirements, Tails (The Amnesic Incognito Live System) is a Linux distribution that runs entirely from a USB stick, leaves no trace on reboot, and forces all traffic through Tor. It is the tool recommended by Edward Snowden for journalists in high-risk areas. For a complete installation and usage guide, see our dedicated Tails OS article.

Who funds Tor

The Tor Project has an annual budget of approximately $10 million, published transparently in its annual reports. Funding sources are diverse but dominated by US government funds (State Department, DARPA, NSF), which represent about 75-80% of the total. The remaining 20-25% comes from individual donations, foundations (Mozilla, Ford Foundation, EFF), and private contracts.

This dependence on US funds sometimes causes concern. But two structural safeguards protect the project's integrity: first, the code is entirely open source and audited by independent security researchers worldwide; second, the US government's interest in Tor is not to corrupt it (which would be immediately detected and ruin its utility) but precisely to preserve its effectiveness so that its own agents can use it abroad.

Limits and known attacks

Tor is not a magic solution. Several limits must be understood to use it correctly.

  • Timing correlation attack: an attacker who controls both the entry AND exit nodes can theoretically correlate your traffic. Mitigated by the choice of guards (persistent entry nodes) and network diversity.
  • Malicious exit nodes: the exit node sees your traffic in plain text if it is not encrypted (HTTPS). Always use HTTPS when accessing the clear web via Tor.
  • User opsec errors: almost all documented deanonymizations result from human errors (Google account signed in during a Tor session, EXIF metadata in photos, personal information leaked in text).
  • Firefox 0-day vulnerabilities: several exploitation campaigns have historically targeted Tor Browser. Keep it up to date and use the "Safer" or "Safest" security level on unknown sites.

Figures and statistics 2026

All data below are public and sourced from metrics.torproject.org, the Tor Project's annual reports, and recent academic studies.

  • 2 to 3 million daily users worldwide
  • 8,000 active relays spread across 60+ countries
  • Top 5 user countries: United States, Germany, Russia, Netherlands, France
  • 10% of traffic goes to .onion services; 90% to the clear web
  • Total network bandwidth: approximately 750 Gb/s at peak
  • Annual budget of the Tor Project: approximately $10 million USD
  • 28 employees at the Tor Project (2025)

FAQ: your questions about Tor

What exactly is Tor?
Tor (The Onion Router) is a worldwide network of volunteer relays that allows anonymous Internet browsing. Traffic is encrypted in multiple layers and passes through at least three relays before reaching its destination, making it nearly impossible to correlate a user with their activities. Tor refers to both the protocol, the network, and the client software (Tor Browser) developed by the Tor Project.
Is Tor legal?
Yes, using Tor is perfectly legal in virtually all democracies. No law prohibits or restricts the use of anonymization tools. National cybersecurity agencies have never advised against Tor. Only unlawful activities conducted via Tor are punishable, exactly as on the regular web.
Who created Tor?
Tor was designed at the US Navy's Naval Research Laboratory from 1995 by Paul Syverson, David Goldschlag, and Michael Reed. The project was opened to the public and continued from 2002 by Roger Dingledine and Nick Mathewson, who founded the Tor Project in 2006, a non-profit organization based in Seattle.
Are Tor and Tor Browser the same thing?
No. Tor is the network and protocol; Tor Browser is the client software (based on Firefox ESR) that makes it easy to access it. You can also use Tor without Tor Browser via the torsocks command, the Orbot app on Android, or a fully tunneled operating system like Tails.
Is Tor funded by the NSA or CIA?
No. The Tor Project is an independent non-profit organization whose code is entirely open source and audited by security researchers worldwide. About 80% of its budget comes from US government funds (State Department, NSF, DARPA), which does not mean these agencies control the code. If backdoors existed, they would be detected in the public code.
Is Tor slow?
Tor is slower than a direct connection — this is unavoidable: your traffic passes through at least three relays spread around the world, each adding latency. You typically see 300ms to 2 seconds of extra latency. For ordinary web browsing, this is largely acceptable. For HD video streaming or online gaming, it remains uncomfortable.
Can my ISP see that I use Tor?
Yes, your ISP can see that you connect to a Tor relay (the IPs of public relays are published), but it cannot see what you do afterward or which sites you visit. To also hide the fact that you use Tor, enable an obfs4 or Snowflake bridge that disguises Tor traffic as ordinary HTTPS traffic.
How do I install Tor Browser?
Download Tor Browser from torproject.org and install it like any regular browser. Installation takes a few minutes on Windows, macOS, Linux, or Android. On iOS, use Onion Browser (recommended by the Tor Project). Our detailed guide covers each operating system step by step.