Everything you need to know about using Tor Browser
Tor is an excellent tool for anonymous browsing and downloading, with or without a VPN. In this post, we’ll give you the ins and outs of Tor browser: what it is, how to use it, and how to combine it with a VPN for extra security. Share
Update (November 2017):
Tor recently released a new layer of security. The new changes include encryption algorithms, improved authentication, and a redesigned directory system. On top of that, the new onion domains will be longer to keep onion addresses completely private.
First things first: What is Tor?
If you’ve landed on this post, chances are you’ve heard of Tor and are wondering if you should use it. So let’s start with the basics: just what is Tor anyway?
Tor is short for “The Onion Router,” which refers to the multiple layers of encryption used to protect your privacy. Tor’s basic function is that it hides your internet footprint, allowing you to browse the web and download anonymously.
But let’s be clear, Tor is not a VPN or a browser with a built-in VPN. While both Tor and VPN allow for private internet browsing, they are very different technologies.
Tor was originally developed by the U.S. Navy to protect U.S. government communications during intelligence operations. It’s now a non-profit organization to promote online privacy.
How does Tor work?
Now that you know what Tor is, let’s look at how it works — and how to use it.
Using Tor is relatively easy.
You simply download and install the Tor Browser, which would replace Chrome, Firefox, or whatever browser you normally use. Anything you do on the Tor browser is then private and secure.
Tor bundles your data into encrypted packets before it enters the network. Tor then removes the part of the packet that contains information like the source, size, destination, and timing, all of which can be used to learn about the sender (that’d be you.)
Next, it encrypts the rest of the bundled information before finally sending the encrypted data through many different servers, or relays, at random so that it can’t be tracked.
Each relay decrypts and then re-encrypts just enough data to know where it came from and where it’s going next, but can’t track the information beyond that.
The many layers of encryption Tor uses to ensure anonymity are similar to an onion, hence the name. The illustration below is a good (albeit very simplified) explanation of how Tor works.
Why use Tor?
The Tor network conceals your identity by moving your internet activity through different Tor servers.
It allows for complete anonymity and security from anyone trying to track your activity, like governments, hackers, and advertisers.
Tor is also a gateway into the “Deep Web” or “Dark Web,” which sounds creepier than it is. In fact, the Deep Web comprises most of the internet.
The deep Web is made up of websites that haven’t registered with any of the search engines for one reason or another.
While many of them haven’t registered on accident, some purposely haven’t registered because they don’t want to be easily found. For example, Silk Road, the online drug trafficking marketplace that was shut down a few years ago, couldn’t be accessed by normal web browsers.
A popular analogy to describe the Deep Web is an iceberg: what is searchable through standard search engines is only the tip, while the rest of the internet, or Deep Web, is what’s below the surface.
But Tor isn’t just for illegal activities on the web. It’s also very popular with journalists, activists, human rights workers, and whistleblowers, especially those who live or work in countries with internet restrictions.
Tor not only hides internet activity, it also helps bypass censorship. For example, Edward Snowden released information via Tor.
Why not use Tor?
The biggest drawback to Tor is its performance—or lack-there-of.
Because data goes through so many relays, Tor is very sluggish, especially for audio and video. This can make streaming or downloading a nightmare and is one of the main reasons using a VPN or a browser with a built-in VPN makes more sense for most users.
It’s also important to know that using Tor does not make you 100% invulnerable.
In fact, many believe Tor to be fairly easily hackable, as exit nodes (the last relay before your information reaches its destination) can see your traffic if the site you’re accessing does not use SSL. Using HTTPS instead of just HTTP can add an extra layer of protection, but it’s still not fool-proof.
Last, government agencies can see if you are using Tor, so even if they can’t see what you’re doing, it can still be a red flag to them.
Using Tor with VPN
Tor and TVP can be used in conjunction with each other, though the relationship is a bit complex. You can do Tor-through-VPN or VPN-through-Tor, and there is a big difference between the two.
We won’t get too technical, but it’s important to understand the pros and cons of each. Also, be aware that no matter which set-up you use, it will significantly reduce your performance.
Both Tor and VPN slow down internet speed, and combining the two makes that even more noticeable.
In Tor-through-VPN, the relationship is your computer > VPN > Tor > internet.
The benefit of this is that your ISP will not know that you are using Tor, even though it can still know you are using a VPN. Additionally, the Tor entry node will not see your IP address, which is a good added layer of security.
The downside to this setup is that your VPN knows your true IP address, and you have no protection from malicious Tor exit nodes.
Some VPN providers (such as NordVPN , Privatoria and TorVPN) offer Tor-through-VPN configurations. This is good, but nowhere as secure as using the Tor browser, where Tor encryption is performed end-to-end.
In VPN-through-Tor, the relationship is your computer > VPN > Tor > VPN > internet.
VPN-through-Tor is significantly more secure, providing almost perfect anonymity.
For sure, if you don’t mind being restricted to which VPN you can use, VPN-through-Tor is better.
First, the VPN provider has no way of knowing your real IP address but sees the IP of the Tor exit node. If you are going this far, you should pay with Bitcoin via the Tor browser, which means the VPN provider really has no way of identifying you, even if it keeps logs.
The next benefit is protection from malicious Tor exit nodes, since your data is encrypted by the VPN.
This also has the added effect of bypassing any blocks on Tor exit nodes (such as censorship) which the Tor-through-VPN setup can’t do.
All of that said, if you don’t want to go through the hassle of running VPN-through-Tor, you can always run Tor-through-VPN by simply running the Tor browser after your VPN connection has been established.
How to use Tor
To get started, download the Tor browser, which is actually a modified version of Firefox. From here, you can take the precautionary step of verifying the package signature -which protects you from receiving a malicious version.
The next step is to install the Tor browser, which automatically installs to your desktop.
Tor is a portable software that doesn’t integrate into Windows, meaning you can run the browser from anywhere on your computer, even a USB drive.
If you want to change the installation location from your desktop, simply click Browse and choose your destination from there. From here, the installation process is just like any other.
To use Tor with a VPN or proxy:
Once the browser is installed, it will create a folder called “Tor Browser” in your chosen destination. Inside, you will see “Start Tor Browser.”
When you click it you’ll see an option to connect directly to the Tor Network or to configure proxy settings first. If you are using the Vpn-through-Tor method or using a proxy, (or if you are connected to a network that is monitored, censored or limited in any way), you will need to configure manually using the second option.
Regardless, once you’re in the Tor Browser, make sure you’re properly connected by going to an IP address checker. If it’s not your original IP, you’re good to go!
Once you are in, here are some tips for added security:
- Only go to sites that are HTTPS, not HTTP. While Tor encrypts all traffic within the Tor network, it doesn’t encrypt traffic outside the network, leaving you vulnerable once your traffic reaches the exit nodes, since your data is no longer encrypted.That’s why you should always use end-to-end encryption like SSL or TLS, as well as sites that use HTTPS. To be sure you’re only using HTTPS sites, consider using the HTTPS Everywhere plugin.
- Do not use P2P traffic in Tor. Tor is not built for peer-to-peer file sharing and will likely actually be blocked by many exit nodes.Using P2P traffic on Tor threatens your online anonymity as BitTorrent clients send your IP address to the BitTorrent trackers and other peers.
- Always delete cookies– You can use an add-on such as Self-Destructing Cookies to automatically delete cookies.
- Do not use your real e-mail– It should be obvious but consider this a reminder. As one website puts it, using your real email while using Tor is like “going to a mask party but wearing your name tag on your costume.”
- Do not use Google– Google is infamous for collecting information on the browsing habits and search data of its users to help grow its ad revenue. Instead, use search engines like DuckDuckGo.
Final thoughts on Tor
Personal privacy has become increasingly elusive as the government, hackers, and even our beloved Google have come up with more advanced ways to hack and track us. Even with its known flaws and vulnerabilities, Tor browser is an excellent step towards being more anonymous online. It is, however, only one piece of the puzzle.
If you truly want to protect yourself, consider one of the VPNs below in conjunction with Tor browser.