How to Use Tor Browser Safely in 2024: A Beginner’s Guide
- Quick Guide: How to Use Tor With a VPN in 3 Easy Steps
- What Is the Tor Browser Used For?
- When Should I Not Use Tor?
- How Does Tor Work?
- Is Tor Browser Safe?
- Best VPNs to Use Tor Safely in 2024
- ExpressVPN — Fast Lightway Protocol for Avoiding Speed Drops on Tor
- CyberGhost — A Simple App for Newcomers to Tor and VPNs
- Private Internet Access — PIA MACE Feature Blocks Malware and Malicious Content on Tor
- How to Use Tor With a VPN
- Additional Tips for Staying Safe on Tor
- How to Install Tor Browser on Your Devices
- FAQs on How to Use Tor Safely
Although Tor offers a degree of privacy, it's not enough to keep you safe on the dark web. There are plenty of good reasons to use Tor, but since it's also a hub for cybercriminals, it's likely your activity is being monitored. It's difficult to pinpoint unsafe links, too, so your device and personal data are at a higher risk.
This is why it's crucial to use Tor in conjunction with other safety measures. One of the easiest ways to enhance your safety on Tor is to use a VPN when you access the dark web. When you connect to a VPN, it encrypts your traffic from end to end. By doing so, it prevents hackers, prying eyes — and even your ISP — from intercepting your online activity.
My team and I tested 90+ VPNs. For robust security and privacy protection on Tor, I recommend ExpressVPN. It offers military-grade encryption and a strict no-logs policy to keep you safe. Plus, its speed-optimized protocol (Lightway) minimizes slowdowns while you use Tor. You can try ExpressVPN out risk-free since it offers a 30-day money-back guarantee. If it doesn't suit you, it's easy to claim a refund.
Quick Guide: How to Use Tor With a VPN in 3 Easy Steps
- Get a VPN. I recommend ExpressVPN because it’s easy to use, highly secure, and offers a combination of features to keep your Tor activity private.
- Download Tor. For security purposes, be sure to get the browser from Tor's official site and not a third party.
- Use Tor Browser. Connect your VPN before you open Tor to ensure the highest level of security.
What Is the Tor Browser Used For?
Tor Browser is used to access every layer of the internet, including the dark web. Its many layers give it its name: The Onion Router (TOR). Tor is based on Firefox, so you can still use it to visit regular surface websites like YouTube and Wikipedia. However, unlike other browsers, Tor can also access hidden “.onion” sites found on the dark web.
The dark web is a hidden part of the internet that can’t be accessed by search engines. Since it's unregulated, using the dark web can come with lots of risks. It’s possible to accidentally download malware and viruses, plus there are plenty of scams.
This is why the dark web has a murky reputation. Its critics portray it as a place for illegal activity where criminals can communicate secretly. Although that’s partially true, there are plenty of good reasons to access the dark web, such as:
- Anonymous communication. Many activists and journalists turn to The Onion Router to keep their communications private from prying eyes.
- Overcoming censorship. Tor allows people in countries with heavy censorship to access blocked content.
- Exposing criminals or corrupt public figures. Journalists and whistleblowers use Tor and the dark web as a safe way to share/receive anonymous tips online or investigate controversies.
- Researching material. You can find free resources such as digital books and research papers on the dark web.
- Security testing. Tor Browser allows IT workers and security engineers to conduct security tests.
- Medical advice. If you have a health concern, doctors are available on the dark web that can offer their expertise. This is especially helpful for those who want to keep their health concerns personal or simply don’t have the funds to visit a doctor.
When Should I Not Use Tor?
There are certain limitations to accessing the dark web and some activities you should avoid while using Tor.
- Torrenting or streaming. Many torrenting sites block Tor exit nodes, making P2P transfers impossible. Even if you can get your torrent client to work with the browser, Tor’s slow speeds aren’t ideal for downloads and seeding. Likewise, the browser is usually too slow for streaming.
- Logging into personal accounts. By logging into a personal account on Tor, you risk exposing your identity. Some sites also flag Tor as suspicious, which could lead to your account being locked. You can easily get an encrypted email address to use solely with Tor Browser — for example, through ProtonMail.
- Paying with traceable financial info. While Tor can help protect your identity and location, it can’t prevent fraud or other financial crimes. It’s not recommended to use identifiable payment details on the browser as you risk exposing sensitive information to malicious actors. Some websites also block Tor traffic from accessing payment pages, so you may not be able to complete your transaction anyway.
How Does Tor Work?
Tor encrypts your traffic and sends it through multiple stopping points (nodes) before reaching the sites you visit. Your traffic travels through many layers of nodes: an entry, an exit, and several relays in between.
Nodes are scattered globally and give each other just enough information to reveal the next destination. None of the nodes can see your traffic's entire route, which is how Tor offers privacy. However, any user can volunteer their network as a node, so you can’t guarantee your safety. Tor's entry and exit nodes are vulnerable points since they have access to certain parts of your data.
The entry node can identify your IP address, while the exit node sees which sites you visit (though neither can see the reverse information). This means your data is always partially exposed in the entry or exit nodes when you use Tor. That’s why it’s recommended to use a VPN alongside Tor to encrypt your traffic end to end.
Is Tor Browser Safe?
Using Tor Browser gives you a degree of security, but your traffic is only protected within the browser itself (not across your whole device). The websites you visit can't see your IP address, and your ISP can't see the specific sites you visit. However, your ISP can still see if you use Tor, which can flag suspicions — even if you're not doing anything illegal. Plus, you're not protected from malware, so downloading anything with Tor alone can be dangerous.
There's also no way of telling who's behind the nodes, or their intentions. Exit nodes can read, intercept, or alter your data. Even worse, malicious exit nodes can form a connection with your network — potentially allowing them to spy on all of your online activity. There have also been cases of bad actors (one in particular known as KAX17) who run malicious servers in entry, middle, and exit nodes to de-anonymize Tor users.
For these reasons, I strongly advise using The Onion Router and a VPN. Reputable VPNs use powerful end-to-end encryption to protect your data when you use Tor. Plus, they mask your IP address with one from the server location of your choice. This hides your real location from Tor's nodes.
In terms of criminal activity, drugs, and disturbing images and videos: you’ll only find them if you want to — and even then, only if you know exactly where to look. If you think of the surface web as a mainland continent of interlinking sites, the deep web is more like a series of standalone islands. So you don’t really have to see anything you don’t want to see.
Best VPNs to Use Tor Safely in 2024
Tested February 2024 Try Risk-Free for 30 Days
|Exclusive Lightway protocol minimizes Tor’s speed loss
|3,000 servers in 105 countries
|Dark Web Mirror Download Site?
|Leak protection, Threat Manager blocker, Network Lock kill switch
ExpressVPN gives you fast speeds to minimize Tor’s slowdowns, thanks to its lightweight proprietary protocol, Lightway. Tor, as it is, is super slow; my speeds with Tor were around 12Mbps during my tests. I used ExpressVPN's Smart Location feature, which automatically picked its UK Docklands server as the fastest connection for me. Lightway ensured my connection didn’t drop too much — it hovered around 8 to 10Mbps.
The VPN has its own “.onion” site for safe downloads. This gives you privacy protection from the moment you sign up and install the VPN app — especially helpful if you're in a country that blocks VPN use or has strict censorship.
ExpressVPN doesn’t record or monitor anything you do on the dark web. This has been independently audited by PricewaterhouseCoopers. Plus, your data is regularly wiped anyway since it uses RAM-only servers (called TrustedServer technology).
The VPN is also based in the British Virgin Islands, outside the 5, 9, and 14 Eyes data-sharing alliances. That means that it's under no obligation to hand over your data to government agencies.
Subscriptions can get a bit pricey, starting at $6.67/month. However, ExpressVPN offers regular discounts and a 30-day money-back guarantee. If you're not impressed, it's easy to claim a refund. I requested mine using the 24/7 live chat and the money was back in my account 2 days later.
- ExpressVPN Keys. Automatically scans the internet for data breaches and informs you if any of your data has been leaked (which can be common on the dark web).
- Create Tor shortcuts. Get one-click access to Tor Browser and your favorite dark websites from the app’s home screen. This is especially useful considering how complex most Onion URLs are.
- Up to 8 simultaneous device connections. You can protect your Tor activity on one device while streaming, gaming, or torrenting on other devices.
- Automatic obfuscation. This feature automatically kicks in when it detects VPN blocks (such as Deep Packet Inspection, or DPI). By making the VPN traffic look like a regular connection, it allows ExpressVPN to bypass tough firewalls and work in countries with strict censorship.
|Easy to use with Tor and surface web browsers
|11,683 servers in 100 countries
|Dark Web Mirror Download Site?
|Malicious content blocker, leak protection, and a built-in kill switch
CyberGhost’s app is very intuitive — great for VPN beginners. Connecting to a server and browsing Tor securely is easy. During my tests, I installed CyberGhost in under a minute and clicked Best Location. Within seconds, I had a secure connection for browsing the deep web.
The VPN has highly secure NoSpy servers in its Romanian headquarters (outside the 5/9/14 Eyes). They cost less than a dollar extra per month, but are worth it for the extra privacy. Only CyberGhost employees can access them, reducing the risk of third-party tampering. CyberGhost also adheres to a strict no-logs policy, independently audited by Deloitte in 2022.
You can choose between IKEv2, OpenVPN, and WireGuard protocols. My recommendation for Tor on desktop computers is WireGuard. It's one of the fastest protocols and it’s open-source, so it's continuously scrutinized for vulnerabilities. However, IKEv2 is good for mobile devices because it’s good at switching data sources when browsing Tor on the move.
Like ExpressVPN, the subscriptions can get a bit expensive. Especially for monthly plans, which only have a 14-day refund period. That said, CyberGhost’s long-term plans let you try it without risk as they have a 45-day money-back guarantee.
- Auto-Protect. You can set CyberGhost to automatically launch on unknown networks. This gives you additional protection on public WiFi, which is usually unsecured and vulnerable to hackers.
- Decent nearby speeds. I got 3Mbps on Tor from local servers with CyberGhost. Speeds were less impressive from faraway servers, but there’s no need to connect to those with Tor anyway.
- Block Content. This feature blocks troublesome ads, malware, and trackers that can be used to monitor your movements around the dark web.
- Anonymous ID. CyberGhost issues you an anonymous ID when you sign up, so your Tor browsing can’t be traced back to you.
|Protect your devices from malware that’s rife on the dark web
|29,650 servers in 91 countries
|Dark Web Mirror Download Site?
|128-bit AES or 256-bit AES encryption, leak protection
Private Internet Access (PIA) has a built-in ad/tracker/malware blocker. During my tests, I enabled MACE with 1 click in its Quick Settings. It warns you if you’re about to click on malicious links that risk infecting your device and blocks annoying pop-ups. It’s good at blocking ads on regular websites too.
There's a broad range of choices available to tailor your security on Tor. You're able to select from OpenVPN and WireGuard protocols, in addition to setting your desired encryption level (either 128-bit or 256-bit AES encryption). This provides the ability to strike a balance between security and speed. Additionally, there are two options for the kill switch. The Advanced Kill Switch safeguards against data leaks, even when you deactivate the VPN.
The multitude of security settings can be somewhat daunting if you're unfamiliar with using a VPN. However, the pre-configured settings are generally adequate for safe Tor usage, minimizing the need for extensive setup. For optimal security while browsing the dark web, I would suggest opting for 256-bit AES encryption.
All plans include PIA's 30-day money-back guarantee. I tested the policy myself and had no issue getting a refund.
- Unlimited device connections. Unlike most VPNs, PIA offers unlimited connections on a single account. That means other people in your household can use the VPN while you browse Tor.
- Massive server network. PIA offers 29,650 servers in 91 countries, so it’s easy to find a speedy nearby connection for browsing Tor.
- Verified no-logs policy. PIA is based in the US but its no-logs policy has been verified in court. When government agencies demanded user data on multiple occasions, there was nothing to hand over.
How to Use Tor With a VPN
A highly secure VPN can enhance safety when using The Onion Router. There are 2 different ways you can use a VPN with Tor — each offering differing security benefits:
Tor Over VPN
The safest method is to connect to your VPN before opening Tor Browser. This protects your data as it travels through each node — most importantly, the entry and exit nodes. What's more, it hides your real IP address from Tor and prevents your ISP from seeing that you’re using the browser.
If your VPN lacks key security features, this method might not work as well. A kill switch is vital to avoid data leakage to harmful exit nodes when a connection fails. Moreover, it's imperative for your VPN to follow a strict no-logs policy to prevent documenting your Tor usage.
VPN Over Tor
The second method is performed in the opposite order — by connecting to Tor before your VPN. This option is a bit more complicated since it requires that you manually configure your VPN to Tor. It offers you some security by concealing traffic from Tor's exit nodes.
That said, using a VPN over Tor does present some vulnerabilities and limitations. For instance, your ISP can still see you're using Tor and you won’t be able to visit Onion sites. Using a VPN over Tor just allows you to access surface websites with added privacy.
For this method to work efficiently, the VPN used should support Tor and strictly follow a no-logs policy. Yet, because of the somewhat diminished security this technique provides, most VPNs, including the ones referenced, don't support VPN over Tor.
Additional Tips for Staying Safe on Tor
Although Tor is designed to offer privacy, it does have its vulnerabilities. This is why I recommend taking the following precautions to give you maximum security while using the browser.
- Only download Tor from its official site. There have been cases of hackers creating entirely fake Tor mirror sites that infect your device with malware should you accidentally download it. That's why it's advised to never download Tor from a third-party website.
- Get antivirus and antimalware software. This keeps your devices safe from cyber threats. Remember to keep up with updates to avoid the latest hacks and viruses.
- Use a security-focused OS. TAILS is one example — I recommend running it from a removable drive. This way, hackers will have difficulty identifying your computer on the Tor network. Other private OSs include Qube, Whonix, and ZeusGuard.
- Use a reputable dark web search engine. Some search engines index Onion sites, so you can use these to find and research dark websites before visiting them. Some reputable search engines include DuckDuckGo and Ahmia.
- Verify every Onion URL you use. The dark web is full of realistic clone sites full of cyber threats. Don’t use URLs that you source from social media or forums; a reputable dark web search engine helps you find genuine sites. You can store trusted sites in an encrypted notebook (for example, Turtl). Tor also has a Bookmarks feature.
- Avoid HTTP sites. Tor doesn't encrypt these sites since they're out of its network. So unless you're connected to a VPN when you visit HTTP sites, your personal data is exposed as it passes through Tor's exit nodes. HTTPS sites that use end-to-end encryption (via TLS or SSL) are safe to visit, though.
- Update your device and browser. Running the most up-to-date software helps prevent bugs and vulnerabilities from compromising your online safety.
- Disable location tracking. Disabling any location-tracking functionality on your device helps to keep your identity hidden.
- Avoid plug-ins. Add-ons and browser extensions can lead to tracking through browser fingerprinting. Tor automatically blocks some plug-ins (like Flash, RealPlayer, and Quicktime) as they’ve been manipulated to get users’ real IP addresses in the past.
- Don’t change the size of your Tor window. This can lead to someone tracking you through browser fingerprinting.
- Cover your camera and microphone. This prevents cybercriminals from collecting recordings of you if they hijack your device. It may seem excessive, but hacking cameras is worryingly easy.
- Be mindful of what you open. Don’t click on pop-ups or suspicious requests. If you download a file from the dark web, disable the internet before opening it (to avoid leaking your actual IP address).
- Use cryptocurrency. Crypto offers an extra layer of anonymity and security when you make purchases on the dark web.
- Close all apps on your device, like banking or streaming apps. This way, there’s no chance of prying eyes seeing your personal information through these sources.
How to Install Tor Browser on Your Devices
I recommend only installing Tor Browser from its official website for safety purposes. Tor isn’t available for iOS, but you can find the open-source Onion Browser (powered by Tor) in the App Store.
Before downloading and using Tor, I also recommend installing and connecting to a reliable Tor VPN like ExpressVPN. It doesn’t matter which server you choose as Tor reroutes your traffic anyway. Most VPNs will recommend the fastest server for your location.
Download Tor on Windows & Mac
The process of setting up Tor on Windows and Mac is largely alike, with the only variations being in the way you interact with the respective operating systems. Below are the instructions for installing Tor on a Windows machine.
- Download Tor. Go to the download page and select the appropriate installer.
- Open the installation file. Pick a language and follow the installation wizard.
- Finish the installation. If you're using Mac, the wizard will instruct you to drag the Tor icon into your Applications folder.
- Connect or configure Tor. If you’re browsing in a restrictive network or location, click Configure. It will ask you if Tor is censored in your location or if you’re using a proxy — then it will help you configure a pluggable transport.
Download Tor on Android
- Visit Tor's official site. Using your Android device, navigate to Tor's official site. Go to the Downloads page and click Download for Android.
- Follow the prompts to install. Click Go to Google Play, then Install to begin downloading the app to your device.
- Connect to Tor. Start browsing The Onion Router safely.
Download Tor on Linux
- Download the Tor launcher. Navigate to the Tor download page on FlatHub and download the launcher for Linux.
- Install the file. Find the downloads folder (or whichever location you saved the Tor Launcher) and open the file.
- Connect or configure Tor. Click Launch to start Tor, then Connect or Configure. If you’re browsing from a network that blocks Tor, choose Configure. This will ask you if Tor is censored in your location or if you’re using a proxy — then it will help you configure a pluggable transport. If not, you can immediately select Connect to begin browsing.
FAQs on How to Use Tor Safely
Is Tor illegal?
Not in most countries, as long as it’s not used for illegal activity. While Tor isn’t banned in most places, it can be used for accessing the dark web (which features unlawful content such as drugs, weapons, and disturbing pornography).
That said, the browser is completely illegal and is blocked in other locations like Russia, China, the UAE, Turkey, Iran, and Belarus. But some reputable VPNs are packed with advanced security features that help them overcome tough firewalls, so they can still access Tor in countries with strict censorship.
Additionally, Tor bridges can be used to overcome censorship. These are relay (or middle) nodes that aren't listed in Tor's directory, so they're harder for governmental authorities to identify and block. I can't recommend using these without the protection of a VPN — bridges are run by volunteers, just like any other node. You never know if the user behind the bridge has malicious intentions.
Is it safe to download Tor?
Yes, Tor Browser is safe to download. However, it's not entirely private — your ISP can still see you're using Tor’s site. So it's recommended to download and use Tor while connected to a VPN to give you more privacy.
Although, you should never download Tor from a third-party site. There are many fakes with malicious links that can compromise your device and its data — so always use the official Tor site.
Can Tor be traced or hacked?
It's difficult, but it’s possible. To ensure your safety, you should take additional precautions like using a VPN while browsing Tor.
Hackers have managed to compromise the network in the past, to spy on users' browsing or even gain control of their devices. They do this by setting up rogue Tor nodes, which can intercept traffic and inject malware into user devices.
Using a VPN with a malware blocker can help protect you from these attacks. A good blocker will scan all incoming traffic for malware and other malicious activity, blocking anything that looks suspicious before it reaches your device. This means that, even if a hacker does manage to compromise a Tor node, your VPN should still protect you.
What’s the difference between the deep web and the dark web?
The deep web refers to any content on the internet that search engines don’t index. This includes online banking systems, private company databases, social media profiles, unlisted sites, etc. While this content isn’t accessible through a search engine, it’s not inherently dangerous and you can access it with a regular browser.
The dark web refers to a specific part of the deep web that is intentionally hidden and only accessible with browsers like Tor. While not all content on the dark web is illegal or harmful, it’s generally considered a shady space that you should approach with caution. That’s why it’s recommended to use a VPN on the dark web.
Is Tor a VPN?
Tor and VPNs both offer online privacy but they’re not the same. Tor is a free and open-source software that lets you browse the internet anonymously by encrypting and routing your traffic through a series of nodes or relays, making it difficult for anyone to track your online activities. A VPN encrypts your internet traffic to hide your data and routes it through a remote server, so you appear to be browsing from a different location.
Are there any alternatives to Tor and the Onion network?
If you have concerns about the potential risks of Tor or find the network slow and unreliable, there are other alternatives:
- I2P — this is a free and open-source anonymous network. Like Tor, I2P uses a series of nodes to route internet traffic — allowing you to browse the internet and communicate anonymously. However, unlike Tor, I2P allows for anonymous file sharing and messaging, making it a more comprehensive privacy tool.
- Freenet — a decentralized anonymous network. It operates by distributing data across a network of computers, making it almost impossible to trace the origin of a file or message. While not as user-friendly as other options, it’s a powerful tool for privacy.
- GNUnet — this is a decentralized network protocol stack. It offers features like encryption, peer discovery, and resource allocation, and is free to use and modify. It's available for Windows, Mac OS X, GNU/Linux and Solaris. Like Tor, it still has its vulnerabilities when it comes to the users' intentions behind each node.
Use Tor Safely Today
Even though The Onion Router provides you with a decent level of privacy, you're still at risk whenever you access the dark web using it. To keep you safe from various cyberthreats, I strongly recommend using a VPN with the Tor Browser. This ensures that your traffic is encrypted from the beginning to the end of your browsing sessions. Plus, it hides your Tor activity and IP from any third parties that may try to spy on you.
The best VPN for accessing Tor safely is ExpressVPN. It has the fastest speeds of any VPN I tested, minimizing Tor speed loss. Plus, its security features give you protection against the threats of the dark web. You can even try Express risk-free with a 30-day money-back guarantee. It’s easy to get a refund if you’re not satisfied.
To summarize, these are the best VPNs for Tor...
Your data is exposed to the websites you visit!
Your IP Address:
Your Internet Provider:
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.