What Is Tor Browser

How Tor Browser Differs from Standard Browsers

Standard browsers establish direct TCP connections between the user's IP address and the destination server. Every hop in that path (ISP, DNS resolver, destination) can observe the connection metadata. Tor Browser eliminates this by constructing a three-relay circuit where no single relay knows both the source and destination.

The first relay (guard node) knows the user's IP but not the destination. The middle relay knows neither. The exit relay (or rendezvous point for onion services) knows the destination but not the user's IP. This compartmentalization is the core privacy guarantee. It holds as long as no single entity controls all three relays simultaneously.

Tor Browser also isolates browsing state per tab. Cookies, cache, and authentication tokens from one site cannot leak to another. When the browser closes, all state is wiped. This is not how Chrome or Firefox behaves by default, where persistent cookies and cross-site tracking are standard unless manually configured otherwise.

Tor Browser Download and Installation

The only safe source for tor browser download is the Tor Project's website. Third-party download sites, even well-known software aggregators, have historically served modified builds with backdoors. The Tor Project signs each release with their GPG key, and verifying that signature before running the installer is a step worth the 30 seconds it takes.

Installation is straightforward on Windows, macOS, and Linux. The browser runs as a standalone application — no system-level installation required. Extract the archive, launch the executable, and the browser connects to the Tor network automatically. On restrictive networks that block direct Tor connections, the browser includes bridge support: obfuscated relays that disguise Tor traffic as ordinary HTTPS.

Android users have Tor Browser available through the Google Play Store and the Tor Project's F-Droid repository. iOS does not have an official Tor Browser build. The Tor Project recommends Onion Browser for iOS, though it carries caveats around WebKit's forced use on Apple platforms that limit its isolation guarantees.

How to Use Tor Browser Securely

Security settings in Tor Browser operate on three levels: Standard, Safer, and Safest. The Safest setting disables JavaScript entirely, removing the largest single attack surface for deanonymization exploits. Most .onion services function without JavaScript. The ones that require it should be treated with additional scrutiny.

Avoid maximizing the browser window. Window size is a fingerprinting vector — Tor Browser defaults to a standardized viewport to make all users look identical. Resizing defeats this. Similarly, do not install additional extensions. Each extension adds unique behavior that distinguishes the browser instance from the default Tor Browser fingerprint.

DNS leaks are a non-issue in Tor Browser because it routes DNS through the Tor circuit rather than the system resolver. But WebRTC leaks, which can expose the local IP address through STUN requests, are blocked at the browser level. This protection exists only in Tor Browser's configuration. Running Tor as a SOCKS proxy through a standard browser does not disable WebRTC by default.

Tor Browser for Privacy: Capabilities and Limits

Tor Browser for privacy protects against network-level surveillance: ISP monitoring, local network sniffing, and destination-side IP logging. What it does not protect against is application-layer compromise. If a site serves a JavaScript exploit that escapes the browser sandbox, the user's actual IP can be exposed regardless of Tor routing.

The 2013 Freedom Hosting compromise demonstrated this boundary clearly. The FBI deployed a JavaScript exploit targeting Firefox 17 ESR (the base for Tor Browser at the time) to deanonymize users. The exploit worked because users had JavaScript enabled. On the Safest security setting, the exploit would have been inert.

Behavioral deanonymization is another boundary Tor Browser cannot address. Logging into a personal email account over Tor, then browsing other sites in the same session, creates a correlation opportunity. Tor protects the network path. It cannot protect against a user voluntarily identifying themselves at one end of the circuit.

For a deeper understanding of the relay architecture that makes these privacy guarantees possible, see how onion routing works. For verification of .onion addresses accessed through Tor Browser, the PGP verification guide covers the full cryptographic confirmation process.

Tor Browser Connection Troubleshooting

Circuit establishment failures fall into three categories: network censorship blocking Tor, relay congestion causing timeouts, and local firewall interference.

Bridges solve the censorship problem. Tor Browser includes built-in bridge types (obfs4, Snowflake, meek-azure) that disguise Tor traffic patterns. Snowflake routes connections through volunteer browser proxies and is the hardest to block at the national-firewall level. China, Iran, and Russia have all deployed deep packet inspection to block standard Tor connections, but obfs4 and Snowflake circumvention rates remain high as of 2026 according to the Tor Project's metrics data.

Relay congestion is visible through slow circuit build times (over 10 seconds) or frequent timeout errors. The fix is usually patience — request a new circuit (Ctrl+Shift+L) and the browser builds a fresh path through less congested relays. Persistent congestion affecting all circuits may indicate a guard node under heavy load; restarting the browser forces a new guard selection after the 2-3 month rotation interval expires.

Local firewalls blocking outbound connections on non-standard ports affect Tor because guard nodes listen on varied ports. Configuring Tor Browser to use bridges on port 443 (the standard HTTPS port) bypasses most corporate and institutional firewalls.