Search securely with DuckDuckGo.
What is Tor?
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
What is Tor Browser?
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
Tor Browser lets you use Tor on Microsoft Windows, Apple MacOS, or GNU/Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable).
Why Anonymity Matters
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.
You need to change some of your habits, as some things won’t work exactly as you are used to.
- Use Tor BrowserTor does not protect all of your computer’s Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser. It is pre-configured to protect your privacy and anonymity on the web as long as you’re browsing with Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.
- Don’t torrent over TorTorrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that’s how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.
- Don’t enable or install browser pluginsTor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy.
- Use HTTPS versions of websitesTor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website. Also see EFF’s interactive page explaining how Tor and HTTPS relate.
- Don’t open documents downloaded through Tor while onlineTor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files, unless you use the PDF viewer that’s built into Tor Browser) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.
- Use bridges and/or find companyTor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you’re using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!
Be smart and learn more. Understand what Tor does and does not offer. This list of pitfalls isn’t complete, and we need your help identifying and documenting all the issues.
Who Uses Tor?
Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by the military, journalists, law enforcement officers, activists, and many others. Here are some of the specific uses we’ve seen or recommend.
We need your good Tor stories! What do you use Tor for? Why do you need it? What has Tor done for you? We need your stories.
- They protect their privacy from unscrupulous marketers and identity thieves. Internet Service Providers (ISPs) sell your Internet browsing records to marketers or anyone else willing to pay for it. ISPs typically say that they anonymize the data by not providing personally identifiable information, but this has proven incorrect. A full record of every site you visit, the text of every search you perform, and potentially userid and even password information can still be part of this data. In addition to your ISP, the websites (and search engines) you visit have their own logs, containing the same or more information.
- They protect their communications from irresponsible corporations. All over the Internet, Tor is being recommended to people newly concerned about their privacy in the face of increasing breaches and betrayals of private data. From lost backup tapes, to giving away the data to researchers, your data is often not well protected by those you are supposed to trust to keep it safe.
- They protect their children online. You’ve told your kids they shouldn’t share personally identifying information online, but they may be sharing their location simply by not concealing their IP address. Increasingly, IP addresses can be literally mapped to a city or even street location, and can reveal other information about how you are connecting to the Internet. In the United States, the government is pushing to make this mapping increasingly precise.
- They research sensitive topics. There’s a wealth of information available online. But perhaps in your country, access to information on AIDS, birth control, Tibetan culture, or world religions is behind a national firewall.
- They skirt surveillance. Even harmless web browsing can sometimes raise red flags for suspicious observers. Using Tor protects your privacy by making it extremely dificult for an observer to correlate the sites you visit with your physical-world identity.
- They circumvent censorship. If you live in a country that has ever blocked Facebook or Youtube, you might need to use Tor to get basic internet functionality.
- Reporters without Borders tracks Internet prisoners of conscience and jailed or harmed journalists all over the world. They advise journalists, sources, bloggers, and dissidents to use Tor to ensure their privacy and safety.
- Tor is part of SecureDrop, an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. Many news organizations use SecureDrop, including the Associated Press, The Washington Post, The New York Times, The CBC, ProPublica, Dagbladet, and more.
- Tor preserves the ability of people behind national firewalls or under the surveillance of repressive regimes to obtain a global perspective on controversial topics including democracy, economics and religion.
- Citizen journalists in China use Tor to write about local events to encourage social change and political reform.
- Citizens and journalists in Internet black holes use Tor to research state propaganda and opposing viewpoints, to file stories with non-State controlled media, and to avoid risking the personal consequences of intellectual curiosity.
- Online surveillance: Tor allows officials to surf questionable web sites and services without leaving tell-tale tracks. If the system administrator of an illegal gambling site, for example, were to see multiple connections from government or law enforcement IP addresses in usage logs, investigations may be hampered.
- Sting operations: Similarly, anonymity allows law officers to engage in online “undercover ” operations. Regardless of how good an undercover officer’s “street cred” may be, if the communications include IP ranges from police addresses, the cover is blown.
- Truly anonymous tip lines: While online anonymous tip lines are popular, without anonymity software, they are far less useful. Sophisticated sources understand that although a name or email address is not attached to information, server logs can identify them very quickly. As a result, tip line web sites that do not encourage anonymity are limiting the sources of their tips.
- Human rights activists use Tor to anonymously report abuses from danger zones. Internationally, labor rights workers use Tor and other forms of online and offline anonymity to organize workers in accordance with the Universal Declaration of Human Rights. Even though they are within the law, it does not mean they are safe. Tor provides the ability to avoid persecution while still raising a voice.
- When groups such as the Friends Service Committee and environmental groups are increasingly falling under surveillance in the United States under laws meant to protect against terrorism, many peaceful agents of change rely on Tor for basic privacy during legitimate activities.
- Human Rights Watch recommends Tor in their report, “ Race to the Bottom: Corporate Complicity in Chinese Internet Censorship.” The study co-author interviewed Roger Dingledine, Tor project leader, on Tor use. They cover Tor in the section on how to breach the “Great Firewall of China,” and recommend that human rights workers throughout the globe use Tor for “secure browsing and communications.”
- Tor has consulted with and volunteered help to Amnesty International’s past corporate responsibility campaign. See also their 2006 full report on China Internet issues.
- Global Voices recommends Tor, especially for anonymous blogging, throughout their web site.
- In the US, the Supreme Court recently stripped legal protections from government whistleblowers. But whistleblowers working for governmental transparency or corporate accountability can use Tor to seek justice without personal repercussions.
- A contact of ours who works with a public health nonprofit in Africa reports that his nonprofit must budget 10% to cover various sorts of corruption, mostly bribes and such. When that percentage rises steeply, not only can they not afford the money, but they can not afford to complain — this is the point at which open objection can become dangerous. So his nonprofit has been working to use Tor to safely whistleblow on government corruption in order to continue their work.
- At a recent conference, a Tor staffer ran into a woman who came from a “company town” in the eastern United States. She was attempting to blog anonymously to rally local residents to urge reform in the company that dominated the town’s economic and government affairs. She is fully cognizant that the kind of organizing she was doing could lead to harm or “fatal accidents.”
- In east Asia, some labor organizers use anonymity to reveal information regarding sweatshops that produce goods for western countries and to organize local labor.
- Tor can help activists avoid government or corporate censorship that hinders organization. In one such case, a Canadian ISP blocked access to a union website used by their own employees to help organize a strike.
- Does being in the public spotlight shut you off from having a private life, forever, online? A rural lawyer in a New England state keeps an anonymous blog because, with the diverse clientele at his prestigious law firm, his political beliefs are bound to offend someone. Yet, he doesn’t want to remain silent on issues he cares about. Tor helps him feel secure that he can express his opinion without consequences to his public role.
- People living in poverty often don’t participate fully in civil society — not out of ignorance or apathy, but out of fear. If something you write were to get back to your boss, would you lose your job? If your social worker read about your opinion of the system, would she treat you differently? Anonymity gives a voice to the voiceless. Although it’s often said that the poor do not use online access for civic engagement, failing to act in their self-interests, it is our hypothesis (based on personal conversations and anecdotal information) that it is precisely the “permanent record ” left online that keeps many of the poor from speaking out on the Internet. We hope to show people how to engage more safely online, and then at the end of the year, evaluate how online and offline civic engagement has changed, and how the population sees this continuing into the future.
- Security breach information clearinghouses: Say a financial institution participates in a security clearinghouse of information on Internet attacks. Such a repository requires members to report breaches to a central group, who correlates attacks to detect coordinated patterns and send out alerts. But if a specific bank in St. Louis is breached, they don’t want an attacker watching the incoming traffic to such a repository to be able to track where information is coming from. Even though every packet were encrypted, the IP address would betray the location of a compromised system. Tor allows such repositories of sensitive information to resist compromises.
- Seeing your competition as your market does: If you try to check out a competitor’s pricing, you may find no information or misleading information on their web site. This is because their web server may be keyed to detect connections from competitors, and block or spread disinformation to your staff. Tor allows a business to view their sector as the general public would view it.
- Keeping strategies confidential: An investment bank, for example, might not want industry snoopers to be able to track what web sites their analysts are watching. The strategic importance of traffic patterns, and the vulnerability of the surveillance of such data, is starting to be more widely recognized in several areas of the business world.
- Accountability: In an age when irresponsible and unreported corporate activity has undermined multi-billion dollar businesses, an executive exercising true stewardship wants the whole staff to feel free to disclose internal malfeasance. Tor facilitates internal accountability before it turns into whistleblowing.
- Frequently we hear about bloggers who are sued or fired for saying perfectly legal things online, in their blog.
- We recommend the EFF Legal Guide for Bloggers.
- Global Voices maintains a guide to anonymous blogging with WordPress and Tor.
- Field agents: It is not difficult for insurgents to monitor Internet traffic and discover all the hotels and other locations from which people are connecting to known military servers. Military field agents deployed away from home use Tor to mask the sites they are visiting, protecting military interests and operations, as well as protecting themselves from physical harm.
- Onion services: When the Internet was designed by DARPA, its primary purpose was to be able to facilitate distributed, robust communications in case of local strikes. However, some functions must be centralized, such as command and control sites. It’s the nature of the Internet protocols to reveal the geographic location of any server that is reachable online. Tor’s onion services capacity allows military command and control to be physically secure from discovery and takedown.
- Intelligence gathering: Military personnel need to use electronic resources run and monitored by insurgents. They do not want the webserver logs on an insurgent website to record a military address, thereby revealing the surveillance.
- To verify IP based firewall rules: A firewall may have some policies that only allow certain IP addresses or ranges. Tor can be used to verify those configurations by using an IP number outside of the company’s alloted IP block.
- To bypass their own security systems for sensitive professional activities: For instance, a company may have a strict policy regarding the material employees can view on the internet. A log review reveals a possible violation. Tor can be used to verify the information without an exception being put into corporate security systems.
- To connect back to deployed services: A network engineer can use Tor to remotely connect back to services, without the need for an external machine and user account, as part of operational testing.
- To access internet resources: Acceptable use policy for IT Staff and normal employees is usually different. Tor can allow unfettered access to the internet while leaving standard security policies in place.
- To work around ISP network outages: Sometimes when an ISP is having routing or DNS problems, Tor can make internet resources available, when the actual ISP is malfunctioning. This can be invaluable in crisis situations.
Please do send us your success stories. They are very important because Tor provides anonymity. While it is thrilling to speculate about undesired effects of Tor, when it succeeds, nobody notices. This is great for users, but not so good for us, since publishing success stories about how people or organizations are staying anonymous could be counterproductive. For example, we talked to an FBI officer who explained that he uses Tor every day for his work — but he quickly followed up with a request not to provide details or mention his name.
Like any technology, from pencils to cellphones, anonymity can be used for both good and bad. You have probably seen some of the vigorous debate (pro, con, and academic) over anonymity. The Tor project is based on the belief that anonymity is not just a good idea some of the time — it is a requirement for a free and functioning society. The EFF maintains a good overview of how anonymity was crucial to the founding of the United States. Anonymity is recognized by US courts as a fundamental and important right. In fact, governments mandate anonymity in many cases themselves: police tip lines, some adoption services, police officer identities, and so forth. It would be impossible to rehash the entire anonymity debate here — it is too large an issue with too many nuances, and there are plenty of other places where this information can be found. We do have a Tor abuse page describing some of the possible abuse cases for Tor, but suffice it to say that if you want to abuse the system, you’ll either find it mostly closed for your purposes (e.g. the majority of Tor relays do not support SMTP in order to prevent anonymous email spamming), or if you’re one of the Four Horsemen of the Information Apocalypse, you have better options than Tor. While not dismissing the potential abuses of Tor, this page shows a few of the many important ways anonymity is used online today.