What Is Tor? The Onion Router Demystified

Tor (The Onion Router) is a free, open-source network that anonymizes your internet traffic by routing it through three volunteer-operated relays, each peeling away one layer of encryption. No single relay knows both who you are and what you’re accessing. The entry relay knows your IP but not your destination. The exit relay knows your destination but not your IP. The middle relay knows neither. This layered encryption approach, resembling the layers of an onion, provides the strongest practical anonymity available for everyday internet use.

How Tor Works

When you connect through Tor, your traffic follows this path:

Circuit Construction

Your Tor client selects three relays from the roughly 6,000 to 7,000 active Tor relays worldwide
It builds a “circuit” through them: Guard (entry) → Middle → Exit
Three layers of encryption are applied, one for each relay

Sending Traffic

Your request is encrypted three times (like layers of an onion)
Guard relay receives it, strips the outer encryption layer. Sees your real IP, knows the middle relay’s address, but can’t read the payload
Middle relay strips the second layer. Knows the guard and exit relay addresses, but not your IP or destination
Exit relay strips the final layer. Sees the destination (e.g., wikipedia.org) and the request content, but doesn’t know who sent it

The Key Insight

No single relay has enough information to identify both the user and the destination. The guard knows who but not what. The exit knows what but not who. The middle knows neither.

Who Uses Tor (And Why)

Journalists: Communicating with sources in dangerous regions without revealing either party’s identity or location. The New York Times, The Guardian, and ProPublica all run Tor onion services for secure tip submission.

Activists and dissidents: In countries with oppressive governments, Tor enables access to censored information and secure communication without risking arrest.

Privacy-conscious individuals: People who want to browse without being tracked by advertisers, ISPs, or data brokers.

Law enforcement: Paradoxically, police and intelligence agencies use Tor for undercover operations, protecting the identity of agents and sources.

Whistleblowers: SecureDrop (used by dozens of news organizations) runs over Tor to protect the identity of people submitting sensitive documents.

The military: Tor was originally developed by the US Naval Research Laboratory. Military and intelligence personnel use it for secure communications.

Tor is not “the criminal internet.” The vast majority of Tor traffic is regular browsing from people who value their privacy. But yes, the dark web exists on Tor, and yes, illegal marketplaces operate there. That’s a consequence of strong anonymity, not the purpose of it.

.onion Sites (The Dark Web)

Standard websites are accessible through Tor by using the exit relay. But Tor also supports “.onion” sites, which exist entirely within the Tor network. These sites:

Have addresses like 3g2upl4pq6kufc4m.onion (random-looking but cryptographically derived)
Are not indexed by Google or standard search engines
Don’t use the regular DNS system
Provide end-to-end encryption within Tor (no exit relay involved)
Offer anonymity for both the visitor and the server operator

Notable .onion sites include DuckDuckGo, Facebook (yes, really), The New York Times, BBC News, and ProPublica. These organizations run onion versions to ensure accessibility for users in censored regions.

Tor’s Limitations

Speed: Three relay hops plus encryption/decryption at each step means significantly slower connections than direct browsing or VPNs.

Exit relay vulnerability: The exit relay sees unencrypted traffic (if the destination isn’t HTTPS). Malicious exit relays can snoop on unencrypted data. Always use HTTPS through Tor.

Browser fingerprinting: The Tor Browser (a modified Firefox) is designed to make all Tor users look identical. But if you resize the window, install plugins, or enable JavaScript on certain sites, you may become identifiable.

Traffic correlation: A powerful adversary that can monitor both your connection to the guard relay and the exit relay’s connection to the destination could theoretically correlate the traffic patterns. This requires monitoring a significant portion of internet infrastructure, so it’s mainly a concern against nation-state adversaries.

You are the weakest link: Tor protects your network identity, but logging into your real-name accounts, revealing personal information, or downloading files that beacon your real IP all defeat its purpose.

Tor vs VPN

Feature	Tor	VPN
Speed	Slow (3 relay hops)	Fast to moderate
Anonymity	Strongest available	Good but trust the provider
Encryption	Three layers	One layer
Trust model	No single entity sees everything	VPN provider sees everything
Cost	Free	$3 to $12/month
Use case	Maximum anonymity	Everyday privacy + geo-shifting
Streaming	Impractical (too slow)	Works well

For most everyday privacy needs, a VPN is sufficient and more practical. Tor is for situations where you need genuine anonymity and are willing to accept the speed tradeoff.

Test It Yourself

Check Your IP

Visit through Tor and see a Tor exit relay's IP instead of yours.

Open Tool →

Frequently Asked Questions

In most countries, no. Using Tor is legal in the US, EU, and most other countries. What you do through Tor is subject to the same laws as any other internet activity. Some authoritarian regimes have attempted to block Tor, but using it isn't generally criminalized even there.

In theory, it's extremely difficult. No single node knows both who you are and what you're accessing. However, powerful adversaries (nation-states) with the ability to monitor large portions of internet traffic (traffic correlation attacks) have occasionally de-anonymized Tor users. For everyday privacy, Tor is very effective.

Compared to direct connections or VPNs, yes. Your traffic bounces through three relays volunteer-operated around the world. Each hop adds latency. Typical Tor speeds are 2 to 5 Mbps and latency can be 200 to 500ms. Fine for browsing text-heavy content, painful for streaming video.