Tor (network)

encryption network
print Print
Please select which sections you would like to print:
verifiedCite
While every effort has been made to follow citation style rules, there may be some discrepancies. Please refer to the appropriate style manual or other sources if you have any questions.
Select Citation Style
Feedback
Corrections? Updates? Omissions? Let us know if you have suggestions to improve this article (requires login).
Thank you for your feedback

Our editors will review what you’ve submitted and determine whether to revise the article.

Also known as: The Onion Router
Acronym for:
The Onion Router
Top Questions

What is Tor and why is it called “The Onion Router”?

Who benefits from using Tor?

How does Tor ensure user anonymity?

What are some legitimate and controversial uses of Tor?

What challenges does Tor face regarding legal accountability?

Tor (network), a free software platform designed to protect users’ identities while they are browsing the Internet and exchanging messages. Tor is widely called the largest anonymity network. The platform benefits members of the general public who strive for a higher level of privacy on the Internet, but it also appeals to dissidents, human rights activists, whistleblowers, activist groups, journalists, law enforcement agencies, as well as criminals, all of whom benefit from secret means of communication.

Although the network does not guarantee privacy, it makes tracking a person’s online activity very difficult, giving users an added level of comfort. According to Tor, on average about 2.6 million “clients” (users) directly connect to its network each day.

How Tor works

The Tor platform uses an open-source browser that routes data through an encrypted communications stack that resembles the layers of an onion. This is how the network derived its name. It relies on a technique called “onion routing” to establish anonymous communication over the public Internet. Routing involves numerous layers of infrastructure and protocols, including several layers of encryption that relay data through a series of nodes, each of which plays a role in decrypting only a layer of the original message. When the message reaches the final node, it once again appears complete.

Because each node in the intentionally decentralized Tor network is connected only to the preceding and following nodes in the path (except for the first and last nodes), removing only enough layers of encryption to know which preceding node the data came from and which node to send the data to next, the message and the sender remain anonymous. The Onion Internet Protocol address (.onion) also replaces the actual IP address of the sender’s computer, meaning the physical location of the sender is also masked. Only the first and last nodes can reveal the identity of the sender and the content of the message. There are some 6,500 nodes in this free, volunteer system of relays; these nodes, and the community of volunteer relays and their computers (running a server application) that operate them, make up the Tor network. As conventional browsers cannot display .onion addresses without considerable modifications, Tor clients are also encouraged to use the Tor Browser, a version of Firefox. Tor claims that it is the best browser for its network for ensuring the greatest possible anonymity.

The enhanced security and anonymity provided by Tor does come at a cost to the end user. Browsing via Tor is significantly slower than navigating the Web with a standard browser. A direct “handshake” between a typical browser and a website might allow a Web page to load in a second or two, but the completion of a Tor circuit (the resolution of at least three relay nodes) typically takes much longer. This can make it difficult to view certain kinds of content, particularly streaming audio and video.

The history of Tor

The United States Naval Research Laboratory developed the technological framework for Tor in the mid-1990s. It later released the code for free public use. The Onion Routing project, which became Tor, introduced a publicly available version of the software in 2003. Three years later, a not-for-profit research education organization, The Tor Project, was established to manage the network.

According to Tor, its mission is:

to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies. People use our technology…in diverse ways. Tor is used by whistleblowers who need a safe way to bring to light information about wrongdoing—information that is crucial for society to know—without sharing their identity. Tor is used by activists around the world who are fighting against authoritarian governments and to defend human rights, not only for their safety and anonymity, but also to circumvent Internet censorship so their voices can be heard.

The organization is headquartered in Seattle. It receives donations from the public, as well as funding from the U.S. government and assorted human rights organizations.

Controversy about Tor and the dark web

While Tor is used for legitimate purposes—including sensitive communications and investigations conducted by law enforcement agencies—it has also become a tool for distributing malware, anonymously defaming and stalking individuals, disseminating illegal sexual content, money laundering, exchanging stolen data and goods, and facilitating the market in illicit firearms, drugs, chemical weapons, and other substances. Such cybercrime is part of the dark web, facilitated via the darknet, which is a very small part of the Internet that is not visible to search engines and ordinary Web browsers.

Yet, according to researchers at Virginia Tech , only about 6.7 percent of Tor users connect to its services for malicious purposes, and the majority of these users tend to be in countries widely considered “free.” On the other hand, the free-speech value of the network seems most pronounced in “non-free” countries. Without the network, for instance, dissidents in authoritarian countries that censor news and information—such as Russia, China, Myanmar, and Iran—would find it difficult, if not impossible, to report safely on national events. Although many of these countries have banned Tor, their citizens continue to access the network through proxies to disseminate news to the outside world.

Another problem is balancing freedom with legal accountability. Tor volunteers have been subjected to legal inquiries and investigations, including cases tied to child sexual abuse material (CSAM). Because volunteers host the Tor system, clients using the network can pass illicit materials through these volunteer relays without the volunteers’ knowledge. This has led authorities to confiscate computers of volunteers who simply host Tor nodes; some of the nodes have also been shut down. Privacy advocates have come to the defense of these volunteers, pointing out that Internet providers and telephone companies are not held accountable for how criminals use their networks.

The most notorious case of illegality tied to Tor occurred in 2013, when the FBI shut down the Silk Road, a dark web marketplace on the Tor network that dealt in drugs, guns, fake credit cards, pirated software, and CSAM; moreover, payments in the marketplace used cryptocurrency, adding yet another level of anonymity for its users. In 2015 Silk Road’s founder, Ross Ulbricht (an American libertarian who used the pseudonym “Dread Pirate Roberts,” a name taken from the novel and movie The Princess Bride), was sentenced to life in prison with no chance for parole.

Also in 2013, American intelligence contractor Edward Snowden illegally collected and leaked highly classified documents proving the existence of secret information-gathering programs conducted by the National Security Agency (NSA). He is widely considered to be Tor’s most famous user, which the company has taken great pride in. In a posting titled “Thank you, Edward Snowden,” the Tor Blog wrote: “Snowden bravely blew the whistle on the mass surveillance undertaken by the United States government, and his revelations have informed the public of widespread privacy abuses taking place and helped people understand the urgency of taking back the internet.”

Attacks on Tor

Tor has been the target of numerous cyberattacks. The purposes of the attacks vary. Some are aimed at interfering with the functionality of the network, others attempt to eavesdrop on individuals and their private communications, while still others map and chronicle client activities for the purpose of exposing (“de-anonymizing”) the user. Because Tor is operated by volunteers and no background check is required to set up a Tor node, bad actors have sometimes set up nodes (especially entry and exit nodes where the message is readable) specifically to attack the network and unmask users and their activities and communications. In 2021 a security analysis of Tor relays determined that more than a quarter of exit nodes had been compromised by a malicious actor.

Samuel Greengard