Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.

Is the Tor Browser Safe to Use?

Updated Nov 6, 2023

Callum Tennent oversees how we test and review VPN services. He's a member of the IAPP, and his VPN advice has featured in Forbes and the Internet Society.

Fact-checked by Simon Migliano

Our Verdict

When handled with caution, the Tor Browser is safe and legal to use on Windows, macOS, and Android devices in most countries. Tor provides more anonymity than a regular web browser by hiding your IP address and passing your web traffic through three layers of encryption. However, Tor is not completely secure. Using it can put you at risk of data leaks, spying, and man-in-the-middle attacks via malicious exit nodes.

Tor is a free, volunteer-run system designed to conceal your identity, location, and online activity from tracking or surveillance.

Tor is most commonly accessed through the Tor Browser: a free, open-source application based on Mozilla Firefox. The Tor Browser works by routing your traffic through three random nodes; the guard node, the middle node and the exit node.

A layer of encryption is added for each of the nodes your traffic passes through, ending at the last node. At the exit node point, your traffic is fully decrypted and sent to its destination.

When Tor is used correctly, it can be an excellent tool for protecting your privacy. However, despite its focus on anonymity, using Tor comes with some risks to your security and safety. In this guide, we’ll explain these safety risks and teach you how to use Tor safely.

Summary: Is The Tor Browser Safe?

Tor routes your web traffic through a network of randomized servers and protects it with three layers of encryption. This hides your IP address from the websites you visit and prevents your ISP (Internet Service Provider) from monitoring your activity.
While your browsing data is anonymous, it is not private. Tor’s guard node can see your public IP address but not your activity. Tor’s exit node can see your activity but not your IP address.
Your web traffic is fully decrypted and visible at the exit node, although it is not traceable to your identity. This means you are at risk of surveillance or malware injection via malicious exit nodes.
There is some evidence that Tor users can be de-anonymized by US law enforcement agencies and academic researchers.
Tor can be complicated to use and set up, which means it is easy to reveal your true identity through data leaks or behaviour that might reveal personal information.
Tor is legal in most countries, though the use of the Tor browser can mark you for surveillance by government authorities due to its ability to access hidden .onion domains.

EXPERT TIP: A simple way to protect your Tor traffic is to use a trusted VPN service, which adds an additional layer of encryption to your connection and acts as a firewall to some types of malware. We recommend NordVPN which offers a 30-day money back guarantee.

Is The Tor Browser Safe? (Security & Privacy Vulnerabilities)

Tor is safe to download and operate if you’re an advanced user and it’s absolutely necessary. However, it’s not 100% secure.

There are significant vulnerabilities that can put your safety and privacy at risk, and these risks often outweigh the browser’s benefits for most people.

The different devices the Tor Browser is available on.

The Tor Browser is available on Windows, macOS, Linux, and Android.

If you’re a casual user, we recommend combining a safe private browser with a top-rated VPN service, instead.

In the table below, we summarize the strengths and weaknesses of the Tor browser when it comes to safety:

Pros	Cons
Three layers of encryption shield your activity from tracking and surveillance by your ISP	Traffic at the exit node is exposed to surveillance and man-in-the-middle attacks
The websites you visit cannot see your public IP address or location	Data leaks can easily reveal identifying information
Tor is decentralised, so users do not have to trust a private VPN service	There is evidence of Tor users being de-anonymized
Grants access to the dark web	Tor is less safe on devices using iOS
Open-source software	Visiting HTTP sites will make you more vulnerable to surveillance as these sites do not encrypt your traffic
	.Onion domains can harbour malware
	Your public IP address is exposed to the guard node
	JavaScript can expose your identity on Tor

Here’s a more detailed list of potential safety and security issues when using the Tor Browser:

Tor Is Anonymous, But It Is Not Private

Tor is designed for complete anonymity. A singular node cannot have access to both your traffic and IP address, which means your identity and online activity within the Onion network are never disclosed at the same time.

While Tor is anonymous, it is not private. Your personal IP address is visible to the guard node, and your traffic is visible to the exit node. In theory, someone running an exit node can spy on your activity, although they won’t know who it belongs to.

Tor does provide more general privacy protections than a normal web browser like Google Chrome, including DNS over HTTPS. Your location is hidden and your ISP cannot track your traffic to the same degree – though it will still see that you are using the Tor Network, which can mark you for surveillance by some ISPs.

Despite these protections, it is still possible for certain groups to see at least some of your browsing activity. Vulnerabilities like data leaks or compromised exit nodes mean that it’s possible for some users to be de-anonymized.

Tor Can Leak Your IP & DNS Address

If you’re not concerned with privacy or anonymity, you can safely use Tor like a regular web browser. However, this will almost certainly result in data leaks that can reveal your true identity.

If you want to prevent IP and DNS leaks when using Tor, you should to avoid:

Using browser extensions
Downloading and opening files
Downloading torrent files
Enabling JavaScript

All of these activities have the potential to route traffic outside of the Tor Browser or retain information that can de-anonymize you even within the browser.

Another common mistake is accessing HTTP sites. This won’t directly reveal your IP address, but it does make you much more vulnerable to surveillance due to the lack of additional encryption compared to HTTPS.

Malicious Exit Nodes

Anyone can operate an exit node. They have been known to be used for surveillance by criminals and even to operate man-in-the-middle attacks. When an exit node is used for exploitative purposes, it’s known as a malicious exit node.

While your traffic is encrypted for most of its journey through the Onion network, it is exposed when it passes through the exit node. This means that the final server operator has the ability to view your activity, just like an ISP would if you weren’t using Tor or a VPN.

Your traffic is decrypted when it leaves the Tor network.

This does not necessarily undermine your anonymity since the exit node has no way to see your true IP address. However, if you were to access an email account or Facebook page associated with your true identity, this could be observed and your identity would be exposed.

As of 2020, it is estimated that over 23% of Tor nodes are considered malicious. This amounts to approximately one in four exit nodes.

Malware Can Be Spread To Your Device

Tor is used to access dark web domains that are hidden from regular browsers. As a result, Tor users are susceptible to malware and viruses if the browser is not used carefully.

The dark web is saturated with malicious actors. Many websites within this space contain malicious scripts or malware that can be passed on to your computer if you click on an unsecured site.

One way this can happen is through port forwarding. Open ports can be dangerous when Tor is in use as infiltrators can hack your device through this method.

When a user clicks on a malicious site, your device is scanned for open ports. A message is sent to each port, where a hacker can identify which ports are open and vulnerable to exploits.

Vulnerable ports can be used to spread malware and gain unauthorised access to personal and financial information, resulting in your accounts being hacked.

Tor Is Less Safe on iOS Devices

The Tor browser is available as an application for Android devices. If you use the app cautiously, using Tor on Android is no more dangerous than using it on desktop. The alpha release is easy to download and use, but the same risks apply as when you use the browser on desktop.

There is not an official Tor application for iOS, but the Onion Browser application can be used to access the Tor network on iOS if you absolutely need to. This is an open-source app designed by Mike Tigas, a lead developer for the Tor Browser.

The differences between using Tor on Android and iOS

Unlike Android devices, there’s no official Tor Browser app on iOS. Instead a third-party app, the Onion Browser, is the best option.

Even with caution, using Tor on an iPhone or iOS device is less safe than using Tor on other devices. JavaScript cannot be completely disabled on the app. This lessens your privacy as JavaScript may share your personal information and store cookies in the browser.

If you need to use Tor on a mobile device, we recommend choosing Android.

Using Tor Without a VPN

Due to its association with the dark web, government authorities work hard to prevent criminal activity within the Tor network. Therefore the regular use of Tor can mark you for surveillance by the government.

If you don’t connect to a VPN, your ISP can see you are connected to the Tor network. This increases the likelihood of authorities monitoring your traffic and targeting you for de-anonymization.

Without a VPN, Tor’s guard node can also see your public IP address. This can reveal personal information such as your location and your ISP.

However, even with a VPN connection, you’ll still be subject to some of the same risks and vulnerabilities of the Tor network. But, a VPN can add an extra layer of protection.

Windows Vulnerabilities

Windows wasn’t built for anonymity. Even if you are careful and only access the internet from within the Tor browser, the operating system sends information back to Microsoft by default. This can result in your identity being revealed.

In 2013, a zero-day vulnerability in Firefox and the Tor browser was used to exploit vulnerabilities in JavaScript to accumulate Personally Identifiable Information (PII) from users on Windows devices.

It is considered safer and more reliable to run Tor on Linux where possible.

Tails and Whonix are both popular Linux variants, which have been built for use with Tor.

However, you can run the service safely on practically any version of the Linux operating system, and further bolster your protection with a top-rated Linux VPN.

Can You Be De-Anonymized on Tor?

Suspicions that the FBI, National Security Agency (NSA), and other US government agencies can de-anonymize Tor users have existed for years. This has led to rumours that Tor is simply a trap used by law enforcement to monitor those seeking anonymity online.

It is worth remembering that The Onion network was initially conceived and developed by the US Navy and is still largely funded by the US government. This is not necessarily a problem in itself, but the ongoing collaboration between the Tor developers and the US government — identified by Yasher Levine in her book Surveillance Valley — is more of a concern.

Although Tor is designed for complete anonymity, there have been numerous occasions where such suspicions of de-anonymization have been confirmed.

In a 2017 court case, the FBI ultimately refused to disclose or give evidence about a potential Tor vulnerability used to identify their suspect, completely collapsing the case. This demonstrates that while the FBI may have the capability to de-anonymize users, they cannot reveal their methods.

If an intelligence agency did publicly disclose a vulnerability, regular users would boycott the platform. It would then be impossible to use the platform for surveillance, and easy to identify any remaining traffic as state-affiliated.

Despite this, several email correspondences between Tor developers and US government agencies have been made public in recent years. Here is an example in which a Tor co-founder discusses cooperation with the Department of Justice, including reference to the installation of “backdoors”:

Screenshot of an email sent by Roger Dingledine, Tor co-founder.

More of this correspondence is available to read online, along with several other exchanges between Tor developers and US intelligence agencies.

De-Anonymizing Tor Users: Research at Columbia University

Researchers at Columbia University have also developed traffic analysis attacks that allow them to de-anonymize up to 81% of Tor users by analyzing router information.

NetFlow is a technology designed to collect IP traffic information and monitor network flow. It is built into Cisco routing protocols which allows traffic to be obtained as it enters and exits an interface.

Infiltrators can use this information to conduct traffic analysis attacks by monitoring traffic patterns across different points of the Onion network.

By exploiting NetFlow, infiltrators can reveal the original IP address of a user and disclose their true identity. This further confirms suspicions that Tor users can be identified and de-anonymized.

The Safety Benefits of Using Tor

As evidenced above, Tor cannot guarantee your anonymity. However, the Tor browser still has its benefits. If used properly, it can provide an additional layer of privacy and security to your online activity. It also enables access to the dark web and .onion sites, which regular browsers do not support.

The Tor browser is open-source, which means the software’s source code is publicly accessible and open to peer review. This improves the network’s performance as errors and privacy risks are easier for experts to identify and fix.

Open-source software is also more transparent. If encryption backdoors are placed in the browser’s backend, they should hypothetically be visible to analysts. In this respect, open-source software tends to be safer.

Tor’s software has highlighted numerous privacy risks to the online world. Engineers have used these problems to improve privacy issues across the internet.

Here’s a more detailed list of Tor’s safety and security advantages:

Three Layers of Encryption and a Randomized IP Address

At its very core, Tor is used to anonymize online activity. Similarly to a VPN, it does this by encrypting your web traffic and changing your IP address.

Unlike a VPN, Tor uses a randomized, decentralized server network, which means you cannot control the location of the server you connect to. To better understand these distinctions, read our Tor versus VPN guide.

For added security, your data is also assigned a new set of servers to bounce between every ten minutes. Because each node only knows the identity of the server directly next to it in the chain, it is impossible for someone to reverse engineer your data’s route through the Onion network.

Although the dark web is often associated with criminality, it can also help those residing countries with strict censorship laws. Tor provides access to legitimate content on the dark web such as political forums. This greatly helps users whose right to free speech is threatened.

This makes Tor an important tool for unblocking websites in censored countries or on regulated WiFi networks.

Tor Is Legal to Use Almost Everywhere

Tor is legal to use in most countries around the world. However, there are some places where it is illegal, banned, or blocked by authorities to enforce state censorship. These countries include Belarus, Turkey, Russia, Iran, and Saudi Arabia. China also blocks all Tor traffic to prevent users bypassing the Great Firewall.

If you are a resident of a country where Tor is blocked, a Tor bridge can be used to access the Onion Network. Tor bridges are relay nodes that are not listed in the public Tor directory. This makes it almost impossible for governments to completely block access to Tor, as a number of relay nodes are unknown to authorities.

Users can connect to a Tor bridge in Tor’s network settings.

Alternatively, you can combine a VPN with Tor. This is known as Onion over VPN. By connecting to a remote server first, you can bypass local censorship and access the Tor network using the VPN server’s IP address.

Decentralized Server Network

VPN software reroutes your data through a single remote server in a location of your choice. This server is privately-owned by the VPN service, which means the company technically has access to both your IP address and your browsing activity.

If a VPN keeps logs of your web traffic, government authorities can legally force the service to hand over this information.

By contrast, Tor is a community-based network. It relies on a random, decentralized network of servers run by volunteers, which means users do not have to place their trust in a private company, their ISP, or any other third party.

At no point does a server have access to both who you are and what you are doing.

How to Use the Tor Browser Safely

Most of the risks associated with Tor can be resolved by changing your browsing behavior. In order to stay anonymous, you must avoid any behavior that might result in information leaks or enable an onlooker to infer your identity.

Some healthy skepticism can keep you safe here. It is wise to assume that someone is always watching you.

To keep safe online, we do not recommend using Tor unless it is absolutely necessary. If you’re in a position where Tor is your only option, follow our advice below to use Tor safely:

To stay safe using Tor, you should:

Download the application from the official Tor website
Connect to a trustworthy VPN service such as NordVPN
Install anti-malware software on your device
Avoid mobile 2-step verification
Avoid personal accounts such as email and Facebook
Only access secure, HTTPS-encrypted websites
Delete cookies and local website data after every browsing session
Do not use Google (DuckDuckGo is a good alternative search engine)
Avoid connecting to the same VPN server with and without the Tor browser
Avoid torrenting (it slows the network) — and BitTorrent especially
Disable JavaScript, which can expose your identity
Keep your operating system up-to-date
Avoid using the Tor browser Bundle (Firefox vulnerabilities make it easier to expose your identity)

If you use Tor like a normal browser it will almost certainly result in DNS or IP leaks. Other applications such as email and other web browsers aren’t funnelled through the Tor network. It is therefore not safe to log into personal accounts such as online banking, email and social media profiles.

Here’s a more detailed explanation of the most important steps to stay safe using Tor:

Install Anti-Malware Software

The Tor Project advises users to regularly check for malware and viruses. While the Tor network itself is secure, it is known to have vulnerabilities that make it possible for infiltrators to spread malware to your device via compromised exit nodes.

In 2014, sensitive data was stolen from Tor users after a Russian hacker inserted malicious code into downloads within the Onion network.

Before using Tor, it is important to install anti-malware software on your device to identify and protect against malware sent by malicious exit nodes.

Use a Trusted Virtual Private Network (VPN)

You can use a VPN with Tor to add an additional layer of encryption to your web traffic.

However, the order in which you connect to each tool will affect the privacy and security benefits you receive.

You can use a VPN with Tor in two different ways:

1. Connect to a VPN Before Using Tor

This is known as Onion over VPN. By connecting to a VPN service first, you will:

Prevent your ISP from seeing you are connected to Tor
Prevent Tor’s guard node from seeing your public IP address
Prevent your VPN service from monitoring your Tor traffic
Protect against complete de-anonymization in traffic correction attacks
Protect your device against malware through the VPN’s firewall

Although your VPN service will be unable to view your activity on Tor, it will still be able to see that you are connected to the Tor network, along with your true IP address. Exit nodes in the Onion network – malicious or otherwise – will still be able to monitor your web traffic.

2. Connect to Tor Before Using a VPN

This is known as VPN over Onion. By connecting to the Tor network first, you will:

Prevent Tor exit nodes from viewing your browsing activity
Use advanced VPN features with Tor e.g. switching servers or double VPN
Prevent IP and DNS leaks using the VPN kill switch
Send all of your VPN web traffic through the Tor Network

Although Tor exit nodes will be unable to monitor your traffic, your VPN service will have access to exactly the same information as it would without Tor, including your IP address and activity.

The Best VPNs for Tor

We’ve reviewed 65 VPN services for privacy and security to find the safest VPNs for Tor. Based on the results of our tests, we recommend NordVPN or Astrill for secure and trustworthy usage with the Tor browser.

Both VPNs include a kill switch, IP leak protection, and native ‘onion over VPN’ support. They both use industry-standard AES-256 encryption and OpenVPN, which ensures your traffic is protected when accessing the Tor network.

How to use the Tor Browser safely with NordVPN.

NordVPN’s no logs policy works to protect your online privacy and anonymity. We recommend using NordVPN if you are a casual user. While the VPN excels in security, it’s user-friendly and cost effective making it ideal for VPN beginners.

Astrill also has a safe and transparent logging policy that permanently deletes all recorded information once your active VPN session has ended. This allows the provider to maintain performance while still protecting your privacy. Astrill is a more expensive, technical service but its flexibility and additional features make it an excellent choice for advanced users.