Tor / Tor Browser
What is Tor / Tor Browser?
Tor / Tor BrowserAn anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination.
Tor (The Onion Router) is a volunteer-operated anonymity network in which a client picks a circuit of three relays (entry guard, middle, exit) and wraps each packet in layered encryption that is peeled off relay by relay, so no single node knows both the source and destination. Tor Browser is a hardened Firefox ESR build pre-configured to use Tor, block fingerprinting vectors, and disable risky features. It also enables access to .onion hidden services that never leave the network. Tor is widely used by journalists, dissidents, and privacy-conscious users, but also by criminals running marketplaces and ransomware leak sites. For defenders, the relevant controls are Tor exit-node feeds, DNS sinkholing, EDR detection of unauthorized Tor clients, and DLP for outbound traffic.
● Examples
- 01
A journalist using Tor Browser to access SecureDrop without revealing their location.
- 02
Malware tunnelling C2 over Tor to hide its operator's infrastructure.
● Frequently asked questions
What is Tor / Tor Browser?
An anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination. It belongs to the Attacks & Threats category of cybersecurity.
What does Tor / Tor Browser mean?
An anonymity network and hardened Firefox-based browser that routes traffic through three relays using onion routing to conceal user identity and destination.
How does Tor / Tor Browser work?
Tor (The Onion Router) is a volunteer-operated anonymity network in which a client picks a circuit of three relays (entry guard, middle, exit) and wraps each packet in layered encryption that is peeled off relay by relay, so no single node knows both the source and destination. Tor Browser is a hardened Firefox ESR build pre-configured to use Tor, block fingerprinting vectors, and disable risky features. It also enables access to .onion hidden services that never leave the network. Tor is widely used by journalists, dissidents, and privacy-conscious users, but also by criminals running marketplaces and ransomware leak sites. For defenders, the relevant controls are Tor exit-node feeds, DNS sinkholing, EDR detection of unauthorized Tor clients, and DLP for outbound traffic.
How do you defend against Tor / Tor Browser?
Defences for Tor / Tor Browser typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Tor / Tor Browser?
Common alternative names include: The Onion Router.
● Related terms
- attacks№ 755
Onion Routing
An anonymous communication technique that wraps a message in nested layers of encryption, with each relay removing one layer until the payload reaches its destination.
- attacks№ 503
I2P
The Invisible Internet Project: a peer-to-peer anonymity network where every node also acts as a router, using unidirectional tunnels and garlic routing.
- attacks№ 271
Dark Web
A subset of the internet that requires special software such as Tor or I2P to access and that intentionally hides both client and server identities.
- attacks№ 296
Deep Web
All web content that is not indexed by public search engines, including private databases, intranets, and authenticated portals; distinct from the dark web.
- network-security№ 1212
VPN (Virtual Private Network)
A technology that creates an encrypted, authenticated tunnel over a public network so that traffic appears to travel through a private network.
- privacy№ 274
Data Anonymization
Irreversibly transforming personal data so that no individual can be identified, directly or indirectly, even when combined with other available information.