What is Tor and how does it work?

Information security has become a primary concern for journalists. This article is an introduction to Tor comprising Tor network: a tool for using the internet anonymously. This article is provided for educational purposes only.

So if you’ve been alive at all as a journalist or an activist for the last three years and you’ve been paying attention to all of the talks about encryption and internet security you’ll probably have heard of Tor.

And, if you have heard lots of jargon like “anonymity network” and “Onion Routing”.It must have been very confusing right? Thus, here we’re going to try to bring some clarity to Tor. In this article we’re going to explain what Tor is and a little bit about how it works.

How does Tor network work?

We’ve taken a few liberties in our explanation of how Tor works. Therefore, we shall primarily focus on giving you the basic idea and help you use Tor more effectively. “Tor” stands for The Onion Router. That’s why the icon for Tor is an onion, and it’s not a random name. There’s a reason Tor uses an onion metaphor which we’ll explain soon.

The problem Tor was built to address is this: When you use the Internet everything you do gives away your IP address. Your IP address is just a sequence of digits that looks like this.

Every device that connects to the Internet is given an IP address. This is how the devices that make up the Internet communicate with each other. When you browse a website your computer is sending a stream of data to that website’s IP address and including with each packet of data, your own IP address. So that the website can send data back to your computer which can then be displayed on your browser screen as a web page.

Because of the way the internet is set up. Your IP address can be used to determine your location and as well as to identify the activities you do on the Internet personally. And that’s bad news if you’re a journalist documenting abuses in powerful organizations, an activist or dissident in a repressive surveillance state, a whistleblower or journalistic source, or just someone who cares about privacy.

And that’s why Tor exists. Simply Tor hides your real IP address and gives you a different one so that it appears that you’re somewhere else entirely, maybe even in a different country. Strictly speaking, Tor is not just a piece of software that runs on your computer.

Tor is also a network of thousands of computers all running the same software connected to each other and creating the Tor network. Many of these computers are Tor nodes: run by volunteers, they serve as relays for information sent over the Tor network.

The infrastructure of a Tor network

When you run the Tor browser it first downloads a list of all of the nodes on the Tor network. It then chooses a path or circuit through the Tor network involving several of these nodes. Using what’s called “public-key cryptography” Tor is able to choose any node on the Tor network and then encrypt data so that only that node can decrypt and read it.

No other node can decrypt something that’s been encrypted to a specific node. When you then use the internet for instance when you type in a web address Tor takes each packet of data and encrypts it to each of the nodes in your Tor circuit. It’s basically encrypting the data to one node and then encrypting the encrypted data again to a second node and over again.

In this way, it wraps your data up in layer after layer of encryption, like a kind of onion! And that’s where the term “Onion Router” comes from! The data is then sent and it travels across the internet but instead of going directly to the website you want to visit it first enters the Tor network.

The first node knows that your data comes from your computer but has no idea about the final destination. That information is hidden beneath unbreakable encryption. This node can only decrypt the first layer of encryption – unwrap the first layer of the onion. When it does so it finds the address of the second node in your circuit and forwards the data packet on to that.

The second node knows that the data comes from the first node but has no idea where it came from before that. It also has no idea where the data is ultimately headed. It peels off the next layer of the onion and finds the address of the third node and forwards the data packet on again.

The third node knows that the data came from the second node but nothing about the first node or before that it peels off the final layer of the onion and finds the address of the website you’re visiting and the data leaves the Tor network as it is forwarded to the website. The website receives the data and knows it came from the third node.

The IP address of the request is the address of the third node or “exit node”: so-called because that is where the data leaves the Tor network. As far as the website is concerned that’s your IP address. The real IP address of your computer is hidden and the website can’t see where or who you are.

And a similar procedure is followed for the return path of the data back to your computer. Throughout the whole procedure, no one node has knowledge of the whole circuit. The only real way to undermine Tor is for an adversary to take control over the whole or a significant part of the Tor network or to analyze all of the traffic entering and leaving the Tor network and try to correlate that traffic.

These are technically difficult things to do so for all but the most resourceful adversaries – such as intelligence agencies – Tor offers a strong guarantee of anonymity.

Any Risks of using Tor?

There is one risk that comes from using Tor that you should really know about. Tor nodes are run by volunteers. Anyone can run a Tor node and not everyone is trustworthy. With most nodes this doesn’t matter: when your data travels over the Tor network it is wrapped up in encryption and none of the nodes can see your data.

But when it leaves the Tor network, at the Tor exit node, the last layer of Tor encryption has been removed this means that potentially, if the person who runs your tor exit node is malicious, they could spy on your data as it leaves.

They might see identifying information you sent to the site or if you have to log in, they might be able to steal your login details. To protect yourself against this, only use websites that use what’s called HTTPS.

This adds another extra layer of encryption so that nobody in between your browser and the website can read any of the data. Many major websites like your bank, Google, Facebook, and many news organizations, use HTTPS. You can tell if a website uses HTTPS when the address of the website in the address bar begins with HTTPS. On most major browsers this is also accompanied by a padlock symbol.

With these websites, you can safely log in and your login data cannot be stolen. But if a website you visit doesn’t have that crucial ‘S’ – just an ‘HTTP’ – it’s not secure. If you visit an insecure website while using Tor, remember the possibility of a malicious exit note and don’t log in or enter any identifying information.

We’ve included links in the description so that you can read more about how Tor works, exit nodes, and HTTPS. Tor allows you to run all kinds of programs over the Tor network, such as chat programs or email clients, but that can be a complicated operation that requires lots of configuration and it’s easy to get wrong.

Exposure to Tor browser

And if you do get it wrong Tor might not work properly and you could give away who you are without knowing. To make it more simple the developers of Tor have released a program called Tor Browser.

This is a browser that is specifically set up to run only over Tor. All of the settings are taken care of and it works out of the box this means that the most likely thing that people want to: do browse the web, they can do over Tor easily and safely.

If you live in a country where your ISPs are obliged to retain your browsing history, Tor protects you against this. It also protects you against various other tracking technologies and insecure web technologies such as website cookies or browser fingerprinting.

Anonymity with Tor

Be careful though. Using Tor doesn’t make you invincible. For instance, Tor Browser only gives you anonymity for browsing that happens within the Tor Browser. If you’ve Tor Browser open but then use a different browser like Firefox, or if you use a chat app on your computer, the data from those apps will not be sent over the Tor network and you’re not protected.

Also, there are a bunch of things that Tor won’t protect you from. If you log into a website that is in your name, for instance, your Gmail account while using Tor, even though your IP address is different, that activity is still tied to you because the account is in your name.

Furthermore in some countries using Tor itself might draw attention to you. You should check whether it is legal to use Tor in your country before you use it, just to make sure that the mere fact of using it won’t place you in harm’s way.


Therefore, it’s important to think a little about how Tor protects you and how it doesn’t. To find out more about this visit the Tor website at torproject.org and read the documentation before you use Tor. There are plenty of other features and details to Tor, but that’s the basic story of how Tor works.