Tor Browser - A Tool for Secure & Anonymous Web Browsing

Tor Browser is a free and open source software that uses Tor network to protect your real identity online. 

Tor Network - It is a group of volunteer-operated servers that allows the users to connect through a series of virtual tunnels rather than making a direct connection to the Internet.

It is portable, meaning you can run Tor Browser even from a USB drive, no installation is required. Actually, it doesn't install itself like other programs, it just extracts the contents to the disk.

Tor Browser is one of the best ways to browse the web anonymously.

It is very easy to use, but there are some things you should know before using Tor. First, let's look at how Tor works.

Entry/Guard Relays - These are the entry points to the Tor network.

Middle Relays - These are used to transport traffic from the entry relay to the exit relay.

Exit Relays - These relays send traffic to the final destination intended by the client.

Each relay decrypts only enough of the data packet wrapper to know which relay the data came from, and which relay to send it to next. The relay then rewraps the package in a new wrapper and sends it on.


See also: Orbot - Android App For Hackers

Now, let's take a look at how to use the Tor Browser...

How To Use Tor Browser

First, download the Tor Browser from the official site.

Here is the download link: Download Tor Browser

If you are unable to access the official website, go to Google and then search for "Tor Mirrors", and see any of the copies of the website works for you.

Or you can just use your email to download Tor, all you have to do is, send an email to '' with one of the following words in the body of the message: Windows, OSX or Linux. You will receive a reply with links from popular cloud services to download Tor Browser for Windows, Mac OS X or Linux, depending on the option you chose.

Note: You can only do a maximum of three requests in a row. After that, you'll have to wait 20 minutes to use it again.

After downloading the package, open it. You will see a small window as shown below (Windows).

Click on "OK".

Now, if you want to change the install location just click on the "Browse" button and select a folder/drive. Then click on the "Install" button.

Wait for few seconds... If the installation is successful, you will see a window as shown below.

Now, if you don't want to run Tor Browser right now, deselect the option. And, if you don't want to add Tor Browser to the start menu and desktop, deselect it. Or just leave those that way. Then click on the "Finish" button.

If you didn't start the Tor Browser already, go to the desktop and double-click on the "Start Tor Browser" icon. You will see a window as shown below.

Select an option according to your situation. If your computers internet connection is censored or the ISP doesn't let you connect to the Tor network, click on the "Configure" button, otherwise just click on "Connect".

If you click on the "Configure" button, you will see a window as shown below.

If your internet service provider block or censor connections to the Tor network, select "Yes" or select "No".

If you select "Yes", you will see a window as shown below.

Now you have the option to connect to a provided set of bridges or obtain a new custom set of bridges and use them.

Bridges - Tor entry guards (nodes) that are not listed in the main Tor directory. Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges.

Using the provided set of bridges is easier, you can do complete the whole setup in just few clicks. All you have to do is, select a transport type (Pluggable Transport) and then click "Next". Then you will see a proxy setup window, if you want to set up a proxy, go for it. Otherwise, select "No" and click on the "Connect" button.

Pluggable Transports - It transforms the Tor traffic flow between the client and the bridge. This way, censors who monitor traffic between the client and the bridge will see innocent-looking transformed traffic instead of the actual Tor traffic.

obfs4 is currently the most effective pluggable transport.

If the provided set of bridges is not working, then you should get a custom set of bridges.

Here is how to get a custom set of bridges:

1. First, go to

2. (In the Advanced Options) Select a Pluggable Transport. If you want IPV6 addresses, check the "Yes" option.

3. Click on "Get Bridges".

3. Enter the Captcha and then Hit the Enter key.

You will get the Bridges:

You can also get bridges by sending mail to with the line "get bridges"

Note: You should use a Gmail, Riseup, or a Yahoo! account to send these requests. Others are not accepted.

Copy the bridge lines and paste them into the "Enter Custom Bridges" box. Then click on the "Next" button.

Tor will only use one bridge at a time, but it is good to add more than one bridge so you can continue using Tor even if your first bridge becomes unavailable.

If your computer needs a local proxy to access the internet, select "Yes", otherwise select "No" and click on the connect button, it will connect to the Tor network.

If you select "Yes", click on the "Next" button and enter the proxy settings:

And then click on the "Connect" button, it will connect to the Tor network.

And then show you a window like this:

You can check whether you are connected to the Tor network or not, all you have to do is click on the "Test Tor Network Settings" link or visit

That's all. You have successfully setup the Tor Browser.

Here are the rules you should follow when using Tor (if you don't follow them, your anonymity will not be good):
  • Don't enable or install browser plugins: Plugins like Flash, Quicktime, Javascript are not good for anonymity because they can be manipulated into revealing your real IP address. You can use the NoScript addon to disable all the plugins.
  • Don't install additional Addons: When you first launch the Tor Browser, you'll have four addons: HTTPS Everywhere, NoScript, Torbutton, and TorLauncher.
  • Don't use Torrent with Tor: Torrent file sharing applications sometimes ignores proxy settings and make direct connections even when they are told to use Tor. Let's say you managed to force Torrent to use Tor all the time, but still, you will not be completely anonymous because a torrent application works by frequently sending out tracker GET requests which contain your real IP address. Also, torrent over Tor can slow down the entire Tor network.
  • Use Bridges: Using a bridge makes harder for the ISP to know that you are using Tor.
  • Don't open documents downloaded through Tor while you are online: This usually doesn't happen because Tor Browser will warn you before automatically opening documents that are handled by external applications. If you ignore the warning and open the document, your real IP address might be revealed to the world.
  • Use HTTPS versions of websites: Though the HTTPS Everywhere is enabled by default, always make a conscious effort to use the HTTPS version of websites because encryption to encryption of your traffic to the final destination website (exit node <--> Internet) depends upon on that website. If you want to know how HTTPS in Tor helps you to protect your privacy and security, just visit this amazing EFF page: How HTTPS and Tor Work Together to Protect Your Anonymity and Privacy.

If you are paranoid about your security and anonymity, here are some more rules for you to follow (these rules are super extreme):
  • Disable Javascript. Go into about:config, search "javascript",  and toggle javascript.enabled to false. Since JavaScript is necessary for rendering almost all the websites, you should turn it on only after weighing the risks and consequences.
  • Disable iframes. You can use the setting in the NoScript (under Embeddings) or go into about:config, and then find noscript.forbidIFramesContext and change the value to 0 (zero). Or in about:config search "frame" and toggle browser.frames.enabled to false.
  • Disable referrers. Go to about:config, and then find network.http.sendrefererheader and change it from 2 to 0.
  • Do not click on any links unless you already know what you will find (or take a calculated risk).
  • Don't log into your personal sites with Tor Browser.


1. Is it possible to hack the Tor network?

It depends on what you mean by "Hack". If it is "controlling the whole network" then that might not be possible.

But if you can find a flaw that can give you an administrator-level access to the Directory Authorities servers, you might be able to control the whole network.

Note: If you can actually find a flaw in the Tor Network or in the Tor Browser, you can get a lot of money from the bug bounty program.

If what you mean by "Hack" is tracking and de-anonymizing a person or a large segment of people in the Tor network. Then it is possible.

Yes, you read that right, even if you use the world's best anonymity network to hide, you can be tracked!

There are a lot of ways you can deanonymize a particular user.

For example, the way FBI caught Ross Ulbricht, the mastermind behind Silk Road.

How did the FBI deanonymize Ross Ulbricht?

According to the news reports, it is because of the privacy missteps he made -- FBI used multiple observations regarding Ross's online behavior and correlated them to reveal his identity and accuse him of running the Silk Road.

Here are the steps the special agent Gary Alford took to catch Ross Ulbricht:

1. He searched for the .onion URL of the site on Google to see when it was first mentioned online. He restricted his search for dates before the site's launch on January 31, 2011.

2. He found that the first mention of Silk Road appeared on a forum on January 29, 2011. The original post had been taken down, but a quoted post from a user named "altoid" remained, discussing a site called Silk Road that was like "an anonymous"

image of quote from altoid

3. A search into the profile of the author "altoid" showed another post from October 11, 2011 that advertised a position for an "IT pro," imploring interested parties to email "rossulbricht at"

screenshot of silk road job advertisement

4. Alford also found another post advertising Silk Road on, a forum about psychedelic mushrooms, that had been made under a username registered with Ross Ulbricht's email.

These pieces of evidence lead the investigation team to Ross Ulbricht and they arrested him on October 1st, 2013.

After Ulbricht's arrest, Alford obtained a search warrant for the email address "rossulbricht at". On the account, he found multiple emails mirroring the posts and dates found on the forums, including a notification from Bitcointalk that one of the posts had been flagged for removal since it was promoting another site and therefore classified as spam and other messages addressed to "altoid."

The investigators also found other privacy missteps Ulbricht made while launching the site, including discussing the site using on-the-record Gchats.

The moral of the story is "Don't be stupid, and always cover your tracks".

Another way of deanonymizing and tracking Tor users is "Attacking Tor Network Affiliated Systems":

If you can hack a system that is affiliated with the Tor network, you can use that system to track Tor users. This is exactly what FBI did in 2013, they found a vulnerability in the Tor browser and exploited it to attack Freedom Hosting sites and turn them into malware spreading trackers. This allowed the FBI to see the real IP addresses of the users.

In case you didn't know, Freedom Hosting was a web hosting company that hosted child pornography websites on a wide scale.

You can also de-anonymize Tor users by exploiting vulnerabilities in the hidden services:

These kind of vulnerabilities are very hard to find. Even if you find a vulnerability, you may require a lot of work to exploit it in a way that it reveals the identity of the users.

Another way is "Traffic and Timing Correlation Attacks":

The best part about these kinds of attacks is that the Tor network cannot do anything to stop it!

The idea behind these attacks are very simple: Let's say, there is an attacker who can observe or control both ends of the communication channel (for example, the entry node and the website you visit), he or she can use an algorithm to find patterns in the traffic to match outgoing and incoming data, and deanonymize users. This can be done by correlating the volume of transmitted data or by comparing the times at which packets are transmitted.

There are also some extreme ways to track Tor users, like running an exit node and using it to infect the users with malware.

2. Is DuckDuckGo safe?

Yes, it is completely safe to use. They don't store your browsing activities like Google.

If you have any questions comment below...

That's all. I hope you liked reading this article. If you did, please share this article...

If you have any doubts, feel free to ask...

No comments

Powered by Blogger.