I regularly encounter two opposing misconceptions about Tor Browser. Some people believe it makes them completely anonymous and untraceable online. Others think it’s only for criminals and using it automatically makes you a target for law enforcement surveillance.

Both views are wrong, and both lead to poor decisions about privacy tools. Understanding what Tor actually does—and what it doesn’t do—is essential for anyone interested in online privacy.

What Tor Actually Protects

Tor Browser protects against traffic analysis, which is the process of determining who is communicating with whom by observing network traffic patterns. When you use regular internet connections, your ISP can see every website you visit, government agencies monitoring network infrastructure can track your browsing patterns, and websites can identify you based on your IP address.

Tor prevents this by routing your traffic through multiple relay nodes operated by volunteers around the world. Each relay only knows the previous hop and the next hop in the chain, never the complete path from you to the destination website.

Your ISP can see you’re using Tor but can’t see what sites you’re visiting. The destination website can see someone using Tor is visiting but can’t see your real IP address. The relay operators each see encrypted traffic passing through but can’t read the content or determine the source and destination.

This provides strong protection against network-level surveillance and makes it difficult to correlate your online activity with your real-world identity based solely on network traffic analysis.

What Tor Doesn’t Protect Against

Tor doesn’t make you anonymous if you log into accounts tied to your real identity. If you use Tor to access Facebook, Google, or your bank account, those services know who you are because you authenticated with credentials tied to your identity. Tor hides your location and IP address, but it doesn’t hide you when you voluntarily identify yourself.

Tor doesn’t encrypt traffic end-to-end. It encrypts traffic between relays, but the final connection from the exit relay to the destination website uses whatever encryption (or lack thereof) that website normally uses. If you visit an HTTP site through Tor, the exit relay can see your unencrypted traffic. This is why Tor Browser includes HTTPS Everywhere to force encrypted connections when possible.

Tor doesn’t protect against malware or browser exploits. If you download malicious software through Tor or visit a website that exploits a browser vulnerability, you can be compromised regardless of Tor’s network protections. Several high-profile cases of criminals caught despite using Tor involved browser exploits that revealed users’ real IP addresses.

Tor doesn’t prevent timing correlation attacks. A sophisticated adversary who can monitor traffic entering and exiting the Tor network might correlate the timing and volume of traffic to deanonymize users. This requires significant resources and isn’t a threat for most users, but it demonstrates that Tor provides anonymity against most adversaries, not all possible adversaries.

The Myth of Tor as a Criminal Tool

The perception that Tor is primarily used for illegal activity is statistically inaccurate. Analysis of Tor traffic patterns suggests the majority of use involves legitimate privacy-conscious browsing, accessing censored information in restrictive countries, protecting sensitive communications by journalists and activists, and circumventing geographic restrictions on content.

Yes, Tor is also used for illegal marketplaces and criminal communications. But characterizing Tor as a criminal tool is like characterizing roads as criminal infrastructure because some criminals use cars to flee crime scenes. The tool is neutral; the use determines legality.

Law enforcement agencies actually fund Tor development in part because they need it for their own operations. The US Navy originally developed Tor technology, and US government agencies continue to support the project. If Tor were only used by criminals, anyone using it would immediately stand out as suspicious—Tor’s privacy protection depends on having a large, diverse user base.

The Myth of Complete Anonymity

On the opposite end, some users believe Tor makes them completely untraceable. This overconfidence leads to poor operational security that undermines Tor’s protections.

Real anonymity requires more than just using Tor Browser. You need to avoid linking your anonymous activities to your real identity through account connections, payment methods, writing style, or disclosed personal information. You need to protect against browser fingerprinting by not installing extensions or changing Tor Browser settings in ways that make your browser unique. You need to be cautious about downloading files that might contain malware or tracking elements.

The journalists and activists who successfully use Tor for sensitive work combine technical tools with careful operational practices. The criminals who get caught despite using Tor typically make operational mistakes that reveal their identity even though their network traffic was anonymized.

Performance Expectations

Tor is slower than direct internet connections because traffic routes through multiple relays. Expecting regular browsing speeds will lead to frustration. Video streaming, large downloads, and real-time gaming are not ideal use cases for Tor.

The slowness isn’t a bug—it’s an inherent trade-off of the anonymity Tor provides. If speed is your primary concern and privacy is secondary, Tor isn’t the right tool. If privacy is paramount and you can accept slower performance, Tor delivers.

Some users conclude that Tor is “broken” when they experience slow speeds. It’s not broken; it’s working as designed with the performance characteristics that result from routing traffic through multiple relays around the world.

Exit Relay Monitoring

Because traffic between the exit relay and the destination website isn’t encrypted by Tor itself (only by HTTPS if the site uses it), exit relay operators can potentially see unencrypted traffic passing through their relay.

Most exit relay operators don’t monitor traffic—they’re volunteers supporting privacy infrastructure, not surveillance operations. But some exits are operated by researchers studying Tor traffic, and some may be operated by adversaries trying to intercept sensitive information.

This is why using HTTPS for sensitive communications is critical even when using Tor. HTTPS encrypts content from your browser to the destination server regardless of what network infrastructure exists between them. Tor protects your location and identity; HTTPS protects your communication content.

Browser Fingerprinting Concerns

Websites can attempt to identify you through browser fingerprinting—collecting information about your browser configuration, installed fonts, screen resolution, timezone, and other characteristics to create a unique identifier even without cookies.

Tor Browser includes protections against fingerprinting by standardizing many characteristics that would otherwise vary between users. All Tor Browser users present similar browser configurations to websites, making it difficult to distinguish individuals.

But these protections only work if you don’t customize your browser. Installing extensions, changing default settings, or maximizing the window to non-standard sizes can make your browser instance unique, undermining anonymity protections.

The Tor Browser design includes an anonymity level slider that lets you increase protections at the cost of reduced functionality. The highest security level disables JavaScript and other features that could be used for fingerprinting or exploits, significantly reducing website functionality but maximizing privacy protection.

Bridge Relays and ISP Detection

Your ISP can detect that you’re using Tor by observing connections to known Tor relays. In countries where Tor use is suspicious or blocked, this creates problems.

Tor bridges address this by using relays whose addresses aren’t publicly listed. If you connect to Tor through a bridge, your ISP sees encrypted traffic to an IP address that isn’t identified as a Tor relay in public directories.

Some bridges use pluggable transports that make Tor traffic look like other types of traffic—disguising it as normal web browsing, Skype calls, or other innocuous protocols. This helps circumvent both detection and blocking.

The myth that using Tor automatically flags you for surveillance has some basis in revealed government programs that collected information about Tor users. But this doesn’t mean Tor use is ineffective—it means you should be aware that in some jurisdictions, using privacy tools may itself be treated as suspicious, regardless of what you’re actually doing.

Practical Use Recommendations

If you’re using Tor for legitimate privacy purposes, understand its protections and limitations. Don’t log into accounts tied to your real identity unless you specifically want those services to know you’re accessing them (for example, accessing your email from a location where you don’t want to reveal your physical presence).

Use HTTPS connections whenever possible. Tor Browser’s HTTPS Everywhere extension helps, but verify the padlock in the address bar for sensitive sites.

Don’t install extensions or significantly customize browser settings. Accept the slight inconvenience of Tor Browser’s default configuration in exchange for stronger anonymity protections.

Be patient with slower performance. Browse text-heavy sites through Tor; use regular browsers for streaming video or other high-bandwidth activities where privacy isn’t critical.

Consider whether you actually need Tor’s level of protection for your threat model. If you’re just trying to avoid advertiser tracking or access geo-restricted content, a VPN might provide adequate privacy with better performance. If you’re facing serious threats to privacy or safety, Tor’s stronger protections justify the trade-offs.

Tor is a powerful privacy tool, neither magical nor suspicious. It protects against real threats that other tools don’t address effectively. But it requires understanding its capabilities and limitations to use appropriately. The myths at both extremes—Tor as criminal infrastructure or Tor as perfect anonymity—both miss the nuanced reality of what this technology actually provides.