Anonymization in Tor

Many of us, for one reason or another, wish to remain unnoticed while using Internet. In this article, we won’t talk over the reasons, but instead, offer you several options to ensure a higher level of privacy when using the Tor browser.

Tor (The Onion Router) browser was created to provide maximum privacy. Tor encrypts data multiple times and then routes all traffic through a network of servers to hide the user’s location. Using this browser significantly complicates the tracking of user activity on the site.

Anonymization in Tor: How does the browser work?

Tor Network has its own network, with complex, extensive infrastructure and its own domain .onion. Actually, it is based on many resources, which can be accessed only while using the tor browser.

In simpler terms, Tor is a system of nodes that encrypt user traffic, which was already encrypted on the Internet.

Today, the Tor Network includes thousands of control, intermediate, and output nodes. Encryption of information within the Tor network is performed using symmetric and asymmetric keys. Before you get into the network, all your traffic passes through a chain of nodes within the network itself. That is, it is impossible to identify neither the sender nor the recipient of the traffic.

Tor Network developers declare that this approach is a guarantee of a fairly high level of anonymity on the network. And, basically, it is the pure truth. Nevertheless, there is a scanty probability that someone making due efforts will still try to intercept your information. The fact is that the traffic from the output node comes in clear form, which does not exclude the possibility of using interceptor programs (sniffing). That is, it is imposiible to guarantee 100% anonymity. Increasing the number of intermediate nodes will not give any effect.

However, all is not so bad — if you follow the rules below, the efficiency of using the tor browser will grow significantly. And now we’ll talk about how you can even identify the user, who just went online through Tor.

Interception of calls to the ISP’s DNS server

If you enter the site name in the address bar of the browser, it is first converted to IP, and then it will be transferred to the DNS server. However, as strange as it may sound — at the moment, Tor does not guarantee the encryption of requests (ie headers), as a result, it can lead to quite unpleasant consequences (since you think that you are in an anonymous environment).

The interception of requests to DNS provider — the easiest and most common way deanonymization. Tor can successfully encrypt your traffic, but not the request to the DNS server. That is, the data exchange takes place in an unprotected form, which means the interested person can intercept it.

Moreover, it is always worth remembering that 99% of Internet providers (of course if it is not an office in a nearby garage), log all your actions on the network, retain the history of access to the network. All of the above significantly reduces the level of privacy, even if all traffic passing through Tor was previously encrypted.

Setting up access to Google DNS servers can significantly reduce the likelihood of leaks of this kind. To do this, just go to the network connection settings and replace the static address, assigned to you by providers, to 0.0.0. (for IPv4) and exactly the same values for the DNS server.

Acrylic DNS Proxy and DNSCrypt are much simpler options. This SOFTWARE will allow you to securely encrypt any access to the DNS server from your side.

Alternatively, you can use OpenDNS to configure the server. Although the installation of additional SOFTWARE is not required, but, at the same time, no one will give a full guarantee of security.

Environment variables, MAC addresses and user IPs

Even if you manage to hide from DNS your IP address, attackers will still be able to get a lot of information about you and your PC.

First of all, it concerns data transmission and reading information from variable environment. When intercepting variables, an attacker can determine the country from which traffic originates, find out the PC configuration, installed OS, system language, MAC addresses, and many other information. This information is enough to determine the specific user, for example, MAC address allows to restore the real IP of the user. I mean, it’s not funny anymore.

Parallel use of Tor + VPN + SOCKS servers is one of the ways to prevent data leakage bypassing Tor. Read more about this method below.


WebRTC is a technology developed by Google that works on the principle of “point — to-point”, that is, the exchange of data in between, passes directly through the browser. And although it is stated that this technology is built not only in Chrome, but also in almost all browsers (including Tor), WebRTC still allows attackers to identify the IP address of the user. To do this, just send a request to the STUN-server. Moreover, the very fact of such a display is not displayed in the developer console, because the command itself is entered by the script. In the latest versions of Tor, WebRTC is disabled, but still, one can check the presence of such an option in the settings.

Intercept the headers using Tor exit nodes

Interested persons may intercept the user traffic not only through the reference to the DNS server. As mentioned earlier, the information from the Tor output node is transmitted without encryption, that is, in an open way. That is, by intercepting and analyzing http packets, an attacker can later intercept all traffic. In addition, do not forget that Tor Network rests on the shoulders of enthusiasts, literally each of them will be able to raise their output node. All this is a serious problem for the user who is concerned about anonymity in the network. That is, in addition to the Tor browser, you will have to use SOCKS proxy or VPN.

Port 53

This is another headache in solving the problem of complete anonymity. Even if you use Tor, a stick in the wheels can be inserted by any SOFTWARE that has a network connection. Such programs access the DNS server directly through port 53, and only then, after the IP address is received, begins the data exchange through Tor. However, there is no point in it, the information has already leaked.

You can fix this jamb by installing Vidalia Bundle for Firefox package. Vidalia Bundle allows you to run the entire data package through Tor rather than bypassing the browser.

Evolution of the Tor network

Development of Tor does not stop, with each new update the network becomes more stable and secure. Recently, the browser has started to support the new domain name — .emc (emercoin element). Tor uses the domain as a kind of add-on, that allows blockchain technologies to store data in the cloud with the highest level of security. Now, it is difficult to make an objective opinion about how this approach increases anonymity while using the network, but today the new domain is actively used by several output tor-nodes, OpenNIC and three DNS servers.

How to achieve the maximum level of anonymity in Tor

To begin with, you need to clearly understand the fact that Tor protects your traffic only when you are on the Tor Network and can not protect against the information drain by other programs.

In the pursuit of anonymity, it is impossible to reach a certain level, after which you can be 100% sure that third parties will not have access to your personal information.

However, there are effective measures that will help to protect if not for 100, then at least for 99%. To do this, you should spend quite a bit of time configuring Tor-browser.

1. Don’t enable JavaScript, ever! Failure to comply with this item can cause enormous damage to your privacy.

2. To process cookies, use “TorButton”, to save — “Cookie Culler”.

3. Check the work of PDF, Flash, Java, ActiveX plugins. All of them should be disabled (Tor is disabled by default). But, nevertheless, the test will not be superfluous.

4. Do not install browser extensions. Any of them can de-anonymize your presence in the network.

5. Be extremely careful with the downloaded files. Especially with . EXE. Even if you are one hundred percent sure of the reliability of the source — do not run them while you are online. To check, you can use

6. Install and use Proxifier at the same time as Tor. However, if you can not find an activated pirated version, and you are not used to paying for SOFTWARE, you can download HTTPS Everywhere from torproject and EFF — this will give you the opportunity to reliably protect the open part of the traffic. Moreover, it’s a pretty effective alternative to VPN, if for some reason you don’t want to use it.


Tor in conjunction with a VPN is essentially the most effective way to ensure maximum anonymity on the network. There are only two approaches to using such a bundle — enable Tor, and then VPN and vice versa. Lets take a look at the advantages and disadvantages of these options.

VPN and then Tor. This approach allows you to hide completely your stay on the network, from the provider, excludes data leakage at the time of entry into the browser. In addition, if you accidentally compromise yourself in Tor you will still be behind a reliable VPN barrier. Ideally, you should use your own, well-configured server.

Tor, after VPN. This method also helps to avoid traffic leakage bypassing the Tor browser. However, this method has not gained much popularity due to the more complex (compared to the previous) implementation. Moreover, this approach requires practical knowledge, and therefore is not suitable for ordinary users.

Cutting off VPN connection is more a norm than an exception to the rule. In addition, to protect yourself from data leakage in such a situation — just assign the selected VPN server as the default gateway. Go to the firewall settings and disable the ability to let traffic in by alternative ways. It should only go through a VPN.

In General, only the tip of the iceberg is reflected here. To build the most effective interaction in the Tor+VPN bundle, it is worth revealing the topic more extensively. There is enough material for a separate article.

Tails Distribution Kit

Tails is a Debian-based Linux distribution with built-in Tor. Designed to provide the highest level of privacy. Thus, all connections pass exclusively through the Tor Network, and if they are not anonymous, they are simply blocked. Tails does not require installation on the PC hard drive, you can run the distribution from a flash drive or any other media with sufficient memory. Moreover, Tails runs in a completely secure environment, leaving no trace on the computer. Of course, this approach is not ideal, and users, from time to time, identify security problems, but the developers eliminate them as soon as possible.


We can argue endlessly about how much Tor is reliable in terms of a tool for anonymous surfing on the network. One thing is for sure — this browser provides a pretty good level of privacy, in order to remove various age and regional restrictions, without leaving a trace. However, if you are seriously concerned about the security of the network (for example, someone is trying to compute you), be sure if they want to do it, they will.

At the same time, neither all kinds of VPN services, nor the same Tor, does not look like a reliable shield from data leakage. And the story about more effective methods of “contraception”, unfortunately, goes beyond the range of this material.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store