flowchart TB
  Start[Start Tor Session] --> Browser[Tor Browser]
  Browser --> NewID[New Identity per task]
  NewID --> Isolate[Separate profiles/accounts]
  Isolate --> HTTPS[HTTPS only]
  HTTPS --> Exit[Exit]

Tools that match Tor's safety model#

These tools are designed to preserve Tor's isolation and reduce leaks. Each one reflects a different security philosophy.

1. Tor Browser (desktop)

   • Philosophy: A single, hardened browser environment with strict anti-fingerprinting and per-site isolation by default.
   • Key features: Circuit isolation per first-party domain; uniform fingerprinting surface; HTTPS-Only defaults.
   • Best for: Most users who need privacy without complex setup.

2. Tor Browser for Android

   • Philosophy: Bring the same isolation model to mobile without app-level leaks.
   • Key features: Same Tor Browser security model, adapted to Android; separate app sandbox.
   • Best for: Mobile sessions that must stay compartmentalized.

3. Orbot (Android)

   • Philosophy: Network-level routing of apps through Tor, even if the apps were not designed for it.
   • Key features: Per-app routing; system-level SOCKS/Tor integration.
   • Tradeoff: Higher leak risk because many apps are not privacy-aware.

4. Tails (Live OS)

   • Philosophy: Ephemeral sessions with no local persistence.
   • Key features: All traffic forced through Tor by default; memory/storage wiped on shutdown.
   • Best for: One-off sensitive sessions on untrusted hardware.

5. Whonix (VM isolation)

   • Philosophy: Split trust and hard network isolation using two VMs.
   • Key features: Gateway VM runs Tor; Workstation VM cannot access clearnet directly.
   • Best for: Long-running workflows that need stable isolation.

6. Qubes + Whonix (high isolation)

   • Philosophy: Maximum compartmentalization by design.
   • Key features: Qubes isolates workloads into separate domains; Whonix handles Tor routing per domain.
   • Best for: High-risk users who need strict separation across tasks.

7. torsocks (CLI wrapper)

   • Philosophy: Route specific CLI commands through Tor without changing system-wide settings.
   • Key features: Simple wrapper for curl, git, and custom tools; good for verification.
   • Tradeoff: Easy to misconfigure if the app uses non-TCP protocols.

Official links#

• Tor Browser (desktop): https://www.torproject.org/
• Tor Browser for Android: https://support.torproject.org/en/tormobile/tormobile-1/
• Orbot: https://orbot.app/
• Tails: https://tails.boum.org/
• Whonix: https://www.whonix.org/
• Qubes OS: https://www.qubes-os.org/
• torsocks: https://support.torproject.org/glossary/torsocks/

Bridges and censorship resistance#

If Tor is blocked, use bridges instead of a VPN.

• obfs4 bridges: common and reliable
• Snowflake: more dynamic, rotates via volunteer proxies
• meek: uses domain fronting (availability varies)

Verification steps#

Check that your traffic is actually going through Tor:

You should see a confirmation page that the request is coming from Tor.

Common unsafe patterns#

• Logging into personal accounts while in the Tor session.
• Downloading files and opening them on the host OS.
• Running Tor with a normal browser and custom extensions.
• Using VPNs to "increase" anonymity without a clear threat model.
• Using Tor for high-bandwidth P2P (Tor is not built for it).

Worst-case usage examples (avoid)

• School/campus shared Wi-Fi with mandatory login: the network already ties your session to a real identity; Tor only hides destinations, not the local attribution.
• Workplace or managed devices: endpoint monitoring, MDM, and proxy logs can link activity to you even if traffic goes through Tor.
• Mixing real accounts with Tor anonymity: logging into personal email, social, or payment accounts collapses the separation immediately.
• Opening downloaded files on the host OS: documents can phone home outside Tor and expose your real IP.
• Reusing the same handles/emails across Tor and clearnet: OSINT correlation is often easier than network tracing.
• Using Tor with custom browser extensions or fonts: increases fingerprint uniqueness and makes correlation simpler.
• Torrents and P2P over Tor: leaks and high-volume traffic make correlation and deanonymization more likely.

Recommended combinations#

Practical recommendations by scenario#

Key takeaway#

Tor is safest when you minimize trust, avoid identity reuse, and use tools designed for Tor. Most failures are behavioral, not technical.

Next up#

Part 4: Why Tor + P2P/Torrent Is Risky. /posts/tor-protocol-part-4