Stay Hidden on the Internet: The Onion Router

M. Enes Özen

Stay Hidden on the Internet: The Onion Router


TOR (The Onion Router) is both a network and a browser that allows people to surf the internet anonymously, allowing them to overcome barriers in regions and countries where internet access is blocked or restricted.

TOR was originally developed by the United States Naval Research LaboraTORy to be used by the American army with the purpose of protecting U.S. intelligence. Now it provides privacy and security through virtual tunnels that are accessible to all (journalists, activists, army, etc.).

TOR Browser is an up-to-date and privacy-optimized version of Mozilla Firefox. It is free and open-source software that provides online anonymity and access to blocked sites. Unlike other browsers TOR Browser;

  • Enables anonymous browsing of the Internet by hiding the user’s IP address,
  • Provides access to blocked sites,
  • Does not include online tracking features that come by default in other browsers,
  • No monetization of user data.

The TOR network consists of thousands of servers run by volunteers around the world. The TOR browser selects 3 relays each time a new connection established and connects to the internet through them. During each connection, the relays are encrypted in such a way that they do not know exactly the way in which they send and receive data.

When using the TOR browser, the Internet connection will seem like it came from a different IP address, usually from a different country.

  1. How Does TOR Work?

The following steps show how the TOR network works when, say, Ahmet’s computer uses the TOR Browser to communicate with Merve’s server:

Step 1: Ahmet’s TOR Browser retrieves the list of TOR relays [1] from the TOR directory server (Ayşe).

Step 2: Ahmet’s TOR Browser selects a random path from the TOR network to the destination server (Merve). All connections in the TOR network are encrypted (green [3]). In this example, the last connection is not encrypted (red [2]) because it uses HTTP to access Merve’s server. However, if Ahmet visits a website over SSL / TLS, HTTPS, the last connection would also be encrypted.

Step 3: If Ahmet later visits another server (Mustafa), Ahmet’s TOR Browser will choose a different, random path this time.

NOTE: There is an inverse ratio between anonymity and speed. TOR browser provides anonymity because it provides internet traffic through voluntary servers around the world, but the data flow will be slower than a normal internet connection.


Attention! At the Black Hat conference held in 2016, a vulnerability using the Exit Nodes of the TOR Browser was discovered. TOR relays used for connection are managed by volunteers – it is, therefore, possible to control these relays. People who want to exploit this add their own relays to these by using network analysis technologies. As I mentioned above, the message is sent to the relays in the form of encrypted layers. The last relay, i.e. the Exit Node, can decode the last layer and the resulting message is a clear text. If this last relay is a malicious node, the message that is intercepted can be read clearly. This means that the message will not show the person’s actual IP address and location, but information such as user name, password or bank information can be read.

2.TOR Browser Installation

Step 1: Go to the following address and click the Download TOR Browser ”button.

Figure 1: TOR Browser page

NOTE: If the access to the above address is blocked, you can obtain it by sending an e-mail to [email protected] specifying your operating system (Windows, OSx or Linux) to download from another address.

Figure 2: TOR email reply


Step 2: Determine the language and operating system you want to download

Figure 3: TOR Browser download links

Step 3: Go to the directory where the installation file was downloaded.

Figure 4: The directory where the installation file is located

Step 4: In the first step of the installation, double-click the EXE file to start the installation. Then select the language.

Figure 5: Installing the TOR Browser language pack


Step 5: Select the directory where TOR Browser is to be installed. In Figure 6, the desktop directory is selected.

Figure 6: Installation location of the TOR browser.

Step 6: Click the Finish button in the following window to complete the installation.

Figure 6: Completing the installation
  1. Settings Required to Connect to TOR Network

Step 1: If TOR is not blocked in the country where the Internet is accessed, the browser can be opened simply by pressing the connect button.

However, if access to such services is blocked in the country where the TOR network is to be connected, some configurations must be made by firstly clicking the “Configure” button.

Figure 1: TOR browser settings


Step 2: By clicking configure button the following window opens. Here, a bridge connection is used because the TOR network is blocked. Bridge connections are more difficult to block since they are not listed in a public directory. As a bridge, an available agent such as obfs4 is selected and the connect button is pressed.

Figure 2: TOR bridge configuration

Step 3: TOR Browser will soon open

Figure 3: Connecting to the TOR network


  1. Connecting to the TOR Network through Special Bridges

To connect to the TOR network, a connection may be made through special bridges that are less known and therefore less obstructed.

If the TOR page cannot be accessed, special bridge addresses can be requested by sending get bridges to [email protected]. However, if the TOR page is accessible, the following steps can be followed to obtain custom bridges;

Step 1: Go to the address below and click on the Just give me bridges button.

Figure 1: Getting  special TOR bridges

Step 2: Fill in the security code and press ENTER.

Figure 2: Security code
Figure 3: Bridge lines

Step 3: Enter the bridges copied in the following section and click the connect button.

Figure 4: TOR Network Settings
  1. Things to do to use TOR safely and anonymously

The TOR Browser provides anonymity only for transactions performed in the TOR Browser window. The fact that the application is running does not mean that other programs are using the TOR Network.


5.1. Checking the TOR Browser connection

The Test TOR Network Settings link can be clicked to ensure that the TOR scanner is installed and running properly.

Figure 1: TOR Browser Homepage

If you encounter a page like the one below, we can say that the TOR browser is working properly.

Figure 2: TOR network control

In addition to the TOR Project’s own control system, you can obtain connection information from https://www.iplocation.net/ and https://www.ip2location.com/.


5.2. Creating a New Identity

You can create a new identity at any time. In this way, TOR will create new connection nodes and will appear to be accessing websites from a different IP address. To do this, the following steps can be followed.

Step 1: Click the to open the TOR Browser menu.

Figure 1: Creating a new identity in the TOR Browser.

Step 2: Select New Identity from the drop-down menu.

The TOR Scanner will clear the browsing history and restart. When the browser restarts, you may see it connecting from a different IP address.


5.3. Enabling NoScript Plug-in

The TOR Browser comes with the initially disabled NoScript plug-in. NoScript provides additional protection from malicious websites and protects your true identity from being disclosed in the TOR Browser. Therefore, it is useful to activate the NoScript plug-in. NoScript can be activated by following the steps below.

Step 1: Click on the   icon upper left of the TOR Browser.

Figure 1: Enabling the NoScript plug-in

Step 2: Select Forbid Scripts Globally.

You may see many sites corrupted when this setting is enabled. If the website fails to load correctly, the website can be added to the NoScript whitelist by clicking the button shown in figure 1 and selecting “Temporarily allow all this page”.


5.4. Enable the HTTPS Everywhere Plug-in

HTTPS Everywhere plugin is built-in in TOR Browser. This plugin allows us to browse with HTTPS protocol automatically instead of HTTP when surfing the web. In this way, we can ensure that the requests we send to websites are encrypted end-to-end and cannot be read, including output nodes.

HTTPS Everywhere can be activated by following the steps.

Step 1: Click on the   icon which is located in the upper right corner of the browser.

Step 2: Check “Enable HTTPS Everywhere” and “Block all unencrypted requests” boxes. If we want to access a site that uses HTTP again, the Block all unencrypted requests box should be unchecked.