
The Tor browser use onion routing to direct and encrypt all traffic, offering users a high level of anonymity. The network transmits traffic through three layers of international network nodes called onion routers:
Tor Network (Onion route)
- Entry nodes, which form the first layer of encryption and enable the connection to the Tor network.
- A series of middle nodes fully encrypt web traffic to ensure anonymity.
- Exit nodes, which further encrypt data before it reaches the final server.

From: ABOUT TOR BROWSER | Tor Project | Tor Browser Manual
The last relay in the circuit (the “exit relay”) is the most risky node in the entire network. There have been many incidents in which volunteers at this node have been arrested or investigated. The most recent reported incident occurred in Germany on August 24th of this year. (Tor Project Forum)
Tor Browser
Tor Browser uses the Tor network to protect your privacy and anonymity. It ensures this in the following ways:
- Prevent browser fingerprinting: The tor browser uses a variety of methods to prevent browser fingerprinting, such as using a random window size to prevent screen size-based identification, as well as Canvas image extraction blocking, NoScript integration, user-agent spoofing, and first-party isolation. For more information, please refer to Browser Fingerprinting: An Introduction and the Challenges Ahead | The Tor Project。
- Circumvention Tools: As we all know, many governments and ISP block peopleto access to the Tor network in various ways, such as the GFW used by the Chinese government. These firewalls usually use traffic signature monitoring, HTTP header matching, etc., to identify illegal traffic and block it by DNS pollution or direct packet loss. According to EdNovas's tests, the GFW will even pretend to be a Tor client to access the bridge to block ports. Therefore, the Tor browser provides multiple transmission types to circumvent blocking. These methods are that the traffic flowing to the Tor network appears to be the same as a normal connection or is full of randomness. The main method of achieving this is through Bridges – they are not listed publicly, so an adversary cannot identify them easily.
- Bridges: Each bridge address is represented by a string of emoji characters called Bridge-mojis. The Bridge-mojis can be used to validate that the intended bridge has been added successfully.Bridge-mojis are human-readable bridge identifiers and do not represent the quality of connection to the Tor network or the state of the bridge. The string of emoji characters cannot be used as input. Users are required to provide the complete bridge address to be able to connect with a bridge. The bridge addresses can be shared using the QR code or by copying the entire address.
In addition, there are many other ways to enhance network anonymity, such as forcing https connections. For more information, see: Secure Connection |Tor Project |Tor Browser Manual (torproject.org)
Appendix
If you want to know more about GFW, you can visit: Ednovas Blog. The Internet should be free, equal, inclusive, and open. We should condemn governments and organizations that deprive citizens of the freedom to access the Internet.
Reference
- gk. (2019). Browser Fingerprinting: An Introduction and Challenges Ahead. Tor Project. Available at: https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/
- Tor team. (n.d.). Secure Connections. Tor Project. Available at: https://tb-manual.torproject.org/secure-connections/
- Kaspersky official. (n.d.). What is the Tor Browser? Kaspersky. Available at: https://www.kaspersky.com/resource-center/definitions/what-is-the-tor-browser
- Wherry, J. (2022). What is Tor and how does it work? CyberNews. Available at: https://cybernews.com/privacy/what-is-tor-and-how-does-it-work/
- EdNovas. (2022). GFW. EdNovas 2022 blog. Available at: https://ednovas.xyz/2022/06/25/gfw/
Comments | NOTHING