The name "Tor" can refer to several different components.
Tor is a program you can run on your computer that helps keep you safe on the Internet.
It protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.
This set of volunteer relays is called the Tor network.
The way most people use Tor is with Tor Browser, which is a version of Firefox that fixes many privacy issues.
You can read more about Tor on our about page.
The Tor Project is a non-profit (charity) organization that maintains and develops the Tor software.
Tor is the onion routing network.
When we were starting the new next-generation design and implementation of onion routing in 2001-2002, we would tell people we were working on onion routing, and they would say "Neat. Which one?"
Even if onion routing has become a standard household term, Tor was born out of the actual onion routing project run by the Naval Research Lab.
(It's also got a fine meaning in German and Turkish.)
Note: even though it originally came from an acronym, Tor is not spelled "TOR".
Only the first letter is capitalized.
In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.
No, it doesn't.
You need to use a separate program that understands your application and protocol and knows how to clean or "scrub" the data it sends.
Tor Browser tries to keep application-level data, like the user-agent string, uniform for all users.
Tor Browser can't do anything about the text that you type into forms, though.
A typical proxy provider sets up a server somewhere on the Internet and allows you to use it to relay your traffic.
This creates a simple, easy to maintain architecture.
The users all enter and leave through the same server.
The provider may charge for use of the proxy, or fund their costs through advertisements on the server.
In the simplest configuration, you don't have to install anything.
You just have to point your browser at their proxy server.
Simple proxy providers are fine solutions if you do not want protections for your privacy and anonymity online and you trust the provider to not do bad things.
Some simple proxy providers use SSL to secure your connection to them, which protects you against local eavesdroppers, such as those at a cafe with free wifi Internet.
Simple proxy providers also create a single point of failure.
The provider knows both who you are and what you browse on the Internet.
They can see your traffic as it passes through their server.
In some cases, they can even see inside your encrypted traffic as they relay it to your banking site or to ecommerce stores.
You have to trust the provider isn't watching your traffic, injecting their own advertisements into your traffic stream, or recording your personal details.
Tor passes your traffic through at least 3 different servers before sending it on to the destination.
Because there's a separate layer of encryption for each of the three relays, somebody watching your Internet connection can't modify, or read, what you are sending into the Tor network.
Your traffic is encrypted between the Tor client (on your computer) and where it pops out somewhere else in the world.
Doesn't the first server see who I am?
A bad first of three servers can see encrypted Tor traffic coming from your computer.
It still doesn't know who you are and what you are doing over Tor.
It merely sees "This IP address is using Tor".
You are still protected from this node figuring out both who you are and where you are going on the Internet.
Can't the third server see my traffic?
A bad third of three servers can see the traffic you sent into Tor.
It won't know who sent this traffic.
If you're using encryption (like HTTPS), it will only know the destination.
See this visualization of Tor and HTTPS to understand how Tor and HTTPS interact.
The Tor software is free software.
This means we give you the rights to redistribute the Tor software, either modified or unmodified, either for a fee or gratis.
You don't have to ask us for specific permission.
However, if you want to redistribute the Tor software you must follow our LICENSE.
Essentially this means that you need to include our LICENSE file along with whatever part of the Tor software you're distributing.
Most people who ask us this question don't want to distribute just the Tor software, though.
They want to distribute the Tor Browser.
This includes Firefox Extended Support Release, and the NoScript and HTTPS-Everywhere extensions.
You will need to follow the license for those programs as well.
Both of those Firefox extensions are distributed under the GNU General Public License, while Firefox ESR is released under the Mozilla Public License.
The simplest way to obey their licenses is to include the source code for these programs everywhere you include the bundles themselves.
Also, you should make sure not to confuse your readers about what Tor is, who makes it, and what properties it provides (and doesn't provide).
See our trademark FAQ for details.
There are plenty of other programs you can use with Tor, but we haven't researched the application-level anonymity issues on all of them well enough to be able to recommend a safe configuration.
Our wiki has a community-maintained list of instructions for Torifying specific applications.
Please add to this list and help us keep it accurate!
Most people use Tor Browser, which includes everything you need to browse the web safely using Tor.
Using Tor with other browsers is dangerous and not recommended.
There is absolutely no backdoor in Tor.
We know some smart lawyers who say that it's unlikely that anybody will try to make us add one in our jurisdiction (U.S.).
If they do ask us, we will fight them, and (the lawyers say) probably win.
We will never put a backdoor in Tor.
We think that putting a backdoor in Tor would be tremendously irresponsible to our users, and a bad precedent for security software in general.
If we ever put a deliberate backdoor in our security software, it would ruin our professional reputation.
Nobody would trust our software ever again - for excellent reasons!
But that said, there are still plenty of subtle attacks people might try.
Somebody might impersonate us, or break into our computers, or something like that.
Tor is open source, and you should always check the source (or at least the diffs since the last release) for suspicious things.
If we (or the distributors that gave you Tor) don't give you access to the source code, that's a sure sign something funny might be going on.
You should also check the PGP signatures on the releases, to make sure nobody messed with the distribution sites.
Also, there might be accidental bugs in Tor that could affect your anonymity.
We periodically find and fix anonymity-related bugs, so make sure you keep your Tor versions up-to-date.