Tor Browser

Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with. Below we explain why it is important and how to verify that the Tor Browser you download is the one we have created and has not been modified by some attacker.

Each file on our download page is accompanied by a file labelled "signature" with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures. They allow you to verify the file you've downloaded is exactly the one that we intended you to get. This will vary by web browser, but generally you can download this file by right-clicking the "signature" link and selecting the "save file as" option.

For example, tor-browser-windows-x86_64-portable-13.0.1.exe is accompanied by tor-browser-windows-x86_64-portable-13.0.1.exe.asc. These are example file names and will not exactly match the file names that you download.

We now show how you can verify the downloaded file's digital signature on different operating systems. Please notice that a signature is dated the moment the package has been signed. Therefore every time a new file is uploaded a new signature is generated with a different date. As long as you have verified the signature you should not worry that the reported date may vary.

Installing GnuPG

First of all you need to have GnuPG installed before you can verify signatures.

For Windows users:

If you run Windows, download Gpg4win and run its installer.

In order to verify the signature you will need to type a few commands in windows command-line, cmd.exe.

For macOS users:

If you are using macOS, you can install GPGTools.

In order to verify the signature you will need to type a few commands in the Terminal (under "Applications").

For GNU/Linux users:

If you are using GNU/Linux, then you probably already have GnuPG in your system, as most GNU/Linux distributions come with it preinstalled.

In order to verify the signature you will need to type a few commands in a terminal window. How to do this will vary depending on your distribution.

Fetching the Tor Developers key

The Tor Browser team signs Tor Browser releases. Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

This should show you something like:

gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2014-12-15 [C] [expires: 2025-07-21]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub   rsa4096 2018-05-26 [S] [expires: 2020-12-19]

If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work. You might be able to import the key using the Workaround (using a public key) section instead.

After importing the key, you can save it to a file (identifying it by its fingerprint here):

gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

This command results in the key being saved to a file found at the path ./tor.keyring, i.e. in the current directory. If ./tor.keyring doesn't exist after running this command, something has gone wrong and you cannot continue until you've figured out why this didn't work.

Verifying the signature

To verify the signature of the package you downloaded, you will need to download the corresponding ".asc" signature file as well as the installer file itself, and verify it with a command that asks GnuPG to verify the file that you downloaded.

The examples below assume that you downloaded these two files to your "Downloads" folder. Note that these commands use example file names and yours will be different: you will need to replace the example file names with exact names of the files you have downloaded.

For Windows users (change x86_64 to i686 if you have the 32-bit package):

gpgv --keyring .\tor.keyring Downloads\tor-browser-windows-x86_64-portable-13.0.1.exe.asc Downloads\tor-browser-windows-x86_64-portable-13.0.1.exe

For macOS users:

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-macos-13.0.1.dmg.asc ~/Downloads/tor-browser-macos-13.0.1.dmg

For GNU/Linux users (change x86_64 to i686 if you have the 32-bit package):

gpgv --keyring ./tor.keyring ~/Downloads/tor-browser-linux-x86_64-13.0.1.tar.xz.asc ~/Downloads/tor-browser-linux-x86_64-13.0.1.tar.xz

The result of the command should contain:

gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"

If you get error messages containing 'No such file or directory', either something went wrong with one of the previous steps, or you forgot that these commands use example file names and yours will be a little different.

Refreshing the PGP key

Run the following command to refresh the Tor Browser Developers signing key in your local keyring from the keyserver. This will also fetch the new subkeys.

gpg --refresh-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

Workaround (using a public key)

If you encounter errors you cannot fix, feel free to download and use this public key instead. Alternatively, you may use the following command:

curl -s https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf |gpg --import -

Tor Browser Developers key is also available on keys.openpgp.org and can be downloaded from https://keys.openpgp.org/vks/v1/by-fingerprint/EF6E286DDA85EA2A4BA7DE684E2C6E8793298290. If you're using MacOS or GNU/Linux, the key can also be fetched by running the following command:

gpg --keyserver keys.openpgp.org --search-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

You may also want to learn more about GnuPG.

Please see the Installation section in the Tor Browser Manual.

The file you download and run prompts you for a destination. If you don't remember what this destination was, it's most likely your Downloads or Desktop folder.

The default setting in the Windows installer also creates a shortcut for you on your Desktop, though be aware that you may have accidentally deselected the option to create a shortcut.

If you can't find it in either of those folders, download it again and look for the prompt that asks you to choose a directory to download it in. Choose a directory location that you'll remember easily, and once the download finishes you should see a Tor Browser folder there.

Whenever we release a new stable version of Tor Browser, we write a blog post that details its new features and known issues. If you started having issues with your Tor Browser after an update, check out blog.torproject.org for a post on the most recent stable Tor Browser to see if your issue is listed. If your issue is not listed there, please check first Tor Browser's issue tracker and create a GitLab issue about what you're experiencing.

We want everyone to be able to enjoy Tor Browser in their own language. Tor Browser is now available in multiple languages, and we are working to add more.

Our current list of supported languages is:

Language
العربية (ar)
Català (ca)
česky (cs)
Dansk (da)
Deutsch (de)
Ελληνικά (el)
English (en)
Español (es)
ﻑﺍﺮﺴﯾ (fa)
Suomi (fi)
Français (fr)
Gaeilge (ga-IE)
עברית (he)
Magyar nyelv (hu)
Indonesia (id)
Islenska (is)
Italiano (it)
日本語 (ja)
ქართული (ka)
한국어 (ko)
lietuvių kalba (lt)
македонски (mk)
ﺐﻫﺎﺳ ﻡﻼﻳﻭ (ms)
မြမစ (my)
Norsk Bokmål (nb-NO)
Nederlands (nl)
Polszczyzna (pl)
Português Brasil(pt-BR)
Română (ro)
Русский (ru)
Shqip (sq)
Svenska (sv-SE)
ภาษาไทย (th)
Türkçe (tr)
Український (uk)
Tiếng Việt (vi)
简体中文 (zh-CN)
正體字 (zh-TW)

Want to help us translate? Become a Tor translator!

You can also help us in testing the next languages we will release, by installing and testing Tor Browser Alpha releases.

No, Tor Browser is an open source software and it is free. Any browser forcing you to pay and is claiming to be Tor Browser is fake. To make sure you are downloading the right Tor Browser visit our download page. After downloading, you can make sure that you have the official version of Tor Browser by verifying the signature. If you are not able to access our website, then visit censorship section to get information about alternate way of downloading Tor Browser.

If you have paid for a fake app claiming to be Tor Browser, you can try to request a refund from the Apple or Play Store, or you can contact your bank to report a fraudulent transaction. We cannot refund you for a purchase made to another company.

You can report fake Tor Browsers on frontdesk@torproject.org

Tor Browser is currently available on Windows, Linux, macOS, and Android.

On Android, The Guardian Project also provides the Orbot app to route other apps on your Android device over the Tor network.

There is no official version of Tor Browser for iOS yet, as explained in this blog post. Our best available recommendation is Onion Browser.

Unfortunately, we don't yet have a version of Tor Browser for Chrome OS. You could run Tor Browser for Android on Chrome OS. Note that by using Tor Mobile on Chrome OS, you will view the mobile (not desktop) versions of websites. However, because we have not audited the app in Chrome OS, we don't know if all the privacy features of Tor Browser for Android will work well.

Sorry, but there is currently no official support for running Tor Browser on *BSD. There is something called the TorBSD project, but their Tor Browser is not officially supported.

Using Tor Browser can sometimes be slower than other browsers. The Tor network has over a million daily users, and just over 6000 relays to route all of their traffic, and the load on each server can sometimes cause latency. And, by design, your traffic is bouncing through volunteers' servers in various parts of the world, and some bottlenecks and network latency will always be present. You can help improve the speed of the network by running your own relay, or encouraging others to do so. For the much more in-depth answer, see Roger's blog post on the topic and Tor's Open Research Topics: 2018 edition about Network Performance. You can also checkout our recent blog post Tor Network Defense Against Ongoing Attacks, which discusses the Denial of Service (DoS) attacks on the Tor Network. Furthermore, we have introduced a Proof-of-Work Defense for Onion Services to help mitigate some of these attacks. That said, Tor is much faster than it used to be and you may not actually notice any change in speed from other browsers.

While the names may imply otherwise, 'Incognito mode' and 'private tabs' do not make you anonymous on the Internet. They erase all the information on your machine relating to the browsing session after they are closed, but have no measures in place to hide your activity or digital fingerprint online. This means that an observer can collect your traffic just as easily as any regular browser.

Tor Browser offers all the amnesic features of private tabs while also hiding the source IP, browsing habits and details about a device that can be used to fingerprint activity across the web, allowing for a truly private browsing session that's fully obfuscated from end-to-end.

For more information regarding the limitations of Incognito mode and private tabs, see Mozilla's article on Common Myths about Private Browsing.

There are methods for setting Tor Browser as your default browser, but those methods may not work always or in every operating system. Tor Browser works hard to isolate itself from the rest of your system, and the steps for making it the default browser are unreliable. This means sometimes a website would load in Tor Browser, and sometimes it would load in another browser. This type of behavior can be dangerous and break anonymity.

We strongly recommend against using Tor in any browser other than Tor Browser. Using Tor in another browser can leave you vulnerable without the privacy protections of Tor Browser.

You can certainly use another browser while you are also using Tor Browser. However, you should know that the privacy properties of Tor Browser will not be present in the other browser. Be careful when switching back and forth between Tor and a less safe browser, because you may accidentally use the other browser for something you intended to do using Tor.

If you run Tor Browser and another browser at the same time, it won't affect Tor's performance or privacy properties.

However, be aware that when using Tor and another browser at the same time, your Tor activity could be linked to your non-Tor (real) IP from the other browser, simply by moving your mouse from one browser into the other.

Or you may simply forget and accidentally use that non-private browser to do something that you intended to do in Tor Browser instead.

Only Tor Browser's traffic will be routed over the Tor network. Any other application on your system (including other browsers) will not have their connections routed over the Tor network, and will not be protected. They need to be configured separately to use Tor. If you need to be sure that all traffic will go through the Tor network, take a look at the Tails live operating system which you can start on almost any computer from a USB stick or a DVD.

We do not recommend running multiple instances of Tor Browser, and doing so may not work as anticipated on many platforms.

Tor Browser is built using Firefox ESR, so errors regarding Firefox may occur. Please be sure no other instance of Tor Browser is already running, and that you have extracted Tor Browser in a location that your user has the correct permissions for. If you are running an anti-virus, please see My antivirus/malware protection is blocking me from accessing Tor Browser, it is common for anti-virus/anti-malware software to cause this type of issue.

Tor Browser is a modified version of Firefox specifically designed for use with Tor. A lot of work has been put into making Tor Browser, including the use of extra patches to enhance privacy and security. While it is technically possible to use Tor with other browsers, you may open yourself up to potential attacks or information leakage, so we strongly discourage it. Learn more about the design of Tor Browser.

Bookmarks in Tor Browser can be exported, imported, backed up, restored as well as imported from another browser. In order to manage your bookmarks in Tor Browser, go to:

  • Hamburger menu >> Bookmarks >> Manage bookmarks (below the menu)
  • From the toolbar on the Library window, click on 'Import and Backup'

If you wish to export bookmarks

  • Choose Export Bookmarks to HTML
  • In the Export Bookmarks File window that opens, choose a location to save the file, which is named bookmarks.html by default. The desktop is usually a good spot, but any place that is easy to remember will work.
  • Click the Save button. The Export Bookmarks File window will close.
  • Close the Library window.

Your bookmarks are now successfully exported from Tor Browser. The bookmarks HTML file you saved is now ready to be imported into another web browser.

If you wish to import bookmarks

  • Choose Import Bookmarks from HTML
  • Within the Import Bookmarks File window that opens, navigate to the bookmarks HTML file you are importing and select the file.
  • Click the Open button. The Import Bookmarks File window will close.
  • Close the Library window.

The bookmarks in the selected HTML file will be added to your Tor Browser within the Bookmarks Menu directory.

If you wish to backup

  • Choose Backup
  • A new window opens and you have to choose the location to save the file. The file has a .json extension.

If you wish to restore

  • Choose Restore and then select the bookmark file you wish to restore.
  • Click okay to the pop up box that appears and hurray, you just restored your backup bookmark.

Import data from another browser

Bookmarks can be transferred from Firefox to Tor Browser. There are two ways to export and import bookmarks in Firefox: HTML file or JSON file. After exporting the data from the browser, follow the above step to import the bookmark file into your Tor Browser.

Note: Currently, on Tor Browser for Android, there is no good way to export and import bookmarks. Bug #31617

When you have Tor Browser open, you can navigate to the hamburger menu ("≡"), then click on "Settings", and finally on "Connection" in the side bar. At the bottom of the page, next to the "View the Tor logs" text, click the button "View Logs...". You should see an option to copy the log to your clipboard, which you will be able to paste it into a text editor or an email client.

Alternatively, on GNU/Linux, to view the logs right in the terminal, navigate to the Tor Browser directory and launch Tor Browser from the command line by running:

./start-tor-browser.desktop --verbose

or to save the logs to a file (default: tor-browser.log)

./start-tor-browser.desktop --log [file]

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented in 2019. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.

letterboxing

Tor Browser can certainly help people access your website in places where it is blocked. Most of the time, simply downloading the Tor Browser and then using it to navigate to the blocked site will allow access. In places where there is heavy censorship we have a number of censorship circumvention options available, including pluggable transports.

For more information, please see the Tor Browser User Manual section on censorship circumvention.

Sometimes websites will block Tor users because they can't tell the difference between the average Tor user and automated traffic. The best success we've had in getting sites to unblock Tor users is getting users to contact the site administrators directly. Something like this might do the trick:

"Hi! I tried to access your site xyz.com while using Tor Browser and discovered that you don't allow Tor users to access your site. I urge you to reconsider this decision; Tor is used by people all over the world to protect their privacy and fight censorship. By blocking Tor users, you are likely blocking people in repressive countries who want to use a free internet, journalists and researchers who want to protect themselves from discovery, whistleblowers, activists, and ordinary people who want to opt out of invasive third party tracking. Please take a strong stance in favor of digital privacy and internet freedom, and allow Tor users access to xyz.com. Thank you."

In the case of banks, and other sensitive websites, it is also common to see geography-based blocking (if a bank knows you generally access their services from one country, and suddenly you are connecting from an exit relay on the other side of the world, your account may be locked or suspended).

If you are unable to connect to an onion service, please see I cannot reach X.onion!.

Tor Browser often makes your connection appear as though it is coming from an entirely different part of the world. Some websites, such as banks or email providers, might interpret this as a sign that your account has been compromised, and lock you out.

The only way to resolve this is by following the site's recommended procedure for account recovery, or contacting the operators and explaining the situation.

You may be able to avoid this scenario if your provider offers 2-factor authentication, which is a much better security option than IP-based reputations. Contact your provider and ask them if they provide 2FA.

Sometimes JavaScript-heavy websites can have functional issues over Tor Browser. The simplest fix is to click on the Security icon (the small gray shield at the top-right of the screen), then click "Change..." Set your security to "Standard".

Most antivirus or malware protection allows the user to "allowlist" certain processes that would otherwise be blocked. Please open your antivirus or malware protection software and look in the settings for an "allowlist" or something similar. Next, include the following processes:

  • For Windows
    • firefox.exe
    • tor.exe
    • lyrebird.exe (if you use bridges)
    • snowflake-client.exe
  • For macOS
    • TorBrowser
    • tor.real
    • lyrebird (if you use bridges)
    • snowflake-client

Finally, restart Tor Browser. This should fix the issues you're experiencing. Please note that some antivirus clients, like Kaspersky, may also be blocking Tor at the firewall level.

Some antivirus software will pop up malware and/or vulnerability warnings when Tor Browser is launched. If you downloaded Tor Browser from our main website or used GetTor, and verified it, these are false positives and you have nothing to worry about. Some antiviruses consider that files that have not been seen by a lot of users as suspicious. To make sure that the Tor program you download is the one we have created and has not been modified by some attacker, you can verify Tor Browser's signature. You may also want to permit certain processes to prevent antiviruses from blocking access to Tor Browser.

If your internet connection might be blocking the Tor network, you can try using bridges. Some bridges are built in to Tor Browser and require only a few steps to enable them. To use a pluggable transport, click "Configure Connection" when starting Tor Browser for the first time. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. From the menu, select whichever pluggable transport you'd like to use.

Once you've selected the pluggable transport, scroll up and click "Connect" to save your settings.

Or, if you have Tor Browser running, click on "Settings" in the hamburger menu (≡) and then on "Connection" in the sidebar. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. Choose whichever pluggable transport you'd like to use from the menu. Your settings will automatically be saved once you close the tab.

If you need other bridges, you can get them at our Bridges website. For more information about bridges, see the Tor Browser manual.

One of the most common issues that causes connection errors in Tor Browser is an incorrect system clock. Please make sure your system clock and timezone are set accurately. If this doesn't fix the problem, see the Troubleshooting page on the Tor Browser manual.

Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.

In general, this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by its rightful owner.

Even though this may be a byproduct of using the service via Tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory, only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.

And if somebody did steal your Google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor Browser, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

More recently, Gmail users can turn on 2-Step Verification on their accounts to add an extra layer of security.

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.

When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

You can try 'New Circuit for this Site' to access the website from a different IP address.

An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

Unfortunately, some websites deliver Captchas to Tor users, and we are not able to remove Captchas from websites. The best thing to do in these cases is to contact the website owners, and inform them that their Captchas are preventing users such as yourself from using their services.

Google uses "geolocation" to determine where in the world you are, so it can give you a personalized experience. This includes using the language it thinks you prefer, and it also includes giving you different results on your queries.

If you really want to see Google in English you can click the link that provides that. But we consider this a feature with Tor, not a bug --- the Internet is not flat, and it in fact does look different depending on where you are. This feature reminds people of this fact.

Note that Google search URLs take name/value pairs as arguments and one of those names is "hl". If you set "hl" to "en" then Google will return search results in English regardless of what Google server you have been sent to. The changed link might look like this:

https://encrypted.google.com/search?q=online%20anonymity&hl=en

Another method is to simply use your country code for accessing Google. This can be google.be, google.de, google.us and so on.

When using Tor Browser, no one can see the websites that you visit. However, your service provider or network admins may be able to see that you're connecting to the Tor network, though they won't know what you're doing when you get there.

Tor Browser prevents people from knowing the websites you visit. Some entities, such as your Internet Service Provider (ISP), may be able to see that you're using Tor, but they won't know where you're going when you do.

DuckDuckGo is the default search engine in Tor Browser. DuckDuckGo does not track its users nor does it store any data about user searches. Learn more about DuckDuckGo privacy policy.

With the release of Tor Browser 6.0.6, we switched to DuckDuckGo as the primary search engine. For a while now, Disconnect, which was formerly used in Tor Browser, has had no access to Google search results. Since Disconnect is more of a meta search engine, which allows users to choose between different search providers, it fell back to delivering Bing search results, which were basically unacceptable quality-wise. DuckDuckGo does not log, collect or share the user's personal information or their search history, and therefore is best positioned to protect your privacy. Most other search engines store your searches along with other information such as the timestamp, your IP address, and your account information if you are logged in.

Please see the DuckDuckGo support portal. If you believe this is a Tor Browser issue, please report it on our issue tracker.

Tor Browser has two ways to change your relay circuit — "New Identity" and "New Tor Circuit for this Site". Both options are located in the hamburger menu ("≡"). You can also access the New Circuit option inside the site information menu in the URL bar, and the New Identity option by clicking the small sparky broom icon at the top-right of the screen.

New Identity

This option is useful if you want to prevent your subsequent browser activity from being linkable to what you were doing before.

Selecting it will close all your tabs and windows, clear all private information such as cookies and browsing history, and use new Tor circuits for all connections.

Tor Browser will warn you that all activity and downloads will be stopped, so take this into account before clicking "New Identity".

Tor Browser Menu

New Tor Circuit for this Site

This option is useful if the exit relay you are using is unable to connect to the website you require, or is not loading it properly. Selecting it will cause the currently-active tab or window to be reloaded over a new Tor circuit.

Other open tabs and windows from the same website will use the new circuit as well once they are reloaded.

This option does not clear any private information or unlink your activity, nor does it affect your current connections to other websites.

New Circuit for this Site

Running Tor Browser does not make you act as a relay in the network. This means that your computer will not be used to route traffic for others. If you'd like to become a relay, please see our Tor Relay Guide.

That is normal Tor behavior. The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this blog post and paper on entry guards.

In Tor Browser, every new domain gets its own circuit. The Design and Implementation of Tor Browser document further explains the thinking behind this design.

Modifying the way that Tor creates its circuits is strongly discouraged. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry/exit nodes can compromise your anonymity. If the outcome you want is simply to be able to access resources that are only available in one country, you may want to consider using a VPN instead of using Tor. Please note that VPNs do not have the same privacy properties as Tor, but they will help solve some geolocation restriction issues.

WARNING: Do NOT follow random advice instructing you to edit your torrc! Doing so can allow an attacker to compromise your security and anonymity through malicious configuration of your torrc.

Tor uses a text file called torrc that contains configuration instructions for how Tor should behave. The default configuration should work fine for most Tor users (hence the warning above.)

To find your Tor Browser torrc, follow the instructions for your operating system below.

On Windows or Linux:

  • The torrc is in the Tor Browser Data directory at Browser/TorBrowser/Data/Tor inside your Tor Browser directory.

On macOS:

  • The torrc is in the Tor Browser Data directory at ~/Library/Application Support/TorBrowser-Data/Tor.
  • Note the Library folder is hidden on newer versions of macOS. To navigate to this folder in Finder, select "Go to Folder..." in the "Go" menu.
  • Then type ~/Library/Application Support/ in the window and click Go.

Close Tor Browser before you edit your torrc, otherwise Tor Browser may erase your modifications. Some options will have no effect as Tor Browser overrides them with command line options when it starts Tor.

Have a look at the sample torrc file for hints on common configurations. For other configuration options you can use, see the Tor manual page. Remember, all lines beginning with # in torrc are treated as comments and have no effect on Tor's configuration.

It's strongly discouraged to install new add-ons in Tor Browser, because they can compromise your privacy and security.

Installing new add-ons may affect Tor Browser in unforeseen ways and potentially make your Tor Browser fingerprint unique. If your copy of Tor Browser has a unique fingerprint, your browsing activities can be deanonymized and tracked even though you are using Tor Browser.

Each browser's settings and features create what is called a "browser fingerprint". Most browsers inadvertently create a unique fingerprint for each user which can be tracked across the internet. Tor Browser is specifically engineered to have a nearly identical (we're not perfect!) fingerprint across its users. This means each Tor Browser user looks like many other Tor Browser users, making it difficult to track any individual user.

There's also a good chance a new add-on will increase the attack surface of Tor Browser. This may allow sensitive data to be leaked or allow an attacker to infect Tor Browser. The add-on itself could even be maliciously designed to spy on you.

Tor Browser already comes installed with one add-on — NoScript — and adding anything else could deanonymize you.

Want to learn more about browser fingerprinting? Here's an article on The Tor Blog all about it.

Flash is disabled in Tor Browser, and we recommend you to not enable it. We don't think Flash is safe to use in any browser — it's a very insecure piece of software that can easily compromise your privacy or serve you malware. Fortunately, most websites, devices, and other browsers are moving away from the use of Flash.

If you're using Tor Browser, you can set your proxy's address, port, and authentication information in the Connection Settings.

If you're using Tor another way, you can set the proxy information in your torrc file. Check out the HTTPSProxy config option in the manual page. If your proxy requires authentication, see the HTTPSProxyAuthenticator option. Example with authentication:

  HTTPSProxy 10.0.0.1:8080
  HTTPSProxyAuthenticator myusername:mypass

We only support Basic auth currently, but if you need NTLM authentication, you may find this post in the archives useful.

For using a SOCKS proxy, see the Socks4Proxy, Socks5Proxy, and related torrc options in the manual page. Using a SOCKS 5 proxy with authentication might look like this:

  Socks5Proxy 10.0.0.1:1080
  Socks5ProxyUsername myuser
  Socks5ProxyPassword mypass

If your proxies only allow you to connect to certain ports, look at the entry on Firewalled clients for how to restrict what ports your Tor will try to access.

Please see the HTTPS Everywhere FAQ. If you believe this is a Tor Browser for Android issue, please report it on our issue tracker.

Since Tor Browser 11.5, HTTPS-Only Mode is enabled by default for desktop, and HTTPS Everywhere is no longer bundled with Tor Browser.

We configure NoScript to allow JavaScript by default in Tor Browser because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if we disabled JavaScript by default because it would cause so many problems for them. Ultimately, we want to make Tor Browser as secure as possible while also making it usable for the majority of people, so for now, that means leaving JavaScript enabled by default.

For users who want to have JavaScript disabled on all HTTP sites by default, we recommend changing your Tor Browser's "Security Level" option. This can be done by navigating the Security icon (the small gray shield at the top-right of the screen), then clicking on "Change...". The "Standard" level allows JavaScript, the "Safer" level blocks JavaScript on HTTP sites and the "Safest" level blocks JavaScript altogether.

Yes. Tor can be configured as a client or a relay on another machine, and allow other machines to be able to connect to it for anonymity. This is most useful in an environment where many computers want a gateway of anonymity to the rest of the world. However, be forewarned that with this configuration, anyone within your private network (existing between you and the Tor client/relay) can see what traffic you are sending in clear text. The anonymity doesn't start until you get to the Tor relay. Because of this, if you are the controller of your domain and you know everything's locked down, you will be OK, but this configuration may not be suitable for large private networks where security is key all around.

Configuration is simple, editing your torrc file's SocksListenAddress according to the following examples:

SocksListenAddress 127.0.0.1
SocksListenAddress 192.168.x.x:9100
SocksListenAddress 0.0.0.0:9100

You can state multiple listen addresses, in the case that you are part of several networks or subnets.

SocksListenAddress 192.168.x.x:9100 #eth0
SocksListenAddress 10.x.x.x:9100 #eth1

After this, your clients on their respective networks/subnets would specify a socks proxy with the address and port you specified SocksListenAddress to be. Please note that the SocksPort configuration option gives the port ONLY for localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need to give the port with the address, as shown above. If you are interested in forcing all outgoing data through the central Tor client/relay, instead of the server only being an optional proxy, you may find the program iptables (for *nix) useful.

By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers than the Tor client, you should edit your torrc to define SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP.

Please see the NoScript FAQ. If you believe this is a Tor Browser issue, please report it on our bug tracker.