The Onion Router (Tor) is a free piece of software that facilitates anonymous communications and browsing. It's a secure option for browsing the internet, and comes with its own browser.

Here's how to get online securely with the Tor browser, and keep your activity private.

Privacy and Security When Using Tor

If you want to remain anonymous when using the internet, Tor is at least as good as the best VPN you can name. Remember, though, Tor is not a VPN; it is a proxy that only protects traffic that is routed through it. Our full guide to using Tor explains this in detail.

Alone, Tor cannot guarantee your security and privacy; you need to understand the best practices and usage tips to ensure maximum security and benefits.

These are:

  1. Don't use your personal information
  2. Do keep your system updated
  3. Don't use Tor for Google searches
  4. Do disable Java, JavaScript, and Flash
  5. Don't torrent or use P2P networking
  6. Do regularly delete cookies and other data
  7. Don't use HTTP websites

We are not saying that Tor is the be-all-end-all when it comes to privacy online, but if you use it properly it is a powerful tool.

Do's and Don'ts of Using Tor

Tor is an amazing tool when used right. Many people associate its use with the dark web and illicit activities. This, however, only represents a small portion of the Tor userbase. Other uses for Tor include:

  • Business activities
  • Cross-border communications
  • Publishing anonymous posts, data, or information
  • Whistleblowing (think WikiLeaks)

If you do decide to begin using Tor, make sure you follow these best practices.

Use the Tor browser to stay secure online

1. Avoid Using Your Personal Information

One way many people fall down is by mixing their personal information in with Tor-related activities. This includes but is not limited to: using or accessing your personal email address, using the same usernames, using debit or credit cards, and not using an anonymous persona.

If you are using Tor properly, create a persona and stick to it. Use Tor-based or temporary email services, and transact in anonymous cryptocurrencies. Temporary email services should only be used where you don't need routine access. After a while, a temporary email address will be deleted.

2. Keep Your System Updated

Tor is only as safe as the system running it. After all, it's a software solution. If your OS is outdated, then third-parties could exploit loopholes in it to get past your Tor shield and compromise your data.

If a potential attacker is able to figure out what OS you are using then Tor can't protect you. On the subject of operating systems, using Windows is not a good idea. This is due to the inherent security bugs and vulnerabilities that come with it.

If Windows cannot be avoided, make sure you update it regularly---automatic updates are the way to go.

3. Don't Use Tor for Google Searches

Google collects and stores information such as search queries. Google also stores cookies on your computer to track your browsing habits. For the most privacy-conscious of people, Google's use on Tor should be avoided for this reason.

Other search engines like DuckDuckGo and StartPage are best for use on Tor. They don't track, log, store, or save anything to their own services or your device.

4. Disable Java, JavaScript, and Flash

Using active content on Tor is a huge risk. Adobe Flash, QuickTime, ActiveX, Java, and JavaScript, among other things, can only run because of your user account privileges. Because of this, these can access and share your private data.

JavaScript is the most dangerous. It is a widely-used browser language that may ignore proxy settings and enable tracking by websites.  Additionally, these tools may store cookies and other data from the Tor browser that can be difficult to find and delete. By disabling them outright, you achieve a greater level of privacy and security.

5. Don't Torrent or Use P2P

Tor as a browser is not made for P2P file sharing such as torrenting. The Tor network's architecture is set up to block file-sharing traffic outright and, in addition to being risky, P2P over Tor is a risk to your privacy and anonymity.

Clients such as BitTorrent are not inherently secure. When used over Tor, they still send your IP address to other peers and there is no way to stop this.

6. Regularly Delete Cookies and Other Data

Whilst Tor routes your traffic through many nodes to prevent traffic analysis, cookies and other scripts can be used to track your activity online. With enough cookies or key bits of data, it can be pieced together to expose your identity.

When using Tor, regularly prune cookies and local site data, or use an add-on that does this automatically.

7. Avoid HTTP Websites

Data that is transferred to and from HTTP sites is unencrypted. Tor only encrypts traffic within its network, and using HTTP sites leaves you vulnerable to prying eyes when your traffic passes through exit nodes.

Visiting HTTPS sites that use end-to-end encryption such as TLS and SSL is perfectly safe, though. With HTTPS sites, all your data is safe even outside of the Tor ecosystem.

Tor Is Only as Safe as You Make It

Tor is one of the best tools available to protect from third-party snooping.

Although it is not perfect and there are inherent vulnerabilities and weaknesses, these can often be avoided by adhering strictly to the best practices and usage tips outlined above.

No matter what you are using Tor for, remaining anonymous should be your primary concern. Online anonymity is not easy, especially when we live in a world powered by data.

Image Credit: sharafmaksumov/Depositphotos