Tor Myths and Misconceptions
In modern society a number of untruths persist regarding the Tor network ('dark net'), Tor Browser, and platforms or software that utilize Tor, like Whonix ™. Myths and misconceptions are perpetuated by a range of factors, including: a lack of understanding, government propaganda, and a heavy media focus on the potential negative applications of Tor. For instance, the media consistently overhypes the existence of markets for illicit services/goods and various criminal activities launched from the network.
This chapter is intended to dispel some of the more common Tor myths, while highlighting that misinformation poses a great disservice to a technologically neutral tool and the millions using it daily. All over the world, Tor users have very diverse and practical reasons for deploying online anonymity. When analyzed dispassionately, it is evident Tor is used predominantly for good -- enforcing our inalienable right to privacy, increasing security, and helping to protect vulnerable groups like whistleblowers, dissidents and activists. On the flipside, Tor/Tor Browser and any other software in existence is imperfect, meaning the 'absolute anonymity' some seek is a mirage.
For a basic understanding of the Tor protocol and how it helps to protect anonymity, see: How HTTPS and Tor Work Together to Protect Your Anonymity and Privacy [archive] by the Electronic Frontier Foundation.
Common Tor Myths and Misconceptions
Tor is predominantly designed for strong anonymity and helping those who do not want to share their browsing history, communications and other online activities with corporations and government entities who perform detailed surveillance of all Internet traffic. It also assists censored users to access information freely, journalists to protect their sources, and limits the risks of corporate espionage. Notably, only around 3 per cent of all Tor traffic is on the 'dark web' (
.onion sites) -- many media announcements regarding the scale of hidden services and the potential for criminality are overstated. kaspersky.com notes: 
But despite the reputation of the dark web as being a haven for criminal activity, a recent survey concluded that only 45% of .onion sites appear to host illegal activity. And it’s not as vast as some people have made it out to be. While the surface web hosts billions of different sites, it is estimated that Tor hidden sites number only in the thousands, perhaps tens of thousands but no more.
In simple terms, without Tor users are browsing naked and can be intimately tracked wherever and whenever they go online. Nobody should feel guilty when taking proactive steps to resist network observers, since extremely detailed profiles are created for corporate or intelligence purposes. Further, Tor's advantages are not discounted by the actions of a minority that use it for malign purposes. The fact is the vast majority of Tor traffic is used for legal, legitimate purposes. Banning Tor would only lead to criminals utilizing other tools and methods for nefarious purposes, while denying protection to those in society who need or desire it -- Tor will always be a 'two-edged sword'.
Tor was not written by the U.S. government -- Tor was actually written by Roger Dingledine, and later on joined by Nick Matthewson. Initial funding for Tor development was provided by the U.S. Naval research lab via Paul Syverson. The State Department also partially funds Tor since it is used to circumvent censorship in various locations. Notably the proportion of funding from the U.S. government is becoming smaller over time, as more diverse funding options emerge and community financial contributions increase; see Tor Project Sponsors [archive] to learn more. 
Claims of a purposeful, malicious backdoor are considered extremely speculative, since the software is undoubtedly used by various American agencies and operatives. Backdooring Tor would therefore undermine the security of their own anonymity systems. Moreover, if only government agencies utilized Tor, then it would be rendered useless; all traffic would automatically be tagged as intelligence-related. One fundamental principle of anonymity is: "Anonymity loves company". This means a large and diverse population is essential to make any one individual harder to locate.
Tor code is also thoroughly reviewed by a host of security professionals, and no such backdoor has ever been discovered after more than 15 years of development. All Tor Project code is open-source, and the design and implementation is transparent. It is implausible that future Tor developers will purposefully modify source code to enable spying on its users, and not be discovered in the process.
Tor is not a magical solution providing guaranteed anonymity. All software has flaws in both code and design that provide sophisticated attackers opportunities for exploits. A number of Tor Network Attacks are already well established in the literature, emphasizing that users can be deanonymized under various situations. Also, a host of other potential Speculative Tor Attacks can be launched against the Tor client, servers and/or network.
The Tor software therefore cannot always protect a user's identity, but it can consistently anonymize the origin of Internet traffic. Despite government agency successes in targeting and exploiting some Tor-related traffic, intelligence disclosures have revealed that it was a barrier to mass surveillance at the time of the Snowden disclosures in 2013. Solely using Tor/Tor Browser in isolation will not protect one's identity; it is also necessary to modify online behavior. For example it is essential to use strong encryption, obfuscate writing style, not reveal personal interests, distrust strangers, limit online disclosures, and follow a host of other tips to stay anonymous. Ignoring these rules is a fast track to deanonymization.
All my traffic is encrypted by default. 
This is a common misconception held by Tor/Tor Browser newcomers. As outlined in the Tor Browser Encryption chapter, a host of data might be visible to different network observers depending on whether the final connection is encrypted with HTTPS or not. Visible data can include: the visited site; location; whether Tor is in use; and via data sharing, the user/password and specific activity data. See: HTTP / HTTPS Connections with and without Tor for further information.
The take home message is that users should try to utilize HTTPS and TLS whenever possible, since Tor only encrypts traffic as it travels through the network of three nodes. Exit nodes remain vulnerable if traffic is unencrypted, since this is a plain-text version of the message. Even better is use of Onion Services Encryption, since the connection forms a tunnel which is encrypted (end-to-end) using a random rendezvous point within the Tor network; HTTPS is not required. These connections also incorporate perfect forward secrecy (PFS), meaning the compromise of long-term keys does not compromise past session keys.
Tor will get me on a permanent watch list! 
In the modern age, everybody is on a watch list. Disclosures have revealed the intent of government agencies is to record all online activity so that highly detailed dossiers are available on the entire population. While it is true that encrypted, VPN, and Tor-related traffic are particularly interesting to the IC, it is better than no anonymity at all. The ultimate solution is for the Tor network and user population to scale up dramatically, in order to increase its effectiveness.
It is far better to stymie mass surveillance measures via Tor as a method of resistance, than to capitulate to undemocratic, police state measures that were secretly implemented without the foreknowledge of the public. Principles should trump hypothetical watchlists, since users in most modern nation states are not exposed to any additional harms by taking this step. One exception might be oppressive states where Tor use is particularly dangerous, but depending on the circumstances, Bridges or pluggable transports might be a reasonable solution.
But Tor exit nodes can manipulate my traffic! 
As outlined earlier, this risk is generally avoided by only using encrypted connections where traffic leaves the exit node (HTTPS) or using
.onion connections that stay within the Tor network itself. Changing your own online behavior is the key to staying safe in this case, and refusing to utilize services that put users at risk by not encrypting traffic to the server.  Manipulation of traffic by malicious exit nodes is impossible if they do not know what the encrypted HTTPS packets contain.
Roger Dingledine, co-founder of Tor, has stated:
“Indeed some intelligence agencies have run relays every so often. But, I know two-thirds of the people who run the relays personally. They simply aren’t,” he said of government snoops. It doesn’t make any sense for the NSA to run relays, he maintains. “They are already watching AT&T, Deutsche Telekom and the cables underneath the oceans. They are already invested in surveilling the internet, so it makes no sense,” Dingledine said.
As mentioned earlier, Tor is not invulnerable. That said, it is difficult to consistently deanonymize a large proportion of Tor traffic without significant resource and time investments by adversaries (or a direct, targeted attack on an end user's platform). In most cases, adversaries need to control/observe traffic at both the entry guard and exit node for Confirmation Attacks or perform other types of Traffic Analysis. Lesser adversaries have even fewer opportunities to deanonymize Tor traffic, particularly as the network grows in size. Attacks simply become harder and more expensive to execute.
The only exception to this deanonymization misconception is Global Passive Adversaries (GPAs)  who are likely capable or monitoring the traffic between all the computers in a network at the same time. By studying the timing and volume patterns of the different communications across the network, it is statistically feasible to identify Tor circuits and thus match Tor clients with destination servers. It is unknown to what extent GPAs have succeeded in fully or partially deanonymizing Tor network traffic. Hopefully future whistleblower disclosures will reveal this capability to the public.
Tor is illegal to download! 
A common misconception is that merely downloading Tor/Tor Browser is either illegal or a sign of criminal activity. It is true that Tor Browser downloads are likely monitored by law enforcement and the IC to mark 'persons of interest', but in nearly all jurisdictions it is not illegal to download and operate the software itself.  As discussed earlier, the vast majority of Tor traffic is on standard (not hidden) sites, meaning most users are instead: trying to establish secure communications; share information; express political opinions; avoid censorship; protect journalistic sources; avoid mass surveillance and so on.
Tor is too slow to stream / torrent over. 
Tor has greatly improved its throughput over the last few years as the number of (exit) nodes has steadily increased, while the growth in the user population has remained modest. In fact, most streaming can be conducted with few interruptions (including YouTube at the time of writing), and only around half of the available bandwidth is used on average; see the Tor Metrics pages [archive]. Torrenting is possible, but not recommended as a single torrent file can equate to several hours of browsing for normal users.
If I run a Tor (exit) node I'll be arrested or get in trouble with my ISP! 
This is not strictly true. Most people who have received attention from law enforcement or were otherwise harassed decided to run a Tor exit node. There are a number of resources that should be consulted before taking this decision in order to minimize the chances of harassment:
- The Tor Project: So what should I expect if I run an exit relay? [archive]
- Tips for Running an Exit Node [archive]
- Tor Abuse Templates [archive]
- Tor Abuse FAQ [archive]
- https://www.eff.org/files/2015/11/23/3mod-tor-myths-and-facts_9-10-15.pdf [archive]
- https://threatpost.com/tor-developer-busts-myths-announces-new-features/127207/ [archive]
- https://go.kaspersky.com/rs/802-IJN-240/images/Dark%20Web%2010172017.pdf?aliId=521973948 [archive]
- https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-1-myth-busting-tor [archive]
- The Tor Donor FAQ [archive] notes:
Tor is supported by United States government funding agencies, NGOs, private foundations, research institutions, private companies, and over 20,000 personal donations from people like you. (See our Sponsors Page for more.) While we are grateful for this funding, we don't want the Tor Project to become too dependent on any single source. Crowdfunding allows us to diversify our donor base and is unrestricted -- it allows us to spend the money on the projects we think are most important and respond quickly to changing events.
- https://www.maketecheasier.com/common-myths-about-tor/ [archive]
- Notably in late-2018, nearly 75 per cent of all Internet traffic [archive] was encrypted with HTTPS.
- Like the NSA.
- Tinpot dictatorships like North Korea are the exception, rather than the rule.
- https://wiki.debian.org/TorBrowser [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)