Wiki / Tor Browser Setup Guide

🌐 Tor Browser Complete Setup Guide

Beginner ⏱️ 12-15 minutes Essential Updated: November 2025

Step-by-step guide to downloading, installing, and configuring Tor Browser for secure darknet access. Covers Windows, macOS, Linux, security settings, bridges, and advanced privacy protection.

📋 Table of Contents

🔐 What is Tor Browser?

Tor Browser is a free, open-source web browser that protects your privacy and anonymity online by routing your internet traffic through the Tor network of volunteer-operated servers.

🕵️ Anonymity

Hides your IP address and location from websites you visit

🔒 Encryption

Encrypts traffic through multiple layers (like an onion)

🌐 .onion Access

Only way to access darknet .onion sites (like DrugHub)

🛡️ Tracking Prevention

Blocks ads, trackers, and fingerprinting attempts

How Tor Works (Simplified)

  1. Entry Node: Your connection enters Tor network (knows your IP, not destination)
  2. Middle Relay: Relays traffic (knows neither your IP nor destination)
  3. Exit Node: Exits to destination (knows destination, not your IP)
  4. Destination: Website sees exit node IP, not yours

Result: No single point knows both who you are AND where you're going!

⚠️ Tor vs VPN

Tor: Better anonymity, slower speed, required for .onion sites

VPN: Faster, hides traffic from ISP, but knows your identity

Best Practice: Use both (VPN → Tor) for maximum security

Why You MUST Use Tor for DrugHub

  • .onion sites only accessible via Tor - No other browser works
  • Hides your real IP - DrugHub never sees your actual location
  • Prevents ISP monitoring - Your internet provider can't see you're visiting darknet
  • Required for PGP authentication - DrugHub's security relies on Tor
  • Never use regular browsers - Chrome/Firefox CAN'T access .onion and expose your identity

⬇️ Downloading Tor Browser Safely

🚨 CRITICAL SECURITY WARNING

ONLY download Tor from official sources! Fake Tor browsers with malware are common. Verify you're on the real website.

Official Download Sources

✅ PRIMARY SOURCE (Recommended)

https://www.torproject.org/download/

Verify URL carefully: torproject.org (NOT .com, .net, or similar)

📧 EMAIL REQUEST (If website blocked)

Send blank email to:

gettor@torproject.org

Auto-reply includes download links and mirrors

🔗 MIRROR SITES (Emergency backup)

  • https://tor.eff.org (Electronic Frontier Foundation)
  • https://dist.torproject.org (Direct distribution)

Signature Verification (Advanced)

For maximum security, verify the downloaded file's cryptographic signature:

Windows Verification

# 1. Download Tor Browser installer
# 2. Download corresponding .asc signature file
# 3. Import Tor signing key
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

# 4. Verify signature
gpg --verify torbrowser-install-win64-13.0.exe.asc torbrowser-install-win64-13.0.exe

Expected Output: "Good signature from 'Tor Browser Developers'"

If you see: "BAD signature" or "WARNING" - DELETE THE FILE and re-download

🆕 Beginner? Skip Signature Verification

If you downloaded from official torproject.org website over HTTPS, you're likely safe. Signature verification adds extra security but isn't mandatory for most users.

💾 Installation Guide (All Platforms)

Windows Installation

  1. Download: Get torbrowser-install-win64-13.0.exe from torproject.org
  2. Run Installer: Double-click the .exe file
  3. Choose Language: Select your preferred language
  4. Installation Location:
    • Recommended: Default location (C:\Users\...\Desktop\Tor Browser)
    • ⚠️ High Security: Install to USB drive for portability
  5. Complete Installation: Click "Install" and wait 1-2 minutes
  6. Launch: Click "Finish" or use desktop shortcut

macOS Installation

  1. Download: Get TorBrowser-13.0-macos_ALL.dmg
  2. Open DMG: Double-click the downloaded .dmg file
  3. Drag to Applications: Drag Tor Browser icon to Applications folder
  4. First Launch:
    • Right-click Tor Browser → "Open"
    • Click "Open" again on security warning
    • (macOS blocks unverified apps by default)
  5. Eject DMG: Right-click mounted DMG and select "Eject"

Linux Installation

  1. Download: Get tor-browser-linux64-13.0_ALL.tar.xz
  2. Extract Archive: 
    tar -xvf tor-browser-linux64-13.0_ALL.tar.xz
  3. Navigate to Directory: 
    cd tor-browser
  4. Launch: 
    ./start-tor-browser.desktop
  5. Create Shortcut (Optional): 
    ./start-tor-browser.desktop --register-app

Android Installation (Mobile)

  1. Google Play Store: Search "Tor Browser" by Tor Project
  2. Or F-Droid: Add Guardian Project repository, install "Tor Browser"
  3. Install: Tap "Install" and wait for download
  4. Launch: Tap "Open" after installation
  5. Connect: Tap "Connect" to join Tor network

Note: Mobile Tor browsing is slower and less secure than desktop. Use desktop when possible.

⚠️ Installation Tips

  • 🔥 Firewall/Antivirus: May flag Tor as suspicious (normal, add exception)
  • 📁 Portable Installation: Install to USB drive for no-trace browsing
  • 🔄 Updates: Tor auto-updates, but check manually monthly
  • Don't Install Add-ons: Extensions compromise anonymity

🚀 First Launch & Initial Setup

Connecting to Tor Network

Standard Connection (Most Users)

  1. Launch Tor Browser: Double-click icon or desktop shortcut
  2. Connection Screen: You'll see "Connect to Tor" dialog
  3. Click "Connect": Choose this if you're NOT in a censored country
  4. Wait 10-30 seconds: Tor establishes circuit through network
  5. Success: Browser opens with Tor homepage (about:tor)
  6. Verify: You should see "Congratulations. This browser is configured to use Tor."

⚙️ Configure Connection (Censored Regions)

Use if: You're in China, Iran, Russia, UAE, or Tor is blocked by ISP/government

  1. Click "Configure Connection" instead of "Connect"
  2. Select "Tor is censored in my country"
  3. Choose Bridge Type:
    • obfs4 - Recommended for most censorship (China, Iran)
    • meek-azure - Slower but works in severe censorship
    • snowflake - Uses temporary proxies, good for occasional blocks
  4. Click "Connect" and wait (may take 30-60 seconds with bridges)

See Bridges section below for detailed configuration.

First Visit Test

✅ Verify Tor is Working

  1. Visit Check Page: Go to check.torproject.org
  2. Success Message: Should say "Congratulations. This browser is configured to use Tor."
  3. Check IP: Visit whatismyipaddress.com - should show different country/IP
  4. Test .onion: Visit thehiddenwiki.onion (test .onion access)

💡 First Launch Tips

  • 📶 Slow Connection? Tor is slower than regular internet (10-30 seconds load times)
  • 🔄 Connection Failed? Try "New Tor Circuit for this Site" (right-click address bar → New Circuit)
  • ⚙️ Network Error? Check firewall settings, may need to allow Tor
  • 🌍 Wrong Country? Normal - Tor exit nodes are worldwide

🔒 Security Settings Configuration

Security Level (Most Important Setting)

Access: Click shield icon (top-right) → "Settings" → "Security"

🛡️ Standard (Default)

Protection: Basic privacy and tracking protection

Functionality: All website features work

Use For: Regular browsing, non-sensitive activities

  • ✅ JavaScript enabled
  • ✅ Images/media load automatically
  • ✅ Fonts and icons work

⚡ Safer (Recommended for DrugHub)

Protection: Disables risky features on non-HTTPS sites

Functionality: Most sites work, some broken features

Use For: Darknet marketplace browsing

  • ✅ JavaScript disabled on HTTP sites
  • ✅ Some fonts/icons disabled
  • ⚠️ Video playback may not work
  • ⚠️ Some images won't load on HTTP sites

🔐 Safest (Maximum Security)

Protection: Maximum anonymity and attack prevention

Functionality: Many sites broken, text-only browsing

Use For: Extreme threat models, whistleblowing

  • ✅ JavaScript completely disabled
  • ✅ All media auto-load disabled
  • ✅ Math/symbol rendering disabled
  • ❌ Many sites won't work at all
  • ❌ DrugHub may have layout issues

✅ Recommended Setting for DrugHub

Use "Safer" level - Good balance of security and functionality. DrugHub works well on Safer mode.

Additional Privacy Settings

Essential Privacy Tweaks

1. Disable JavaScript (Per-Site)

  • Click shield icon → "Advanced Security Settings"
  • Toggle "Enable JavaScript" OFF for specific sites
  • Use when visiting untrusted .onion links

2. HTTPS-Only Mode (Already Enabled)

  • Settings → Privacy & Security → HTTPS-Only Mode
  • Should be "Enable HTTPS-Only Mode in all windows" (default)
  • Automatically upgrades HTTP to HTTPS when available

3. NoScript Extension (Built-in)

  • NoScript icon (top-right, looks like "S" with slash)
  • Controls JavaScript on per-site basis
  • Default: "Temporary" → Allow scripts temporarily
  • For unknown sites: Keep scripts blocked

4. Cookie Management

  • Settings → Privacy & Security → Cookies and Site Data
  • ✅ "Delete cookies and site data when Tor Browser is closed" (enabled by default)
  • Clears all cookies on exit

5. History Settings

  • Settings → Privacy & Security → History
  • ✅ "Never remember history" (default)
  • No browsing history saved

⛔ Settings to NEVER Change

  • Don't resize browser window - Makes you identifiable by screen resolution
  • Don't install extensions/add-ons - Compromises anonymity and may contain malware
  • Don't enable WebGL - Can be used for fingerprinting
  • Don't change font settings - Unique font configurations are trackable
  • Don't change user agent - Tor uses standardized user agent for blending in
  • Don't use bookmarks for .onion sites - Use encrypted password manager instead

🌉 Bridges & Censorship Circumvention

Bridges are unlisted Tor relays that help bypass censorship in countries where Tor is blocked (China, Iran, Russia, Turkmenistan, etc.).

When You Need Bridges

  • 🌍 Censored Countries: Tor connection fails or is very slow
  • 🏢 Workplace/School Blocks Tor: Network administrator blocks Tor traffic
  • 📡 ISP Blocks Tor: Internet provider actively blocks Tor connections
  • 🔍 DPI (Deep Packet Inspection): Government uses advanced traffic analysis

Bridge Types Explained

obfs4 (Recommended)

Best For: Most censorship scenarios (China, Iran, Russia)

How It Works: Makes Tor traffic look like random data

Speed: Fast (minimal overhead)

Detection: Hard to detect, not currently blocked by most censors

meek-azure

Best For: Severe censorship (China with active DPI)

How It Works: Routes through Microsoft Azure CDN (looks like Microsoft traffic)

Speed: Slow (high latency, 30-60 second page loads)

Detection: Very hard to block without blocking all Microsoft services

snowflake

Best For: Occasional blocking, less severe censorship

How It Works: Uses WebRTC connections through volunteer browser proxies

Speed: Medium (depends on proxy availability)

Detection: Hard to block, proxies constantly change

Custom Bridges

Best For: When built-in bridges are blocked

How It Works: Use private bridge addresses from trusted sources

Speed: Varies by bridge

Detection: Depends on how widely known the bridge is

How to Configure Bridges

Method 1: Built-in Bridges (Easiest)

  1. Open Tor Connection Settings:
    • Before connecting: Click "Configure Connection"
    • After connecting: Menu (☰) → Settings → Connection
  2. Enable Bridges: Check "Use a bridge"
  3. Select Bridge Type:
    • Choose "Select a Built-In Bridge"
    • Select: obfs4, meek-azure, or snowflake
  4. Click "Connect" (or "OK" if already connected)
  5. Wait 30-90 seconds for connection through bridge

Method 2: Request Custom Bridges (More Secure)

Via Email (if bridges.torproject.org is blocked):

  1. Send Email: From Gmail/Yahoo, email bridges@torproject.org
  2. Subject Line: "get bridges"
  3. Message Body: "get transport obfs4"
  4. Receive Bridges: Auto-reply with 3 bridge addresses
  5. Copy Bridge Lines: Look like: 
    obfs4 192.0.2.3:80 B8:CF:09...
  6. Paste in Tor: Settings → Connection → "Provide a bridge I know" → Paste bridge addresses
  7. Connect: Click "Connect" or "OK"

Via Web (bridges.torproject.org):

  1. Visit bridges.torproject.org (use regular browser)
  2. Solve CAPTCHA
  3. Select transport: obfs4
  4. Copy provided bridge addresses
  5. Paste into Tor Browser connection settings

⚠️ Bridge Tips & Warnings

  • 🔄 Bridges Stop Working? Request new ones, they get blocked over time
  • ⏱️ Connection Takes Longer: Bridges add 30-90 seconds to connection time
  • 🤐 Don't Share Bridges Publicly: Sharing burns bridges (gets them blocked faster)
  • 📧 Email Only Works from Big Providers: Gmail, Yahoo, Riseup (not ProtonMail)
  • 🔀 Try Multiple Bridge Types: If obfs4 doesn't work, try meek-azure

🧅 Accessing .onion Sites

What Are .onion Sites?

.onion domains are special addresses only accessible through Tor. They provide end-to-end encryption and location hiding for both server and visitor.

✅ .onion Advantages

  • No DNS (can't be seized)
  • End-to-end encrypted
  • Server location hidden
  • Censorship resistant
  • More anonymous than clearnet

⚠️ .onion Challenges

  • Slow loading (30+ seconds)
  • Often offline/unstable
  • Hard to remember addresses
  • No search engines
  • Lots of scam sites

How to Visit .onion Sites

  1. Get .onion Address: From trusted source (like this site's Mirrors page)
  2. Copy Full Address: Example: drughub7n3qlqwxyz.onion
  3. Paste in Address Bar: Ctrl+V or right-click → Paste
  4. Press Enter: Wait 10-30 seconds (first load is slowest)
  5. Verify Address: Check full .onion address matches trusted source
  6. Bookmark Safely: Use encrypted password manager, NOT browser bookmarks

⚠️ .onion Site Safety Rules

CRITICAL SAFETY RULES

  • 🔍 Verify .onion Address Character-by-Character: Phishing sites use similar addresses
  • 📋 Use Multiple Trusted Sources: Cross-check .onion on 2-3 trusted sites
  • 🔐 Check PGP Signatures: Verify site's PGP key matches known good key
  • ⚠️ Never Enter Info on Untrusted .onion: Phishing steals everything
  • 🔗 Don't Click Links in Messages: Vendors/admins never PM links
  • 📱 Save Verified Address Safely: Encrypted password manager + 2FA
  • 🕵️ Check Dread Forum: Verify .onion on darknet forums
  • 🛡️ Use Dark.fail: Darknet market mirror verification site

Finding Trusted .onion Addresses

✅ Trusted Sources for DrugHub Mirror Links

  • This Site: drughubaccess.net/mirrors (verified mirrors page)
  • Dread Forum: /d/DrugHub (official subforum)
  • Dark.fail: Darknet market uptime monitor
  • Recon: Darknet market directory
  • DrugHub's PGP-Signed Messages: Official announcements

Dealing with Slow/Offline .onion Sites

  • ⏱️ Wait 30-60 seconds: First connection is always slow
  • 🔄 Refresh Page: Press F5 or click refresh
  • 🌐 New Tor Circuit: Right-click → "New Tor Circuit for this Site"
  • 📱 Try Mirror Link: Use alternative .onion address from mirrors page
  • Check Later: .onion sites have more downtime than clearnet
  • 📊 Check Status: Visit dark.fail to see if site is up

🛡️ Security Best Practices

Essential Security Rules

✅ Always Do

  • Use Latest Tor Version: Check for updates monthly
  • Enable "Safer" Security Level: Click shield icon → Settings
  • Verify .onion Addresses: Check character-by-character
  • Use VPN Before Tor: Extra layer (VPN → Tor, not Tor → VPN)
  • Close Tor Completely When Done: Not just minimize
  • Use Different Identity Per Session: Menu → New Identity
  • Encrypt Everything with PGP: Never send plaintext sensitive info
  • Use Encrypted Password Manager: KeePassXC, Bitwarden

❌ Never Do

  • Never Maximize Window: Unique window size = fingerprint
  • Never Install Extensions: Breaks anonymity
  • Never Login to Clearnet Accounts: Facebook, Gmail, etc. (deanonymizes you)
  • Never Download/Open Files While Connected: PDFs can reveal IP
  • Never Use Tor for Torrenting: Exposes IP, clogs network
  • Never Mix Tor and Regular Browsing: Use separate browser for clearnet
  • Never Reuse Passwords: Each account needs unique password
  • Never Share Personal Info: Even small details can identify you

Advanced Operational Security (OPSEC)

🔐 Maximum Security Practices

  • Tails OS: Use Tails (live USB OS) for maximum anonymity
  • Public WiFi: Access from public WiFi (not home) with laptop not linked to you
  • MAC Address Spoofing: Randomize network card MAC address
  • Dedicated Device: Use laptop only for darknet (never personal activities)
  • No Accounts: Don't login to any clearnet services on Tor device
  • Encrypted Disk: Full disk encryption (VeraCrypt, LUKS)
  • RAM-Only: Run Tor from USB, never write to hard drive
  • Physical Security: Destroy device if compromised

Note: These are extreme measures for high-risk situations. Most users don't need this level of security.

Common Mistakes That Deanonymize You

  1. Logging into Facebook/Gmail on Tor: Instantly links Tor session to real identity
  2. Posting Personal Info: "I live in Seattle, work as engineer..." = traceable
  3. Reusing Usernames: Same username on clearnet and darknet = linked
  4. Downloading Files: PDFs, Word docs can contain tracking metadata
  5. Browser Fingerprinting: Changing settings makes you unique
  6. Time Zone Leaks: Posting times reveal your geographic location
  7. Language/Grammar: Unique writing style can identify you
  8. Screenshot Metadata: Screenshots may contain device info

🔧 Troubleshooting Common Issues

❌ Problem: Can't Connect to Tor Network

Solutions:

  1. Check internet connection (visit google.com in regular browser)
  2. Try "Configure Connection" → Enable bridges (obfs4 or meek-azure)
  3. Disable VPN temporarily (some VPNs block Tor)
  4. Check firewall - allow Tor.exe through Windows Firewall
  5. Temporarily disable antivirus (may flag Tor as suspicious)
  6. Try different bridge type (snowflake → obfs4 → meek-azure)
  7. Check system clock (Tor needs accurate time)

❌ Problem: Tor Connects But Sites Won't Load

Solutions:

  1. Wait 30-60 seconds (.onion sites are slow)
  2. Try regular website first (check.torproject.org) to verify Tor works
  3. Click "New Tor Circuit for this Site" (right-click URL bar)
  4. Check if site is actually online (visit dark.fail for status)
  5. Lower security level to "Standard" temporarily
  6. Clear cookies: Settings → Privacy & Security → Clear Data
  7. Try mirror .onion address

❌ Problem: Very Slow Speeds

This is Normal: Tor is 10-30x slower than regular internet

Improvements:

  • Use "Standard" security level instead of "Safer" (faster but less secure)
  • Disable bridges if not in censored country
  • New Identity (Menu → New Identity) to get better circuit
  • Access during off-peak hours (US daytime = slower)
  • Close unnecessary tabs (each tab uses circuits)
  • Don't use meek-azure unless necessary (very slow)

❌ Problem: "This Site Can't Be Reached" Error

Causes & Solutions:

  • Site is Offline: Check dark.fail or Dread for status
  • Wrong .onion Address: Verify address character-by-character
  • Typo in Address: Copy-paste instead of typing
  • Site Moved: Check official sources for new mirror
  • DDoS Attack: Wait 1-2 hours and try again
  • Law Enforcement Seizure: If verified address doesn't work for days, likely seized

❌ Problem: "Your Connection is Not Secure" Warning

For .onion sites: Click "Advanced" → "Accept the Risk and Continue" (normal for .onion)

For clearnet sites: Don't proceed, possible man-in-the-middle attack

❌ Problem: Tor Won't Start After Update

Solutions:

  1. Delete Tor Browser folder completely
  2. Re-download from torproject.org
  3. Install fresh copy
  4. Don't import old settings (may be corrupted)

❌ Problem: Sites Look Broken/No Images

This is expected on "Safer" or "Safest" security levels

To fix: Shield icon → Settings → Change to "Standard" (less secure)

Or: Learn to use text-only versions (more secure)

Still Having Problems?

  • 📧 Email Tor Support: frontdesk@torproject.org
  • 💬 Tor Forum: forum.torproject.net
  • 📖 Tor Documentation: support.torproject.org
  • 🔍 Search Issues: Most problems have documented solutions

❓ Frequently Asked Questions

Is Tor Browser legal?

Yes, Tor is completely legal in most countries (US, EU, Canada, UK, etc.). Using Tor is not illegal. However, what you do on Tor may be illegal depending on your country's laws and activities.

Illegal in: China (blocked but not illegal to use), Iran, Russia (restricted), Turkmenistan, Belarus

Can police/government track me on Tor?

Very difficult but possible with extreme resources. Tor provides strong anonymity against:

  • ✅ ISP/network administrator
  • ✅ Websites you visit
  • ✅ Advertisers/trackers
  • ✅ Most law enforcement

Can be defeated by:

  • ❌ Operational errors (logging into Facebook, reusing usernames)
  • ❌ Browser exploits (keep Tor updated!)
  • ❌ Traffic correlation attacks (NSA-level, requires owning both entry and exit nodes)
  • ❌ Physical device seizure (use full disk encryption)

Should I use VPN with Tor?

VPN → Tor: Recommended (VPN hides Tor usage from ISP)

Tor → VPN: Not recommended (VPN sees your Tor traffic and real IP)

Best Setup: Connect to VPN first, then launch Tor Browser. This hides from ISP that you're using Tor, but Tor still provides anonymity.

Why is Tor so slow?

Your traffic routes through 3 volunteer relays worldwide, adding latency:

  • Your Computer → Entry Node (US) → 200ms
  • Entry → Middle Relay (Germany) → 400ms
  • Middle → Exit Node (Netherlands) → 600ms
  • Exit → Website → 800ms
  • Total: 800-2000ms vs. 50-100ms normal browsing

Plus, bandwidth is limited by volunteer relays. Tor prioritizes privacy over speed.

Can I use Tor on mobile?

Yes, but with limitations:

  • Android: Tor Browser for Android works well
  • ⚠️ iOS: Onion Browser (not official, less secure)
  • Not recommended: Mobile devices leak more info (GPS, phone ID, app permissions)

Best Practice: Use desktop Tor for sensitive activities, mobile only for low-risk browsing.

What's the difference between Tor Browser and regular Firefox?

Tor Browser is based on Firefox but heavily modified:

  • Routes all traffic through Tor network
  • Disables WebRTC, WebGL, JavaScript (optional)
  • Spoofs timezone, language, screen resolution
  • Clears all cookies/history on exit
  • Includes NoScript, HTTPS Everywhere
  • Prevents fingerprinting (all Tor users look identical)

Never use regular Firefox for .onion sites - it won't work and isn't secure.

How often should I update Tor Browser?

Check weekly, update immediately when available. Tor updates include:

  • Security patches (critical for safety)
  • New bridges (circumvent censorship)
  • Performance improvements
  • Bug fixes

Tor Browser checks for updates automatically on launch. When update notification appears, install immediately.

Can I run Tor Browser from USB drive?

Yes! This is actually recommended for high security:

  • ✅ Install Tor to USB drive instead of hard disk
  • ✅ Run entirely from USB (no traces on computer)
  • ✅ Take USB with you (use on any computer)
  • ✅ Destroy USB if compromised (easy to dispose)

During installation, choose USB drive as installation directory.

What is "New Identity" vs "New Circuit"?

New Identity (Menu → New Identity):

  • Closes all tabs and windows
  • Clears cookies and cache
  • Creates completely new Tor circuit
  • Like restarting Tor from scratch
  • Use when: Switching activities, compromised session

New Circuit (Right-click URL bar → "New Tor Circuit for this Site"):

  • Changes circuit for current site only
  • Doesn't close tabs or clear data
  • Just gets new route to same site
  • Use when: Site won't load, slow connection

Why does my IP show a different country?

This is normal and intentional! Your exit node can be anywhere in the world. Your traffic exits through that country's exit node, so websites see that country's IP.

You can't choose exit country (except with advanced configuration, not recommended). The random assignment is part of Tor's anonymity.

Last Updated: November 2025 | DrugHub Market Information Portal

Tor Browser is developed by The Tor Project (torproject.org) - a 501(c)(3) nonprofit