Screen Resolution
The Torproject browser reports standardized window dimensions regardless of your actual screen size. Websites cannot use resolution data to identify you.
Tor Browser Features: Complete Privacy Protection Guide
The Torproject browser integrates multiple layers of protection that work together to create a truly anonymous browser experience. Understanding these Tor Browser features helps you make the most of this powerful privacy tool. From Tor Browser fingerprint protection to traffic isolation, each feature addresses specific threats that compromise online anonymity. This guide covers core Tor Browser privacy capabilities, security levels, and Tor Browser configuration options for users who want maximum protection.
Core Tor Browser Privacy Features
Tor Browser privacy begins with the fundamental architecture of the Tor network. Unlike VPNs that route traffic through a single server, the anonymous browser sends your connection through three separate relays. Each relay only knows the previous and next hop — never the complete path between you and your destination.
This design eliminates single points of failure. Even if one relay is compromised, attackers cannot determine both your identity and your destination. No organization, government, or hacker controlling part of the network can connect your real IP address to the websites you visit.
🧅 Onion Routing Explained
The Torproject browser uses onion routing, named for its layered encryption approach. When you visit a website, your traffic is encrypted three times. The first relay peels one layer and forwards data to the second relay. The second relay removes another layer and sends it to the third. Finally, the exit relay removes the last layer and connects to your destination.
Each relay only decrypts enough information to know where to send data next. The entry node knows your IP but not your destination. The exit node knows the destination but not your IP. This separation is the foundation of Tor Browser privacy.
Anti-Tracking
Tor Browser Fingerprint Protection
How Tor Browser defeats browser fingerprinting techniques
Understanding Fingerprint Protection
Browser fingerprinting is one of the most sophisticated tracking techniques used today. Websites collect dozens of data points — screen resolution, installed fonts, graphics card information, audio processing characteristics — to create a unique identifier that persists even when you clear cookies.
Tor Browser fingerprint protection works by making all users look identical to websites. The anonymous browser normalizes every parameter that fingerprinting scripts typically collect. When a site queries your screen size, font list, or canvas rendering output, it receives standardized responses that match millions of other Torproject browser users.
Font Fingerprinting
Only a common set of system fonts is exposed to websites. Your unique font collection remains hidden, eliminating font-based tracking.
Canvas Fingerprinting
Canvas API calls return slightly randomized results. This blocks one of the most effective fingerprinting techniques used by modern tracking scripts.
Audio Fingerprinting
Web Audio API outputs are normalized across all Tor users. Websites cannot identify you through audio processing characteristics.
Timezone Masking
Tor Browser privacy settings always report UTC timezone, hiding your geographic location from websites.
WebGL Fingerprinting
Graphics card information and WebGL rendering data are blocked or normalized to prevent hardware-based identification.
| Fingerprinting Vector | Tor Browser | Standard Browser | Privacy Extensions |
|---|---|---|---|
| Canvas API | ✓ Randomized | ✗ Exposed | ~ Varies |
| WebGL Renderer | ✓ Blocked | ✗ Exposed | ~ Sometimes |
| Screen Resolution | ✓ Standardized | ✗ Real values | ✗ Real values |
| Installed Fonts | ✓ Limited set | ✗ Full list | ~ May vary |
| Timezone | ✓ UTC only | ✗ Local time | ✗ Usually local |
| Hardware Concurrency | ✓ Spoofed | ✗ Real CPU info | ✗ Real values |
| Audio Context | ✓ Normalized | ✗ Exposed | ~ Partial |
Tor Browser Traffic Isolation
Tor Browser traffic isolation prevents correlation attacks by ensuring that activities on different websites cannot be linked together. Each domain you visit receives its own circuit through the Tor network. Your exit node for one website differs from your exit node for another.
This isolation is critical for the anonymous browser functionality. Without it, an attacker controlling multiple websites could correlate your visits and gradually build a profile of your activity. With traffic isolation, each site sees a different IP address and cannot determine that the same person is visiting both.
🔒 First-Party Isolation
Cookies, localStorage, and cache are isolated per domain. Even if two websites include tracking scripts from the same third-party service, that service receives different identifiers for each site. This breaks the cross-site tracking that advertising networks rely on.
🔀 Circuit Isolation
Beyond storage isolation, the Torproject browser maintains separate network paths for each domain. Your connection to one website travels through completely different relays than your connection to another. If one site knows your identity (because you logged in), they cannot use network-level correlation to link you to activity on other sites.
Security Levels
Tor Browser Security Settings
Balance usability and protection based on your threat model
Adjustable Security Levels
Tor Browser setup includes three security levels that balance privacy against website functionality. Higher security disables more features that could potentially be exploited. Access these settings through the shield icon in the toolbar.
Standard Security
All website features enabled. JavaScript runs normally, media plays automatically, and fonts load from external sources. This level provides basic Tor Browser privacy through onion routing and fingerprint protection while maintaining maximum compatibility with modern websites.
Safer Security
JavaScript is disabled on non-HTTPS sites. Audio and video require click-to-play. Some fonts are disabled. This Tor Browser configuration reduces attack surface while still allowing most websites to function. Recommended for users who browse unfamiliar sites or research sensitive topics.
Safest Security
JavaScript completely disabled everywhere. Custom fonts blocked. Images require manual loading. This maximum protection Tor Browser setup breaks many websites but provides the smallest attack surface. Use when anonymity is critical and website functionality is secondary.
| Feature | Standard | Safer | Safest |
|---|---|---|---|
| JavaScript on HTTPS | ✓ Enabled | ✓ Enabled | ✗ Disabled |
| JavaScript on HTTP | ✓ Enabled | ✗ Disabled | ✗ Disabled |
| Media Autoplay | ✓ Allowed | Click-to-play | Click-to-play |
| Custom Fonts | ✓ Allowed | ~ Limited | ✗ Blocked |
| Image Loading | ✓ Automatic | ✓ Automatic | Manual |
| Website Compatibility | ✓ Full | ~ Most sites | ~ Basic sites |
| Attack Surface | Normal | Reduced | Minimal |
Tor Browser Configuration Options
Advanced users can customize the Torproject browser through several interfaces. While default settings work for most situations, specific use cases may benefit from adjustments to Tor Browser configuration.
🔧 Connection Configuration
Access connection settings through Preferences → Connection. Here you can configure how the anonymous browser connects to the Tor network.
Bridges — Special entry points that disguise Tor traffic. Use built-in bridges (obfs4, meek-azure, snowflake) or enter custom bridge addresses from bridges.torproject.org. Essential for users in regions where Tor is blocked.
Proxy Settings — If your network requires a proxy to reach the internet, configure it here. The Torproject browser supports HTTP, HTTPS, and SOCKS proxies.
Firewall Ports — Some restrictive networks only allow connections on ports 80 and 443. Enable this option to limit Tor connections to these ports.
⚙️ Advanced Configuration (about:config)
Power users can access hidden Tor Browser configuration through the address bar. Type about:config and accept the warning to view all settings.
Key Privacy Preferences:
privacy.resistFingerprinting = true — Core Tor Browser fingerprint protectionjavascript.enabled = true/false — Master JavaScript togglemedia.peerconnection.enabled = false — WebRTC control (disabled by default)network.http.sendRefererHeader = 0-2 — Controls referrer header behavior
⚠️ Configuration Warning
Modifying about:config settings can reduce your anonymity or break the browser. The default Tor Browser configuration is carefully tuned for maximum Tor Browser privacy. Only change settings if you understand the implications.
Comparison
Anonymous Browser Comparison
How do Tor Browser features compare to other privacy-focused browsers?
| Feature | Tor Browser | Brave | Firefox Focus |
|---|---|---|---|
| IP Address Hiding | ✓ Built-in | ~ Tor mode only | ✗ No |
| Fingerprint Resistance | ✓ Comprehensive | ~ Partial | ~ Basic |
| Traffic Isolation | ✓ Per-domain | ✗ No | ✗ No |
| User Anonymity Set | ✓ All identical | ✗ Unique | ✗ Unique |
| Censorship Bypass | ✓ Bridges | ~ Limited | ✗ No |
| Onion Site Access | ✓ Yes | ✓ Yes | ✗ No |
| Browsing Speed | ~ Slower | ✓ Fast | ✓ Fast |
Additional Tor Browser Features
Beyond the core Tor Browser privacy protections, the Torproject browser includes several additional features that enhance security and usability.
🆕 New Identity
Need a fresh start? The New Identity feature closes all tabs, clears all data, and builds entirely new circuits through the Tor network. It is like getting a new anonymous browser instantly. Access through the menu or press Ctrl+Shift+U.
🔄 New Tor Circuit for This Site
If a specific website is loading slowly or you want to appear from a different location, request a new circuit for just that site. Your connection to other sites remains unchanged. Access through the site information icon in the address bar.
🧅 Onion Services Access
The Torproject browser can access .onion addresses — special websites hosted within the Tor network itself. These sites provide end-to-end encryption and anonymity for both the visitor and the server. Many organizations, including news outlets and search engines, operate onion versions for enhanced privacy.
🔐 HTTPS-Only Mode
Tor Browser privacy settings include HTTPS-Only mode, which upgrades all connections to encrypted HTTPS when possible. This protects your data from exit node surveillance and man-in-the-middle attacks on the final hop to websites.
✓ Tor Browser Setup Best Practices
Keep the Browser Updated — Security patches are critical. Enable automatic updates or check weekly for new releases.
Avoid Installing Extensions — Browser add-ons can fingerprint you or leak data. The anonymous browser includes everything needed for privacy.
Maintain Default Window Size — Resizing the browser window reveals your actual screen resolution. Keep the letterboxed default for best Tor Browser fingerprint protection.
Never Open Downloads Automatically — External applications may bypass Tor and reveal your real IP. Always save files first, then open them after disconnecting if necessary.
Use HTTPS Everywhere — Enable HTTPS-Only mode to encrypt connections to websites, protecting against surveillance at exit nodes.
Consider Security Levels — Increase your security level when researching sensitive topics or visiting unfamiliar websites. Accept reduced functionality as the tradeoff for better protection.
Understanding Tor Browser Privacy Limits
While the Torproject browser provides robust anonymity, understanding its limitations helps you use it effectively.
Tor protects network-level anonymity but cannot prevent you from revealing your identity through your behavior. Logging into personal accounts, using identifiable information, or browsing patterns unique to you can compromise anonymity regardless of technical protections.
The anonymous browser also cannot protect against malware on your system. If your computer is compromised, attackers may be able to monitor your activity before it reaches the Tor network. Use Tor Browser on a secure, updated operating system.
Exit nodes can see unencrypted traffic. While Tor Browser traffic isolation prevents correlation, websites you visit without HTTPS may have their content visible to exit node operators. Always prefer HTTPS sites for sensitive activities.