Tor BrowserHow Users Stay Safe on the Tor Network & What Merchants Can Do to Stop Tor-Enabled Fraud

July 20, 2023 | 15 min read

This image was created by artificial intelligence using the following prompts:

An onion shaped laptop, there are layers of onion peeling off. Inside you see layers of wires, microchips, and a computer network. The outside looks like a natural onion with translucent layers of an onion bulb’s papery skin while the inside is full of technology. Pops of red and teal, high detail, sharp focus, photorealistic, 64k, hdr.

Tor Browser

In a Nutshell

Everyone wants to be safer online. Is a Tor Browser the answer? Let’s take a deeper look at “onion routing” to determine if it’s really as anonymous as some users think. We’ll also give consumers and merchants a few tips to keep their private information and businesses safe from less reputable users.

The Tor Browser: One Way to Conceal Your Data & Remain Anonymous Online

What comes to mind whenever you think of the term “deep web”?

You probably picture chat rooms full of shady characters hocking stolen credit card numbers. Maybe you think of illicit transactions for weapons, drugs, or other illegal materials pinging back and forth through a complex code matrix. Or, maybe just endless listings advertising fraud as a service.

It’s true that all of the above can, unfortunately, be found on the deep web. However, there’s a lot more to it than this. The deep web has legitimate functions… but you need specialized tools to access it.

Most people use a virtual private network (or “VPN”) and an anonymous client — like Tor Browser — to keep their private information and browsing history safe while exploring the deep web. Tor could even allow you to browse the “clear web” more securely. It’s a free, open-source means of browsing the web without leaving online footprints for would-be fraudsters… if you know what you’re doing.

So, what is Tor Browser, exactly? How can fraudsters make use of the browser, and what do you need to know to keep your information safe online when using it?

Onion Routing at a Glance

A communication technique known as “onion routing” is at the core of the Tor Browser. So, we should probably start here.

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layer after layer of encryption, like an onion (or an ogre).

Tor Browser

The encrypted data is transmitted through a series of network nodes called onion routers. Each of these peels away a single layer, uncovering the data's next destination. 

When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. The point of origin and the final destination are never clear at the same time. This way, the communication maintains privacy and anonymity throughout transit.

This principle is used in the Tor network, which stands for "The Onion Routing." Tor helps protect its users' privacy and online activities from anyone conducting network surveillance or traffic analysis.

What is a Tor Browser?

Tor Browser

[noun]/toor • brau • zər/

Tor Browser (or “The Onion Routing Browser”) is a web browser designed to protect your privacy. It is a modified version of Mozilla Firefox that connects to the internet through the Tor network, and uses the onion routing concept to ensure anonymity.

You can think of the Tor network as a series of “virtual tunnels.” These allow people and groups to improve their privacy and security on the Internet. 

Tor is used to protect users' anonymity by bouncing their communications around a distributed network of servers called Tor nodes. This means that someone observing your internet connection can't easily see what sites you're visiting, and the sites you're visiting can't easily see your real IP address.

Additionally, Tor Browser is pre-configured to protect users' anonymity by minimizing the amount of information websites can gather about them. It includes features like blocking trackers and isolating every website you visit to prevent cross-site tracking. Tor also does not store any of your browsing history.

Merchants: are you protected against scammers operating on the dark web?REQUEST A DEMO

Are “Tor” & “Tor Browser” the Same Thing?

No; Tor and Tor Browser are not exactly the same thing. In short: one is a network through which data is transferred, and the other (Tor Browser) is a tool that allows users to access this network while browsing the internet.

As mentioned above, Tor, or "The Onion Router," is a network designed to ensure online anonymity. It does this by directing internet traffic through a free, worldwide volunteer overlay network of more than seven thousand relay points. This obscures a user's location and usage from anyone conducting network surveillance or traffic analysis.

Tor Browser, on the other hand, is a web browser that has been modified to connect to the Tor network. It's based on Mozilla Firefox, but with additional privacy features to make it more secure. When you use the Tor Browser, your internet traffic is automatically routed through the Tor network, making it much harder for anyone to track your online activities.

The Tor network is maintained by The Tor Project, Inc. This is a 501(c)(3) nonprofit organization founded for research and education purposes in 2006. The Tor Project built Tor Browser to allow users to use the Tor network.

How Does a Tor Browser Work?

The Tor Browser works by bouncing your internet traffic through a global network of volunteer servers known as the Tor network. This process makes tracking your online activity significantly more difficult. Here's a step-by-step explanation:

Tor Browser

Entering the Tor Network

When you make a request to visit a website, the request doesn't go directly to the website's server. Instead, the Tor Browser sends the request to the Tor network.
Tor Browser

Routing through the Tor Network

Your request travels through several randomly selected servers (or nodes) in the Tor network. Each of these nodes only knows the location of the previous node and the next node, not the entire path of the request. This makes it very hard to trace the request back to you.
Tor Browser

Exiting the Tor Network

After your request has gone through several nodes in the Tor network, it reaches an exit node. The exit node makes the request to the website on your behalf, receives the response, and sends it back through the Tor network to your device.
Common QuestionIs information sent via Tor encrypted?Yes, communication within the Tor network is encrypted. Each node decrypts only enough of the data package to know where to send it next. This layered encryption is where the term “onion routing” comes from, as each layer of encryption is peeled back at each node, much like the layers of an onion.

Why Would You Use a Tor Browser?

Standard browsers like Google Chrome are designed only to access material on the clear web, or web content which is indexed by search engines. This accounts for about 4% of all material on the internet. The remaining 96% of content is on the deep web.

It’s true that Tor’s capabilities can be an asset for cybercriminals. It has legitimate uses too, though. Tor could help activists hide from government repression, for instance. It could also be an asset for anyone who’s simply concerned about privacy.

Here are a few reasons why the average person might choose to use the Tor Browser:

Tor Browser

Maintaining Anonymity

Tor Browser lets users browse the internet anonymously. When coupled with a properly configured VPN, users can hide their activities and location from advertisers, governments, or anyone who might be trying to track their internet usage.
Tor Browser

Circumventing Censorship

In some countries, governments censor certain websites or online content. Tor Browser can help users bypass these restrictions and access the blocked content, as well as communicate with journalists and other parties outside of the country.
Tor Browser

Protecting Personal Information

By encrypting traffic and hiding the user’s IP address, the Tor Browser can help protect personal information from being collected by third parties.
Tor Browser

Journalism & Whistleblowing

Journalists and whistleblowers often use the Tor Browser to protect their identities while researching sensitive topics or sharing confidential information. It can also help them protect their sources, who might be put in danger if exposed.
Tor Browser

Researching Sensitive Topics

People conducting research on topics that they may not want to be associated with may use Tor Browser to maintain their privacy. For example, researching terrorism or other criminal activity.

By doing all this, the Tor Browser helps protect your online anonymity and privacy. Still, it's important to note that, while Tor provides much more privacy than traditional browsers, it doesn't guarantee complete anonymity.

Other safety measures should also be taken if you're seriously concerned about maintaining your online privacy. For instance, you should avoid sharing sensitive information online whenever possible.

Is a Tor Browser Traceable?

While the Tor network is designed to provide anonymity and make tracking difficult, it is not entirely untraceable. Highly skilled individuals or organizations, such as government agencies, may have the capability to de-anonymize some Tor traffic using advanced techniques. However, this would require significant resources and technical knowledge.

Moreover, it's important to remember that using Tor does not make a user's actions on the internet completely anonymous. If a user logs into a service like an email account or social media platform through Tor, those services can still potentially record that user's activity.

Tor exit nodes (the last relay through which traffic passes before it reaches its destination) can be a vulnerability. If an entity controls both the entry and exit nodes used by a specific Tor connection, they might be able to correlate the traffic and potentially identify a user.


While the Tor network is designed to provide anonymity and make tracking difficult, it is not entirely untraceable.

How Do Fraudsters Use Tor?

Of course, all the things that make Tor appealing to privacy enthusiasts also make it useful for fraudsters and cybercriminals. Like any technology, Tor is a morally neutral tool; it can be used for good or bad purposes. 

Tor Browser’s key features of maintaining user anonymity and privacy can, unfortunately, be misused by fraudsters to commit illegal activities. Here are a few examples:

Concealing Identity

Tor hides a user's IP address and makes their online activities hard to trace. Thus, criminals may use it to conceal their identities while committing various types of online fraud.

Operating Darknet Markets

Some fraudsters use the Tor Browser to operate illegal online marketplaces on the dark web. The lack of oversight allows them to buy and sell illicit goods like drugs, stolen data, or illegal weapons. They may even offer fraud as a service (or “FaaS”) capabilities.

Launching Cyberattacks

Hackers can use the Tor network to hide their location and identity while carrying out cyberattacks. This could include things like Distributed Denial of Service (DDoS) attacks, where they overwhelm a website with traffic to make it inaccessible.

Spreading Malware

Malware can be distributed via the Tor network. Distributors can use Tor to conceal their activities, as well as the attack’s point of origin and the point from which the data is collected.

Money Laundering

Some fraudsters may use cryptocurrencies and the Tor network to launder money, making it hard for authorities to trace illegal transactions.

Keep you business safe against new and developing threats. Get started today.REQUEST A DEMO

Remember: while these activities can be facilitated by the Tor network's anonymity, the majority of Tor users are law-abiding people who use the browser for legitimate purposes. Illegal activities are not endorsed by the Tor Project, and they remain illegal regardless of the technology used to carry them out.

While you cannot control how others use Tor Browser, there are precautions you can take to protect yourself from becoming a victim of Tor-related fraud. We recommend that you:

Practice Awareness

Understand that not all services or products available on the Tor network, particularly parties found on the deep web, are legal or safe. Be skeptical of offers that seem too good to be true (because they probably are).

Protect Your Personal Information

Never provide personal or sensitive information unless you're certain the website is trustworthy and the connection is secure (look for "https" in the URL, for instance). Even then, remember that no system is entirely secure.

Use Antivirus Software

Always use reliable antivirus software and keep it updated. Antivirus software can often detect and remove malicious software before it can do any damage.

Never Skip Updates

Keep your software — including your browser — up to date. Updates often include security patches for known vulnerabilities that could otherwise be exploited by fraudsters.

Beware of Downloads

Be careful while downloading anything from the Tor network. Fraudsters often use downloads to distribute malware.

Watch Your Transactions

Making transactions using cryptocurrency is a common practice on parts of the Tor network. If you do this, be aware that these transactions are irreversible, so exercise extreme caution and ensure that you’re sending funds to the right wallet address.

If you're unsure about the legality of something you're doing or wish to do on the Tor network, seek advice from a legal professional.

Educate Yourself

Use resources from organizations like the Internet Crime Complaint Center (IC3), the  Federal Trade Commission, or your local law enforcement agency to educate yourself about common fraud schemes and how to protect against them.

Remember, maintaining your cybersecurity isn't a one-time task; it's an ongoing process. Always stay informed about the latest threats and best practices for staying safe online. You should do this regardless of whether you’re using Chrome or another browser to search the clear web, or using Tor Browser to dive into the deep web.

Naturally, it’s not just consumers who have to worry about deep web fraud. Merchants and financial industries are often the victims of schemes hatched and executed via Tor network channels. To mitigate risk effectively, merchants should also be prepared to implement a few best practices. 

Here are our top 10 tips for merchants to fight back against Tor network fraud:

Track IP Addresses

Use advanced fraud detection software to identify if a customer is using a Tor network. Tor users often have the same or similar IP addresses, which can be flagged as potential fraud risks.

Analyze Customer Behavior

Unusual customer behavior can often indicate fraud. This could include making multiple high-value purchases in a short period, shipping to multiple addresses, or using multiple credit cards. Analyzing behavior in real time can help detect suspicious transactions.

Use Machine Learning

Machine learning algorithms can be trained to recognize patterns of fraudulent behavior. These systems can improve their detection methods over time, helping to guard against new fraud strategies.

Identity Verification

Implement robust identity verification processes. This could include things like two-factor authentication, verifying email addresses, or requiring the CVV code for credit card transactions.

Secure Payment Gateways

Use secure payment gateways that comply with the Payment Card Industry Data Security Standard (PCI DSS). This can help protect customer data and reduce the risk of fraud.

Employee Training

Train employees to recognize signs of fraud and understand how to respond. This could include customer service representatives and staff who process orders.

Monitoring & Reporting

Regularly monitor transactions for signs of fraud. Report any suspicious activity to law enforcement and to your bank.

Geolocation Analysis

You can identify discrepancies that could signal fraud by analyzing the geographic location associated with the IP address. For example, a user accessing from a location that doesn't match the provided billing or shipping address could raise a red flag.

Use a Fraud Scoring Model

Implement a fraud scoring model that assigns risk scores to transactions based on attributes like transaction amount, frequency, device information, etc. Transactions that exceed a certain risk score can then be reviewed manually.

Device Fingerprinting

This involves collecting information about a user's device, such as the operating system, browser version, installed fonts, etc. This unique combination can help identify suspicious activity, as fraudsters often use the same device for multiple transactions.

Sophisticated anti-fraud solutions can detect the use of Tor. As mentioned above, this can be done through analysis of IP addresses, profiling users through the device fingerprinting, and other practices.

The use of Tor Browser becomes evident when an anti-fraud tool correlates the user's IP with a recognized Tor exit node. While it’s not guaranteed that anyone attempting to make a purchase using Tor is committing fraud… it should be regarded as suspicious.

Thankfully, contemporary anti-fraud systems are well-versed in the specifics of Tor and how fraudsters exploit it. Service providers factor in all these considerations when implementing protective measures for a company. While Tor might conceal a user’s information, the usage of Tor itself remains detectable and is flagged accordingly.


Are Tor browsers legal?

Yes, using the Tor Browser is perfectly legal in most countries. It's used by many legitimate users, including journalists, activists, and law enforcement agencies, for various purposes. However, just like any other tool, it can be used both for legal and illegal activities.

Is Tor for the dark web?

Tor is a tool that can be used to access the dark web, but it is not exclusively for that purpose. The Tor network was designed to help protect the privacy and anonymity of its users; not to facilitate crime.

Can the government track Tor users?

While Tor greatly enhances privacy and makes tracking significantly more challenging, it should not be relied upon to provide complete anonymity. A determined, sophisticated adversary like a government agency will have the resources to uncover a Tor user’s identity, if they’re sufficiently motivated to do so.

What to avoid on Tor?

Users should avoid engaging in any illegal activities on Tor, as these remain unlawful regardless of the platform used and can lead to serious consequences. Additionally, they should steer clear of sharing any sensitive personal information, as this could compromise their anonymity and potentially expose them to risks.

How many people use Tor in the US?

According to Tor Metrics, there are 582,380 active Tor users in the US every day.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form