Tor

Tor (The Onion Routing) is a free and open-source overlay network and software stack that implements onion routing to anonymise low-latency TCP traffic, typically via the Tor Browser, by relaying it through a global network of volunteer-operated relays. It also disposes of its own set of services which use the .onion Special-Use Domain Name. It is developed and maintained by the non-profit Tor Project and is widely used for privacy protection.^[1][2] Measurements and operator reports describe a network of several thousand active relays, run by volunteers worldwide, and a global user base in the millions.^[3]

Origins and Development[edit | edit source]

The underlying concept of onion routing was developed in the mid-1990s at the United States Naval Research Laboratory (NRL) as a way to create Internet connections that conceal "who is talking to whom", even in the presence of network monitoring.^[1] Onion routing achieves this by encrypting traffic in multiple layers and routing it through several intermediate nodes.

In the early 2000s, a second-generation onion routing system consolidated under the name "Tor" ("The Onion Routing"), being initially deployed in October 2002, with its code released under a free and open-source licence. By the end of 2003, it had a small set of volunteer relays.^[1] The EFF began funding Tor development in 2004 due to its value for privacy protection, and in 2006, Tor Project, Inc. was created as a US-based nonprofit to steward the software and network.^[1] The Tor Browser emerged in 2008, packaging Tor with a hardened Firefox build to make the system usable by non-specialists.^[1]

Tor became widely associated with circumvention of State-level censorship during the Arab Spring and was featured in disclosures about large-scale surveillance in the early 2010s. The Tor Project’s own narrative positions the network as an infrastructure to provide "private access to an uncensored Internet".^[1][4]

Architecture and Operation[edit | edit source]

Tor anonymises low-latency TCP-based applications such as Web browsing, SSH, and instant messaging by routing traffic through multi-hop encrypted circuits over a set of volunteer relays instead of sending it directly from client to destination.^[4] A small number of directory authorities publish a signed consensus describing the current relay set and their capabilities; Tor clients download this document to learn which relays exist and how to use them.^[4] Each client selects a stable set of "guard" relays and builds circuits of typically three relays, with a separate layer of symmetric encryption negotiated for each hop so that every relay only knows its immediate predecessor and successor.^[4]

In addition to providing client anonymity for connections to the public Internet via exit relays, Tor offers "onion services" (formerly "hidden services") in which both client and service remain inside the Tor network and communicate using a rendezvous protocol. These services are addressed by .onion hostnames and rely on Tor’s own naming system instead of the public DNS.^[4][5] To resist blocking, Tor incorporates unlisted "bridge" relays and "pluggable transports" that obfuscate Tor traffic patterns, making it harder for network operators or censors to detect or selectively filter Tor connections.^[4]

Deployment and Uses[edit | edit source]

Tor usage is heterogeneous. As a robust privacy system, it can be used to circumvent normal limitations of the public Internet for purposes that can be legitimate or illegitimate depending depending on circumstances, laws, and involved actors. In broad terms, these activities are divided into:

• Journalists, whistleblowers, and political activists in environments with potential surveillance or censorship; ordinary users seeking to limit profiling and metadata collection; operators and visitors of onion services, such as secure dropboxes, underground marketplaces, and forums; law enforcement and security agencies may use Tor for protecting their own online activities.^[5][2]
• Fraud, crime coordination, malware distribution, and data exfiltration.^[5][3] A 2025 investigation by The Guardian, focusing on CSAM networks, criticised Tor’s design and governance choices for making it difficult to moderate or remove illegal content published via onion services, while also acknowledging Tor’s role in privacy and anti-censorship more broadly.^[6]

Several governments have periodically attempted to block Tor. Documented examples include efforts by Iran, Venezuela, Russia, and China to disrupt access to public relays or to fingerprint Tor traffic, with Tor in turn deploying bridges and new transports to keep the network reachable for at least some users under these conditions.^[2]

Governance Aspects[edit | edit source]

Tor is not an IETF standards-track protocol and the .onion suffix is not operated under ICANN contracts. Governance is steered by the Tor Project as a non-profit organisation, with technical decisions made in interaction with researchs and the free-software community. Tor raises Internet governance questions because it:

• Constitutes a widely deployed alternative naming and routing system coexisting with the public DNS;
• Weakens the link between IP addresses, geography, and identity that many governance and enforcement processes rely upon;
• Affects the effectiveness of network-level policy tools such as DNS-based blocking and traffic logging.

Alternative Naming and the DNS[edit | edit source]

Tor’s onion services rely on a naming system where hostnames ending in .onion are resolved by Tor’s rendezvous protocol rather than by DNS resolvers.^[4][5] RFC 7686 designates .onion as a Special-Use Domain Name and instructs DNS software not to send such queries into the public DNS, formalising Tor’s namespace while keeping it outside the ICANN-administered root zone.^[7]

ICANN’s SSAC uses .onion as a canonical example of "other name resolution systems that also use domain names", where DNS syntax is reused but resolution follows a different protocol.^[8] SAC078 notes that such systems "exist in the domain name space, but [...] use methods of resolution other than the DNS" and flags the need to understand their security and stability implications.^[8]

SAC123, on the evolution of Internet name resolution, explicitly describes Tor as an "alternative naming system" used by an application that bypasses administrator-controlled DNS settings: the Tor Browser uses Tor naming for .onion names while forwarding other names to the local DNS stack.^[9] The report links this to broader trends in which:

• Applications embed their own name resolution logic;
• Users are less aware of which naming system is being used; and
• The path from a human-readable identifier to a service becomes less predictable.^[9]

From an ICANN and IETF perspective, Tor therefore sits at the intersection of debates on special-use names, private-use TLDs, name collisions, and the long-term viability of a single, coherent naming system.

Censorship, Jurisdiction, and Law Enforcement[edit | edit source]

Because Tor circuits obscure the association between user IP addresses and destinations, they complicate attribution models that assume an IP address reliably identifies an endpoint. Exit relays receive traffic from many users and are often operated by volunteers in different jurisdictions, creating operational challenges for:

• Law-enforcement agencies, which must rely on investigative techniques other than simple IP logs;
• Service operators, who may treat Tor exit IPs as sources of abuse or probing and respond with blocking or CAPTCHAs;
• Incident response teams, which must distinguish Tor-mediated traffic from direct connections.^[3][2]

At the same time, Tor is explicitly used by journalists, NGOs, and ordinary users to evade censorship and surveillance, and is promoted by some public broadcasters and civil-society organisations as a recommended circumvention tool in heavily filtered environments.^[2][5] This dual use makes Tor central to policy debates about:

• Whether and how network operators or states should attempt to block or discourage Tor usage;
• The proportionality and collateral damage of measures such as blocking public relays, DPI-based detection of Tor protocols, or legal pressure on relay operators;
• The responsibilities (if any) of the Tor Project and relay operators to respond to widespread criminal misuse, especially where national or international law is engaged.^[6]

Centralisation, Trust, and Infrastructure Role[edit | edit source]

Although Tor is designed as a decentralised overlay, some aspects of its operation are intentionally centralised. A small number of directory authorities, operated by trusted individuals and organisations, provide the signed consensus that defines which relays are part of the network and how traffic should be distributed.^[4][2] This has led to technical discussions about the impact of compromising directory authorities and governance discussions about who decides network parameters and how transparent those decisions are.

SSAC’s analysis of alternative naming systems, Zooko’s triangle, and namespace ambiguity situates Tor among experiments that trade off decentralisation, human memorability, and security differently from the DNS + DNSSEC model.^[9] Tor’s names are not human-memorable in the same way as DNS names, but gain strong binding to cryptographic keys and avoid dependence on the single ICANN-managed DNS root.

As Tor evolves, for example by deploying new relay encryption schemes and proof-of-work mechanisms to protect onion services against denial-of-service attacks, it increasingly functions as a piece of critical privacy infrastructure operated outside the ICANN/RIR/standardisation frameworks that govern much of the traditional Internet stack.^[2]

See Also[edit | edit source]

• DNS over HTTPS
• DNS over QUIC
• DNS over TLS

References[edit | edit source]