Tor Browser occupies a distinct niche in the privacy software landscape. Unlike VPNs, which shift trust to a single provider, Tor distributes traffic across a volunteer-operated relay network, making it substantially harder for any single party to correlate browsing activity with a user's identity. This architectural choice is its primary strength and the foundation of its reputation among high-risk users.
Security Features
Out of the box, Tor Browser applies a "Standard," "Safer," or "Safest" security mode. The Safest setting disables JavaScript entirely, eliminates most web fonts, and restricts media playback — substantially reducing the attack surface for browser exploits. HTTPS-Only mode is enforced by default, and the browser strips identifying HTTP referrer headers. The bundled NoScript extension provides additional script control. These defaults reflect a considered threat model rather than convenience-first engineering.
It is worth noting what Tor does not protect against: malware on the endpoint, browser exploits targeting unpatched vulnerabilities, and behavioral de-anonymization if users log into identifiable accounts. The Tor Project is transparent about these limitations in its documentation, which is a mark in its favor.
Usability
Usability is Tor Browser's most significant practical weakness. Page load times are noticeably slower than a standard browser, particularly for media-heavy sites. Exit node IP addresses are widely flagged by CDN providers and fraud-detection systems, resulting in frequent CAPTCHA challenges or outright blocks from services like Cloudflare-protected sites. Streaming video is largely impractical. Users accustomed to saving passwords, syncing bookmarks, or using browser extensions will find the experience deliberately restrictive — by design.
Installation is straightforward on Windows, macOS, and Linux. Android users can install the official Tor Browser from Google Play or the Tor Project's website. An iOS option does not exist in official form, though third-party apps claim Tor integration with varying credibility.
Privacy Practices
The Tor Project is a 501(c)(3) nonprofit. It does not collect user browsing data, does not serve advertisements, and publishes its financials and code publicly. Funding comes from grants, donations, and institutional partners including various government agencies — a point sometimes raised by critics, though the open-source code allows independent verification of the software's behavior. The organization's threat model documentation and design papers are publicly available and regularly updated.
Pricing and Value
The browser is entirely free. For users whose threat model genuinely includes ISP monitoring, government surveillance, or network-level tracking, the value proposition is strong. For casual users primarily wanting to avoid ad tracking, lighter tools may offer a better speed-to-privacy ratio.