Home » Articles » How To Configure Tor Properly
Click Here To Hide Tor

How To Configure Tor Properly

Tor is a renowned must in the anonymity field, and the first fundamental step in your fight for privacy. You could think that the only thing that you need to hide your identity while surfing the web is to download the Tor browser bundle, but this is not enough. There are, in fact, wrong behaviours that can reveal your real identity and location even if you’re using Tor, as well as tricks to keep you safe and stealth. In this article, I will explain the basics to introduce you to the Onion world, teaching you how to not get betrayed by your bad habits.

The Tor Network

The Tor network, made by servers run by volunteers, allow users to hide their identity from the sites they visit and prevent eavesdroppers to watch their traffic. Your communications are encrypted and bounced from a relay to another, lastly arriving to their destination. Combined with https, Tor provides end-to-end encryption, making it impossible even for the Tor volunteers to read your traffic, and your source IP is well masked by the last relay’s IP. So what could go wrong? Why are these security measures are not enough to keep you safe and anonymous?

Starting Tips

To start correcting your browsing habits, we can follow a few suggestions:

  • Use exclusively the Tor browser. Even if it is possible to make every browser connect to the Tor network, it is recommended to use the Tor browser that is fine tuned with this purpose in mind. The other browsers, in fact, all have issues with their configurations, that could lead to your identity leakage.
  • Don’t torrent over Tor. It is well known that the torrent file-sharing applications can ignore proxy settings, giving away your real IP to the external world. A further reason, is that torrenting over Tor can heavily slow down the entire network.
  • Use HTTPS Everywhere. The Tor browser has a plugin called HTTPS Everywhere, that forces the supported websites to use HTTPS, if possible. This results in end to end encryption for you. Check the EFF’s interactive page to better understand this key concept.
  • Don’t enable or install extra browser plugins. The only plugins that you need are included in the Tor browser. Other plugins could reveal your real identity, making completely useless your usage of Tor.
  • Don’t open documents downloaded with Tor when you’re online. If you open a document downloaded with Tor, it could contain links that connect to a website without passing through Tor. This would reveal your identity.
  • Completely disable javascript (only in extreme cases). Tor browser uses the NoScript plugin to limit, where possible, the usage of Javascript. Anyway, if you want to be completely safe from JS leakage of your IP, you can disable it in the configuration of your Tor browser. Go to about:config and turn the “javascript.enabled” voice, to false. Keep in mind that JS is fundamental to render almost all the websites today, so disable it only if truly necessary.
  • Disable referers. Go to about:config and disable “network.http.sendRefererHeader” (turn it from 2 to 0). The referer header tells the browser where you come from (from which page), so for privacy reasons you may want to disable it.
  • Disable iframes. Go to about:config and disable “noscript.forbidIFramesContext” changing its value to 0. Iframes can be used to spread a malware through your browser. Like the case of JS, they are used everywhere so, disabling them, it’s an extreme measure.
  • Use bridges. While the observation of the above precautions will let you surf the internet anonymously, it won’t mask the fact that you are using Tor, thus, a traffic watcher could be notice that you are using Tor even ignoring sites you are visiting. If you are concerned about this problem, I strongly suggest to use Tor bridges. Let’s see together what Tor bridges are and how to configure them.

Configuring Tor Bridges

If Tor does not work, click on “configure” in the main window, and skip the proxy phase:

Then, click on “yes” in the following screen and choose “obfs4” as the default transport type:

In the case that your Tor browser works, follow this other procedure: click on the onion button:

then, select “Tor is censored in my country”:

next, choose the transport type “obfs4”:

Well, at the end of this procedure, it will be more difficult for anyone to know that you are using Tor.

Let’s Clarify What We Did

  • First, we discussed what is a Tor bridge and why should it help us remain anonymous. A Tor bridge is an entry node of the Tor network that is not listed in the main Tor directory. While “normal” nodes are publicly available, the bridges are “hidden”, so no one, watching that you are connecting to a certain bridge’s IP, can know that you are using Tor.
  • What is a pluggable transport? The government can identify that your traffic belongs to the Tor network, blocking it using your ISP. The Tor volunteers then invented pluggable transport, a system that obfuscates your traffic making it similar to an innocuous traffic, making harder, for the government, to decide to block you. Going on with the time, many transports have been identified, so always newly available ones are developed. The current, recommended one, is obfs4, but other types exist. It is also possible to obtain your custom bridges sending an email to this address with the line “get bridges” in the body of the mail. You must send this mail from a Gmail, Yahoo!, or Riseup! Account, because only these providers are supported.


  1. I appreciate this, however I have a few questions. Please correct me if I’m wrong:

    1)You’re saying we should choose the box that says; “Tor is censored in my country” ~ Even if that’s not true?

    2)We should use the Tor Browser for “everything?” Like everyday emails, You Tube, streaming?

    3)When you say “Pluggable Transport” are you referring to TAILS?

    and finally

    4)Why no mention of VPN’s? I was under the impression they were the easiest first line of defense?

    • TheInnocent

      1) Yes.
      2) You should use it for everything that you mind keeping anonymous and everytime
      you don’t mind to add extra time to your surfing. Don’t use it for torrent.
      3) No.
      4) VPN is good but this article was focused on Tor.

  2. Good article, TheInnocent.
    A few tips when browsing:

    -Ignore HTTP sites like the plague. Stick to HTTPS ONLY. VERY IMPORTANT

    -Make sure the target site is HTTPS when you connect to a site outside of Tor’s hidden services(.onion.sale). Http sites can be sniffed/monitored very easily through the exit node

    -Stick to hidden services(.onion.sale) if you can, as they are end-to-end encrypted. Exit nodes ARE NOT involved in the connection to hidden services(.onion.sale) making the method mentioned to monitor you useless. Extra security

    -Do not use usernames/emails you use on the clearweb on the deepweb

    -If you have anything at all that could possibly identify you via email-names/usernames/whatever, change it or create a new account for that service. Use Protonmail. Username/e-mail can be seen if site datashares with law enforcement/is a honeypot, but not more than that(if on hidden service)

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *