Why Tor Browser is safer than normal browsers
I am a passionate Web Developer from India, currently specializing in Full Stack Development. I aim to actively engage with the tech community, fostering creativity, sharing my knowledge, and collaborating to grow together. Let's innovate and build the future of technology!
There is a concept called “Tor Circuit“ which works under the hood of the tor browser :
Tor Circuit relies on three RELAYS( Entry Node, Middle Node, Exit Node )
What is a Relay?
A relay is a volunteer-run server that helps route encrypted traffic through the Tor network
basically volunteer means the operator chooses to support tor, they donate their bandwidth electricity and computer resources and Tor does not pay them hence the term “volunteer“ comes up
think of it as a radio station
It’s always on
It broadcasts continuously
The broadcaster volunteers their equipment and electricity
Now coming back to tor circuit and the three relays :
Entry Node (Guard Node) - Knows who you are (Your IP Address) but cannot see the destination website.
Middle Node - Keeps the circuit layered, it only knows the previous and next hop
Exit Node - Does not know who you are (Your IP Address) but knows the destination website (example.com)
This creates a segmented trust model. This design provides anonymity by ensuring that no single relay knows both, who you are and what you are doing.
🔨How It Works under the hood (Deep Dive)
🔒 1. Circuit Construction: Multi Layer Encryption (Onion Encryption)
Before sending any traffic, Tor browser builds a circuit through the three relays as discussed above
Your browser negotiates a seperate session key with each relay:
Key 1 with Entry Node
Key 2 with Middle Node
Key 3 with Exit Node
Then it wraps the data in the three layers of encryption like an onion 🧅
[ Exit Layer Key ] -> [Middle Layer Key] -> [Entry Layer Key] -> Payload
Each Relay peels off one encryption layer:
Entry removes layer 1
Middle removes layer 2
Exit removes layer 3
Destination receives clear HTTP/HTTPS request
No relay knows the full path or contents.
🌐What each Relay sees
🔵Entry Node (Guard)
Sees your IP Address
Knows you are connecting to Tor
Passes the data deeper into Tor
Does not know the destination or content (Encrypted)
🟠Middle Node
Sees only the previous and next Tor Relay
Cannot link the source to the destination
Cannot read the traffic (Encrypted)
🔴Exit Node
Sees Destination
Can see unencrypted traffic (if visiting non HTTPS sites)
Does not know your IP Address
🧠Why Three Nodes?
Using only 1 Node would mean trusting it entirely and if it is compromised everything else depending on it is compromised as well
Using 2 Nodes would still allow the entry and exit to collude.sri/
But with 3 Nodes the anonymity set enlarges and :
Entry can’t see where you go
Exit can’t see who you are
Middle prevents correlation attacks
Only global observers can try to deanonymize (hard)
This helps protect against :
Relay compromise
Network observers
Rogue exit nodes
Timing attacks(partially)
🔁 Circuit Rotation
Tor builds new circuits every ~ 10 minutes
Different sites in different tabs may use different circuits
Long lived connections (e.g. downloads) may keep their circuit longer
This makes long term tracking harder.
What About HTTPS inside Tor?
HTTPS adds another encryption layer after leaving the exit node.
So the exit node cannot see your data if the site uses HTTPS.
Final Notes: Why You Shouldn’t Maximize Tor Browser :
Although it feels harmless, maximizing or manually resizing the Tor Browser window exposes your exact screen dimensions a unique fingerprint that websites can use to identify you. Tor’s default window size is intentionally standardized to blend you into a large group of users. Stick to the default size and close the browser when finished to maintain the strongest anonymity Tor can provide.
Thank you for reading this far!
