Your ISP sees everything. Every domain you visit. Every IP connection. A VPN just shifts the problem — now you trust the VPN provider instead of your ISP. Tor solves the problem differently.
With Tor, you don't rely on trust. The network itself ensures that no single point knows both who you are and where you're going. At the same time: Tor is not a silver bullet. Use the tool wrong and you're just as visible as without it.
"Anonymity is not a state. It is a behavior."
How Onion Routing Works
Tor stands for The Onion Routing. The principle: your data packets are wrapped in multiple layers of encryption — like an onion — and then sent through a chain of exactly three volunteer-operated servers.
| Node | Knows | Does not know |
|---|---|---|
| Guard Node (entry) | Your real IP | Destination website |
| Middle Relay | Previous + next node | Origin & destination |
| Exit Node | Destination website | Your real IP |
Each node peels off exactly one encryption layer — nothing more. No single point in the network knows both sender and recipient at the same time. That is the strength: not trust, but design.
Tor Browser: The Browser That Makes You Disappear
Tor Browser is not an ordinary browser with a Tor proxy bolted on. It is a specially hardened Firefox fork that works in concert with the network. The goal: make all Tor users look identical on the network.
No fingerprint spoofing. No hiding. Instead: crowd blending. Every Tor Browser instance shares the same user agent, the same window dimensions, the same settings. The individual vanishes into the crowd.
What It Includes
- Automatic Tor routing — start it and browse, no setup needed
- NoScript: JavaScript control per security level
- Session isolation: cookies and history cleared after every session
- New Identity: fresh circuit + new session at the click of a button
- Access to
.onionservices (hidden services)
Security Levels — What They Actually Do
| Level | JavaScript | Fonts / Symbols | Audio / Video |
|---|---|---|---|
| Standard | Active everywhere | All active | Normal |
| Safer | Disabled on HTTP sites | Some disabled | Click-to-play |
| Safest | Disabled everywhere | Many disabled | Click-to-play |
Standard is enough for ordinary anonymous browsing — Tor already protects at the network layer.
Safer is recommended on unknown sites or in censored networks.
Safest is for journalists, activists, .onion access — most modern sites will break.
Mistakes That Cost Anonymity
- Logging into personal accounts — Google, social media, email: immediately de-anonymized
- Full-screen mode — window dimensions are fingerprint data
- Installing extensions — every extension makes your browser unique
- Opening downloaded files — they can phone home and leak your real IP
- Torrents — almost always leak your real IP
Orbot: Tor for Android Apps
Orbot is not a browser. It is a system-level proxy for Android — built by the Guardian Project together with the Tor Project. It routes other apps' traffic through the Tor network. Not just browsing. Any app you choose.
VPN Mode vs. Proxy Mode
| VPN Mode | Proxy Mode | |
|---|---|---|
| Technology | Android VpnService API | Local SOCKS5 + HTTP proxy |
| App configuration | Not needed | Manual per app |
| Which apps | All (split-tunneling) | Only apps with proxy support |
| VPN slot occupied | Yes | No |
| Combinable with VPN | No (simultaneous) | Yes (Tor over VPN) |
| Leak protection | Very strong | Depends on app behavior |
VPN mode is the simpler path: Orbot creates a local VPN at the system level, intercepts traffic from selected apps, and routes everything through Tor. No app configuration needed — just use "Choose Apps" in Orbot's settings.
Proxy mode (Power User Mode) leaves the VPN slot free. This lets Orbot run simultaneously with Mullvad or ProtonVPN. The result is "Tor over VPN": your ISP only sees the VPN connection, the VPN provider only sees Tor traffic — no single point knows both.
Setup on GrapheneOS
Recommended download: F-Droid with the Guardian Project repository. In F-Droid, go to Settings → Repositories and enable the official Guardian Project repository, then install Orbot from there. Alternatively, download the APK directly from guardianproject.info.
Recommended settings after installation:
- Enable VPN mode
- Open "Choose Apps" → select only the apps you want routed through Tor (e.g. wallet, messenger)
- For maximum leak protection: Android Settings → VPN → Orbot → enable "Block connections without VPN"
(Note: this disables split-tunneling — everything then routes through Tor) - Enable Bridges if Tor is blocked on your network
BitBox and Other Apps Through Tor
The easiest approach: start Orbot in VPN mode, mark the BitBox app (or any other wallet app) under "Choose Apps" — done. All network traffic from that app now flows through the Tor network without any configuration inside the app itself.
Your wallet communicates with the node without your ISP being able to trace the connection back to you. No IP address leading to you — only anonymized Tor traffic.
Bridges & Pluggable Transports
Standard Tor entry nodes are publicly listed — censors can block them. Bridges are secret, unlisted Tor nodes. Pluggable Transports go further: they disguise Tor traffic as something else entirely.
| Transport | Disguise | When to use |
|---|---|---|
| obfs4 | Random noise | Standard bridge, defeats pattern detection |
| Snowflake | WebRTC video call | Very hard to block |
| meek | HTTPS to Azure/Google | Last resort — slow |
| WebTunnel | WebSocket-HTTPS | Newest transport, looks like a normal website |
Important: only use bridges when Tor is actually blocked. In open networks, direct connections are faster and don't consume bridge resources that users in censored regions actually need.
In Tor Browser: Settings → Connection → Bridges → select a built-in bridge
In Orbot: Main screen → enable "Use Bridges"
Tor Browser vs. Orbot: When to Use Which?
| Scenario | Tool |
|---|---|
| Anonymous web browsing | Tor Browser |
| Visiting .onion services | Tor Browser |
| High-risk research (journalism, activism) | Tor Browser + Safest |
| Route wallet / app through Tor | Orbot VPN mode |
| Anonymous messenger (Telegram, Molly, SimpleX) | Orbot Proxy mode |
| Everyday browsing on GrapheneOS | Vanadium (not Tor — too slow) |
The Critical Difference
Orbot hides your IP address. Tor Browser hides your IP address and standardizes your browser fingerprint.
If you route Vanadium through Orbot: your IP is hidden, but your browser fingerprint differs from Tor Browser. You are anonymous at the network layer but not at the browser layer.
For true anonymity while browsing: use Tor Browser directly — not Vanadium + Orbot. For non-browser apps: Orbot is the right tool.
What Tor Cannot Do
- Exit node traffic: The exit node sees unencrypted HTTP traffic. Always use HTTPS.
- Hiding that you use Tor: Your ISP can see that you're using Tor — just not what. Use bridges if that's a concern.
- Traffic correlation: A powerful adversary monitoring both ends can theoretically link connections.
- User mistakes: Login, full-screen, downloads — no network protects against your own actions.
"The network can only protect what you give it. What you give away yourself, no one can protect."
Tools for True Owners
-
📖 GrapheneOS: Android in the Age of Surveillance
Setup, Apps & Digital Sovereignty — the complete guide to your Google-free Android. DRM-free, €4.99.
alien-investor.org/buecher.html · also on Amazon KDP -
Privacy & Mail: Email, VPN, and cloud without Big Tech — Proton.
alien-investor.org/proton -
₿ Bitcoin in self-custody: Hardware wallet instead of exchange account. Code
ALIENINVESTOR= 5% discount on the BitBox.
alien-investor.org/bitbox -
₿ Bitcoin DCA (Europe): Bitcoin-only, no shitcoin noise. Code
ALIENINVESTOR= permanent −0.2% fee reduction.
alien-investor.org/21bitcoin