Home / Encyclopedia / Tor Network

The Tor Network

20 min read Updated: December 2025 Intermediate

Table of Contents

  1. Overview
  2. History & Development
  3. How Tor Works
  4. Types of Relays
  5. Hidden Services (.onion)
  6. Limitations & Weaknesses
  7. Network Statistics

Overview

Tor (The Onion Router) is free, open-source software that enables anonymous communication over the internet. It directs internet traffic through a worldwide volunteer network of over 6,500 relays to conceal users location and usage from surveillance and traffic analysis.

6,500+
Active Relays
2.5M+
Daily Users
50+
Countries
1,200+
Exit Nodes

History & Development

1995

Research Begins

David Goldschlag, Michael Reed, and Paul Syverson at the U.S. Naval Research Laboratory begin developing onion routing to protect U.S. intelligence communications.

2002

Alpha Release

Roger Dingledine and Nick Mathewson join Syverson to develop Tor. The alpha version is deployed and code released under free license.

2004

Public Release

The Naval Research Laboratory releases Tor under a free license. The Electronic Frontier Foundation (EFF) begins funding development.

2006

Tor Project Founded

The Tor Project, Inc. is founded as a 501(c)(3) nonprofit organization to maintain Tor development.

2008

Tor Browser Bundle

First Tor Browser Bundle released, making Tor accessible to non-technical users.

How Tor Works

Tor implements onion routing—a technique where messages are encrypted in multiple layers, like the layers of an onion. Each relay decrypts one layer to reveal the next destination, but no single relay knows both the origin and final destination.

tor@circuit:~
Circuit Construction:

┌──────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌──────────┐
│ YOU │────▶│ GUARD │────▶│ MIDDLE │────▶│ EXIT │────▶│ TARGET │
│ (Client) │ │ (Entry) │ │ (Relay) │ │ (Node) │ │ (Server) │
└──────────┘ └────────────┘ └────────────┘ └────────────┘ └──────────┘
│ │ │ │ │
│ │ │ │ │
Knows: Knows: Knows: Knows: Knows:
- Your IP - Your IP - Guard IP - Middle IP - Exit IP
- Guard IP - Middle IP - Exit IP - Target IP - Request
NOT destination NOT origin NOT origin

Encryption Layers:
Message → [Exit Layer [Middle Layer [Guard Layer [MESSAGE]]]]
Each relay removes ONE layer, sees only the NEXT hop

Step-by-Step Process

  1. Circuit Creation: Your Tor client selects 3 relays from a list of ~6,500 available nodes
  2. Key Exchange: Diffie-Hellman key exchange establishes unique encryption keys with each relay
  3. Layer Encryption: Your request is encrypted 3 times—once for each relay, in reverse order
  4. Transmission: Each relay decrypts its layer and forwards to the next
  5. Response: The response travels back through the same circuit, re-encrypted at each hop

Circuit Lifetime: Tor creates a new circuit every 10 minutes for new connections. This limits the window for traffic analysis attacks.

Types of Relays

Guard (Entry) Nodes

The first relay in your circuit. It knows your real IP address but not your destination. Tor uses the same guard for 2-3 months to prevent certain attacks.

~2,500 nodes

Middle Relays

Intermediate nodes that only see encrypted traffic. They know the previous and next relay, but not the origin or destination. The safest to operate.

~4,000 nodes

Exit Nodes

The final relay that connects to the regular internet. It sees the destination and unencrypted traffic (if not HTTPS). Legally risky to operate—often subpoenaed.

~1,200 nodes

Bridge Relays

Unlisted entry points for users in countries that block Tor. Their IPs are not published in the main directory, making them harder to block.

~2,000 bridges

Hidden Services (.onion)

Hidden services (also called onion services) allow servers to hide their location while offering services through Tor. Both the user and server remain anonymous.

Example Onion Address Format
duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion

This is DuckDuckGos official onion service. The 56-character address is derived from the services public key.

How Hidden Services Work

  1. Introduction Points: The hidden service selects relays to act as introduction points and publishes their addresses
  2. Descriptor Publication: Service details are published to a distributed hash table (DHT)
  3. Client Lookup: User downloads the descriptor and creates a circuit to an introduction point
  4. Rendezvous: Both parties meet at a "rendezvous point"—a relay chosen by the client
  5. Communication: All traffic flows through the rendezvous point, both sides anonymous

Limitations & Weaknesses

TRAFFIC ANALYSIS RISK

Known Attack Vectors

  • Traffic Correlation: An adversary controlling both entry and exit can correlate timing to deanonymize users
  • Sybil Attacks: Running many malicious relays to increase chances of controlling a circuit
  • Exit Node Sniffing: Exit nodes can see unencrypted traffic (use HTTPS!)
  • Browser Exploits: JavaScript vulnerabilities have been used to deanonymize users (e.g., FBI vs. Freedom Hosting)
  • Timing Attacks: Precise timing analysis can link entry and exit traffic

Critical: Tor provides strong anonymity but is not bulletproof. Operational security mistakes—reusing usernames, logging into personal accounts, or downloading files—have led to most arrests, not Tor vulnerabilities.

Network Statistics (2025)

Current Network Status

Total Relays ~6,500
Daily Users ~2,500,000
Total Bandwidth ~700 Gbit/s
Onion Services ~65,000
Countries with Relays 50+

Source: Tor Project Metrics (metrics.torproject.org)

Related Articles

Onion Services Deep Dive

Technical details of .onion sites

I2P Network

Alternative to Tor using garlic routing

Onion Routing Explained

The cryptography behind Tor

Educational Purpose Only

DarkWiki is a research and educational resource. We do not promote, facilitate, or encourage any illegal activities. All information is provided for academic, journalistic, and cybersecurity research purposes only. Historical onion addresses shown are no longer active and are included solely for historical documentation.