How to Use Tor Browser

We live in the era of the data gold rush. Governments tracking your movements, corporations keeping a tab on your digital footprints to give you targeted ads, desktop programs and smartphone apps using clauses in user license agreements to record and sell data like your browsing habits and shopping preferences—no one likes that feeling of constantly being watched. While common forms of private web browsing like using Chrome’s Incognito mode, or Microsoft Edge’s InPrivate mode will prevent others who use the PC or smartphone from going through your browsing history, their degree of “privacy” is limited. You’re not really anonymous, since your ISP can still monitor the sites you visit. The Tor Project comes in for complete anonymity. 

Short for “The Onion Router”, Tor has been developed to keep you anonymous while browsing, ensuring that your location and identity are always private, and that there won’t be any tracks of your online activities. This software was initially developed in the 90s by the United States Naval Research Lab to cloak their activities and ensure that they wouldn’t be traced back to them.  It uses an onion-like layering technique—hence the name, concealing information on location and user activity. While it has its roots in military use, it is now free and open-source, and used all over the world—from fostering democracy and dissemination of information within authoritarian states, to the average internet Joe simply looking to surf the web without feeling that they are under a microscope.  Here is how you can use it:

Installing Tor Browser

  1. Head on over to Tor Project and download the software version that suits your operating system. 
  2. Run the installer, and once it’s complete click “Finish” to launch it. 
  3. A settings dialog will pop up, with settings to connect to the Tor network. Simply click the “Connect” button. However, if you’re connecting to the internet via proxy, click the “Configure” button and key in the settings.
Tor Browser - Connect

For the initial connection, the program may take several minutes—and it warns of this, since it is making the connection through relays. However, after this is done, the Tor browser launches, ready to be used.

Tor - establish connection
Tor - establish connection

If you’ve surfed with Mozilla Firefox, then you’ll find Tor to be familiar, since they are based on the same code. You don’t have to have used Firefox before to get a hang of Tor though. There are similarities to Chrome, Microsoft Edge and Safari, so you will get used to it really quickly. 

Tor - explore privately

Setting the security levels

With the default security settings, they are set to “Standard”. This alone is still far more secure compared to the conventional web browsers. However, you can increase this further, selecting the preferred security level—but keep in mind that some functionalities on the sites you visit will be disrupted.

Tor-Security Privacy Settings

The goal here to achieve a balance between the desired level of privacy, security and web usability.

Understanding How Tor Works

How does Tor work to keep your connection private and anonymous? It avoids direct connection to websites. Instead, the connection gets passed through multiple nodes on the network. These nodes are servers operated by volunteers. As it bounces around the different nodes, these intermediaries won’t know the source of the connection (you) or the target destination (the website you visit). This makes it impossible for the website to determine who you are and track you. For example:


Here’s what happens: The data leaving your computer or smartphone is encrypted, then sent into the Tor network. As it passes each individual node, a layer of encryption gets removed, revealing the location of the next node. When it gets to the last exit node, the final encryption later is removed, for the data to be sent to its destination. The path is randomly generated, the relays do not keep records, and each node just decrypts enough information to know the previous and next node on the path. This mode of operation will be why you’ll notice the slightly lower surfing speed when using Tor compared to other browsers. However, on a good internet connection, the difference in site loading speeds will be minimal. 

In case the performance gets unusually slow, or pages become unresponsive, you can launch a new Tor circuit. This option is on the drop-down menu, shown below:

Tor - Explore Privately

The “New Tor Circuit for this Site” option only applies for that active tab. You may want to go the extra set of acquiring a whole new identity, and that option is also available. Note that selecting this closes and restarts Tor, in order to give you a new IP address and set up a different connection.

Changing your modus operandi

There are some surfing activities that you’re probably used to, which you should change when using Tor browser. These include:

  • Using Google or Bing to make your searches online. It’s recommended that you switch to privacy-focused search engines like DuckDuckGo. 
  • Browser extensions are ill-advised. These can leak out your private information—beating the purpose of using this mode of browsing in the first place. As such, you should avoid installing them.
  • As you browse through the different sites, popups may show up, giving you different warnings- especially when there are items on that site that can be potentially used to track you. These popups will depend on the privacy settings you selected, and the sites you visit. 
  • You should also ensure that you use the HTTPS version of sites, rather than the less secure HTTP. Don’t fret—you don’t have to keep remembering this. Tor Browser by default automatically tries to direct you to the HTTPS version of the site being visited if it is available. Keep your eye on the URL bar just in case. 
  • If you’re keen on staying anonymous, it is recommended that you turn off the plugins and scripts. This is because, just as is with any other browser, plugins and scripts can be exploited to reveal data like your IP address. 
  • Torrenting is also discouraged on Tor. The torrent traffic is not protected, and this can be used to reveal your IP address. It will also be slower, given the number of relays that the data is passed through.
  • Visiting .onion sites gives you more privacy. These are the “deep web” or “hidden Tor services”, which can’t actually be accessed by search engines. You’ll need to get the direct links to them. Sounds like a lot of work, right? It’s not like you’re walking around with a list of preferred sites, and you don’t always know the particular onion site which has what you need. Onion directories come in to help you out.
Tor - OnionDir

Crank things up a notch with a VPN

Surfing the net with a Tor browser also draws attention to you. While the ISP cannot exactly know what you’re doing, it can still see that you’ve been connected to the Tor network, thus raising suspicion about your activities. Using it together with a VPN maximizes your privacy. Here, three things will happen when you connect to your VPN before launching the Tor browser:

  • No Tor relay/node sees your IP address
  • The VPN doesn’t see your activity in the Tor browser
  • Network operators won’t know you’re using Tor

Cryptocurrency 101: What it is, and The Risks it Bears

Cryptocurrencies are a new asset class that has been all the rage, drawing enthusiasts and sceptics alike. Traded on black markets and mainstream exchanges, their scope is wide. They became a speculative tool that has given some overnight riches, and driven others into massive debt. Some governments have attempted to draw up legislation to regulate it, while others have cracked down on its proponents. It’s the Wild West of the investment world. Here is a breakdown about what cryptocurrency is, and the risks to watch out for.

First, the Basics: Breaking Down What Cryptocurrency Is

You’ve probably heard of Bitcoin by now. It was the first cryptocurrency, and its success has spawned over 5,000 other variations, each with their target purposes, metrics and demerits. More keep popping up every other day. 

Cryptocurrency by nature is a digital payment system. However, unlike the conventional modes that you’re used to that involve banks, this system relies on cryptography and peer-to-peer transactions that allow anyone on the planet to send and receive payments. It got its name because of the encryption that is used to verify transactions. The payments made are digital entries on an online database called a blockchain, that keeps a record of all transactions to have ever been made for that particular cryptocurrency. This blockchain is basically a public ledger. The nature of these operations gives the cryptocurrencies specific characteristics, including:

  • Anonymity

The accounts and transactions on the blockchain are not tied to real-world identities. However, the level of anonymity varies. For instance, transacting with Bitcoin is like an author writing under a pseudonym—and if anyone ever links the pseudonym to the author’s identity, then every transaction can then be linked to the person involved. On the other hand, with cryptocurrencies like Monero, transactions are far much more difficult to trace due to the use of ring signatures and stealth addresses which are primarily used to give the users privacy, even concealing the transaction amount.

  • Portability

Being digital assets, they are easy to move around. The cryptocurrency is stored in a digital wallet, from desktop and mobile apps, to hardware and paper wallets. They are the equivalent of your bank account, allowing you to receive, track and send the coins. The wallets contain the private keys, which are secret codes allowing you to spend the coins. Technically, the coins themselves don’t need to be stored, but instead it’s the private keys giving you access to the cryptocurrency. So basically, the wallet is an app that manages the private keys.

  • Fungibility

The crypto assets of the same type can be interchanged with each other, with equal value between them. i.e. 1 Bitcoin = 1 Bitcoin, in the same way as 1 dollar = 1 dollar. This enables the cryptocurrencies to be used as a medium of exchange. 

  • Secure

Cryptography is powerful, all thanks to the magic of big numbers. The blockchain that a cryptocurrency runs on uses volunteers around the world, working together to encrypt the transactions. The users are assigned private keys, which allows the owner access to the cryptocurrency. The key is a long 256-bit string of random numbers and letters jumbled together. This is paired with a public address where the user can receive crypto payments from others. The public key is 256 bits as well, and the wallet address is 160 bits long. We’ll delve more into this later.

  • Irreversible

You know how you can issue a chargeback on your credit card and have the funds restored to your bank account? That can’t happen with cryptocurrencies. Once you make your transaction, there is no turning back. You cannot go and demand for your money to be restored, and no government or regulatory can force a transaction to be reversed. 

Cryptocurrency Risks: Key Issues To Watch Out For
  • Loss of confidence

This presents a critical business risk. The worth of a particular cryptocurrency is determined by the value placed on it by market participants through the transactions made— a “willing buyer/willing seller” scenario. Unlike ordinary (fiat) currencies, they are not backed by any central bank. They are also not pegged to an underlying asset like gold or commodity, and neither do they come bearing seals of approval from national and international organisations. Loss of confidence—perhaps due to reports of fraud or systemic risks discovered in the particular blockchain may result in a collapse of the cryptocurrency’s trading activities, and a consequent drop in value. 

An event that swept through the crypto industry was the crash of the BitConnect Coin (BCC), which dove by a staggering 97%, from its highs of $322 to lows of $6.09 in less than a day after the company behind it closed its lending and exchange company. The firm, which operated like the typical run-of-the-mill Ponzi scheme, had received cease and desist letters from the Texas State Securities Board and the North Carolina Secretary of State Securities Division, which led to it shutting down operations. These actions led to individuals taking monumental hits and families losing their life savings. The exit scam saw an estimated loss of around $250 million.

  • Fraud

The cryptocurrency sphere is fraught with fraud. Criminal activity targeting individual users and entire exchanges are an everyday phenomenon. Hackers gaining access into crypto exchanges and draining user wallets, cases of personal computers being infected with malware to steal an individual’s cryptocurrency- reports are all around. Spoofing and phishing attacks are prevalent, bringing about the need to exercise more care when it comes to personal computer security systems. 

Take the events that happened to one Eric Savics for instance. On June 12th, the Protocol Podcast host tweeted about how he lost his entire Bitcoin savings that had been accumulated over the course of 7 years. This was after he downloaded an imposter KeepKey app from the Google Chrome store and entered the seed phrase wallet. At the time of the loss, he had 12 bitcoin, worth over $110,000.

Cryptocurrency trading typically involves unregulated companies, many of which may have not implemented proper internal controls to protect the users—making them more susceptible to cyber-attacks compared to the regulated financial institutions. In 2019 alone, a record 12 exchanges were hacked, and $292,665,886 worth of cryptocurrency stolen, in addition to over 500,000 user logins. Even Binance, the world’s largest exchange by volume, fell victim to this, losing over 7,000 bitcoins after the hackers took advantage of a vulnerability in its hot wallet to obtain user API keys, 2FA codes and other bits the customers’ KYC data, which included photo IDs of 10,000 Binance users. The exchange shut its deposit and withdrawal services over a week as it beefed up its security protocols.

While the irreversible nature of cryptocurrency transactions is a strength, during cases of fraud it presents a huge operational risk. There won’t be an oversight body that you can call or email to reverse the transaction. Recover of stolen cryptocurrencies is difficult. When the private keys to a wallet are fraudulently obtained and the funds transferred, then the whole amount is considered to be forever lost to the owner.

Due to the large number of high-value crypto heists being witnessed, wealthy cryptocurrency investors are going to great lengths to secure their stash, including using cold storage devices that are housed in vaults and bunkers. Yes, not every cryptocurrency investor will be in a position to afford this level of security, but there are still steps they can take at a personal level to secure their private keys and ward off cyber threats.

  • Plain forgetfulness and human error

Having your cryptocurrency and lacking access to it because of blunders like spilling coffee on your hard disk and damaging it can be frustrating. Sometimes the risk is simple password amnesia. Forgetting where you stored your private key, or the pin unlocking that file you had jotted it down on—they can all result in the total loss of your cryptocurrency hoard. Well, there are some fortunate cases, such as 50 Cent who made some album sales back in 2014 that were paid in bitcoin—which he forgot, only to remember it much later. It turns out that he had received over 700 bitcoins for it, discovering the bounty years later, just in time to cash in millions of dollars. 

  • $5 Wrench Attack

One of the reasons why crypto investors insist on privacy and using pseudonyms is the possibility of physical attacks. An armed robber with a $5 dollar wrench can access your bitcoin stash in minutes—he just has to beat the private key out of you. The louder you proclaim that you have bitcoin, the larger the target you make yourself, especially with the rising prices of the cryptocurrencies. In addition to maintaining strong privacy, separating the keys geographically with a multi-signature setup is beneficial. Give each key its own security controls in order to further limit the physical access. This is beneficial as it disincentives attackers, since it will take longer to get to the keys and increases their chances of getting caught in the act. It is also riskier for the attacker to kidnap you and ferry you around to different locations without attracting attention. Moreover, with keys stored in different locations, it will be impossible to simultaneously gain access. Having to first coerce you to reveal the locations creates a roadblock in their plans. 

  • Ransomware and extortion

There is an increase in “big game hunting“. Basically, attackers are upping the ante from low-volume campaigns to high-return attacks. Here, instead of spending lots of time on millions of individuals on the internet, they focus their attention to a handful of businesses and organisations. These cyber-threats force companies to fork out millions in ransom due to their operations being disrupted, in order to save themselves from serious losses. Reports of a cyber-attack incident on a firm can be detrimental to the image that customers have about the business, and attract penalties due to breach-of-privacy and data loss. The attackers then use Bitcoin and other cryptocurrencies as the mode of payment of choice, given their anonymity and irreversibly.

  • Misplacing your private key

Lose your private key and you might as well come to terms with the fact that you’ve lost the funds forever. This is due to the sheer impossibility of cracking a private key. It’s such a long shot that it’s basically like counting to infinity— you never really get there. Why is this?

Let’s get back to the power of big numbers. As mentioned, a private key is a 256-bit number. So, the right key is anywhere between 1 and 2^256, which is 115 quattuorvigintillion (a 78-digit number). If we’re being specific about it:

2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

That’s a really big number: 1.158 x 10^77. For perspective: There is estimated to be 7.5 x 10^18 grains of sand on Earth. In the whole observable universe, there are an estimated 10 x 10^23 stars and 10^78 to 10^82 atoms

Attempting to crack the key would be a wild goose chase, taking more time than is possible to wrap one’s mind around. Let’s draw from a user Coin-1, who crunched numbers on the possibility of cracking one address at a rate of 9 million bitcoin-addresses per second (approximately 223 BTC-addresses per second). Brute-forcing it would take 2160-23 = 2137 seconds—which is over septillion (1024) years, yet the universe itself is only 13.8 billion years old.

As such, it is paramount that you secure your private key. Once it’s lost, it’s irretrievable. Take the story of one James Howells for instance. The Wales IT technician accidentally disposed of his hard drive, which had the private keys to his 7,500 bitcoins. Without a backup of his private keys, he can’t access the cryptocurrency. So today, somewhere out there at a random landfill site, lies a hard disk with over $67 million worth of bitcoin, and he can’t retrieve it. His story is similar to many around the world, with an estimated 20% of all bitcoin having been lost.

  • Market risks

This boils down to the supply/demand cycles of the cryptocurrencies, given their limited nature and manipulation by interested parties. This makes the markets volatile, which is exacerbated by speculative demand—there today, gone tomorrow, and hoarding that affects liquidity. It is common for cryptocurrencies to rise and drop by hundreds and thousands of dollars in a span of hours. 

  • Regulatory and compliance risks

For individual businesses getting into the murky waters of the cryptocurrency world, there will be additional costs when it comes to regulatory risk compliance. There is a keen focus on adherence to anti-money laundering and privacy laws at a business and global level, with numerous checks and balances. Failing to comply with local and state laws will cause the business owners to find themselves getting into the cross-hairs of jurisdictional law enforcement agencies, who will be coming with their own agenda. 

Final thoughts

Cryptocurrency is here to stay. As technology advances and more investments are made in the field, public convenience and acceptance of the asset class with grow. Many of the risks will still be prevalent, hence the need for users to be particularly keen on the security measures they put in place, and the legal requirements that they will need to adhere to as they continue to engage in the handling of the digital assets.