Browse Definitions:

Tor browser

Contributor(s): Matthew Haughn

The TOR (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis. Although Tor is often associated with the darknet and criminal activity, the browser is often used for legitimate reasons by law enforcement officials, reporters, activists, whistle blowers and ordinary security-conscious individuals.

TOR was originally developed by and for the United States Navy to protect sensitive U.S. government communications. While Tor continues to be used by government it is now an open source, multi-platform browser that is available to the public. The browser uses exit relays and encrypted tunnels to hide user traffic within the network, but leaves the end points more easily observable and has no effect beyond the boundaries of the network.

Although TOR is more secure than most commonly-used browsers, it is not impervious to attack. Malware, such as the Chewbacca Trojan, has successfully targeted the TOR network and browser. The FBI has also breached TOR security, in one case, for example tracking threats associated with a bomb hoax at Harvard across the network.   

This was last updated in May 2016

Continue Reading About Tor browser

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

So it was designed by the Navy and then put out into the world as open source. What led to this decision? How do we know it doesn't have some sort of back door in it to catch people who "think" it's secure?


File Extensions and File Formats

Powered by:


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same...

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, ...

  • firewall

    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or...



  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...


  • all-flash array (AFA)

    An all-flash array (AFA), also known as a solid-state storage disk system, is an external storage array that uses only flash ...

  • volume manager

    A volume manager is software within an operating system (OS) that controls capacity allocation for storage arrays.

  • external storage device

    An external storage device, also referred to as auxiliary storage and secondary storage, is a device that contains all the ...


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.