How to Use Tor Browser Safely in India

Most people think Tor is either for criminals or for paranoid tech nerds. That's wrong, and it's been wrong for a long time, and the persistence of that myth does real damage. Tor is a privacy tool. Full stop. It's free, it's legal in India, and the people who benefit most from it aren't hackers — they're journalists, activists, domestic abuse survivors, and ordinary citizens who'd rather not have their ISP log every website they visit.

I want to tell you about my own experience with Tor because I think it illustrates both what the browser can do and where people go wrong with it. I'd been aware of Tor for years but never used it seriously until about eight months ago, when I was researching a story about surveillance practices by Indian ISPs. I didn't want my own ISP to see what I was looking at — not because it was illegal, but because there's something deeply uncomfortable about researching corporate surveillance while being surveilled by the very company you're investigating. So I downloaded Tor, and here's what happened.

Getting Started Was Easier Than Expected

I went to torproject.org and downloaded the browser. That part was straightforward. It's a modified version of Firefox, so the interface feels familiar if you've ever used Firefox. On my Windows laptop, installation took maybe two minutes. I clicked "Connect" and... waited. The first connection took about 15 seconds, which felt long compared to opening Chrome, but that's because Tor was building a circuit — routing my traffic through three separate volunteer-operated relays in three different countries. Each relay only knows the identity of the relay before it and after it, so no single point in the chain knows both who I am and what I'm accessing.

On Android, I installed Tor Browser for Android from the Play Store. Same idea, similar experience. Connection was a bit slower on my Airtel 4G, probably around 20 seconds, but once established, browsing was workable. Not fast by any stretch — Tor isn't designed for speed — but fine for reading articles, checking forums, and researching. The app is available on F-Droid as well if you prefer to avoid the Play Store. iOS is a different story — there's no official Tor Browser for iPhone. The Onion Browser, maintained by a different developer, is the closest equivalent, though it has some limitations compared to the Android version. Apple's restrictions on browser engines mean it can't offer the same level of protection as the desktop or Android versions.

One thing that caught me off guard: Tor Browser looks different from regular browsers by default. It opens in a specific window size (don't change it — I'll explain why later), it doesn't remember your history, and it doesn't save cookies between sessions. Every time you close and reopen it, you start clean. This felt inconvenient at first. After a week, I started to appreciate it. There's something freeing about a browser that doesn't remember who you are.

The Legal Question Everyone Asks

Let me get this out of the way because it comes up every time. Using Tor in India is legal. There is no law — not in the IT Act, not in the DPDPA, not anywhere — that prohibits the use of anonymity tools. The Supreme Court's Puttaswamy judgement in 2017 affirmed privacy as a fundamental right under Article 21 of the Constitution. Using tools that protect your privacy is an exercise of that right.

That said, Tor doesn't make illegal activity legal. If you use Tor to commit fraud, distribute illegal content, or do anything else that's a crime under Indian law, it's still a crime. The tool is neutral. A knife is legal; stabbing someone isn't. Same principle. I mention this because some people worry that merely having Tor installed might draw suspicion. In practice, millions of people worldwide use Tor for perfectly mundane reasons, and Indian law enforcement has bigger concerns than someone who downloaded a privacy browser.

Where I Messed Up Initially

About a week into using Tor, I did something dumb. I opened Tor Browser, navigated to a research site, and then — out of muscle memory — logged into my personal Gmail in another tab. The moment I entered my Google credentials, I'd connected my real identity to my Tor session. Google now knew that the person browsing from that particular Tor exit node was me. If anyone was monitoring that exit node (and some exit nodes are monitored), they'd see the same thing. I'd effectively defeated the entire purpose of using Tor.

This is the most common mistake people make. Tor protects your anonymity only as long as you don't volunteer your identity. Logging into any account tied to your real name — Gmail, Facebook, Instagram, your bank — while on Tor is like wearing a mask and then holding up your Aadhaar card. The mask doesn't help at that point.

After that, I established a hard rule for myself: Tor is for anonymous browsing. If I need to log into something personal, I switch back to my regular browser. The two don't mix. It takes discipline, but once you build the habit, it's automatic.

Things I Learned Not to Do

Over the next few months, I collected a list of Tor mistakes — some from my own experience, some from reading about others'. They're worth sharing because most of them aren't obvious.

Don't maximise the browser window. Tor Browser deliberately opens at a standardised size — 1000x1000 pixels on desktop, roughly. It does this because your window size is one of the data points used in browser fingerprinting. If everyone using Tor has the same window size, that data point becomes useless to trackers. The moment you maximise the window to fill your 1920x1080 screen, you've made your setup slightly more unique. It's a small thing, but anonymity is built on many small things, and each one you compromise narrows the crowd you're hiding in.

Don't torrent over Tor. BitTorrent's protocol leaks your real IP address regardless of what Tor does with your browser traffic. Plus, torrenting eats bandwidth on a network run by volunteers. It's slow, it's risky, and it's inconsiderate to the people donating their server capacity. Just don't.

Don't install additional extensions. Every extension you add to Tor Browser makes your browser more unique and potentially introduces vulnerabilities. The browser comes configured with the security settings it needs. Adding uBlock Origin or some other extension — however good it is in a regular browser — changes your fingerprint and might interfere with Tor's built-in protections. Trust the defaults here.

Don't open documents downloaded through Tor while still connected. PDFs and Word documents can contain resources that load from the internet. If you open a downloaded PDF while online, it might phone home to a server with your real IP address if your regular connection is active alongside Tor. Download what you need, disconnect from the internet, then open the file. It sounds paranoid, but it's a documented attack vector.

The Speed Issue Is Real but Manageable

I won't pretend Tor is fast. It's not. Your traffic is bouncing through three relays across the globe — that adds latency. On my 100 Mbps Airtel Fiber connection, regular browsing gives me maybe 80-90 Mbps. Through Tor, I'm lucky to get 3-5 Mbps. That's plenty for reading text-heavy sites, checking forums, or using lightweight web apps, but you wouldn't want to stream video or download large files over Tor.

The speed varies a lot depending on which circuit you get. Sometimes I'd hit a relay in a congested part of the network and pages would take 10-15 seconds to load. Other times, the circuit would be fast enough that I barely noticed the difference. You can request a new circuit through Tor Browser's interface if you're having a particularly slow session — it's under the padlock icon in the address bar.

For my research purposes, the speed was never a real problem. I was reading articles, not streaming Hotstar. If you're using Tor for what it's meant for — anonymous browsing, not everyday media consumption — the speed is acceptable.

CAPTCHAs, Blocks, and the "Tor Tax"

Something you'll notice quickly when using Tor: a lot of websites don't like you. Cloudflare-protected sites (which is a lot of sites) will frequently show you CAPTCHAs. Some websites will block Tor exit node IPs entirely, showing you an access denied page. Google will demand CAPTCHAs for almost every search. This is what Tor users call the "Tor tax" — the extra friction imposed on you because websites associate Tor traffic with bots, abuse, and suspicious activity.

In the Indian context, I found that most Indian news sites, government portals, and educational resources worked fine over Tor. The problems were mainly with international services — Google, Amazon, Cloudflare-protected sites. For searching, I switched to DuckDuckGo, which works without CAPTCHAs over Tor. DuckDuckGo's results aren't as thorough as Google's, but for most queries they're fine, and not being asked to identify traffic lights every thirty seconds is worth the tradeoff.

Some banking and financial websites will actively block Tor connections, and this is one area where I'd actually agree with the website's decision. Using Tor for banking creates more problems than it solves — your bank might flag the login as suspicious (since it's coming from an exit node in a different country), lock your account temporarily, or trigger additional verification steps. For financial services, use your regular browser on your home connection. Tor is for privacy-sensitive browsing, not for everything.

IRCTC, the Indian Railway's ticket booking site, worked fine over Tor in my testing, though it was slow. Most state government portals loaded without issues. DigiLocker required some patience but functioned. Your experience may vary depending on which exit node you land on — some are faster and less blocked than others.

When Tor Isn't Enough

There are situations where Tor alone doesn't provide sufficient protection. If you're a journalist working on a sensitive investigation, a whistleblower, or someone facing credible surveillance threats, Tor in a regular browser on your everyday laptop has limits. Your operating system itself might leak information — DNS queries outside Tor, background processes phoning home, cached data on your hard drive. Windows is particularly leaky in this regard — it sends telemetry to Microsoft, resolves DNS outside Tor by default, and stores temporary files that could reveal your browsing patterns to anyone who examines the device later.

For those situations, Tails OS exists. It's a live operating system that you boot from a USB drive. It routes all traffic through Tor — not just the browser, everything — and it runs entirely in RAM. When you shut down, it wipes itself. Nothing is written to the computer's hard drive. Pull out the USB, and there's no trace you were ever there. I've used Tails a few times when I needed that level of assurance, and it works well, though it's slower and less convenient than just opening Tor Browser.

Bridges are another tool worth knowing about. If your ISP blocks the Tor network — which hasn't been widespread in India as of early 2026, but has happened in other countries and could happen here — bridges are unlisted Tor relays that let you connect even when the main network is blocked. You can get bridge addresses from bridges.torproject.org or by emailing bridges@torproject.org. Tor Browser has built-in bridge configuration; you just paste in the bridge line during setup.

SecureDrop is worth mentioning for anyone who might need to submit documents to a journalist securely. Several Indian news organisations have SecureDrop instances (The Wire, The Indian Express). It's designed to be accessed through Tor and protects the source's identity from everyone, including the journalist receiving the documents, until the source chooses to reveal themselves.

What Your ISP Sees When You Use Tor

This question comes up a lot: "If I use Tor, can my ISP tell?" The honest answer is yes, your ISP can probably see that you're connecting to the Tor network. The initial connection goes to a known Tor relay, and the IP addresses of public relays are listed in a public directory. Your ISP can see that you connected to one of those IPs. What they can't see is what you did after connecting — the traffic inside the Tor network is encrypted in multiple layers, and your ISP only sees the encrypted connection to the first relay, nothing beyond that.

If even the fact of connecting to Tor concerns you, that's where bridges help. Bridges are unlisted relays, so your ISP doesn't recognise the IP as Tor-related. Combined with a pluggable transport like obfs4 (which makes Tor traffic look like random noise), it becomes very difficult for anyone to tell you're using Tor at all.

In practice, I haven't encountered any issues using Tor on Jio Fiber or Airtel mobile data. No blocks, no throttling, no warnings. India hasn't taken the approach that China or Iran have toward Tor, and as long as the legal framework supports privacy as a fundamental right, there's no reason to expect that to change imminently. But "imminently" isn't "never," and the direction of internet regulation in India is... evolving. New rules get proposed, public comment periods happen, and sometimes things change quickly. It's probably wise to know how bridges work, just in case, even if you don't need them today.

Who Should Use Tor

I don't think everyone needs to use Tor for their daily browsing. It's slower, less convenient, and for most people's threat model — which is mainly ad tracking and data collection — tools like Firefox with uBlock Origin and encrypted DNS are sufficient. But there are situations where Tor is the right tool, and knowing how to use it correctly means you've got it available when you need it.

If you're researching a sensitive health condition and don't want it in your ISP's logs. If you're a student exploring political ideas and don't want that showing up in a future background check. If you're a journalist, a lawyer, an activist, or anyone who handles confidential information. If you're just someone who believes your browsing history is nobody's business. Tor serves all of these use cases. It's been doing so for over two decades, and the network has only gotten stronger with time.

Where all of this goes in the next few years is hard to predict. Tor is adapting — the introduction of Vanguards (which protect against certain relay-based attacks), ongoing improvements to congestion control, and better bridge distribution mechanisms all suggest an active development community. But governments are adapting too, and the balance between surveillance capability and anonymity tools shifts constantly. For now, Tor remains one of the strongest privacy tools available to ordinary people anywhere in the world, India included. Whether that holds indefinitely is something nobody can promise, and anyone who does is selling you more certainty than they actually have.