How does Tor prevent websites from linking my activity to my IP address?
Executive summary
Tor prevents websites from learning your home IP by routing your traffic through a sequence of volunteer relays and by packaging sites as onion services that hide server IPs; the destination site therefore sees the IP of the Tor exit relay (or an .onion rendezvous) rather than your real address [1] [2]. Tor Browser also isolates sites, clears cookies at session end, and blocks plugins that could leak an IP [3] [4]. Available sources do not mention every possible advanced deanonymization technique or specific law‑enforcement breaches in technical detail; reporting notes such incidents without full technical disclosure [5].
1. How Tor’s circuit routing breaks the direct IP link
Tor builds a three‑hop circuit through volunteer relays so that no single relay knows both who you are and what site you visit: your client encrypts traffic in layers and sends it through an entry (guard), middle, and exit relay; the exit relay makes the final connection to clearnet websites, so the website sees the exit relay’s IP, not your IP [1] [2].
2. Why .onion services remove the exit‑relay exposure
When you use an onion (”.onion”) address, the connection never leaves the Tor overlay: Tor’s rendezvous and introduction protocol connects client and service inside the network, so the site is identified by an onion address rather than a network IP and the server’s real location remains hidden [2].
3. Browser‑level protections against linkage and tracking
Tor Browser is hardened to reduce browser‑side leaks: it isolates each website to prevent cross‑site tracking, clears cookies and browsing history after a session, includes HTTPS‑Only and NoScript features, and blocks risky plugins that historically could reveal a real IP [3] [6] [4].
4. What Tor does not automatically protect and common pitfalls
Tor only protects traffic that is correctly routed through it; other applications or misconfigured software on your machine can send traffic outside Tor and expose your IP [4]. Mobile or third‑party Tor clients sometimes fail to force all requests through Tor (Onion Browser and WebKit limitations are cited), which can leak an IP via WebRTC or media streams [7].
5. Operational security (OpSec) remains decisive
The Tor Project and privacy guides stress user behavior: installing extra browser extensions, opening downloaded documents, using torrent clients, or logging into personal accounts can undo anonymity and directly link activity to you [4] [8]. Guides recommend desktop Tor Browser (or Whonix/Qubes setups for high threat models) and avoiding plugins to maintain the protections Tor provides [7] [8].
6. Real‑world de‑anonymization and limits reported by others
Journalistic and security reporting note that Tor is strong but not perfect: law enforcement operations and targeted surveillance have de‑anonymized some users after prolonged monitoring or exploiting weaknesses—reporting mentions German law enforcement de‑anonymization cases, underlining limits when adversaries control or observe many relays or exploit client mistakes [5]. Reviews and explainers repeatedly warn Tor offers strong anonymity “to a certain degree” but not absolute immunity [9] [10].
7. Practical takeaways for users who want to avoid IP linkage
Use the official Tor Browser, don’t add extra plugins, don’t torrent over Tor, avoid opening documents that may contact the internet, and prefer .onion services when possible; for very high‑risk uses, combine Tor with hardened OS setups recommended by privacy experts [6] [8] [7]. Tor will hide your IP from visited websites by design, but misconfiguration or unsafe habits frequently create the actual failures [3] [4].
Limitations: reporting in these sources documents both Tor’s design and real‑world failures but does not provide exhaustive technical proofs of every deanonymization vector; available sources do not give full technical disclosure of specific surveillance toolchains used in law‑enforcement operations [5].