How to not get caught using Tor

Tor is one of the best tool for online privacy, helping you stay anonymous online. It will cover your identity and make it almost impossible for anybody to find out who you really are. Almost impossible.


1/31/20244 min read

How Tor works?

First thing, we need to understand how Tor Network works. Because the users who got caught were exposed for their own mistakes, not bugs or holes in Tor.

Tor, short for “The Onion Router,” is a free software and web browser designed for anonymous internet browsing and communication. It operates by utilizing a decentralized network of servers positioned globally, each maintained by individual volunteers. This distributed setup makes it challenging for anyone to monitor or trace your online activities.

Due to the anonymity offered by Tor, individuals may employ it to explore the dark web, leading to questions about its safety and legality. In general, utilizing Tor is considered safe. Although some cybercriminals may exploit its anonymity for illicit purposes, it's important to note that Tor itself is legally permissible in the United States.

So, how does Tor work?

  1. After initiating a request, such as visiting a website or sending a message, the Tor browser encrypts the request three separate times using distinct nodes: a guard node, a middle server, and an exit node.

  2. Following the transmission of the request to the guard node, one layer of encryption is removed, and the data is forwarded to the next server. The guard node can see your IP address, yet it remains unaware of the details of your request.

  3. The middle node then removes the second layer of encryption and sends your request to the exit node.

  4. Finally, the exit node removes the last layer of encryption, allowing it to see your request, although it will be unable to identify who requested it.

In simpler terms, Tor employs a series of servers to conceal your identity, making it exceptionally challenging for anyone to pinpoint or monitor a particular user. In reality, the only feasible means of identifying your activity would be if an individual happened to control both the randomly selected guard and exit nodes, a scenario that is highly improbable.

Those who got caught

Bomb threat in California

First guy who got exposed for criminal activity was student in Florida, who had ordered a bomb threat to his school. People used this to get out of exams or just to go home earlier. If it's random person from dark web, making the phone call from other side of the world, it's impossible to track down. Our guy ordered the threat two times already and started bragging about it to his friends.

By the last time, police was able to find out who ordered the threats just by talking to people at the school. Later, after issuing warrant search for his phone, they found evidence on it convicting him of ordering the threats. What the evidence was isn't clearly stated, but after the search our guy confessed.

Hector Monsegur

This hacker, also know as Sabu, was already monitored as founder of the hacking group LulzSec. To communicate with other LulzSec, he was using IRC. By the time, FBI was already collecting every IP address connecting to the IRC. The mistake Monsegur had made is not signing in with Tor - by mistake. And because all Tor exit nodes are public, it's pretty easy to find out if the users is connecting from Tor or clearnet. After that, FBI was able to find out which ISP provided this IP address and got Monsegur's physical address this way.

Ross Ulbricht

Founder of Silk Road, darknet marketplace. The most famous downfall was caused by lot of mistakes Ulbricht has made. Most of them boil down to greed and him wanting Silk Road to become more famous. He advertised his site on several clearnet sites. He also ordered multiple fake IDs, and when he was questioned at the customs, he told them that anybody can order one from Silk Road and someone mailed them to his address.

He also posted on multiple forums under nickname "altoid", talking about Silk Road or Bitcoin backed venture. The biggest mistake was using his personal Gmail account and even mentioning it in the posts. He also created StackOverflow account (website where programmers ask questions) trough Tor - but with his real name. He used this account to get help with his website, how to run it etc.

The FBI started monitoring him, but they were afraid that he would have his computer encrypted, which he had. Feds managed to setup a situation in library where Ross was with his laptop. It's told that undercover agents started an argument and Ross left his computer unattended to resolve it. In a few seconds, feds took his laptop and arrested him.

How to not get caught

Now we're gonna discuss some steps to to not get caught:

  • Use dedicated machine or portable system like Tails (runs only on RAM, not saving anything)

  • Use Tor bridges to connect - hide the fact that you're connecting to Tor network

  • When you type in something on darknet websites, type it into notebook and then copy paste it (keyboard type can expose you, also typing speed and style)

  • Don't maximize the window with Tor - this will uncover your monitor resolution and more, keep the default size of the window

  • Obtain Bitcoin, then swap it to Monero

  • Tor activity stays on Tor

  • Don't use Tor and clearnet at same time

  • Don't brag about what you do

  • Don't use accounts that you didn't register on Tor

  • If you wanna buy something, got to this YT guide


Tor is still best tool to stay anonymous online, but you need to learn how to use it properly. If you wanna do more than browsing Tor, I suggest you to do your own research.

You can subscribe to my newsletter to get updates or follow me on Twitter.

Be Sovereign.

Not only online.

Marconius Solidus.

Subscribe to my newsletter

You'll also receive FREE E-book, where you will learn how to protect your email against data leaks, spam and unwanted newsletters.