The term “onion download” reflects a common misunderstanding about how Tor and onion services work. You cannot download a .onion site the way you download a file, and you do not download “an onion” to browse privately. What you need is Tor Browser, the software that lets you access .onion addresses. This article clarifies what onion services are, how to obtain Tor Browser properly, and why verification matters.
What .onion Addresses Are
Onion services use the special-use top level domain .onion and are only accessible through the Tor network. The addresses ending in .onion consist of 16 or 56 alphanumeric characters for V2 and V3 onion services, based on a public cryptographic key. These addresses are not registered with traditional domain name systems. They are cryptographic hashes based on public keys, and when you connect, the Tor network takes the hash, decrypts it using the public key, and connects to the service.
Onion services are services like websites that are only accessible through the Tor network, with their location and IP address hidden, making it difficult for adversaries to censor them or identify their operators. Journalists use onion services to protect sources. Activists use them to bypass censorship. Organizations like the BBC and ProPublica operate onion mirrors of their websites.
The architecture is not about secrecy for its own sake. The onion service hides itself behind the Tor network by only allowing access through three introduction points that it connects to through a three-hop Tor circuit. This design prevents network observers from linking service operators to their infrastructure, and users to the services they access.
Why You Cannot Download an Onion
A .onion address is not a file. It is a network location, reachable only through Tor’s routing protocol. When someone searches for “onion download,” they usually mean one of three things: downloading Tor Browser to access .onion sites, trying to open a .onion link they encountered, or attempting to download a file hosted on an onion service.
If you have a .onion address and try to open it in Chrome, Firefox, or Safari, it will fail. Regular browsers do not understand the .onion protocol. Users require special browsers such as Tor to access sites with .onion domain extensions. On iOS, the Tor Project encourages users to try Onion Browser, an independent implementation that routes traffic through Tor.
If you are trying to download a file from an onion service, you access the .onion address in Tor Browser, navigate to the file, and download it the same way you would from any website. The file itself is not special; the routing is.
How to Download Tor Browser
The official download page is torproject.org/download. Tor Browser is available for Windows, macOS, Linux, and Android. At present, the browser is available for these platforms. For iOS, Onion Browser is the recommended option, as Tor Browser itself is not available due to Apple’s restrictions on routing engines.
Tor is completely free to download, install, and use, and the open source is also available for no charge. The software is maintained by the Tor Project, a nonprofit organization. Tor Browser is based on Firefox, with modifications that enforce privacy defaults and integrate the Tor routing layer.
Download only from torproject.org. Third-party mirrors and repackaged versions present a verification problem. Many malicious versions of Tor Browser have circulated, bundled with spyware or modified to defeat anonymity protections. If you cannot access torproject.org directly due to censorship, use the GetTor service, which delivers Tor Browser via email or other channels.
Verifying Your Download
Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with. Every file on the Tor Project download page includes a signature file. These .asc files are OpenPGP signatures that allow you to verify the file you downloaded is exactly the one the developers intended you to get.
To verify a download, you need the installer file and the corresponding .asc signature file. You will need to download the .asc signature file as well as the installer file itself, and verify it with a command that asks GnuPG to verify the file that you downloaded. The Tor Project website provides step-by-step instructions for each operating system.
On Windows, this typically involves installing Gpg4win, importing the Tor Browser signing key, and running a verification command from the command prompt. On macOS and Linux, GnuPG is usually already installed. If the command output shows a “Bad signature” warning, users should immediately delete both the Tor Browser installer package and signature file, then repeat the sourcing and verification steps.
Verification is not optional if you care about the threat model that brought you to Tor in the first place. A tampered Tor Browser can log every site you visit, every password you enter, and every document you access. If you are a journalist communicating with a source, an activist evading state surveillance, or a researcher investigating sensitive topics, verification is the step that prevents compromise.
Installing and Connecting
Installing the software is straightforward: once the relevant file has been downloaded, execute it and it will extract the browser into a folder of its own, then simply run the browser and you will be ready to go. On first launch, Tor Browser will ask if you want to connect directly to Tor or configure a bridge.
If Tor is blocked in your country, you will need a bridge. Bridges are Tor relays not listed in the public directory, making them harder for censors to identify and block. If you are in a country where Tor is blocked, you can configure Tor to connect to a bridge during setup, and if Tor is not censored, one of the most common reasons Tor will not connect is an incorrect system clock. Tor’s cryptographic operations depend on accurate time; a clock off by more than a few hours will prevent connection.
Once connected, you can enter any .onion address in the address bar, or access regular websites with Tor routing. When accessing a website that uses an onion service, Tor Browser will show in the URL bar an icon of an onion displaying the state of your connection: secure and using an onion service. This indicator confirms that you are using an end-to-end encrypted onion circuit, not merely Tor exit routing to a clearnet site.
What Tor Browser Does and Does Not Do
Tor achieves anonymity by encapsulating data in layers of encryption and transiting data over at least three nodes. Each node is aware of its neighbors, such as the data’s source or final destination, but no node is ever aware of both the source and destination of the data. This prevents any single relay operator, or any network observer watching a single relay, from linking you to your destination.
Tor Browser includes additional protections beyond Tor routing. Tor Browser already comes with HTTPS-Only mode, NoScript, and other patches to protect your privacy and security. It resists fingerprinting by making all users look similar: same window size, same fonts, same behavior. It isolates each site into its own circuit to prevent correlation.
What it does not do is protect you from your own operational errors. If you log into a personal account while using Tor, that account is now linked to your Tor activity. If you download a PDF and open it in an external viewer that makes network requests, those requests may bypass Tor. Tor Browser will block browser plugins such as Flash and RealPlayer as they can be manipulated into revealing your IP address, and additional add-ons or plugins may bypass Tor or compromise your privacy.
The browser is designed for low-bandwidth activities like emails and browsing the web, and high-bandwidth efforts such as gaming and streaming are not recommended. Tor’s multi-hop routing adds latency. It is not a performance optimization; it is a trade-off for metadata protection.
Onion Services for Email
Email services operate onion mirrors for users who require both transport anonymity and content encryption. All traffic between Tor users and onion services is end-to-end encrypted, so you do not need to worry about connecting over HTTPS. However, HTTPS over onion services is still recommended for defense in depth, particularly when handling TLS certificate validation and securing against malicious exit relays if users accidentally access clearnet mirrors.
Accessing email via an onion address does not automatically encrypt your messages. PGP encryption remains necessary if you want content protection, not just transport protection. Onion routing hides who is talking to whom; PGP hides what they are saying. Both layers serve different purposes and are not substitutes for each other.
For users interested in post-quantum security in addition to Tor anonymity, PQCServer integrates quantum-resistant cryptographic algorithms into email workflows. Available under the AGPL-3.0 license at github.com/onion-search-engine/pqcserver, it allows encryption that resists both classical and quantum cryptanalysis. Combining Tor routing with post-quantum encryption addresses both present and future threat models.
What Onion Services Do Not Guarantee
Onion services provide location hiding and metadata protection. They do not provide content moderation, uptime guarantees, or protection against the service operator. If you access a malicious onion service, it can serve you malware, phishing pages, or exploits the same way a malicious clearnet site can.
The address of an onion service is automatically generated, and because of the cryptography involved, the .onion URL lets Tor ensure that it is connecting to the right location and that the connection is not being tampered with. This cryptographic binding prevents DNS hijacking and BGP attacks, but it does not tell you whether the service you are connecting to is trustworthy.
Reputation systems for onion services are primitive. Darknet markets maintained escrow and feedback mechanisms, but most onion services do not. Verify onion addresses through multiple channels before trusting them. A .onion address published on a compromised forum is not trustworthy. An address published by a journalist over a verified clearnet site, signed with their PGP key, is more credible.
Common Misunderstandings
Tor does not make you completely anonymous. It makes certain kinds of traffic analysis much harder. If you are the only Tor user in a small town, and an onion service sees one visitor during a narrow time window, correlation is possible. If your writing style, timezone, or reference to local events reveals your location, Tor has not failed; operational security has.
Tor Browser does not grant access to a separate “dark web” internet. The browser is not primarily intended for the deep web; deep web is not the same as darknet, and this browser is for accessing onion services, the well-known darknet or dark web. The term “dark web” is imprecise. Onion services are part of the same internet, routed through Tor. Some are mirrors of clearnet sites. Some are services that exist only as onion addresses. The distinction is in routing, not in content type.
Finally, using Tor is not illegal. It is not in itself illegal to use the browser, however doing so may potentially leave the user open to suspicion, as the browser can be used to commit illegal acts online. Many people use Tor for ordinary browsing, research, or to evade corporate tracking. The tool is neutral; the use case defines the risk.
Verification as a Baseline Discipline
If you do not verify your Tor Browser download, you are trusting your network path, your DNS resolver, any intermediate proxies, and the integrity of every CDN or mirror between you and the Tor Project. That trust is not warranted in a threat model that requires Tor in the first place.
Signature verification takes five minutes the first time, two minutes thereafter. It is not optional. The same discipline applies to PGP key verification, server fingerprint checking, and software update validation. These steps are not paranoia; they are hygiene.