Onion Routing Explained: How Tor Hides Traffic
Onion routing encrypts data in three layers through three relays so no node sees both source and destination. A clear explanation of how Tor's anonymity works.
Onion routing is a technique for anonymous network communication where data is encrypted in multiple layers and routed through a sequence of relays. Each relay removes one layer of encryption to learn only the next hop — never the full path. No single node knows both the origin and the destination of the traffic. The technique was invented in the mid-1990s at the U.S. Naval Research Laboratory by researchers Paul Syverson, Michael G. Reed, and David Goldschlag, and it remains the core mechanism behind Tor Browser.
The Three-Hop Circuit
When you launch Tor and request a page, the Tor daemon on your device builds a circuit through three relays drawn from a pool of roughly 7,000 volunteer-operated nodes (as of early 2026, per Tor Project metrics).
The three positions in the circuit each see different slices of information:
| Relay Position | Knows Your IP? | Knows Destination? |
|---|---|---|
| Entry guard | Yes | No |
| Middle relay | No | No |
| Exit relay | No | Yes |
The entry guard (also called the guard relay) knows your real IP address because it accepts the initial connection from your machine. It doesn't know what site you're visiting. The exit relay makes the final connection to the destination on your behalf — it knows the destination URL but has no way to determine your real IP. The middle relay is the most isolated node: it sees only the IP of the entry guard before it and the IP of the exit relay after it.
That three-node separation is what makes traffic correlation difficult. An observer watching your ISP connection sees traffic entering the Tor network. An observer watching the destination sees traffic leaving from an exit relay in, say, Germany. Without controlling both endpoints simultaneously — and correlating timing and volume — those two observations can't be linked.
How Traffic Is Encrypted
Before your device sends any data into the circuit, it negotiates encryption keys with all three relays during a process called the Tor handshake. Three separate keys are established: one for each relay.
Your data is then encrypted three times, in reverse order — exit relay's key applied first, then middle relay's, then entry guard's. The result is three concentric layers of encryption leaving your machine.
As the message travels:
- Entry guard decrypts its outer layer. Sees: middle relay address. Sees nothing else.
- Middle relay decrypts the next layer. Sees: exit relay address. Sees nothing else.
- Exit relay decrypts the final layer. Sees: destination address and your actual request.
The exit relay then contacts the destination on your behalf. Responses travel back through the same circuit in reverse, re-encrypted at each hop.
If the destination uses HTTPS — which it should — the exit relay sees encrypted TLS traffic, not plaintext content. The exit relay knows you're connecting to example.com but cannot read the content of the exchange. This is why Tor Browser enforces HTTPS-Only mode by default.
Hidden Services (.onion)
Standard web browsing through Tor routes traffic to a regular destination via the exit relay. Hidden services — .onion addresses — work differently. Neither the client nor the server uses an exit relay.
Instead, both parties build separate Tor circuits toward a rendezvous point — a relay chosen by the client and communicated to the server via an introduction point. When both circuits connect at the rendezvous point, a 6-hop circuit is established: three hops from the client, three from the server.
The server's real IP address is never exposed to the client, and the client's real IP is never exposed to the server. The Tor network mediates the connection entirely.
This architecture is what makes .onion services categorically different from VPN-protected servers: the server location is hidden by design, not just obscured behind a proxy.
Weaknesses and Known Attacks
Onion routing is not without limitations. Researchers have documented several classes of attacks since Tor's public release in 2004.
Traffic analysis and timing correlation. An adversary controlling both the network link at the client's end and the network link at the destination's end can correlate traffic volume and timing to de-anonymize a circuit. This is the "global adversary problem" — it requires large-scale passive surveillance capability. Realistically, this is a nation-state-level capability. Academic research by Roger Dingledine, Nick Mathewson, and Paul Syverson (the original Tor design paper, 2004) acknowledged this limitation directly.
Exit node monitoring. A malicious exit relay can observe unencrypted HTTP traffic and perform man-in-the-middle attacks on unencrypted connections. Using HTTPS eliminates most of this risk. Tor Browser's HTTPS-Only mode is the practical mitigation.
Long-lived circuit reuse. Holding a single circuit open for a long session builds a traffic pattern. Tor rotates circuits every 10 minutes for non-hidden-service connections by default, but a persistent session can still create correlatable patterns.
Browser-side attacks. Vulnerabilities in the browser layer — not the Tor protocol itself — have historically been the most reliable attack vector against Tor users. Malicious JavaScript, malformed media files, and WebRTC leaks have all been exploited in the past. Tor Browser's sandboxing and NoScript defaults exist specifically to reduce this attack surface.
For how Tor compares to a VPN on a practical threat model, and for I2P's different routing approach which uses garlic routing instead of onion circuits, see the linked comparisons.
Frequently Asked Questions
What is the difference between onion routing and a VPN?
A VPN encrypts your traffic to a single provider server. One entity — the VPN provider — sees all your traffic, knows your IP, and knows your destinations. Onion routing distributes that knowledge across three independent relays. No single relay sees both ends of your connection. Tor is slower and more complex, but it doesn't require trusting any single organization.
How many relays does Tor use?
For standard browsing, three: entry guard, middle relay, exit relay. For hidden service (.onion) connections, six: three from the client side and three from the server side, meeting at a rendezvous relay.
Can onion routing be defeated?
The protocol itself has not been cryptographically broken. Practical attacks rely on either (a) controlling enough of the network to perform traffic correlation — a nation-state capability — or (b) exploiting the browser or application layer rather than the Tor network itself. For most adversaries, those attacks are not feasible. For targeted national security investigations with large surveillance infrastructure, they may be.
Why is it called "onion" routing?
The name comes from the layered encryption structure. Data is wrapped in encryption layers — one per relay — in the same way an onion has concentric layers. Each relay peels one layer, revealing only the next hop, until the innermost layer reaches the exit relay, which contacts the destination.