There’s no single tool that makes you anonymous online. You need layers. A no-log VPN hides your IP address from your ISP and the sites you visit. The Tor Browser routes your traffic through multiple relays so no single node knows both who you are and where you’re going. And then there’s digital hygiene, the habits that prevent you from accidentally doxxing yourself through metadata, reused passwords, or careless search queries.
Why anonymity matters more than you think
"Privacy is important" is vague enough to mean nothing. Here's what's actually happening: your ISP logs every site you visit. Advertisers build profiles from your searches. Data brokers package it all up and sell it to anyone willing to pay.
The consequences go beyond creepy ads. Data breaches dump your personal details onto the dark web. Some retailers charge different prices based on your location. And the knowledge that you're always being watched has a chilling effect on what you're willing to say or search for.
What your digital footprint actually contains
Your digital footprint is the sum of every data trail you leave online:
- Social media posts, likes, shares, and location tags
- Browsing history, including time spent on each page
- Purchase history, wishlists, and abandoned carts
- GPS and location data from your phone’s apps
Data brokers collect this, package it, and sell it without asking. You don’t need to be doing anything shady to care about this. Most people have legitimate reasons to limit who can see their data, whether it’s avoiding price discrimination, preventing identity theft, or just not wanting their search history sold to advertisers.
The three layers of online anonymity
Anonymity comes from stacking tools, not relying on any single one. Here's what each layer does:
| Tool | Primary Function | Best For |
|---|---|---|
| No-Log VPN | Encrypts traffic & masks your IP address. | Everyday browsing, hiding your IP from ISP and websites. |
| The Tor Network | Routes traffic through multiple volunteer-run relays. | Sensitive research, whistleblowing, journalism in hostile countries. |
| Hardened Browser | Blocks trackers, scripts, and fingerprinting. | Reducing data leakage to websites you visit daily. |
None of these tools is perfect on its own. Together, they make tracking you far more difficult than most adversaries are willing to bother with.
Using a VPN to hide your IP address
A VPN is the easiest first step. Without one, your ISP can see every site you visit, and every website you land on can see your real IP address, which roughly pinpoints your location.
A VPN routes your traffic through an encrypted tunnel to a remote server. Your ISP sees gibberish. The website sees the server's IP, not yours. Two problems solved at once.
What to look for in a VPN
Ignore "military-grade encryption" marketing. The features that actually matter:
- No-logs policy: The provider stores nothing about your activity. Look for services that back this up with independent third-party audits, not just a promise on their website.
- Kill switch: If the VPN connection drops, your internet cuts off too. Without this, a brief disconnection can leak your real IP address.
- Modern protocols: WireGuard is fast and secure. OpenVPN is older but well-audited and widely supported. Avoid anything offering only PPTP or L2TP.
The VPN client on your device creates an encrypted connection to the VPN server, which then forwards your traffic to its destination. Anyone watching your local network sees only encrypted data going to a single IP address.
Why jurisdiction matters
Where a VPN company is legally based affects what governments can force them to do. Providers in 5/9/14 Eyes countries (US, UK, Canada, Australia, and others) can be compelled to hand over user data or start logging.
VPN providers based in Panama, Switzerland, or the British Virgin Islands operate outside these intelligence-sharing alliances, which is why privacy-focused services tend to incorporate there.
When a VPN matters most
Public Wi-Fi at cafes, airports, and hotels is where a VPN is most critical. These networks are unencrypted, and anyone on the same network can potentially intercept your traffic. A VPN encrypts everything before it leaves your device, so even on a compromised network, your passwords and financial data stay protected. See our guide on the best VPN for public wifi for specific recommendations.
How the Tor network provides deeper anonymity
A VPN hides your IP from websites, but the VPN provider itself can still see your traffic. For situations where that's not good enough, the Tor network takes a fundamentally different approach.
Tor (The Onion Router) bounces your connection through at least three volunteer-run servers called relays. Each relay only knows the address of the relay before it and after it. The entry relay knows your IP but not your destination. The exit relay knows the destination but not your IP. No single relay has the full picture. This is onion routing.
When to use Tor (and when not to)
Tor is slow. The multi-hop routing adds latency, so don’t expect to stream video or download large files through it. It’s a tool for when anonymity matters more than speed:
- Journalists researching sensitive stories or communicating with sources
- Activists organizing in countries with state surveillance (China, Iran, Belarus)
- Whistleblowers submitting documents through platforms like SecureDrop
By the time your traffic exits the Tor network, its origin is lost across multiple encrypted hops. No single relay can connect your identity to your destination.
How to use the Tor Browser safely
The Tor Browser is a modified Firefox, pre-configured to connect to the Tor network. Download it only from the official Tor Project website:
Downloading from third-party sites risks getting a tampered version with built-in surveillance. Always verify the download.
Once launched, the browser connects to the Tor network automatically. If you want to hide the fact that you're using Tor from your ISP, connect to a VPN first, then open the Tor Browser. For most people, the browser alone is sufficient.
Tor is not the dark web
Tor is a tool. The dark web is a set of sites only accessible through Tor (or similar networks). Tor lets you access .onion sites, but it also works for regular websites. Most Tor users are accessing normal sites privately, not browsing illegal marketplaces.
Using the Tor Browser is legal in most countries. What matters is what you do with it, not that you’re using it.
Hardening your browser against tracking
A VPN and Tor handle network-level privacy. Your browser handles everything else: cookies, trackers, scripts, and fingerprinting. Default browser settings are optimized for convenience, not privacy.
Browser fingerprinting is worth understanding specifically. Even without cookies, websites can collect your screen resolution, installed fonts, browser version, and other details to build a unique profile that identifies you across sites. Blocking this requires deliberate configuration.
Firefox settings to change right now
Firefox offers the best balance of usability and privacy for a daily driver. Three settings to change immediately:
- Enhanced Tracking Protection - set to "Strict." This blocks social media trackers, fingerprinters, cryptominers, and cross-site cookies.
- Default search engine - switch to DuckDuckGo. Your search history stops being logged and tied to your Google account.
- Cookies and site data - set to delete when you close the browser. Every session starts clean.
One thing people miss: DNS traffic. Even with a VPN, your browser might send DNS queries through an unencrypted channel, revealing which sites you visit. Our guide on how to prevent DNS leaks covers how to fix this.
Three extensions worth installing
- uBlock Origin - a wide-spectrum content blocker. It stops ads, trackers, and malware domains from loading. Pages load faster as a side effect.
- Privacy Badger - built by the EFF, it learns which third-party domains track you across sites and blocks them automatically.
- HTTPS Everywhere - forces encrypted HTTPS connections wherever available. Especially useful on public Wi-Fi where unencrypted traffic can be intercepted.
Together, these make your browser a much harder target for cross-site tracking. Most trackers rely on cookies and scripts that these extensions block by default.
Privacy-first browsers
If you don't want to configure Firefox manually, Brave is a reasonable alternative. It's Chromium-based (same engine as Chrome) but ships with built-in ad/tracker blocking, HTTPS upgrades, and fingerprinting resistance enabled by default.
Browser comparison
| Browser | Built-in Ad Blocker | Tracker Protection Level | Unique Feature |
|---|---|---|---|
| Brave | Yes, aggressive | High (blocks scripts) | Brave Rewards system for viewing privacy-respecting ads. |
| Firefox | No, requires add-on | High (with Strict Mode) | Highly customizable with a massive library of add-ons. |
| Tor Browser | Yes, multi-layered | Extreme (via Tor network) | Routes traffic through the Tor network for maximum anonymity. |
All three are far better than Chrome with default settings, which does almost nothing to prevent tracking.
Digital hygiene: the habits that actually matter
Tools help, but habits are where most people fail. You can run Tor through a VPN and still get deanonymized by logging into your personal Gmail, posting a photo with GPS metadata, or reusing a username across accounts.
Pseudonyms and compartmentalization
If you need an anonymous presence online, create a pseudonym with zero connection to your real identity. That means a separate email (Proton Mail or Tutanota, both of which offer encrypted email without requiring personal details to sign up), separate usernames, and separate browsing profiles.
Never pay for anything tied to your anonymous identity with a credit card or PayPal. Those create a paper trail that links directly back to you. Use your alias consistently. The moment you cross-contaminate (log into your real email from the same browser session, for example), the compartmentalization breaks down.
Switch your search engine
Google logs every query you make and ties it to your account. Your search history reveals your health concerns, political views, financial situation, and personal interests. That data gets used for ad targeting and can be subpoenaed.
DuckDuckGo doesn't store your queries, log your IP, or track you across sites. The search results are the same for everyone, which also means you avoid the "filter bubble" where Google shows you what it thinks you want to see based on your history.
Strip metadata from your files
Every photo, document, and PDF contains metadata (EXIF data for images). This can include:
- Date and time the file was created
- Device model (e.g., iPhone 15 Pro, Canon EOS R5)
- GPS coordinates of where a photo was taken
- Author name and software version for documents
Sharing a file without stripping metadata can reveal your location and identity. Use a metadata stripping tool (ExifTool, mat2, or even the built-in "Remove Properties" in Windows) before uploading anything you want to keep anonymous.
Encrypted messaging
SMS and regular email are unencrypted. Your carrier, email provider, and anyone with a warrant can read them. For private conversations, use an end-to-end encrypted messaging app.
Signal is the standard here. It’s open-source, collects minimal metadata, and encrypts messages so that only the sender and recipient can read them. Signal can’t hand over your messages to law enforcement because they don’t have access to the content in the first place.
Also consider device-level encryption. If your laptop or phone gets stolen, full-disk encryption (BitLocker on Windows, FileVault on Mac) prevents anyone from reading your data without your password.
If you have multiple devices, look for a VPN that supports simultaneous connections so you can cover your laptop, phone, and tablet under one subscription. Our guide on the best VPN for multiple devices covers the options.
Account security: the part most people skip
None of the tools above help if someone gets into your accounts because of a weak password. A compromised email account can unravel your entire anonymity setup, since password resets for everything else go through email.
Use a password manager
If you're reusing passwords across sites (even slight variations of the same one), a breach at any one of those sites gives attackers access to all of them. This attack is called "credential stuffing," and it's one of the most common ways accounts get compromised.
A password manager generates a unique, random password for every account and stores them in an encrypted vault. You remember one master password. The manager handles everything else, including auto-filling logins. Bitwarden, 1Password, and KeePass are solid options.
Enable two-factor authentication (2FA)
Passwords get stolen. Two-factor authentication means a stolen password alone isn't enough to get in. You need something you know (password) and something you have (a code or physical key).
The three levels, from weakest to strongest:
SMS codes: Common but vulnerable. Attackers can port your phone number through "SIM swapping" and intercept the codes. Better than nothing, but just barely.
Authenticator apps: Authy or Google Authenticator generate time-based codes on your device. Not tied to your phone number, so SIM swapping doesn't work.
Hardware security keys: A YubiKey or similar USB device that you physically tap to approve a login. Phishing-resistant and the strongest option available to consumers.
Enable 2FA on your email first (that's the account everything else depends on), then banking, social media, and your password manager.
Exercise your right to data deletion
Europe's GDPR and California's CCPA give you the legal right to demand companies delete your data. Even if you've been careful going forward, old accounts from years ago can still hold personal data that ties back to your real identity.
Go through your old accounts, request data deletion where possible, and close accounts you no longer use. It's tedious, but it permanently reduces your exposure.
FAQ
Should I use a VPN and Tor together?
The main reason to do this is to hide the fact that you’re using Tor from your ISP. In countries where Tor traffic gets flagged (China, Iran, Russia), connecting to a VPN first makes your Tor usage invisible to your ISP.
For most people, Tor alone is sufficient. Adding a VPN introduces another party you have to trust, and misconfiguring the setup can actually reduce your anonymity. Keep it simple unless your specific situation requires the extra layer.
Can I be 100% anonymous online?
No. Every action online creates some trace. The realistic goal is to make tracking you expensive and time-consuming enough that it's not worth it for advertisers, data brokers, or casual snoops. State-level adversaries with unlimited resources are a different category, and defending against them requires operational security beyond what most people need.
The tools in this guide make you anonymous enough to defeat the surveillance that affects most people: ISP logging, cross-site tracking, data broker profiling, and opportunistic snooping.
Are free VPNs safe?
Generally, no. Running a global VPN server network is expensive. If the service is free, the revenue comes from somewhere, and it's usually your data. Free VPNs have been caught:
- Logging user browsing data and selling it to third parties.
- Injecting their own ads directly into your web traffic.
- Bundling malware or trackers right into their software.
A paid VPN with an independently audited no-logs policy costs a few dollars a month. That's a reasonable price for not having your browsing data sold.
Does incognito mode make me anonymous?
No. Incognito mode stops your browser from saving history, cookies, and site data on your local device. That's it. Your ISP, the websites you visit, your employer, and your school can all still see your traffic. Incognito protects you from someone who uses your computer after you, not from the internet.
Tegant VPN offers WireGuard and V2Ray protocols with a strict no-log policy. Available on iPhone, Android, Mac, and Windows.