Skip to main content

Tor Network Integration

Trezor Suite integrates Tor (The Onion Router) to protect user privacy by anonymizing network traffic and masking IP addresses from third parties.

What is Tor?

Tor is a privacy network that anonymizes internet traffic:

IP Masking

Hides your real IP address from servers

Traffic Encryption

Encrypts data through multiple relay nodes

Censorship Resistance

Bypasses network restrictions and firewalls

Location Privacy

Prevents geographic tracking

How Tor Works in Suite

Suite can route all network traffic through Tor:
1

Tor Service

Desktop: Built-in Tor binary Web: Use Tor Browser or local Tor proxy
2

Circuit Building

Tor establishes encrypted path through relay nodes
3

Traffic Routing

All Suite network requests routed through SOCKS5 proxy
4

Identity Isolation

Different circuits for different services

Enabling Tor

Desktop Application

Built-in Tor support:
  1. Go to Settings → General
  2. Toggle “Enable Tor”
  3. Wait for Tor to bootstrap (30-60 seconds)
  4. Status indicator shows connection

Web Application

Requires external Tor:
1

Install Tor

Download and install Tor Browser or Tor daemon
2

Configure Proxy

Suite auto-detects local Tor at 127.0.0.1:9050
3

Enable in Suite

Settings → General → Enable Tor
4

Verify Connection

Check status indicator shows “Connected”
When using Tor Browser, access Suite at the .onion address for end-to-end onion routing.

Tor Status States

Suite displays current Tor connection status: 
type TorStatus = 
  | 'Disabled'      // Tor not enabled
  | 'Enabling'      // Starting Tor service
  | 'Bootstrapping' // Building circuits (0-100%)
  | 'Connected'     // Fully connected and routing
  | 'Error'         // Connection failed
  | 'Misbehaving';  // Tor process issues

Status Indicator

Visual feedback in Suite UI:
StatusIconColorMeaning
DisabledGrayTor off, direct connections
EnablingYellowStarting Tor
BootstrappingYellowBuilding circuits (0-100%)
ConnectedGreenTor active, traffic anonymized
ErrorRedConnection failed

Tor Controller

Manages Tor process and circuits: 
interface TorController {
  // Start Tor service
  start(): Promise<void>;
  
  // Stop Tor service
  stop(): Promise<void>;
  
  // Get current status
  getStatus(): TorStatus;
  
  // Request new identity (circuit)
  requestIdentity(): Promise<Identity>;
  
  // Set bridge configuration
  setBridges(bridges: string[]): Promise<void>;
  
  // Get bootstrap progress
  getBootstrapProgress(): number;
}

Identity Management

Create isolated circuits for different operations: 
// Request new Tor circuit
const identity = await torController.requestIdentity();

// Use identity for specific request
const response = await fetch(url, {
  agent: createProxyAgent({
    host: '127.0.0.1',
    port: 9050,
    auth: identity.credentials,
  }),
});

// Different identity for different service
const identity2 = await torController.requestIdentity();
// This uses completely different circuit

Onion Services

Suite available as hidden service:

.onion Address

Access Suite through Tor network: 
suite.trezor.io → [Tor .onion address]

Benefits

Traffic encrypted from browser to Suite server, no exit nodes involved
Onion services don’t use exit nodes, eliminating that trust requirement
Cannot be blocked by IP address filtering
Server location completely hidden

Tor with Blockchains

Blockchain connections can use Tor:

Custom Backends

Route blockchain requests through Tor: 
// Configure custom backend with .onion address
const backend = {
  coin: 'btc',
  url: 'http://[onion-address].onion',
  tor: true, // Route through Tor
};

Default Backends

Trezor operates Tor-enabled blockbook instances:
  • BTC: Onion address for Bitcoin blockbook
  • Other coins: Similar onion endpoints
  • Automatic routing when Tor enabled

Privacy Benefits

Query Privacy

Blockchain servers cannot see your real IP

Balance Privacy

Account queries not linked to your location

Transaction Privacy

Broadcasting transactions anonymously

Discovery Privacy

Account discovery doesn’t reveal identity

Tor Bridges

Bypass Tor blocking in restricted networks:

Bridge Types

Obfuscated bridges that look like random traffic
obfs4 [IP]:[port] [fingerprint] cert=[cert] iat-mode=0

Configuring Bridges

In Desktop application:
1

Open Tor Settings

Settings → General → Tor section
2

Enable Bridges

Toggle “Use bridges”
3

Add Bridge Addresses

Paste bridge lines obtained from torproject.org
4

Reconnect

Tor will restart with bridge configuration

Performance Considerations

Speed Impact

Tor routing affects performance:
OperationNormalWith TorImpact
Page loadFastSlower2-5x
Blockchain syncFastSlower2-4x
Transaction broadcastFastModerate1.5-3x
Rate fetchingFastModerate2-3x

Optimization

Reuse circuits for similar requests to avoid rebuilding
Maintain persistent connections through Tor
Combine multiple requests when possible
Cache responses aggressively to reduce Tor traffic

Security Considerations

What Tor Protects

Network Level

  • Hides IP address
  • Encrypts traffic
  • Prevents tracking
  • Bypasses censorship

Application Level

  • Private blockchain queries
  • Anonymous transactions
  • Hidden balance checks
  • Masked account discovery

What Tor Doesn’t Protect

Tor doesn’t protect against:
  • On-chain analysis: Transaction graph analysis still possible
  • Application fingerprinting: Unique usage patterns
  • Malware: Local device compromise
  • User errors: Revealing information through actions

Troubleshooting

  • Check firewall settings
  • Verify Tor ports not blocked (9050, 9051)
  • Try bridges if in restricted network
  • Check system clock is accurate
  • Review Tor logs in Suite
  • Tor adds latency, this is normal
  • Try different bridges
  • Check network bandwidth
  • Consider if privacy worth speed trade-off
  • Wait up to 2 minutes
  • Restart Tor
  • Check internet connection
  • Try bridges
  • Clear Tor data directory
  • Request new identity
  • Restart Tor
  • Update Tor binary
  • Check for ISP interference

Tor Data Storage

Tor data locations:

Desktop

# Windows
%APPDATA%/Trezor Suite/tor/

# macOS  
~/Library/Application Support/Trezor Suite/tor/

# Linux
~/.config/trezor-suite/tor/
Contains:
  • Tor binary
  • Configuration files
  • Circuit state
  • Cache data

Logs

Tor logs available for debugging: 
// Access Tor logs
import { getTorLogs } from '@suite-native/tor';

const logs = await getTorLogs();
console.log(logs);

Implementation Details

Request Manager Integration

// Tor-aware HTTP client
import { createTorAgent } from '@trezor/request-manager';

const agent = createTorAgent({
  host: '127.0.0.1',
  port: 9050,
  identity: torIdentity,
});

const response = await fetch(url, { agent });

Redux Integration

interface TorState {
  enabled: boolean;
  status: TorStatus;
  bootstrapProgress: number;
  bridges: string[];
  circuits: TorCircuit[];
  error: string | null;
}

// Actions
dispatch(enableTor());
dispatch(disableTor());
dispatch(setTorBridges(bridges));
dispatch(requestNewIdentity());

Best Practices

For Privacy

  • Enable Tor for all Suite usage
  • Use .onion addresses when available
  • Combine with CoinJoin for transactions
  • Don’t mix Tor and non-Tor usage

For Performance

  • Accept slower speeds for privacy
  • Use bridges only when necessary
  • Keep Tor running (don’t toggle frequently)
  • Cache data when possible

Build docs developers (and LLMs) love

Get started for freeTalk to us