When talking to people about Passages they often ask us about how we compare to Tor. The difference comes directly from their core design philosophies.


We designed Passages, first and foremost, for security against web-based attacks, while Tor was designed purely for anonymity. Both Passages and Tor provide their own browsers, but how they do that is completely different.

The Tor browser provides security by optionally disabling most kinds of active content. This breaks many websites and degrades the functionality of many more. Even so, the browser, not to mention your entire system, is still vulnerable to exploits against the browser code itself and any active plug-ins. By default the Tor browser enables all this content providing a smooth user experience at the cost of significant vulnerability.

Passages provides security by completely isolating the browser from the local computer and network. All malware is trapped within the Passages virtual machine and can’t do any significant damage. Additionally, Passages is immune to virtually all malware and attacks you will find on the Internet because the virtual machine is running Linux. Tor runs on the user’s desktop which means Windows or Mac OS X for the vast majority of people. Windows and Mac are the primary operating systems attackers build their exploits for.


Web anonymity comes from three things:

1. Hiding your IP address

2. Removing trackers like cookies

3. Masking your browser’s fingerprint

I discussed how all of these three tracking methods work in my previous blog post.

Tor’s primary focus is on hiding the IP address by sending all traffic through multiple different Tor “nodes,” typically three. These are run by volunteers around the world and could literally be almost anyone. The designers of Tor don’t want to trust anyone so the design is intended to make it impossible to connect a Tor user with their web activity, even by a Tor node operator. In reality there have been numerous examples of researchers and law enforcement identifying Tor users and capturing sensitive information.

The Tor browser includes tools to automatically scrub cookies, but may be trackable using various kinds of super-cookies. The Tor browser provides limited protection against browser fingerprinting which allows long term tracking and identification of individual users.

Passages hides the user’s IP address using one one of our numerous global points of presence, all of which we directly control. Passages shares the same anonymity network as Anonymizer — a security and privacy tool with an unblemished record of protecting users for over 20 years. Our philosophy is to be protected by someone you know, has a track record, and you have reason to trust. Additionally, because there is only one hop and the network is professionally managed, the performance is much better — something even Tor admits.

Passages absolutely removes all trackers by totally destroying the entire virtual machine in which the browser is running. That includes cookies and all kinds of super-cookies, even those we have never heard of. The Tor browser, like any other, could be run in a virtual machine or off a read-only disk, but that is a significant effort and only realistic for the most sophisticated and motivated users.

Finally, Passages provides robust protection against browser fingerprints by giving all Passages users effectively the same fingerprint.

Vendor Risk

The biggest difference between the two solutions comes down to trust. Tor is designed to minimize the amount of trust you are putting in operators you know nothing about. Passages puts the trust in a single entity with a long track record and huge incentives to effectively protect our users. The result is that there have been many cases of researchers and attackers operating Tor nodes to track or capture information about their users while there has never been a case like that with Passages or any of the services we run.

Tor has its uses for certain kinds of anonymous activity but it will never be appropriate for sensitive business or government applications where performance, confidentiality, or security are critical.