xmr.club
guías EN 中文 ES RU
← all guides

Proxy + Tor — cuándo apilar, cuándo no

The instinct to layer privacy tools is good; the execution is tricky. Tor + proxy can buy you specific properties — bypassing Tor blocks, hiding Tor use from a local network, or splitting trust across hops — but it can also break Tor's anonymity guarantee in subtle ways. Below: the four common stack shapes and when each is appropriate.

The four shapes

  • Tor alone — three hops, exit node sees clearnet. Best anonymity for general browsing.
  • Tor → proxy (proxy after Tor) — exit node still sees your traffic but routes to your trusted proxy. Useful when an exit node is rejected by a target site but your proxy IP isn't.
  • Proxy → Tor (proxy before Tor) — local network sees only "user connected to my proxy", proxy connects to Tor. Hides Tor use from local network observer but adds a fixed correlation point (your proxy IP).
  • Tor + proxy as parallel circuits — different apps go through different paths. Browser through Tor; crypto wallet through proxy; mail client direct.

When to layer (and why)

  • Local network blocks Tor. Proxy-before-Tor works: the local network sees only TLS to your proxy. Risk: your proxy operator now knows you're a Tor user.
  • Site blocks Tor exit nodes. Tor-then-proxy works: the site sees your proxy IP, which is unblocked. Risk: your proxy is now a fixed link between you and that site across sessions.
  • You want a stable IP for one specific service while everything else goes through Tor. Per-app routing via Surge / Clash rules. Mature approach.

When NOT to layer

  • Your threat model is "I want to browse anonymously". Tor alone is better tuned. Adding a proxy adds correlation surface, doesn't improve anonymity.
  • You're trying to "double encrypt". Tor already does layered encryption. Proxy adds latency, not security.
  • You don't trust your proxy operator. Any proxy you route through learns your traffic patterns. If they're worse than the Tor exit node, you've downgraded.

Wallet-level guidance

For most no-KYC swap workflows, Tor Browser is enough — every page on this directory works under Tor SafestMode. For high-volume or repeated-counterparty trades where the swap engine sees Tor exit IP as "high risk", route just the swap client through a proxy and keep browsing on Tor. This is the most common useful stack.

Avoid the "everything through proxy" pattern for crypto. The single fixed proxy IP becomes a chain-analysis correlation hook across counterparties.