The Tor network's anonymity guarantees depend entirely on its relay infrastructure — the volunteer-operated servers that form the three-hop circuits through which user traffic passes. Understanding how this infrastructure works, how it is measured, and what vulnerabilities a poorly distributed network creates is essential context for anyone relying on Tor for privacy.
The Three-Hop Circuit Model
Every Tor connection routes traffic through exactly three relay nodes in sequence, each of which knows only the adjacent node in the chain:
- Guard (Entry) Node: The first hop. The guard node knows the user's real IP address but does not know the destination. Tor clients use a consistent guard node for 2-3 months, reducing the probability of being assigned a malicious entry node.
- Middle Relay: The intermediate hop. The middle relay knows the guard and exit nodes but neither the user's real IP nor the destination. This node is the most commonly operated type.
- Exit Node: The final hop for clearnet traffic. The exit node connects to the destination on behalf of the user and therefore sees the destination URL and unencrypted content (if not using HTTPS). For .onion services, there is no exit node — the circuit terminates within the Tor network itself.
This three-hop design means no single relay has complete information about both the source and destination of a connection. An attacker would need to simultaneously control both the guard and exit nodes of the same circuit to perform correlation, a statistically challenging condition given a healthy network.
Relay Diversity and Its Importance
The anonymity strength of the Tor network scales with relay diversity. If a disproportionate number of relays are operated by the same entity, organization, or jurisdiction, that entity could theoretically control both ends of a large percentage of circuits. This is the basis of Sybil attacks against Tor.
Diversity metrics tracked by the Tor Project include:
- AS diversity: Distribution across autonomous systems (ISPs)
- Geographic diversity: Distribution across countries and regions
- Operator diversity: Distribution across relay operators
- Bandwidth distribution: No single operator should control excessive bandwidth share
2025 Relay Statistics
As of mid-2025, the Tor network comprises approximately 7,000 relays and 1,500 bridges. Total network consensus bandwidth has grown to approximately 600 Gbit/s, a significant increase from 400 Gbit/s in 2023. The growth reflects increased relay operator participation, particularly from European academic and civil society organizations.
Exit relay operation remains the most constrained category. Exit nodes handle outbound clearnet traffic and bear the legal risk of that traffic appearing to originate from their IP addresses. Many hosting providers prohibit exit relay operation, limiting the geographic and AS diversity of exit capacity. The Tor Project actively solicits exit node operators in underrepresented jurisdictions.
Onion Services and Guard Nodes
For .onion service access, neither a guard nor an exit relay in the traditional sense is relevant — the entire circuit operates within the Tor network through rendezvous points. The user's client builds a circuit to a rendezvous point, and the onion service builds a separate circuit to the same rendezvous point. Neither side learns the other's IP address, and the rendezvous point itself only sees encrypted data passing through it.
This architecture is why darknet markets operating as v3 onion services have structural anonymity properties that no clearnet service can replicate.
All Tor network statistics cited are based on publicly available Tor Project metrics data. The Tor Project publishes relay statistics at metrics.torproject.org.