Tor on GrapheneOS: Orbot, Mullvad, and anonymous browsing
GrapheneOS and Tor are complementary. GrapheneOS reduces the attack surface at the device level; Tor hides your network identity. Together they provide a strong foundation for anonymous communication.
Tor on GrapheneOS: Orbot, Mullvad, and anonymous browsing
GrapheneOS and Tor are complementary. GrapheneOS reduces the attack surface at the device level; Tor hides your network identity. Together they provide a strong foundation for anonymous communication.
This article covers how to combine them — and why the VPN + Tor combination doesn’t always do what you think.
Who this guide is for
This guide is for readers who already use GrapheneOS and need to decide:
- when Tor on the device actually adds value
- whether Orbot, Tor Browser, and Mullvad should be combined at all
- how to avoid building a setup that sounds stronger than it really is
What you gain, and what it costs
What you gain:
- a cleaner mental model of what Tor on GrapheneOS does and does not solve
- fewer mistakes around VPN stacking and false anonymity assumptions
- a more realistic setup for anonymous browsing or sensitive sessions
What it costs:
- Tor adds speed loss, compatibility issues, and more setup friction
- mixing Tor and VPN layers can create confusion rather than safety
- anonymous browsing still requires account discipline and browser discipline
When this is overkill
If your goal is ordinary daily privacy rather than anonymity against a meaningful adversary, Tor on GrapheneOS is often too much for the first step. Harden the phone, separate accounts, and use a normal VPN only if it clearly fits your use case.
What Tor does and doesn’t do
Tor hides:
- Your IP address from websites and services you visit
- Your traffic from your internet provider (they only see that you’re connecting to the Tor network)
- The content of your communication from the Tor network itself (exit nodes see unencrypted HTTP)
Tor doesn’t hide:
- Browser fingerprints if you browse outside of Tor Browser
- Accounts you’re logged into — if you open Gmail via Tor, you link that session to your identity
- Metadata from apps that connect outside of Tor
Installing Orbot
Orbot is the official Tor client for Android. On GrapheneOS, install it via:
Option 1 — Guardian Project F-Droid repo: Add the Guardian Project repository in F-Droid: https://guardianproject.info/fdroid/repo
Then install Orbot from that repo. This is a good route if you already use F-Droid.
Option 2 — Google Play (via sandboxed Play): Orbot is available in the Play Store and works fine in GrapheneOS’s sandboxed Play environment.
Setting up Orbot
- Open Orbot → tap the start button
- Wait until the connection to the Tor network is established (can take 30-60 seconds)
- Choose your routing method:
VPN mode (practical for system-wide routing): Orbot registers itself as a VPN connection on the system. All traffic from all apps then goes through Tor.
Go to Settings → VPN in Orbot and enable “VPN mode”.
Per-app mode: You can also route only specific apps through Tor. In Orbot → Apps using Tor — select the desired apps.
Tor + Mullvad: when do you combine them?
This is the most asked question and also the most misunderstood.
VPN before Tor (VPN → Tor)
Your device → Mullvad VPN → Tor network → Destination
What this does: Your internet provider only sees the VPN connection, not that you’re using Tor. The Tor entry node sees the IP address of the VPN server, not your real IP.
When useful: Only if you have a concrete reason to hide Tor behind a VPN. If Tor is blocked, try bridges or Snowflake in Tor Browser first.
How to set up:
- Connect to Mullvad VPN first
- Then start Orbot in VPN mode
Note: Mullvad will know in this case that you are using Tor, or at least see traffic to the Tor network. This is not the default setup broadly recommended by the Tor Project.
Tor before VPN (Tor → VPN)
Your device → Tor network → VPN → Destination
This is technically complex and rarely offers an advantage over plain Tor. Skip this unless you have a specific reason.
Tor only (no VPN)
Your device → Tor network → Destination
For most anonymity purposes, this is the best approach. Adding Mullvad adds an extra party you have to trust. Tor already hides your IP effectively on its own. If Tor is blocked, bridges are usually the first step, not an extra VPN.
Recommendation: Use Tor only for anonymous browsing and sensitive activities. Use Mullvad for daily use (streaming, updates, general traffic). Don’t use them together unless you have a concrete reason.
Interaction with GrapheneOS Always-on VPN and “Block connections without VPN”
GrapheneOS can set a VPN as Always-on VPN and block traffic if that VPN drops with Block connections without VPN.
Problem: If you have both Mullvad and Orbot configured as VPN connections, only one can be active as the primary VPN at a time. GrapheneOS doesn’t support stacked VPN connections in the standard configuration.
Solution:
Scenario 1 — Tor only: Turn off Mullvad. Start Orbot in VPN mode. In GrapheneOS, enable Always-on VPN and Block connections without VPN for Orbot. Now all traffic runs through Tor, and if the connection drops, traffic is blocked.
Scenario 2 — VPN before Tor (only if bridges do not help): Connect to Mullvad. Then start Orbot only if you consciously need this exception case. For most blocking scenarios, Tor Browser with bridges or Snowflake is the better first choice.
Tor Browser on GrapheneOS
Tor Browser is available via Google Play, via the Guardian Project F-Droid repo, and via the official Tor Project downloads.
If you already have Orbot running in VPN mode, you can also use Vanadium (GrapheneOS’s default browser) — all traffic already runs through Tor. Tor Browser adds fingerprint protection on top of that and blocks JavaScript more strictly.
For high-risk use: use Tor Browser, not Vanadium via Orbot. Tor Browser is specifically built to anonymise browsers; Vanadium via Orbot only protects the IP address, not the browser fingerprint.
Practical usage
When to turn on Orbot:
- Source contact as a journalist
- Using .onion addresses (SecureDrop, journalistic inboxes)
- Browsing where IP address must not be traceable
- Countries with internet censorship
When to use Mullvad (Orbot off):
- Daily use (streaming, updates, email)
- Situations where Tor is too slow
- Apps that don’t work via Tor (banking, some government portals)
When neither:
- At home, trusted network, non-sensitive activities
Next step
Go further
- SecureDrop guide — source protection, .onion workflows, and anonymous document submission
- GrapheneOS hardening guide — all security settings
- VPN comparison — choosing a provider without overestimating VPN marketing
Profiles
- Profile: journalist or activist — when Tor on GrapheneOS is the right tool
- Profile: high risk — complete approach for high threat level
Reviews
- Mullvad VPN review — anonymous payment, no account