How about this?
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents the sites you visit from learning where you're coming from, and it prevents somebody watching your Internet connection from learning what sites you visit. Even the Tor relay you connect to doesn't learn that. However, Tor is NOT a "Solve-everything" -- proper use of Tor requires protection of cookies and Javascript (either of which, without any other tool, can be used to reveal you to the destination node). Finally, Tor exposes you to a new type of Man-In-The-Middle attack -- the last Tor node used will see everything that the destination site sees. [bold] Never send a password over Tor unless you are using an https connection. If your site only uses https for the login password, but uses a cookie authentication and normal http after that, then your login may still be stolen; always log out from the site you are talking to when finished. [/bold] It is recommended that you use a separate profile for your tor-based anonymous browsing, with cookies cleared after each session, and javascript disabled. "Noscript", for firefox, can safely permit scripts on a site-by-site basis, after determining that it is safe. Additionally, a plugin or tool to remove "referer" information is absolutely essential, or third party sites -- such as advertisers -- can track your every move. Tor is normally used with Privoxy to both remove referer information, and block advertisers. ("Referer" is the proper spelling -- the original http standard misspelled "referrer", and the misspelling is too ingrained in the web to be fixed now.)