An anonymous communication system hides the fact that two parties are communicating, and as a result, drastically improves the online privacy of those using it. Tor is the most popular anonymous communication system deployed, but its popularity has illuminated problems with its design that have made it unbearably slow for many users who would otherwise benefit from its protections. These performance problems have been recognized, but there has been little work on designing and properly evaluating practical solutions that improve performance while also preserving privacy. We initiate an exploration into Tor’s system design and the quality of the communication it provides. First, we design and develop a simulation tool, called Shadow, that allows us to experiment with the Tor software in a safe but realistic and controllable manner. We then give a precise model of the Tor network, the backbone networks upon which it operates, and the user agents operating within it. We show that by combining our model with Shadow, our experimentation environment is capable of producing network interactions and performance qualities indicative of real systems. We then investigate performance enhancements in three major areas of Tor’s design. We explore Tor’s utilization of resources by evaluating both existing and new circuit scheduling techniques, and show the extent to which scheduling can be used to prioritize traffic in order to improve desirable quality metrics. We then design and evaluate algorithms focused on reducing network load by throttling agents that consume an unfair share of network resources. Finally, in an effort to supplement Tor’s volunteered resources, we design and analyze two schemes that increase network capacity by providing incentives to those contributing resources to the system.