Tor vs. VPN: Which Is More Secure and Private in 2018?
As the digital world evolves, online privacy and anonymity are at the forefront of our minds. We want to ensure that our personal information and online activity remains private, and out of the hands of corporations, governments, and cybercriminals.
When it comes to online security, VPNs and Tor are the most powerful tools you can use. Although they’re similar in many ways, their differences make them useful in very different situations – and it’s vital to your security and privacy that you make the right choice for your individual needs.
Below, we will discuss the differences between Tor and VPNs, what they do, and how they work. We’ll also take a look at the different ways you can use them to help you decide whether Tor or a VPN would be the best solution for your situation.
Table of Contents
What Are VPNs and What Do They Do?
A Virtual Private Network (VPN) connects your device through a secure tunnel to a remote server in a country of your choice. This masks your IP address, making it appear as though you are accessing the internet from the location of the remote server instead of your actual location.
When combined with encryption, this provides an optimal solution for online anonymity – meaning that spies can’t see what you’re looking at, or where you’re viewing it from. It also prevents websites like Google and Facebook using your browsing activity to target ads to your interests.
What is Encryption and What Can It Do for You?
VPNs use military-strength encryption to secure your personal information. Think of this as locking your data away in an impenetrable safe – only those who know the passcode can open the safe and view its content, and it can’t be broken open.
Attackers can theoretically strip 256-bit AES encryption away using a brute force attack, but it would take 50 supercomputers checking 1018 AES keys every second approximately 3×1051 years to crack a single piece of encrypted data – so it’s not something that we need to be concerned about today.
If a hacker or government surveillance agent got ahold of your data as it traveled across the network, they would have no way to read it. It would just look like gibberish.
To test this, I used an AES encryption generator to encrypt the phrase ‘vpnMentor.’ Without encryption, you can clearly see the phrase ‘vpnMentor,’ but when it’s encrypted, all you can see is: ‘NRRJsYVI/6HXtdnnh2BLZg==’
These are the kind of security features that keep journalists and activists safe when they use digital communication in tumultuous political climates. But VPNs aren’t just for people in dangerous positions – they’re the key to anonymity, and security for every online citizen.
You might use a VPN if:
- You are worried about your private information, like online banking details, ending up in the wrong hands.
- You value your online anonymity.
- You download or seed torrents in a region where torrenting is banned.
- You live in a country with online censorship or prolific government surveillance.
- You don’t want companies to track your browsing habits to target you with adverts.
- You need to access a business network while traveling.
- You want to bypass a network firewall or prevent network administrators seeing your browsing activity.
- You use public Wi-Fi and want to keep your computer safe.
- You enjoy Netflix and other streaming services and want to unblock their full catalogs in other regions.
- You believe in your right to online freedom.
End-to-end encryption: VPNs encrypt all of the data that travels over your connection.
Speed: A VPN will typically slow down your connection (with a quality VPN, the difference will hardly be noticeable) – however, if you’re suffering from ISP throttling or network congestion, a VPN can actually speed you up.
Ease of use: Typically, all you need to do to set your VPN up is sign up, download and install the relevant app, and connect to a server of your choice – no technical skills or knowledge required.
Bypass geoblocks and censorship: A VPN masks your IP, making it appear as though you’re accessing the internet from the location of your chosen server. This allows you to easily access geoblocked websites and streaming services like Netflix.
What you’ll need to use a VPN:
- An account with a VPN provider
- The VPN provider’s client software or app installed on your device
Once you’ve set up an account with your chosen provider, you’ll need to open the client software on your computer, log in, and select a server to connect to. The server you choose will depend on your needs: if you prioritize security and speed, select a server close to your physical location; if you’re looking to bypass censorship and geoblocking, select a server in a different country.
Once you’re connected, the software encrypts all of your data before routing it through a tunnel to the server you chose. The server then forwards your data to the website you’re visiting. Because the server masks your IP, the website sees the data as coming from the server and not your device, so you are completely anonymous.
Military-grade encryption: To ensure the privacy of your data, your VPN provider should offer 256-bit encryption.
DNS leak protection: Domain Name System (DNS) is the internet’s equivalent to a phone book. Whenever you visit a website, your computer requests the website’s IP address from your ISP’s DNS server – but when you’re using a VPN, it contacts your VPN’s DNS instead.
Sometimes, a security flaw in your network will result in your DNS requests being routed to your ISP’s DNS server instead of your VPN’s, which allows your ISP to see which websites you’re visiting. Look for a VPN that offers DNS leak protection to make sure your browsing activity is never left exposed.
A strict no-logs policy: Most VPN providers keep some record of your activity, such as timestamps and the amount of data transmitted in a session. For the most part, this kind of data retention is harmless as it isn’t personally identifiable information – but if your provider keeps logs of all of your browsing activity, you’re no longer anonymous online.
If the authorities were to turn up at the company’s head office with a warrant to seize all of its records, a VPN that doesn’t keep any logs won’t have any information about you to give them.
Automatic kill switch: An automatic kill switch will disconnect you from the internet if your VPN connection drops, preventing data and IP leaks.
What is Tor and What Does it Do?
Tor, short for The Onion Router, is free software that disguises your identity by encrypting your traffic and routing it through a series of volunteer-operated servers, known as nodes. When your traffic is received by the last node – the exit node – it is decrypted and forwarded to the website you’re visiting.
Due to multi-layer encryption, each node on the network can only see the IP address of the nodes before and after it (except for the entry node, which can see your real IP), and only the exit node can see your encrypted data. Tor prevents your browsing activity from ever being linked back to you – spies can see your traffic once it leaves the network, but not its origin.
However, because Tor’s nodes are operated by volunteers, anyone can set up an exit node and see the plaintext traffic that leaves it – including hackers and spies. Bad nodes typically harvest information such as login details to websites, personal information, online chat messages, and emails. There are two ways to combat this:
- Avoid sending private messages and sensitive information over your connection. Never log into websites unless they use HTTPS.
- Use a VPN in conjunction with Tor to encrypt your sensitive information and login details – we’ll talk about this in more detail below.
Access Hidden Websites
Tor is also a doorway to the dark web, a kind of online underbelly. It’s home to thousands of criminal operations online – but it’s also a haven for people who need to share information anonymously. For example, the New York Times operates a secure lockbox on the dark web so that whistleblowers can submit files and information without compromising their identity. But don’t let this put you off – normal people use Tor, too!
Many popular websites have hidden .onion versions that you can only access by using Tor. Here are a few examples:
Facebook: Although online anonymity and Facebook don’t typically go hand in hand, Facebook uses a .onion address so that people in heavily-censored regions can use it to communicate.
ProPublica: ProPublica launched a .onion site so readers would never need to worry about digital surveillance, particularly those in regions where ProPublica is censored.
DuckDuckGo: DuckDuckGo is a powerful search engine, but unlike Google, it doesn’t infringe on your privacy. If you use Google on Tor, you’ll be bombarded with captchas to make sure you’re not a robot – but DuckDuckGo solves this problem and excels in taking Google’s place.
You might use Tor if:
- You are interested in anonymizing your browsing activity.
- You live in a country with strict government surveillance laws.
- You need to bypass censorship to access blocked content or speak your mind freely online.
- You want to prevent websites from seeing your browsing history and using it to target ads.
- You want to maintain your right to freedom online.
It’s Free: Tor is by and large the most cost-effective security solution – namely because it’s free.
Complete anonymity: Tor doesn’t log your browsing activity, you don’t need to sign up to use it, and since it’s free, it keeps no record of your financial information.
Difficult to shut down: Tor’s servers are scattered far and wide across the globe, making it nearly impossible for authorities to ever close it down. Unlike a VPN, there is no head office or main server to attack or ban.
VPNs are businesses, so they are vulnerable to being shut down or banned, leaving you to find (and pay for) another provider in their wake – an issue that you’ll never face with Tor.
What you’ll need to use Tor:
- The Tor browser or operating system.
Tor’s software maps a path from your device through two randomly selected nodes to an exit node. It then applies three layers of encryption to your data packet and sends it to the first node.
The first node on the network removes the outer layer of encryption. The information embedded in this layer tells it where to send the data packet next, and the second node then repeats this process.
When your traffic reaches the network’s exit node, the final layer of encryption is removed. This reveals not only your data’s final destination but also the information it is carrying – including any sensitive information you may have entered into the website initially.
Tor will use the same three nodes for about 10 minutes before it creates an entirely new pathway for your traffic.
A VPN is the best online privacy solution.
Tor is widely respected for its ability to anonymize your internet traffic, but it’s limited and vulnerable to attacks and data leaks.
Anyone can create and operate a node, even hackers and spies. Tor doesn’t provide end-to-end encryption, so unless you’re accessing a website with HTTPS enabled, or using the dark web, the owner of the exit node you use can see your data and its destination.
So, if you’ve used Tor to send sensitive information or log in to a website, whoever owns the exit node now has access to this information, too. VPNs provide end-to-end encryption, making your data 100% invisible to hackers and spies.
Unless you’re using Tor’s operating system, it only protects data that’s transmitted through your browser. A VPN will encrypt all of the data that’s traveling over your connection.
Most VPNs offer kill switches that will disconnect your internet to prevent unprotected data from leaving your network in the rare event that your connection fails.
Tor’s network can’t fail in the same way, but it can contain bad nodes that harvest your data. Unlike a VPN, Tor doesn’t have a kill switch that can detect a fault like this, so if one of the nodes is compromised, your data will be exposed.
VPNs have their shortfalls, too, but when you use a VPN, you have a lower risk of being hacked or having your data leaked. However, the most powerful online security solution is to combine a VPN with Tor. We’ll discuss this in more detail below.
Here’s how the two stack up against each other:
|Cost:||Free||Affordable subscription fee – typically without a contract|
|Encryption:||Yes, but only to the exit node.||Yes, end-to-end encryption.|
|Anonymity:||Yes, but surveillance programs can detect when Tor is in use.||Yes.|
|Other security features:||Can be used in conjunction with Obfsproxy.||Depending on provider:
Automatic kill switch,
automatic Wi-Fi protection,
DNS leak prevention,
Obfsproxy, and more.
|Device compatibility||Windows, MacOS, Linux, Android.||All platforms, including routers.|
|Streaming:||Tor is not recommended for streaming as the connection is too slow.||Yes – VPNs are perfect for streaming.|
|Torrenting:||Most exit nodes block traffic to and from torrents.||Yes – depending on the provider.|
|Ease-of-use:||The browser is easy to set up, but often requires further configuration.||Very easy to use, great for beginners.|
If you want to protect your connection with the strongest online privacy solution, combine your VPN with Tor.
The VPN’s encryption protocol will prevent malevolent nodes from seeing your IP address and activity, as well as prevent your ISP and surveillance bodies from detecting the use of Tor – after all, you don’t want to raise any red flags about your online activity. This will also allow you to access websites that block Tor users.
There are two ways to combine a VPN and Tor:
When you use the Tor over VPN configuration, you’d first connect to your VPN before opening Tor. The VPN will encrypt your traffic before it is sent through the Tor network, hiding your use of Tor from your ISP.
Using Tor over VPN, your VPN provider is unable to see the data you are sending over Tor, but they can see that you are connected to it. The Tor entry node isn’t able to see your real IP; it will instead see the IP of your VPN server, increasing your anonymity.
However, your traffic is not encrypted when it leaves the Tor network, so Tor over VPN doesn’t protect you from malicious exit nodes. So, you’ll still need to be careful about sending sensitive information over your connection.
Use Tor over VPN if:
- You need to hide your use of Tor from your ISP and surveillance bodies.
- You need to hide your traffic from your VPN provider.
- You aren’t sending personal information such as login details over your connection.
How to Set Up Tor over VPN:
1. Open your VPN app and connect to the VPN network.
2. Open Tor. Once it has loaded, you’ll see this page:
3. Click connect, and wait for Tor to establish a connection.
4. You’re ready to browse the internet securely and anonymously.
VPN over Tor works in the opposite direction to Tor over VPN. You’ll need to first connect to the internet and then log into your VPN through the Tor network. This method requires more technical know-how, too, because you’ll need to configure your VPN client to work with Tor.
Instead of connecting directly to the internet, Tor’s exit node reroutes your traffic to your VPN server. This eliminates the risk of malicious exit nodes because your traffic is decrypted after it leaves the Tor network.
Although Tor’s entry node can still see your real IP, your VPN will only see the exit node’s address. Your ISP won’t be able to see that you’re connected to a VPN, but it can see that you’re using Tor. Because you can select which remote server your VPN uses, it’s easier to bypass geoblocking and censorship with this method, too.
Use VPN over Tor if:
- You want to safeguard your connection against malicious exit nodes.
- You want to hide your VPN use from your ISP.
- You are going to transmit sensitive information over your connection, like login details and private messages.
- You need to bypass geoblocks.
VPNs are powerful tools to safeguard your data and your online anonymity.
You can use a VPN to unlock every corner of the internet safely and securely while protecting yourself from hackers, spies, and malicious attacks. But, when you combine a VPN with Tor, you get an absolute online privacy powerhouse.
Whether you’re looking to protect your personal information, like banking details and browsing activity, while you surf, or you need to avoid online surveillance to exercise your right to free speech, we recommend using a VPN over Tor.
If you’re looking for a reliable VPN with top-notch security features, check out our top five list. They all come with free trial periods and/or money-back guarantees, so you can try them out risk-free to see if they’re right for your needs.
For the best value on VPNs, don’t miss our VPN Deals and Coupon Codes.
|Rank||Provider||Our Score||User Rating|
Other Articles That Might Interest You: