Tor + VPN: Why you should use them together
This article is not about Tor vs. VPN. It's about using both together for increased privacy and security.
The Tor network has been an inevitable instrument for the privacy aware internet user since 2002. While it has shown itself to be an invaluable tool in protecting one’s privacy through anonymity, it is anything but perfect.
The great thing is that VPN and Tor can be used together in order to provide an extra layer of security, and to mitigate some of the disadvantages of using either technology exclusively. However, connecting this way is secure, but slow.
We are showing you some scenarios why you should combine Tor and VPN, and the difference between connecting to Tor through VPN or connecting to VPN through Tor.
Tor through VPN
In this configuration you connect first to your VPN server, which would encrypt all the internet traffic within the VPN layer and once done simply open your Tor browser. Now your apparent IP on the internet is that of the Tor exit node.
The weakest link of Tor are the so called “exit nodes” or “exit relays.”
Traffic to or from the open internet exits and enters this node unencrypted. Unless you are using some additional form of encryption (such as HTTPS), anyone running the exit node can spy on your internet traffic.
- Easy to configure, you just open your Tor browser after your are connected with your VPN.
- Your ISP will not know that you are using Tor, since you are connecting to your VPN first.
- Your VPN provider cannot see what encrypted data you are sending over TOR, all they see is that your are connecting to Tor nodes.
- By using a VPN server, the Tor entry node is not able to see your real IP as it will only see the IP of your VPN server.
- Allows access to Tor hidden services (.onion websites).
- If you don’t use HTTPS, all traffic leaving the Tor exit node is unencrypted and could be monitored, leaving you susceptible to malicious TOR exit nodes. It is a well known fact that some Tor exit nodes are maintained by the NSA and other government agencies.
- Many websites are blocking incoming Tor traffic.
- If your VPN provider is keeping logs there would be no difference as if you were just connecting to Tor through your ISP, as your traffic can be simply linked back to your true IP.
- In case your VPN connection is dropping, your Tor traffic will be exposed to your ISP. We recommend to use only VPN services that are offering a client with a network lock or a so called kill-switch.
VPN through Tor
In this scenario you connect first to Tor. The Tor exit node then connects to your VPN, where your data would be encrypted before routed to the internet. It should be noted that by using VPN through Tor .onion sites can not be accessed.
This setup requires you to configure your VPN client to work with Tor, and as of today the only VPN providers we know who offer out of the box solutions are AirVPN and BolehVPN. Please also note, that in this case your apparent IP on the internet is that of the VPN server.
Here are the PROS and CONS:
- Your VPN service provider cannot see your real IP, only that of the Tor exit node.
- Your ISP doesn’t know that you are connected to a VPN service.
- Protection from malicious Tor exit nodes, as data is encrypted by the VPN client before entering (and exiting) the Tor network (although the data is encrypted, your ISP will be able to see that it is heading towards a Tor node).
- Access websites that are blocking Tor exit nodes.
- If your VPN service provider is logging IP’s, he won’t be lucky here, since the only IP would be that of the Tor exit node.
- Great for geo-spoofing, since you choose the server location.
- All internet traffic is routed through Tor.
- You cannot access Tor hidden services, i.e. .onion sites.
- Your ISP knows that you are using Tor.
- If you are not paying for your VPN by means of bitcoin or other cryptocurrencies, your VPN service provider can still trace you through financial records, even if they were only able to identify your IP as that of the Tor exit relay.
This configuration is regarded as more secure, since it allows you to maintain complete anonymity. Remember that to maintain anonymity it is vital to always connect to the VPN through Tor (if using AirVPN or BolehVPN this is performed automatically once the client has been correctly configured) and to pay your VPN provider with tumbled bitcoins only.
The bottom line
As we can see both solution have their advantages and disadvantages. If you are using Tor solely to browse .onion pages we would recommend the Tor through VPN solution. This way you are hiding accessing the Tor network from your ISP. Connections inside the Tor network are always encrypted and exit nodes aren’t used at all with hidden services, because the connection stays inside the Tor network until the hidden service is reached.
Also, we have learned to make sure to choose a VPN service provider that is not keeping logs, accepting cryptocurrency payments and offer a VPN client with a network lock or kill switch, in case the VPN connection is dropping.
Please check our VPN reviews here. (coming soon)