If you are a privacy conscious internet user, you are probably familiar with TOR and VPN services, but did you know that it is possible to combine these two technologies? There are two main ways in which it is possible to use The Onion Router and a VPN together: TOR over VPN and VPN over TOR. With a Tor over VPN setting, you connect first to a VPN, then to TOR before accessing the internet. In the case of VPN over TOR, you connect first to TOR, then to a VPN to access the internet.
Although a VPN and TOR share a similar purposes as they are both intended to protect the anonymity and security of your online traffic, the two settings deliver different results. These two configuration methods suit different requirements so in order to choose the right solution for your needs, it is important to understand how each option works. We’ll take a look at the two configurations to help you decide which works better for you.
TOR over VPN
When you opt for TOr over VPN, you would first connect to one of the servers offered by your VPN provider, which will encrypt your entire online traffic. Then, the encrypted traffic is redirected through the TOR network using a few TOR nodes, before it finally reaches the internet.
This configuration is easier to achieve and you don’t don’t need to have advanced technical knowledge. You simply need to connect to your VPN before accessing TOR. The VPN masks your IP address and encrypts your online activities, preventing your ISP from finding out that you are using TOR.
With this setup, your encrypted data is also protected from your VPN provider because it is sent over TOR. All they will be able to see is that you are connecting to TOR. While many VPN providers claim that they don’t monitor your data, having an extra layer of protection doesn’t hurt.
When you connect first to a VPN server, your IP address is changed, meaning that the TOR entry node won’t be able to see your real IP address. The IP address visible to others will be the one assigned by the VPN server.
Making TOR the last gateway before connecting to the internet allows you to access TOR’s hidden services and websites with the .onion suffix. Usually, these sites can only be accessed within the TOR network. Last, but not least, the TOR over VPN configuration is considered as a better option in terms of security.
The traffic that leaves the TOR exit nodes is not encrypted, which makes it vulnerable to monitoring and malicious TOR exit nodes.
Since TOR exit nodes are usually blocked, you may end up with a bad exit node without internet.
The TOR over VPN setup requires you to trust on your VPN provider and it only works if the service you are using is really reliable. If the VPN provider you are using keeps logs, it would be just as if you were connecting to TOR through your ISP since your traffic can be linked back to your real IP.
If you are connecting first to your VPN before TOR with the purpose of hiding your TOR traffic, it is important to keep in mind that if your VPN connection suddenly drops, your TOR traffic could be accessed by your ISP. To prevent this, it is crucial to opt for a VPN service that has its own servers and that features a kill switch
VPN over TOR
In this configuration, your data can be encrypted by the VPN when it enter and exits the TOR nodes before it is routed to the internet.
Your VPN provider won’t be able to see your real IP address, just the one of the TOR exit node.
With the VPN over TOR setup, your ISP won’t find out that you are connected to a VPN. It will only see that you are connected to a TOR node.
Some websites block known TOR exit nodes, but you can defeat these restrictions because your VPN will hide the fact that a TOR exit node is in use.
Since your real IP address is hidden by the TOR exit node, you can reduce the risk of your VPN logging your data since the IP address connected to the VPN would be the one of the TOR exit, not your real IP address.
The VPN over TOR setup allows you to select the server location that works better for you. In addition, this configuration may provide better anonymity overall.
The VPN over TOR setup doesn’t allow you to access TOR’s hidden services
It doesn’t provide protection from TOR exit nodes that may monitor you and your ISP is able to see that you are using TOR.
Using VPN over TOR also means that your VPN works as a fixed end-point in the setup, which makes you more likely to experience global end-to-end timing attacks. These attacks are used to de-anonymize VPN and TOR users by establishing a correlation of the time they were connected.
With this configuration, a VPN is still able to trace who you are through financial records, even if they can only identify your IP address as the one of your TOR exit relay. You can prevent this by paying for your VPN service using anonymous cryptocurrencies like Bitcoins, Zcash, Litecoin or Dash.
Do you really need to use VPN and TOR together?
For most internet users, using only a VPN would be sufficient. This technology is practical and allows you to boost the security and privacy of your online traffic, and at the same time, it gives you the chance to bypass restrictions. However, if you are looking for a higher level of protection, using a VPN along with TOR is a measure that will make things really difficult for anyone who is trying to trace you.
Which configuration should you use?
It is difficult to say which configuration you should select as they offer different results. When you connect to TOR through a VPN, you can enjoy higher security, but connecting to a VPN via TOR can be better for anonymity. The two setups have their own pros and cons, but if you have a reliable VPN provider with a strong commitment to privacy and you trust that they won’t keep logs, TOR over VPN would be the ideal configuration.