On the path to achieving a higher level of online privacy and security, many people consider using Tor through the standard Tor browser.
While Tor is used by people throughout the world, and also recommended by various groups, opinions on its effectiveness as a privacy tool can vary.
Tor truly is like an onion. The more you examine it and the deeper you go into the layers, the more questions arise. In this guide we will be peeling back the layers of the onion and looking at Tor from a number of different angles. Here’s what we’ll cover:
- What is Tor
- How Tor works
- Is Tor safe?
- 8 interesting/alarming facts about Tor
- Does Tor effectively work?
- Tor user errors and bad OPSEC
- Tor vs VPN services
- Multi-hop VPN services for more online anonymity
- Using Tor with VPNs
- Final verdict on Tor
Let’s start with the basics, before moving on to the more alarming material…
What is Tor?
Tor is free and open-source software that is used by various people and agencies for online anonymity. The name “Tor” originally stood for “The Onion Router” because of how traffic is encrypted and directed across different relays (layers of anonymity).
Today, Tor is a browser (the Tor browser) that runs on the Tor network. Tor helps to anonymize users by encrypting traffic over multiple hops in the Tor network using TLS encryption, before arriving at the destination server.
Tor was originally funded and created by the US government’s Office of Naval Research (ONR) and the Defense Advanced Research Projects Agency (DARPA) in Washington, DC. Tor has received most of its funding from the US government, which we’ll cover in detail below.
How does Tor work?
To use Tor you will need to download the Tor browser bundle (here). For explanation purposes, there are basically two components to using Tor:
- Tor browser – The Tor browser is a built on Firefox 60 ESR (Extended Support Release). It is hardened by default to protect your privacy and also includes the NoScript and HTTPS Everywhere extensions.
- Tor network – The Tor browser is automatically configured to run on the Tor network. The Tor network encrypts your traffic over a series of relays, or nodes. The network is decentralized, with Tor nodes being run by volunteers.
In the graphic below, Alice is connecting to a server called “Bob” using the Tor network. Note that Bob could be any server, including a random website. Alice’s traffic is encrypted over three different Tor relays, before leaving the Tor network to Bob’s server. Traffic between the Tor exit node and Bob’s server is unencrypted (red arrows), but everything before the exit node is encrypted (green arrows).
When you use Tor, your traffic will be routed through three different nodes, or relays. As a general rule, traffic is routed to prioritize speed, as explained by Tor developers, with most traffic passing through a small number of high-bandwidth relays. There are Tor nodes located all over the world, and the exact routing path will vary depending on your location and the server you are accessing.
These Tor nodes, or relays, are run on a volunteer basis, which means any random person can setup a Tor node, through which your internet traffic may be routed (more of a discussion on this below).
From an online anonymity standpoint, Tor offers some interesting benefits. Each node will re-encrypt your data, while also adding a new layer of anonymity between the unencrypted internet and your originating IP address. This makes it challenging for an adversary to determine the path and identity of the user.
Tor bridges – A Tor bridge, or Tor bridge relay, is simply an alternative entry point into the Tor network that is not publicly listed. A bridge may be useful if Tor is getting blocked in your region, or if you do not want your internet service provider or network admin to know you are using Tor. You can see the current number of active Tor relays and bridges here.
Tip: The safest way to use the Tor network is through the default Tor browser bundle. Reconfiguring and or modifying the default Tor browser is generally not recommended because this could easily de-anonymize the user if misconfigured.
Is Tor safe?
Tor is well regarded in the privacy community and most people would consider it safe to use.
The Electronic Frontier Foundation (EFF), a well-respected online privacy advocacy group, is a major supporter and advocate of Tor. Edward Snowden and other high-profile privacy advocates also recommend Tor.
While Tor has a number of strong advocates, it also has its detractors, for various reasons. In fact, the closer you look into the history, connections, and funding of Tor, the more questions arise.
As with all privacy tools, however, only you can decide if Tor is a safe and effective solution for your unique needs. When deciding whether or not Tor is a good fit for your particular needs and threat model, be sure to consider all the facts.
After researching Tor over the past few years, I’ve come across lots of interesting information that has been dug up by various journalists, bloggers, and news sites. To help you decide if Tor is a good fit, we’ll summarize some of these findings below.
No “conspiracy theories”! There is a lot of information (and mis-information) about the history and connections of the Tor Project. In this guide we are going to strictly stick to the facts and focus on information that is well-sourced. While there are different journalists who draw provocative conclusions from this information, we will avoid speculation and just focus on the facts.
Final note: None of this is new or exclusive information – everything is already out there, published by various sources, with citations provided below.
1. Tor was created by the US government
I forgot to mention earlier, probably something that will make you look at me in a new light. I contract for the United States Government to build anonymity technology for them and deploy it. They don’t think of it as anonymity technology, though we use that term. They think of it as security technology. They need these technologies so that they can research people they’re interested in, so that they can have anonymous tip lines, so that they can buy things from people without other countries figuring out what they are buying, how much they are buying and where it is going, that sort of thing.
— Roger Dingledine, co-founder of Tor, 2004 speech
The history of Tor goes back to the 1990s when the Office of Naval Research and DARPA were working to create an online anonymity network in Washington, DC. This network was called “onion routing” and bounced traffic across different nodes before exiting to the final destination.
In 2002, the Alpha version of Tor was developed and released by Paul Syverson (Office of Naval Research), and Roger Dingledine and Nick Mathewson, who were both on contract with DARPA. This three-person team, working for the US government, developed Tor into what it is today.
The quote above was taken from a 2004 speech by Roger Dingledine, also embedded below:
After Tor was developed and released for public use, it was eventually spun off as its own non-profit organization, with guidance coming from the Electronic Frontier Foundation (EFF):
At the very end of 2004, with Tor technology finally ready for deployment, the US Navy cut most of its Tor funding, released it under an open source license and, oddly, the project was handed over to the Electronic Frontier Foundation.
Despite being its own unique entity, however, Tor continues to benefit from US government funding, even today.
2. Tor is funded by the US government
It’s no secret that Tor is funded by various US government agencies – and the Tor Project is open about this. The key question is whether US government funding negatively affects Tor’s independence and trustworthiness as a privacy tool.
One journalist, Yasha Levine, closely examined the financial relationship between Tor and the US government. While I don’t agree with all of Levine’s conclusions, his analysis of Tor funding is interesting:
Tor had always maintained that it was funded by a “variety of sources” and was not beholden to any one interest group. But I crunched the numbers and found that the exact opposite was true: In any given year, Tor drew between 90 to 100 percent of its budget via contracts and grants coming from three military-intel branches of the federal government: the Pentagon, the State Department and an old school CIA spinoff organization called the BBG.
Put simply: the financial data showed that Tor wasn’t the indie-grassroots anti-state org that it claimed to be. It was a military contractor. It even had its own official military contractor reference number from the government.
Here are some of the different government funding sources for the Tor Project over the years:
Broadcasting Board of Governors:
“Broadcasting Board of Governors (BBG), a federal agency that was spun off from the CIA and today oversees America’s foreign broadcasting operations, funded Tor to the tune of $6.1 million in the years from 2007 through 2015.” (source)
“The State Department funded Tor to the tune of $3.3 million, mostly through its regime change arm — State Dept’s “Democracy, Human Rights and Labor” division.” (source)
“From 2011 through 2013, the Pentagon funded Tor to the tune of $2.2 million, through a U.S. Department of Defense / Navy contract — passed through a defense contractor called SRI International.” (source)
The grant is called: “Basic and Applied Research and Development in Areas Relating to the Navy Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance.”
Some people argue that these financial ties to the US government compromise Tor. Others suggest that Tor has always been open about funding and the ties to US government agencies are not concerning or problematic.
We can also see what the Tor project has to say about the matter. When soliciting funds in 2005, Tor claimed that donors would be able to “influence” the direction of the project:
We are now actively looking for new contracts and funding. Sponsors of Tor get personal attention, better support, publicity (if they want it), and get to influence the direction of our research and development!
There you have it: Tor claims donors influence the direction of research and development.
On a positive note, however, Tor celebrated a milestone in December 2018 when it reported that roughly half of its funding came from the private sector. This is a major improvement over previous years.
3. Tor is a tool for the US government
The United States government can’t simply run an anonymity system for everybody and then use it themselves only. Because then every time a connection came from it people would say, “Oh, it’s another CIA agent looking at my website,” if those are the only people using the network. So you need to have other people using the network so they blend together.
—Roger Dingledine, co-founder of the Tor Network, 2004 speech
Echoing what Roger Dingledine said in the quote above, Levine also argues that Tor is fundamentally a tool for the US government:
Tor’s original — and current — purpose is to cloak the online identity of government agents and informants while they are in the field: gathering intelligence, setting up sting operations, giving human intelligence assets a way to report back to their handlers — that kind of thing. This information is out there, but it’s not very well known, and it’s certainly not emphasized by those who promote it.
The Tor Project’s website discusses how Tor is actively used by government agencies for different purposes:
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
Michael Reed, one of the early developers of Tor, explained how it is a tool for US government intelligence agencies:
The original *QUESTION* posed that led to the invention of Onion Routing was, “Can we build a system that allows for bi-directional communications over the Internet where the source and destination cannot be determined by a mid-point?” The *PURPOSE* was for DoD / Intelligence usage (open source intelligence gathering, covering of forward deployed assets, whatever). Not helping dissidents in repressive countries. Not assisting criminals in covering their electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA prosecution. Not giving a 10 year old a way to bypass an anti-porn filter. Of course, we knew those would be other unavoidable uses for the technology, but that was immaterial to the problem at hand we were trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the better…I once told a flag officer that much to his chagrin).
Just as Roger Dingledine asserted in the opening quote to this section, Paul Syverson also emphasized the importance of getting other people to use Tor, thereby helping government agents perform their work and not stand out as the only Tor users:
If you have a system that’s only a Navy system, anything popping out of it is obviously from the Navy. You need to have a network that carries traffic for other people as well.
Tor is branded by many different individuals and groups as a grassroots project to protect people from government surveillance. In reality, however, it is a tool for government agents and it requires other random people using the network to help mix traffic.
Tor’s utility for the military-surveillance apparatus is explained by Levine in the following quote:
Tor was created not to protect the public from government surveillance, but rather, to cloak the online identity of intelligence agents as they snooped on areas of interest. But in order to do that, Tor had to be released to the public and used by as diverse a group of people as possible: activists, dissidents, journalists, paranoiacs, kiddie porn scum, criminals and even would-be terrorists — the bigger and weirder the crowd, the easier it would be for agents to mix in and hide in plain sight.
Quotes from early Tor developers clearly seem to contradict the brand image that Tor has cultivated in the privacy community.
4. Tor developers cooperate with US government agencies
Some Tor users may be surprised to know there is extensive cooperation between the US government and the developers of Tor. Levine was able to clarify this cooperation through FOIA requests, which revealed many interesting exchanges.
Here is one email correspondence in which Roger Dingledine discusses cooperation with the DOJ (Department of Justice) and FBI (Federal Bureau of Investigation), while also referencing “backdoors” being installed.
You can see more details from this correspondence here.
In another exchange below, Tor developer Steven Murdoch discovered a vulnerability with the way Tor was handling TLS encryption. This vulnerability made it easier to de-anonymize Tor users, and as such, it would be valuable to government agencies. Knowing the problems this could cause, Steven suggested keeping the document internal: “it might be a good to delay the release of anything like ‘this attack is bad; I hope nobody realizes it before we fix it’.”
Eight days later, based on the emails below, Roger Dingledine tipped off two agents at the BBG about this vulnerability:
It appears the issue was publicly released approximately four years after Roger Dingledine provided the information to US authorities in 2007.
You can see numerous exchanges between Tor developers and US government agencies here.
And if you really want to dive in, see the full FOIA cache here.
Regarding the above correspondence, Levine also explains there were many documents he requested that were blocked and not attainable through FOIA requests:
The thing to remember is that Tor’s BBG correspondence only reveals a sliver of Tor’s full interaction with the feds. Much of the funding for Internet Freedom tech takes place under Radio Free Asia’s umbrella, a private government corporation that claims it does not fall under FOIA mandate and so refuses to comply with journalists’ FOIA requests. We also do not know what Tor reveals to its other two backers, the State Department and the U.S. Navy. Nor do we know what Roger Dingledine or other Tor managers reveal in their regular meetings with U.S. intelligence and law enforcement agencies. And there are many such meetings.
Whether or not there is something nefarious going on here is anyone’s guess, and I’m not sure I would jump to the same conclusions as Levine. Nonetheless, the documents and emails he uncovered definitely raise some questions.
5. Anybody can operate Tor nodes, including governments, hackers, and spies
Many proponents of Tor argue that its decentralized nature is a major benefit. While there are indeed advantages to decentralization, there are also risks – namely, that anybody can operate the Tor nodes through which your traffic is passing.
There have been numerous examples of people setting up Tor nodes to collect data from gullible Tor users who thought they would be safe and secure.
Take for example Dan Egerstad, a 22-year-old Swedish hacker. Egerstad set up a few Tor nodes around the world and collected vast amounts of private data in just a few months:
In time, Egerstad gained access to 1000 high-value email accounts. He would later post 100 sets of sensitive email logins and passwords on the internet for criminals, spies or just curious teenagers to use to snoop on inter-governmental, NGO and high-value corporate email.
The question on everybody’s lips was: how did he do it? The answer came more than a week later and was somewhat anti-climactic. The 22-year-old Swedish security consultant had merely installed free, open-source software – called Tor – on five computers in data centres around the globe and monitored it. Ironically, Tor is designed to prevent intelligence agencies, corporations and computer hackers from determining the virtual – and physical – location of the people who use it.
People think they’re protected just because they use Tor. Not only do they think it’s encrypted, but they also think ‘no one can find me’.
Commenting on this case, security consultant Sam Stover emphasized the risks of someone snooping traffic through Tor nodes:
Domestic, or international . . . if you want to do intelligence gathering, there’s definitely data to be had there. (When using Tor) you have no idea if some guy in China is watching all your traffic, or some guy in Germany, or a guy in Illinois. You don’t know.
In fact, that is exactly how Wikileaks got started. The founders simply setup Tor nodes to siphon off more than a million private documents. According to Wired:
WikiLeaks, the controversial whistleblowing site that exposes secrets of governments and corporations, bootstrapped itself with a cache of documents obtained through an internet eavesdropping operation by one of its activists, according to a new profile of the organization’s founder.
The activist siphoned more than a million documents as they traveled across the internet through Tor, also known as “The Onion Router,” a sophisticated privacy tool that lets users navigate and send documents through the internet anonymously.
Who else is using Tor nodes for bulk data collection?
Egerstad also suggests Tor nodes may be controlled by powerful agencies (governments) with vast resources:
In addition to hackers using Tor to hide their origins, it’s plausible that intelligence services had set up rogue exit nodes to sniff data from the Tor network.
“If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they’re using lots of bandwidth, they’re heavy-duty servers and so on,” Egerstad says. “Who would pay for this and be anonymous?”
Back in 2014, government agencies seized a number of different Tor relays in what is known as “Operation Onymous”. From the Tor Project blog:
Over the last few days, we received and read reports saying that several Tor relays were seized by government officials. We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used. Specifically, there are reports that three systems of Torservers.net disappeared and there is another report by an independent relay operator.
Commenting on this case, ARS Technica noted:
On July 4, the Tor Project identified a group of Tor relays that were actively trying to break the anonymity of users by making changes to the Tor protocol headers associated with their traffic over the network.
The rogue relays were set up on January 30, 2014—just two weeks after Blake Benthall allegedly announced he had taken control of Silk Road 2.0 and shortly after the Homeland Security undercover officer who infiltrated Silk Road 2.0 began getting paid to be a site administrator. The relays not only could have de-anonymized some users, but they also “probably tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service,” Tor project leader Roger Dingledine wrote in a July 30 blog post.
No quality control!
The fundamental issue here is there is no real quality control mechanism for vetting Tor relay operators. Not only is there no authentication mechanism for setting up relays, but the operators themselves can also remain anonymous.
Assuming that Tor nodes are indeed data collection tools, as many have suggested, it would also be safe to assume that many different governments are involved in data collection, such as the Chinese, Russian, and US governments. This actually makes it less likely that you have the same entity controlling all three nodes in the Tor circuit.
6. Malicious Tor nodes do exist
If government-controlled Tor nodes weren’t bad enough, you also have to consider malicious Tor nodes.
In 2016 a group of researchers presented a paper titled “HOnions: Towards Detection and Identification of Misbehaving Tor HSDirs“, which described how they identified 110 malicious Tor relays:
Over the last decade privacy infrastructures such as Tor proved to be very successful and widely used. However, Tor remains a practical system with a variety of limitations and open to abuse. Tor’s security and anonymity is based on the assumption that the large majority of the its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of Hidden Services Directories (HSDirs). In this work we intro- duce, the concept of honey onions (HOnions), a framework to detect and identify misbehaving and snooping HSDirs. After the deployment of our system and based on our ex- perimental results during the period of 72 days, we detect and identify at least 110 such snooping relays. Furthermore, we reveal that more than half of them were hosted on cloud infrastructure and delayed the use of the learned information to prevent easy traceback.
The malicious HSDirs identified by the team were mostly located in the United States, Germany, France, United Kingdom and the Netherlands.
Just a few months after the HSDir issue broke, a different researcher identified a malicious Tor node injecting malware into file downloads.
According to ITProPortal:
Authorities are advising all users of the Tor network to check their computers for malware after it emerged that a Russian hacker has been using the network to spread a powerful virus. The malware is spread by a compromised node in the Tor network.
…It has emerged that one of these exit nodes had been modified to alter any program downloaded over the network. This allowed the attacker to put his own executable code in such programs, and potentially take control of victims’ computers.
Due to the altered node, any Windows executable downloaded over the network was wrapped in malware, and worryingly even files downloaded over Windows Update were affected.
Use at your own risk.
7. No “expectation of privacy” when using Tor
Another interesting case highlighting the flaws of Tor comes form 2016 when the FBI was able to infiltrate Tor to bust a pedophile group.
According to Tech Times:
The U.S. Federal Bureau of Investigation (FBI) can still spy on users who use the Tor browser to remain anonymous on the web.
Senior U.S. District Court Judge Henry Coke Morgan, Jr. has ruled that the FBI does not need a warrant to hack into a U.S. citizen’s computer system. The ruling by the district judge relates to FBI sting called Operation Pacifier, which targeted a child pornography site called PlayPen on the Dark web.
The accused used Tor to access these websites. The federal agency, with the help of hacking tools on computers in Greece, Denmark, Chile and the U.S., was able to catch 1,500 pedophiles during the operation.
While it’s great to see these types of criminals getting shut down, this case also highlights the severe vulnerabilities of Tor as a privacy tool that can be trusted by journalists, political dissidents, whistleblowers, etc.
The judge in this case officially ruled that Tor users lack “a reasonable expectation of privacy” in hiding their IP address and identity. This essentially opens the door to any US government agency being able to spy on Tor users, without obtaining a warrant or going through any legal channels.
This, of course, is a serious concern when you consider that journalists, activists, and whistleblowers are encouraged to use Tor to hide from government agencies and mass surveillance.
8. IP address leaks when using Tor
Another recurring problem with Tor is IP address leaks – a serious issue that will de-anonymize Tor users, even if the leak is brief.
In November 2017 a major flaw was discovered that exposed the real IP address of Tor users if they clicked on a local file-based address, such as file://., rather than http:// or https://.
This issue illustrates a larger problem with Tor: it only encrypts traffic through the Tor browser, thereby leaving all other (non-Tor browser) traffic exposed. This is in stark contrast to a good VPN (virtual private network), which will encrypt all internet traffic on your computer or device.
This design leaves Tor users vulnerable to leaks which will expose their identity in many different situations:
- Tor offers no protection when torrenting and will leak the user’s IP address with torrent clients. (Never use Tor for torrenting; use a VPN for torrenting instead.)
- Tor may leak IP addresses when accessing files, such as PDFs or other documents, which will likely bypass proxy settings.
- Windows users are also vulnerable to different types of leaks that will expose the user’s real IP address.
It’s important to note, however, that oftentimes de-anonymization is due to user error or misconfiguration. Therefore blame does not lie with Tor itself, but rather with people not using Tor correctly.
Dan Eggerstad emphasized this issue as well when he stated:
People think they’re protected just because they use Tor. Not only do they think it’s encrypted, but they also think ‘no one can find me’. But if you’ve configured your computer wrong, which probably more than 50 per cent of the people using Tor have, you can still find the person (on) the other side.
Once again, non-technical users would be better off using a good VPN service that provides system-wide traffic encryption and an effective kill switch to block all traffic if the VPN connection drops.
Important note: Tor gives specific instructions to help Tor users avoid de-anonymization due to “operator error”:
- Use Tor Browser
- Don’t torrent over Tor
- Don’t enable or install browser plugins
- Use HTTPS versions of websites
- Don’t open documents downloaded through Tor while online
- Use bridges and/or find company
I would also recommend not using Tor on Windows, for privacy reasons (use Linux instead).
See their website for additional tips.
Now that we have covered some different facts about the history, funding, and government connections of Tor, we will examine a few other important questions.
Does Tor effectively work?
Perhaps the million-dollar question we should all be asking is, Does Tor work?
Once again, the answer is not clear-cut and opinions are sure to be divergent, depending on who you ask. Regardless of where you fall on that answer, there are numerous cases which suggest that Tor may not be working as well as most Tor users expect…
In 2013 the Washington Post broke an article citing reports that the NSA had figured out how to de-anonymize Tor users on a “wide scale”. From the Washington Post:
Since 2006, according to a 49-page research paper titled simply “Tor,” the agency has worked on several methods that, if successful, would allow the NSA to uncloak anonymous traffic on a “wide scale” — effectively by watching communications as they enter and exit the Tor system, rather than trying to follow them inside. One type of attack, for example, would identify users by minute differences in the clock times on their computers.
Of course, this would render Tor essentially useless to all those who use it to hide from mass government surveillance. And keep in mind this leaked report was from 2006. Surely, the NSA’s power and capability has only grown in the the past 13 years.
There are also various reports of government agencies cooperating with researchers to “break” or somehow exploit Tor to de-anonymize users:
Then in July, a much anticipated talk at the Black Hat hacking conference was abruptly canceled. Alexander Volynkin and Michael McCord, academics from Carnegie Mellon University (CMU), promised to reveal how a $3,000 piece of kit could unmask the IP addresses of Tor hidden services as well as their users.
Its description bore a startling resemblance to the attack the Tor Project had documented earlier that month. Volynkin and McCord’s method would deanonymize Tor users through the use of recently disclosed vulnerabilities and a “handful of powerful servers.” On top of this, the pair claimed they had tested attacks in the wild.
ARS Technica also discussed this case in February 2016 where they noted:
A federal judge in Washington has now confirmed what has been strongly suspected: that Carnegie Mellon University (CMU) researchers at its Software Engineering Institute were hired by the federal government to do research into breaking Tor in 2014.
These cases raise questions as to how much trust people should put into Tor as a tool for achieving online anonymity.
Tor user errors and bad OPSEC
There are many cases of Tor users getting busted or de-anonymized, but the most common reason for this is user error and/or bad OPSEC. Once again, this has nothing to do with Tor, but rather, Tor users falling short.
One example of this was the Harvard student, Eldo Kim, who decided to email a bomb threat in order to get out of a final exam. Of course, he didn’t stop to consider that using Tor on the university network would make him stand out from the crowd (all Tor nodes are public!). When authorities then linked the IP address embedded in the email header to a Tor node, with Kim being the lone Tor user at the same time, it was case closed.
There are many other examples of user errors, bad OPSEC, and general stupidity de-anonymizing various Tor users. Tor will not protect you against these pitfalls.
(Note: VPN traffic can be obfuscated (hidden) using various means, even where countries, schools, or work networks are actively trying to block VPNs.)
Tor vs VPN
For most people seeking online privacy and security, a VPN is the go-to solution.
A VPN will encrypt all traffic between your device (computer, tablet, router, smartphone etc.) and a VPN server. This makes traffic (your online activities) unreadable to third parties, such as your internet provider, hackers, and any other snoopers.
Most VPNs have servers all over the world, particularly larger providers, such as ExpressVPN and NordVPN. And unlike with Tor, when you use a VPN, you can manually select the server you want and the geographic location you’d like to appear in.
Generally speaking, a good VPN service offers the following advantages:
- Much better performance than Tor. I can routinely max out my internet provider connection speed at 100 Mbps with good VPN services. Reliability and connection stability is also great with top-tier VPNs. With Tor, on the other hand, my speed is much slower at around 1-3 Mbps (generally too slow to stream a Youtube video without interruptions).
- System-wide encryption. As mentioned above, a good VPN will encrypt internet traffic on your entire operating system, while Tor is limited to only the Tor browser, which can expose users to leaks. This makes a big difference in a number of different use cases, with VPN users benefiting from a broader level of protection.
- More versatility. A VPN is also very versatile and can be combined with different features, such as ad blocking VPNs, multi-hop VPNs, as well as obfuscation methods to defeat censorship and restricted networks (explained also in the VPN for China guide).
- Supported on many devices and operating systems. Tor is very limited – mainly restricted to computers with a stable connection running the Tor browser. VPNs, in contrast, are very versatile and can be natively used on many operating systems without any apps. Additionally, most VPN providers offer a wide range of custom applications for all major operating systems and devices. Finally, there are also free and open-source VPN apps available as well, such as Tunnelblick, that can be used with different VPN services.
- More trust. Trust is very subjective and there are certainly untrustworthy VPNs that are insecure and malicious. But among the top-tier VPNs operating in secure overseas jurisdictions, I would argue they engender more trust than a project with deep ties to the US government and military – but that’s just my opinion and others may disagree.
- Many users. VPNs are becoming mainstream with many people who use them for torrenting, accessing geo-restricted content, streaming videos, or just browsing the web with more privacy and security. Having a large group of users on the network provides many benefits for anonymity as your traffic is getting mixed in with many others (you blend in with the crowd). Note: this is the main reason I recommend against setting up your own VPN on a VPS (virtual private server), which only you will use.
Disclaimer: While I personally believe VPNs are a better choice for most users than Tor, VPNs themselves are certainly no stranger to controversy. I have covered many of these issues on the blog, including VPNs that were caught lying about logs (PureVPN and IPVanish), malicious and invasive free VPNs, and other VPN scams. Once again, choose your VPN carefully.
One benefit of Tor is that traffic is always routed over three different nodes before exiting to the destination. This offers geographic diversity (different jurisdictions) while also providing a high level of protection against a compromised Tor relay.
In contrast to Tor, most VPN services route traffic over a single VPN server (single hop) using very strong encryption. For the vast majority of users, this setup provides enough security, privacy, and online anonymity for most VPN use cases. If the VPN is utilizing strong encryption standards, good VPN protocols, and the VPN client is not leaking any data, this is indeed a very secure and trustworthy setup.
For those who are seeking an even higher level of anonymity, beyond a single hope setup, VPNs also provide many options.
Multi-hop VPN services for more online anonymity
Similar to the Tor network, there are also a few VPN services that will route traffic across multiple VPN servers, or “hops” in the network. When a VPN routes traffic over two or more servers, this is often called a “cascade” or multi-hop VPN setup. We’ll take a look at a few of these below.
Double-hop VPNs – With a double-hop VPN your traffic is being encrypted over two separate servers before exiting to the destination.
For example, a user in New York connects to a VPN server in Canada, which then encrypts and routes traffic to a VPN server in Sweden, before exiting to the destination on the unencrypted web.
I’ve tested three different VPNs that did well in their respective reviews and offer a selection of double-hop VPN server configurations:
- VPN.ac – $4.80 per month; based in Romania; 18 double-hop configurations (VPN.ac review)
- NordVPN – $2.99 per month (with the 75% discount); based in Panama; 16 double-hop configurations (NordVPN review)
- VPNArea – $4.92 per month; based in Bulgaria; but only two double-hop configurations currently available (VPNArea review)
Performance – With VPN.ac I was able to hit speeds over 80 Mbps using a double-hop configuration Germay >> Canada (testing from my location in Europe) on a 100 Mbps connection.
The main drawback with the double-hop VPN services listed above is that they are not self-configurable.
Self-configurable multi-hop VPNs – With self-configurable VPN services, you can build your own unique cascade by choosing the servers you want. There are two VPNs I’ve tested that offer this feature: Perfect Privacy and ZorroVPN.
Arguably the most versatile multi-hop VPN available is Perfect Privacy. It offers self-configurable multi-hop functionality in their VPN clients (Windows, Mac OS, and Linux), with up to four different servers.
Performance: Below I’m using four different servers through Europe, with OpenVPN 256-bit encryption, and was able to hit about 25 Mbps (speeds would be better with fewer servers).
Perfect Privacy also launched an interesting multi-hop feature they call NeuroRouting. This is a server-side feature that works independent of any apps. It dynamically routes all traffic across multiple hops in the VPN server network, corresponding to the physical location of the server (website) you are accessing. It works dynamically, meaning each site you visit will take a unique path with different exit servers (unique IP addresses).
Another option for self-configurable multi-hop VPNs is with ZorroVPN. Unlike with Perfect Privacy, ZorroVPN primarily uses third-party, open source VPN clients (but they are developing a custom client). Another difference is that with ZorroVPN, you need to use their OpenVPN file configuration generator, to manually create a multi-hop config, and then import this into your VPN client.
Why use a multi-hop VPN?
Perfect Privacy provides a good answer to this question in their multi-hop VPN article:
With a cascaded connection this [traffic correlation] attack becomes much more difficult because while the ISP/eavesdroper still knows the VPN entry node of the user, it does not know on which server the traffic exits. He would need to monitor all VPN servers and take a guess at which exit node the user is using. This makes it next to impossible to successfully identify users by traffic correlation.
Also it is theoretically possible that an attacker has physical access to the VPN server in the data center. In that case he can possibly execute a de-anonymization attack on the VPN user. A cascaded connection protects against this attack vector: Since the user’s traffic is encapsulated with an additional layer of encryption for each hop in the cascade, no traffic can be read or correlated with incoming traffic.
The attacker would still see outgoing encrypted traffic to another VPN server but he cannot determine whether this is a middle or exit node. To successfully intercept and decrpyt the traffic, the attacker would need to have physical access to all hops in the cascade simultaneously. This is practically impossible if the hops are in different countries.
Virtual machines and VPNs
Finally, virtual machines are also a useful tool when combined with VPNs. In this setup, you could one run VPN on your host machine and then a second VPN within a virtual machine. This would double-encapsulate your traffic (a VPN within a VPN) while also distributing trust over two different VPN providers.
Of course, you could create as virtual machines within virtual machines, depending on system resources.
This concept is sometimes called a “nested VPN chain” and it will provide the highest levels of online anonymity (but be sure to also consider using a secure browser and protecting yourself against browser/device fingerprinting). Performance can also be excellent with the setup, provided you have the system resources and your VPN services provide adequate server infrastructure with good bandwidth.
VirtualBox is free and works very well for setting up VMs on your host operating system. You can install various Linux virtual machines for free and use these for different purposes, then simply delete the VM when you no longer need it.
VPN with Tor
Lastly, you can also combine a VPN with Tor. There are generally two simple ways to use Tor with a VPN:
- Connect to a VPN server through a VPN client (app) on your operating system, then open up the Tor browser and use Tor as normal.
- Use a VPN service that has servers exiting onto the Tor network. Two good options for this are:
There are, of course, different ways to use Tor and a VPN together, but the two methods above are simple and most common.
One big advantage of using a VPN with Tor is that it further protects your identity in the event that one of the Tor nodes, or the entire Tor circuit, is compromised. This is because there will be an encrypted VPN server between you and the Tor network, adding another layer of protection. However, this setup still won’t protect you from rogue Tor relays that may be snooping your traffic (collecting data) or injecting malware into your downloads.
Final verdict on Tor: you decide
As noted at the beginning of the article, Tor is widely respected in the privacy community and it has many loyal fans.
Opinions on Tor continue to vary, and online discussions can become divisive. But at the end of the day, Tor has both advantages and disadvantages for different users.
One key factor with everything is trust. Do you trust Tor to keep you safe? Only you can decide the answer to that question.
For those who really want to use Tor, I would recommend accessing Tor through a good VPN service. This will add an additional layer of protection between you and the Tor network, but it won’t necessarily keep your data safe form rogue Tor nodes.
Choosing the right privacy tools is a very subjective process that relies on your own unique needs, uses, and threat model. When deciding whether Tor is a fit for you, be sure to consider everything and draw your own conclusions.