More and more people are thinking and talking about online privacy. Tor and VPNs are two of the most powerful online privacy tools available today. In some ways they are very much alike. But they also have some key differences that make them useful in different situations.
In this article we’ll take a look at using Tor versus using a VPN. We’ll first look at how each one works, which will allow us to see their relative strengths and weaknesses. Then, we’ll discuss specific use cases to determine when you would want to use one or the other. Click on the icons below to navigate to each section, or read on for an in-depth breakdown of these two tools.
VPNs: An Overview
What is a VPN?
A Virtual Private Network, or VPN, is a technology that protects your privacy when you use the Internet by routing your connection through a server that hides your IP address and encrypts your online communication.
How do VPNs Work?
A VPN consists of a network of servers, typically located in multiple countries around the world. When you use a VPN, information sent from your computer passes through one of the VPN provider’s servers before going to its online destination, such as your online banking account. Similarly, information sent to your computer from outside your network passes through the VPN server before reaching your device.
As a result, you’re able to send and receive data without giving up your online location. The online destination will only see traffic coming from the VPN server, not your device or true location. Additionally, messages sent from the server are encrypted, blocking unwanted access from third parties.
Using a VPN to protect your privacy has some big advantages over using an unprotected connection.
Full message encryption
VPNs encrypt all messages passing between their servers and your computer. This prevents anyone (such as your ISP) from spying on your connection and intercepting your data. This is especially important in countries with high levels of censorship, or when you’re sending particularly sensitive data.
Although your Internet traffic passes through the VPN’s encryption software and servers can slightly slow down your internet connection, it’s only by a small amount. For everyday use, you probably won’t notice the difference.
Easy to install and use
While the technology that makes a VPN work is complicated, most of them are easy to install and use. With just a few clicks, an installation wizard will install and configure the software. The wizard can set the VPN to start automatically when you start your computer so you are always protected.
Compatible with most devices
The top VPN services provide software that works on most popular devices. Computers with Windows or Mac or Linux operating systems? Check. Smartphones running Android or iOS? Check. Some services even provide software that can run on your home router or set-top box.
Using a VPN can provide good security against most kinds of surveillance. However, there are ways that your privacy can be compromised when you use a VPN.
VPN software failures
For VPN service to protect you, the VPN software on your computer must be working properly. If the software crashes for some reason, messages to and from your computer could travel unencrypted and outside of the VPN network. This would leave them vulnerable to your ISP or anyone else who wanted to spy on them.
To protect against this problem, many VPNs include a kill switch in their software. A kill switch is set up so that if the VPN software fails for any reason your computer is disconnected from the Internet. While losing Internet access isn’t great, it is better than using the security the VPN gives you.
Varied logging policies
While using a VPN provides security against outsiders, you have to trust the VPN provider. As you’re using their software and their servers, the provider knows a lot about what you do online and where you go.
Most VPN services keep various types of logs of the activity of their users. Sometimes the services keep these logs for their own use, and sometimes they are forced to keep these logs by their government. These logs include:
- Usage logs: Records of where you go and what you do online when you use the VPN. Some VPNs keep detailed logs of each user’s activities, while others aggregate the usage information in a way that makes it difficult or impossible to identify individual users.
- Connection logs: Records of information such as when you log onto the VPN, the IP address of your computer, your username, and similar data. Not as bad as usage logs, but still a lot of information that could be used against you.
Which logs a service keeps and how long they keep them determines how much of a risk this is to you. One VPN provider might delete this information immediately. Another might log this information for maintenance and support purposes, then delete it once you disconnect. Still other VPNs are required by law to keep this information for days, weeks or even months.
Some VPN services advertise that they keep no logs, which provides the maximum level of security for you. However, you have to be cautious with the provider you choose; some VPNs claim to be “no log,” but actually keep detailed connection logs.
If a log exists, there’s the potential that an agency could use that information against you, and there there are limits to what a VPN can do to protect you. No matter how pro-privacy a VPN service might be, if a government agent with a subpoena demand their logs, they are under obligation to surrender them.
Potential for weak encryption
For the communication between your computer and the VPN server to be safe, the encryption used by the VPN service must be unbreakable. This is true of the best VPNs, which use the military grade encryption 256BIT Advanced Encryption Standard (AES). However, some lower tier VPNs use weaker encryption algorithms like PPTP and Blowfish, so you’ll want to look carefully at the encryption each VPN uses when choosing a provider.
For the ultimate in protection, you need some way to make yourself anonymous. That’s why they created Tor.
Tor: An Overview
What is Tor?
At first glance, the Tor network is similar to a VPN. Messages to and from your computer pass through the Tor network rather than connecting directly to resources on the Internet. But where VPNs provide privacy, Tor provides anonymity.
A VPN service can keep outsiders from seeing where you go and what you do on the Internet, but there are ways to defeat the privacy they give you. By its nature, a VPN service has access to information about you. You have to trust them to protect that information.
When you use the Tor network you don’t have to trust anyone. The design of Tor makes you virtually anonymous when you go online. While no system is 100 percent foolproof, it would be exceedingly difficult for anyone to identify you when you use the Tor network.
Is Tor a VPN?
Since both Tor and VPNs perform similar functions, you might wonder, “Is Tor really just a specific type of VPN?” The answer is, “No.” Here’s why:
A VPN is a network of servers that protects your privacy by encrypting your messages and hiding your IP address. Your VPN provider controls both the VPN software on your computer, and the servers in their network. You have to trust your VPN service to protect your privacy when you use their network.
Tor is a network of servers that you communicate with anonymously. No one organization controls both the Tor software on your computer and the individual servers in the network. You don’t need to trust anyone to use Tor safely. As much as anything else, the fact that you don’t need to trust anyone when you use Tor is what makes it distinct from a VPN.
How Does Tor Work?
The Tor network is designed so that no server can know both who you are and what you do. The network consists of thousands of independent servers run by volunteers around the world. Here’s what happens when your computer wants to send a message using the Tor network:
- Software on your computer (either the Tor browser or another Tor-enabled program) selects three Tor servers at random. The software then builds a path between those three servers.
- The process starts with the server that will connect to the public Internet (called the Exit Node). The Tor software on your computer encrypts the message in a way that only the Exit Node can decrypt.
- The software then repeats this process with the server in the middle. Now the message is encrypted twice.
- The software does the same with the server that will first receive the message from your computer (called the Guard Node). Now the message is encrypted three times.
- Once the message is encrypted, the Tor software on your computer sends the encrypted message to the Guard Node. This server removes the outermost layer of encryption. The Guard Node cannot read the original message because there are still two layers of encryption. However, the software includes the address of the next server in the path when it encrypts the message.
- The Guard Node sends the message to the server in the middle of the path. This server removes the second layer of encryption. Like the first computer it still can’t read the message because there is one more layer of encryption. But removing this layer of encryption tells it the address of the Exit Node.
- The middle server sends the message to the Exit Node. The Exit Node removes the final layer of encryption. This means the Exit Node can see your original message. However, because the message was relayed through the other servers in the path, the Exit Node doesn’t know who sent the message.
This is key to understanding Tor so let’s look at what each server in the path knows.
- The Guard Node can see the IP address of your computer. But it doesn’t know what the message says because of the additional layers of encryption. So all the Guard Node knows is that your computer sent a message using Tor and that it needs to forward that message to the middle server.
- The middle server knows the message came from the Guard Node and that it has to forward the message to the Exit Node. It can’t read the message because there is one layer of encryption left. The middle server doesn’t know who sent the message to the Guard Node because that information isn’t passed through the Tor network.
- The Exit Node knows what the message says because it has to peel off the final layer of encryption before the message can go out to the public Internet. But it doesn’t know where the message came from originally. All it knows is that the middle server forwarded the message.
No one server knows or can know both where the message came from and what it says. This is how Tor provides anonymity.
Tor Onion Routing vs. VPN Encryption
The way messages are routed within their networks is another key difference between VPNs and Tor.
When you send a message with a VPN, the message gets encrypted on your computer and sent to a specific server in the VPN network. There, it is decrypted and forwarded to the final destination. Messages coming to your computer get sent to the VPN server. There they are encrypted and sent to your computer. The VPN software on your computer decrypts the message. Once you establish a VPN connection, you continue to use the same server for the duration.
Tor uses Onion Routing, a more complex approach. Onion Routing requires the message to pass through at least three, randomly-selected Tor servers before it gets sent to its final destination. Before the message leaves your computer, the Tor software encrypts the message multiple times. The effect is to give the message layers of encryption that must be peeled, similar to layers of an onion.
As the message passes through the network, each server decrypts one of the layers. When the final server in the path peels away the final layer of encryption, it exposes your original message, and forwards it to its destination outside the Tor network.
As a result of the encryption and the way Tor servers pass messages between each other, none of the three servers can know both who sent the message, and what the message says. This makes you anonymous within the network. To further protect against bad actors trying to hack the network, the Tor software in your computer chooses new server to use approximately every 10 minutes.
Using Tor to connect to the Internet offers several advantages over an unprotected connection.
Difficult to shut down
Because it is made up of thousands of servers scattered around the world, Tor is very difficult to shut down. The network is distributed, not centralized. That means there is no headquarters, corporate office or main server to attack.
Most Tor servers are run by volunteer privacy advocates. To shut down Tor, you would have to go after each individual server in the network. This makes trying to shut down Tor about as practical as stopping P2P music transfers or shutting down Bitcoin.
Nearly complete anonymity
There are ways Tor can be attacked, but the people of the Tor Project are constantly working to make Tor safer. While no person or network can guarantee you 100 percent anonymity, Tor provides you much more online anonymity than even the best VPN.
While Tor is a great system for using the Internet anonymously, it isn’t a perfect solution. Here are some disadvantages to using Tor.
Messages in the Tor network go through three (or more) widely-dispersed servers and get encrypted and decrypted at least three times. As a result, the Tor network is very slow. Using it to stream videos or for peer-to-peer file sharing would be very difficult.
Run by volunteers
Because the Tor network is run by volunteers, there’s no built-in source of money to pay for maintaining and upgrading the network. Some servers in the network are old and slow, or have bad Internet connections. Additionally, there is always the risk that the volunteers running the network aren’t trustworthy.
Low device compatibility
The Guardian Project maintains Tor on Android devices. Currently, the Tor Browser is not available for iOS, meaning you can’t use it on your iPhone or iPad.
Tor vs. VPN: Which Should You Choose?
Now that you know how Tor and VPNs work, you can determine which makes the most sense for you. Check out the chart below for a quick overview of how Tor and VPNs stack up against each other, or read on for an in-depth explanation regarding when to chose each technology.
When Should You Choose a VPN over Tor?
A VPN is a great option for users who engage in online activities that could put their personal or sensitive information at risk, including:
- Checking an online bank account
- Shopping online
- Connecting to public Wi-Fi
- Traveling to countries with high censorship
- Accessing blocked websites
Any time you send information over the Internet, there is a chance that someone will intercept it. If you send any sensitive information over the internet, such as your login information to your online bank account or your credit card number, you should use a VPN to ensure it’s protected.
This is especially important if you use public Wi-Fi services. While these services are commonly used in places like coffee shops, hotels or airports, they’re notoriously insecure and the equipment to hack into them is both cheap and easily available. VPNs are also efficient ways of protecting privacy if you travel internationally, live in a country with high censorship or torrent.
Additionally, there are several benefits of choosing a VPN, including:
- Speed: VPNs are generally faster than Tor since messages pass through only one VPN server instead of 3 Tor nodes.
- Compatibility with all devices: VPNs work with a wider range of devices than Tor. In particular, as of today, Tor does not work with Apple’s iOS. If you use an iPhone or iPad, Tor is not an option.
- P2P file sharing: VPNs are better suited for P2P file sharing or watching videos.
- All online connections protected: A VPN will protect all your Internet connections; Tor only protects those designed to use the Tor network.
- Price: Several VPNs are free; the ones with a small monthly fee are very affordable.
- Easy to set up and use: VPNs are extremely easy to set up; all you have to do is download the software onto your computer and run it whenever you need to be protected.
- Access to support team: Because VPN providers are major companies, they have helpful FAQ pages, as well as support teams should you run into any problems.
When Should You Choose Tor over a VPN?
You’ve seen the kinds of situations where you should use a VPN and may be wondering, “Why would I ever use Tor?” The truth is, most people don’t need Tor at all. A VPN is sufficient for the vast majority of situations. So, when should you use Tor?
Tor is the tool to use when the stakes are high. Maybe you are a journalist reporting on some government atrocity. Or activist organizing a protest in some repressive country.
In these cases, your liberty and your life could be at risk. A third party may be able to lean on a VPN service to get information about you. But only a few organizations in the world have the power to even attempt to track you down through Tor.
Additionally, there are a several benefits of choosing Tor, including:
- Complete anonymity: Tor makes it impossible for third parties to trace your online activity. While this is nearly true for VPNs, it isn’t always. Additionally, unlike Tor, VPNs can fail and expose your IP address.
- Price: Tor is always free to use.
- Easy to set up and use: The Tor browser is extremely easy to download and use.
Tor vs. VPN: The Verdict
Overall, VPNs and Tor are both effective ways of protecting your data and keeping yourself safe online. In the end, a VPN is the more practical solution for everyday users looking to keep themselves secure.
5 thoughts on “Tor vs. VPN: Which Should You Use?”
Where can I get a list of TOR enabled applications?
Tor (on Windows, anyway) is essentially just a Firefox browser. If you can do it in Firefox, you should be able to it in Tor. Just remember that it is a browser UI, and anything that does not go through the browser will not be protected (and it is horribly slow).
TOR doesn’t hide your IP when using P2P torrents (unless that’s changed recently). I know it’s something they war about. Many sites restrict usage from TOR servers/browsers. Try editing a Wikipedia article through TOR and see what happens.
Would not the logic of reverse engineering imply that in the same way that VPNs and VANs are done they can be undone?
A way to be more secure is by not using your main PC, but using a virual machine.
Virtual Machine + Tor = Way more secure