Tor Over VPN, or Vice Versa?

There is always the debate about which tool is better, VPN or Tor; and for a short answer: it depends.

However, I want to talk about increasing anonymity over the Internet and improving security of web traffic by using a combination of these tools. There are benefits and drawbacks of doing so, and the order makes a difference.

Tor has always been considered providing stronger anonymity than VPN; your data first arrives at the network through a random node around the world. It then makes a minimum of two hops, eventually passing through a random exit node to its last destination — no sole node will see the whole picture of your activities:

· The entry node will see your location, but not who you are communicating with.
· The exit node will see who you are communicating with, but not your location.

You are anonymous, but your activities are not 100% private.

VPN, or Virtual Private Network, encrypts internet traffic, usually only routing through one hop. They retain stability and speeds, faster than Tor, to paying consumers. The benefit of using a VPN is that your ISP is not privy to your internet browsing habits, and network traffic.

You are not anonymous, but your activities are 100% private — apart from the VPNs that keep user logs and are cooperative with law enforcement.

User → VPN → Tor → Internet

To use this setup, you need to connect to your chosen VPN server, and then launch the Tor Browser. The VPN encrypted traffic would transmit to the Tor network via a couple Tor hops prior to reaching its destination. Benefiting from Tor’s anonymity and a VPN’s end-to-end encryption makes is a powerful combination for safe internet browsing.

Pros:

· Easy to setup
· Fast and stable
· VPN provider cannot see your traffic content or origin — only that you have connected to the Tor node.
· ISP cannot see that you are using Tor, only that you are using a VPN.
· Tor entry node will see your VPN IP address and not your real IP address.· Hidden Tor sites are still accessible.

Cons:

· VPN provider can still see your real IP address and provide that info to law enforcement (LE) if they are LE friendly.
· If you are sending unencrypted traffic, you are vulnerable to malicious Tor exit nodes.
· If your VPN suddenly drops, your activities risk to be exposed to your ISP.
· Without using a type of end-to-end encryption, you are placing all your trust into the exit node operator.

User → Tor →VPN →Internet

To use this setup, you connect to the Tor Browser first, and then launch your VPN; your traffic becomes encrypted after being connected to the Tor nodes.

Pros:

· Increased privacy from the VPN providers as they cannot see your real IP address.
· Your ISP can’t see that you are using a VPN, only that you are using Tor
· Ideal for anonymous purchasing via Bitcoin

Cons:

· Very slow in performance
· You can only access hidden websites
· Very few VPN providers allow this setup
· ISP providers do not favour Tor usage
· The Tor network does not approve of this setup since they believe that the VPN server can establish a profile of all of your activities and that over time that can be extremely detrimental to the user.
· Very susceptible to end-to-end timing attacks which are employed to deanonymize VPN and Tor users by associating the times they were connected to such anonymity services

When using the combination of the two tools, it becomes exceedingly difficult for LE and other adversaries to identify you. At the end of the day, the option is up to you depending on what you wish to accomplish via your internet browsing and activities.