A common question for the privacy conscious is what is TOR and how does it compare to a VPN? Also, what are the advantages of using TOR vs VPN and vice versa? First of all, TOR and VPNs aren't really direct competitors but can be seen as different solutions.
HOW DOES TOR WORK?
TOR stands for "The Onion Router" and is an anonymisation service. It does this by routing and bouncing your data through a random selection of other people all over the world who run TOR relays. These TOR relays bounce your data off other TOR relays before reaching your end destination. Each TOR relay only knows the identity of the person it receives data from and the next relay it forwards it to so it becomes very hard to track your true origin even if some of the TOR relays maliciously recorded data. In fact, even the NSA has problems deanonymizing a TOR user.
At the exit node which is the last relay in the TOR network, your data exits the TOR network which is unencrypted and is sent to the intended destination without revealing who the sender is.
HOW DOES A VPN WORK?
A VPN service, such as BolehVPN, works by routing your traffic through a specified VPN server of your choice and this connection is encrypted. It then establishes connections on your behalf and the end destination only sees the VPN server and not the original sender.
VPNs are also used by many companies to secure their internal communications, allow their workers to access their servers remotely and securely or to connect several branches in different locations together.
Although there are concerning reports that the NSA has decrypted VPNs using weak compromised protocols like PPTP and even possibly L2TP/IPSec, there is no evidence yet to suggest that the NSA has broken OpenVPN thus far which is based off very different cryptographic protocols.
PROS AND CONS OF TOR
- No one can trace your real IP
- No single provider meaning it is hard to shutdown the TOR network completely
- Extremely slow as you have to bounce through multiple relays and it is dependent on the bandwidth available on those relays
- Unsuitable for P2P
- TOR traffic is readily recognizable by ISPs and government and can 'flag' you as being suspicious. There are ways to 'disguise' this traffic through bridges but these introduce other problems as you have to trust these bridges.
- Vulnerable to malicious exit nodes which may spy on the unencrypted data flowing out of it or even modify the data out. Remember, anyone can host a TOR exit relay
PROS AND CONS OF A VPN
- Much faster since you only need to bounce through one server
- You can determine which location you want to appear from
- Suitable for P2P
- Blends in much easier with other traffic since VPNs are used not just for privacy purposes. Also can be disguised as regular HTTPS traffic.
- You need to trust the VPN provider. A VPN provider that takes logs can hand over these information to the authorities or be required to take logs. This is why US/UK jurisdiction VPNs are at higher risk since the NSA/GCHQ have targeted VPN providers there.
- Typically costs money to purchase for good services. When paying through a non anonymous method, this can tie you to VPN use as well which is why we recommend the use of VPNs that accept cryptocurrencies such as Bitcoin/Dash/Monero/Zcoin.
VPN and TOR are both technologies that can be used to protect your privacy and anonymity. At the end of the day, a VPN is more versatile but it involves a great deal of trust placed in your VPN provider. With TOR, you potentially enjoy additional anonymity since there are much more layers and participants involved but are subject to slow speeds and can only be used for low bandwidth applications. TOR usage is also more likely to flag you as doing something suspicious. It is our belief that for the average privacy conscious user, a VPN provides sufficient privacy with good usability and versatility.
However it is worth noting that these technologies can be combined together and you can use a VPN over TOR or a TOR over VPN which too has its own pros and cons. We will cover this in later posts.