TOR Over VPN & VPN Over TOR: Which is Better?

Internet of Things: Security and Risk Management
January 11, 2017
Free Mobile VPNS; Are They Safe?
January 27, 2017

TOR Over VPN & VPN Over TOR: Which is Better?

TOR OVER VPN OVER TOR COMBINE.jpg

After reading our article on ‘TOR vs VPN Comparisons’, you might now be interested in learning if you could in fact combine the use of both The Onion Router (TOR) and VPN together.

The short answer is “Yes” and there are two common methods of doing so, either by:

1) TOR over VPN

tor over vpn tor through vpn tor via vpn.png

2) VPN over TOR

vpn over tor vpn through tor vpn via tor-1.png

While there exists similarities in a VPN and TOR in terms of both intending to safeguard your anonymity and security online, the two configurations can produce different outcomes depending on which setup you choose to connect by.

Let us take a look at each setup method to see which configuration would be best suited to your needs.

 

1) TOR over VPN

If you have chosen this setup, you would firstly connect to your VPN server (say, BolehVPN) which would encrypt all the Internet traffic within the VPN layer. Then, this encrypted traffic would be sent to the wide TOR network through a few TOR hops before it ends up at the final destination (the Internet).

 

PROS

  • This setup is easier to configure as it does not require any advanced technical skills.
  • Because you would firstly connect to your VPN, this hides from your Internet Service Provider (ISP) that you are using TOR.
  • The VPN you use is not able to see what encrypted data you are sending over TOR, they will only be able to see that you are connecting to TOR nodes.
  • By using a VPN IP, the TOR entry node is not able to see your real IP as it will only see the IP of your VPN server.
  • When you make TOR the last gateway before connecting to the Internet, you are still able to access TOR’s hidden services and websites (hidden websites with the .onion suffix) which would normally can only be accessed within the TOR network.
  • Arguably better in terms of overall security.

 

CONS

  • Your traffic leaving the TOR exit nodes is unencrypted and could be monitored, leaving you susceptible to malicious TOR exit nodes.
  • You could end up with a bad exit node with no Internet as TOR exit nodes are often blocked.
  • In this case, it is about who do you trust more; your VPN provider or your ISP? Because your data will rely on a secure VPN service. If your VPN provider is keeping logs, it would not make much difference as if you were just connecting to TOR through your ISP as your traffic can be simply linked back to your true IP.
  • If you are connecting firstly through your VPN before TOR for the aim of hiding your TOR traffic, this could still leave your TOR traffic exposed to your ISP in the event if your VPN connection unexpectedly drops. (That is why it is always advisable to pick a VPN with their own DNS servers and kill-switch systems!)

(Read: 7 Tips to Pick the Best Private VPN Service)

 

2) VPN over TOR

In this setup, your data would be encrypted by the VPN when entering and exiting TOR nodes before it ends up routed to the Internet.

 

PROS

  • Your VPN provider cannot see your real IP, only the one of the TOR exit node.
  • Your ISP cannot tell you are connected to a VPN, but only that you are connected towards a TOR node.
  • Bypass any blocked TOR exit nodes from websites which discriminate against known TOR exit nodes as your use of them is hidden by your VPN.
  • Reduce the fear of potential VPN logging because the IP connected to your VPN would be that of the TOR exit IP, not your real IP.
  • Enables you to choose server location which is great for geo-spoofing.
  • Arguably better in terms of overall anonymity.

 

CONS

  • Cannot access TOR’s hidden services.
  • No protection from any spying TOR exit nodes or hide the fact from your ISP that you are using TOR.
  • As using VPN via TOR means your VPN acts as a fixed end-point in the chain, it leaves you more vulnerable to global end-to-end timing attacks (End-to-end timing attacks are used to de-anonymize VPN and Tor users by correlating the time they were connected).
  • A VPN can still trace who you are through your financial records even if they were only able to identify your IP as that of the TOR exit relay. Counter this by purchasing your VPN service using anonymous cryptocurrencies such as Bitcoins, Dash, Monero, Zcoin and Zcash made anonymously over TOR.

(Read: Why You Should Pay For Your VPN in Bitcoin)

 

IS IT NECESSARY TO USE BOTH?

So is there really a need to combine the use of both TOR and a VPN if you feel you are merely a regular Joe with nothing to hide? For the average Internet user, using just a VPN alone should be enough for your daily browsing. But in a world where your data online could build your whole profile as to who you are as a person, it is certainly no harm to take the extra step in beefing up your privacy and security, and combining the use of both helps make it harder for anyone online to identify you.

 

WHICH IS BETTER?

It is hard to say which gives the better configuration to choose. Both combinations provide different effects, and a combination of both aims to patch any gaps using either tool as a standalone presents. To recap: connecting to TOR through a VPN generally offers higher security, while connecting to a VPN through TOR generally provides better anonymity. While both have their own advantages and disadvantages, if you trust your VPN provider, we personally favour using TOR through VPN as our preferred setup.

Leave a Reply

Your email address will not be published. Required fields are marked *