- Joined
- 31.10.19
- Messages
- 653
- Reaction score
- 1,523
- Points
- 93

If you have started reading this article, you are probably not questioning why to use VPN and Tor. Each of these technologies can provide an acceptable level of privacy, at least by hiding your IP address and traffic from prying eyes. However, both VPN and Tor, despite their obvious advantages, have drawbacks that could potentially reveal your true identity.
Reasons to Use Tor and VPN Simultaneously
One fundamental issue is the centralization of most VPN solutions. Control over the VPN network lies in the hands of its owner and when using a VPN, you must fully understand the service's data disclosure and logging policies, carefully read the terms of service. For example, in 2011, the FBI arrested hacker Cody Kretsinger, who used the well-known British service HideMyAss to hack Sony. The hacker's IRC correspondence fell into the hands of federal agents, even though the service claimed in its licensing agreement that it only collects general statistics and doesn't log clients' IP addresses or their traffic. It would seem that the Tor network, as a more reliable and decentralized solution, should help avoid such situations, but there are pitfalls here as well. The problem is that anyone can run their own Tor exit node. User traffic passes through such a node in an unencrypted form, allowing the exit node owner to abuse their position and analyze the portion of traffic that passes through their controlled nodes.
These are not just theoretical considerations; in 2016, researchers from Northeastern University published a study in which they found 110 malicious exit nodes spying on users of the anonymous network in just 72 hours. It's reasonable to assume that there are actually more such nodes and given the relatively small number of nodes (about 7,000 as of June 2017), nothing prevents relevant organizations from analyzing a significant portion of Tor traffic. Additionally, there was much noise surrounding a recent exploit for the Firefox browser that the FBI used to deanonymize Tor users. Although developers are actively working to address such issues, one can never be sure that there are no vulnerabilities unknown to the general public. Despite Tor offering a higher level of anonymity than VPN, this comes at the cost of connection speed, the inability to use P2P networks (Torrent, Gnutella) and issues accessing certain internet resources, as many administrators often block the range of Tor IP addresses. The good news is that both technologies can be used together to mitigate the drawbacks of each and add an extra layer of security, although this will result in an even greater reduction in speed. It's important to understand that there are two options for combining VPN and Tor and we will detail the advantages and disadvantages of each.
Tor over VPN
In this configuration, you first connect to a VPN server and then use the Tor network over the VPN connection. The following chain occurs:
Your device -> VPN -> Tor -> Internet
This is exactly what happens when you launch the Tor browser or the secure OS Whonix (for greater security) on a system already connected to a VPN. It's clear that your external IP will belong to the Tor network range.
Advantages of Tor over VPN:
- Your provider will not know that you are using Tor (however, they will see that you are connected to a VPN), which in some situations can help avoid timing attacks (see below).
- The Tor entry node will not know your real IP address; instead, it will see the address of your VPN server. This provides an additional layer of protection (provided you are using an anonymous VPN that doesn't keep logs).
- Access to anonymous services on the Tor network (the .onion domain) is preserved.
- Your VPN provider knows your real IP address.
- There is no protection against malicious Tor exit nodes; unencrypted traffic can be intercepted and analyzed.
- Tor exit nodes are often blocked by IP.
VPN over Tor
This configuration involves first connecting to the Tor network and then using a VPN over Tor. The connection chain looks like this:
Your device -> Tor -> VPN -> Internet
Advantages of VPN over Tor:
- Since you connect to the VPN server through Tor, the VPN provider cannot know your real IP address; they only see the address of the Tor exit node. It's highly recommended to use an anonymous payment method (e.g., bitcoins routed through a mixer) and Tor to access the VPN provider's website when purchasing a VPN subscription.
- Protection against malicious Tor nodes, as the data is additionally encrypted using the VPN.
- Access to websites that block connections from Tor.
- Ability to choose the server location.
- All traffic is routed through Tor.
- The VPN service can see your traffic, although it cannot associate it with you.
- Your internet provider sees that traffic is directed towards one of the Tor nodes. This slightly increases the risk of timing attacks.
- Use the standard Tor browser. The downside of this approach is that you will need to run and keep the Tor browser constantly open while working with the VPN.
- Install the Tor Expert Bundle as a Windows service. This setup is somewhat more complex, but it allows you to have Tor running continuously on your computer without needing to launch the Tor browser before connecting to the VPN.
Setting Up VPN over Tor Using the Tor Browser:
- Launch the Tor browser, go to the settings menu (Options), then navigate to Advanced -> Network -> Settings. A proxy settings window will open. There is no particular need to change anything here. You will see that while the Tor browser is running, your computer operates as a SOCKS v5 proxy and accepts connections on port 9150.
- Next, you need to configure your VPN client to use the Tor proxy. In the case of OpenVPN, this is done in the program settings as shown in the screenshot. The same can be done in the OpenVPN configuration file by specifying the directive socks-proxy 127.0.0.1 9050.
Setting Up VPN over Tor Using the Expert Bundle:
- Download the Expert Bundle from the official download page and place it in a chosen folder. We placed it in the "tor" folder on the C:\ drive.
- Install and run Tor as a Windows service. To do this, open the command prompt with administrative rights, navigate to the folder with Tor and execute the command tor.exe --service install. You can check that Tor is running as a service in the services.msc management console.
- Next, configure the OpenVPN client to use the Tor proxy, as we did earlier.
Further Considerations for Tor and VPN
It's worth noting that nothing prevents you from expanding the configurations described above and using Tor over VPN over Tor. For example, you could run an anonymous virtual OS like Whonix on a computer with a configured VPN over Tor setup. This results in the following configuration:
Your computer -> VPN -> Tor -> VPN -> Tor -> Internet
The downside of this configuration is an even greater loss of connection speed compared to the previous setups.
Malicious Tor Exit Nodes:
When you use Tor, your traffic passes through several nodes, the last of which is called the exit node. This node processes internet traffic in an unencrypted form (the red arrow in the screenshot), unless an additional layer of encryption such as HTTPS is used. This means that any owner of an exit node can spy on the traffic of Tor users. Typically, this doesn't pose a problem, as the user's identity is hidden behind two or more additional nodes through which the traffic passes before reaching the exit node. However, if the unencrypted traffic contains personal information, it can be used to establish your identity. There have been cases where such malicious exit nodes redirected users to phishing sites, so it's always important to pay attention to the authenticity of the SSL certificate.
Timing Attacks:
This technique is used to deanonymize VPN and Tor users by correlating the timing of their connections to the network with the timing of anonymous internet activity. An example of such an attack is the case of a Harvard University student named Eldo Kim, who reported a bomb threat via Tor to avoid taking a final exam. He was uncovered because he was simultaneously using the university's network to access Tor to send the bomb message. While such an attack is difficult to execute on a global scale, it's not impossible. Given that relevant organizations may have a sufficient number of Tor exit nodes under their control, using Tor and VPN together adds an extra layer of security, which helps mitigate the risks of such attacks.
What to Choose?
VPN over Tor appears to be the more preferable option, as it allows for true anonymity, since even your VPN service doesn't know who you are (provided you use anonymous payment methods and purchase the VPN subscription through Tor). Additionally, it offers protection against malicious Tor exit nodes and since your visible IP address doesn't belong to the Tor network, you avoid issues with many websites blocking Tor IP addresses. However, it's essential to understand that for this setup to work, your VPN provider must offer genuine protection, not keep logs and be registered in a safe jurisdiction, such as Hong Kong or Switzerland. On the other hand, Tor over VPN doesn't provide protection against malicious Tor exit nodes and doesn't allow you to bypass Tor IP address blocks, but it does hide your traffic from the VPN service. This can be a good option if you don't trust your VPN provider, but then one might question the need to use their service at all.
Conclusion
Regardless of which configuration you choose, using VPN and Tor together will undoubtedly enhance your security and anonymity, allowing you to overcome the shortcomings of using each technology separately. By understanding the strengths and weaknesses of both methods, you can make an informed decision that best suits your privacy needs. Always stay vigilant and keep abreast of the latest developments in privacy technology to ensure your online activities remain secure and anonymous.
Last edited: