VPN vs. Tor

VPN vs. TOR browser

If you’re reading this, then you probably use a first-class VPN like Switcherry to guard yourself when you’re online. Consider yourself well-educated. Using a reputable VPN service can benefit your privacy and security online by encrypting your data as it’s transmitted from your computer to the websites you’re visiting. This graphic explains how that works:

Image courtesy Emsisoft
Image courtesy Emsisoft

Using a VPN can help protect you in three, concrete ways:

  • It protects your ISP from knowing where you’ve surfed. You connect to the web via your Internet Service Provider (or “ISP”). Because of that, they can log which sites you’ve visited. Then, that information can be sold for advertising purposes and — even worse — provided to courts, police, and other national security agencies for certain legal purposes. I say: “No, thank you”. Using a VPN prevents your ISP from having access to this information.
  • It allows you to bypass your ISP’s efforts to prioritize certain content. Some ISPs play favorites. T-Mobile has slowed down Internet speeds for users who wish to stream video. Comcast did the same to Netflix until the company paid them extra money to end the practice. Avoid this nonsense by using a VPN like Switcherry. Doing so means that your ISP can’t see which websites you’re visiting and, therefore, can’t determine if you’ve chosen to visit a particular website that they don’t like.
  • It allows you to bypass the blocks that an ISP or a country uses to stop access to certain websites. Citizens who live in repressive countries might not have open access to subjects like a free press, women’s rights, LGBTQIA rights, or even pornography. Using a VPN like Switcherry can often allow you to bypass these restrictions and surf more comfortably to any website that you might choose for yourself as a free-thinking human.

Reputable VPN services like Switcherry are inexpensive, easy to use, and deliver a powerful tool to help guard your privacy. However, for those who need the strongest privacy possible, there’s another tool you should consider using.

Introducing Tor… Again

Most of us browse the Internet with popular web browsers like Firefox, Chrome, or Safari. A few privacy-minded citizens might use browsers like Brave because of how well it blocks trackers and ads. But one technology — known for almost 20 years, now — is considered the gold standard in helping users protect their privacy: it’s called “Tor”.

Tor stands atop the heap because it’s not only a web browser, but it’s also an entire network. #MindBlown

Back in 2002, the non-profit Tor Project created both its unique network and a web browser designed to surf the Internet via that network. Look no further than Tor’s name for a clue as to why it’s so powerful: Tor is an acronym for “The Onion Router”. The example of an onion is understandable because, just like an actual onion, Tor has many layers. In this case, its layers are made up of computer relays and encryption schemes.

Tor works cleverly: rather than connecting you directly to a website you’d like to visit, Tor relays your request over three different, randomly chosen servers on its network before it allows you to view your final destination. The connection between each relay is encrypted.

Graphic, courtesy of GData
Graphic, courtesy of GData

Its design makes it nearly impossible to trace anyone using it. It’s so good at providing anonymity that The Guardian UK revealed in a fascinating article that the National Security Agency (NSA) has tried and failed at breaking Tor’s anonymity. While the agency claims they “can de-anonymize a very small fraction of Tor users,” they “will never be able to de-anonymize all Tor users all the time” and that they’ve had “no success de-anonymizing a user in response” to a specific request.

No wonder, then, that Tor has the support of the most famous of all whistleblowers: Edward Snowden. Snowden famously used Tor to help him communicate when he was releasing his trove of information to The Guardian.

Perhaps the reason for Tor’s strength is that it was funded by the US Military and Federal government. You read that right! According to its Wikipedia page, “The bulk of the funding for Tor’s development has come from the federal government of the United States, initially through the Office of Naval Research and DARPA.”

However, Tor’s greatest asset is also its greatest liability: surfing the web via Tor is safer, but slower. Tor’s three relays simply take more time to route your data when surfing. However, we think that’s a worthwhile trade-off for those of you — whistleblowers, political dissidents, journalists, those living under repressive regimes, etc. — who require privacy or anonymity on the web for matters of life and death.

Additionally, it’s worth remembering that — just like any technology — Tor isn’t perfect.
In 2007, a Swedish computer security expert (also called a “White Hat Hacker”) set up five Tor exit nodes in various locations around the globe as an experiment and then used them to steal usernames and passwords for various, private and important email accounts. He posted his research online to share how easy it was to hack even the notoriously secure Tor network.

What his experiment also made obvious was that people aren’t using Tor the right way.

When using Tor, we must only surf to websites protected with SSL encryption, those that start with the prefix “https”. Additionally, we must also use some kind of encryption software to protect all emails and instant messages we send. Otherwise, our messages are sent in unencrypted clear text allowing them to be easily read by malicious hackers or government agencies who set up Tor exit nodes.

Should You Use Tor or VPN

The Argument for Using a VPN:

  • For most people, using a reputable VPN service like Switcherry is enough to help secure your IP while web surfing and protect your anonymity from your ISP. It’s also a far faster option when compared to the alternatives. Even better, at $5–10/month, it’s a relatively inexpensive way to provide yourself with an added layer of security and privacy.
  • But remember: you’re placing tremendous trust in your VPN provider. Find out, in advance, if that trust has been earned. Do they keep logs on your account? If so, which ones? In what country are they headquartered? What are the laws in that country that govern your data? Does that country have an agreement with the US or the UK to share information and if so, what is your VPN legally required to hand over?
  • Find and use a VPN provider that has an established track record of protecting users privacy.

The Argument for Using Tor:

  • For those that require extreme anonymity, Tor is one of the best options available. It’s not only free and easy-to-use, but the NSA has claimed that it cannot find and de-anonymize any one, specific user.
  • But remember: Tor is much slower than a traditional browser which means that it isn’t a good solution for streaming hi-def videos. And, as the Swedish security expert proved, Tor is only as good as protecting your anonymity as you are. Tor won’t protect your privacy if you’re using it to post on social media pages or send unencrypted email.
  • If you need to use Tor as a matter of life, death, or safety — and some folks do — then you’ll also need to change your online habits as well.

The Argument for Using BOTH:

Some people suggest combining both Tor and VPN at the same time in order to provide an extra layer of privacy. Others do not for specific security reasons. Let’s explore the two combinations…

  1. The VPN+Tor strategy suggests that users should first connect to their trusted VPN provider and then connect to Tor. The argument here is that this hides your IP address from the first Tor Node. Tor has a wiki guide on the details of this set up here.
  2. The Tor+VPN strategy suggests that users should first connect to Tor and then connect to their trusted VPN provider. The argument here is that doing so hides your IP address and encrypts your data as it leaves the last Tor Node, also called an “exit node”. Tor has a wiki guide on this setup here.

Wanting to doubly-secure yourself is understandable, especially since Tor isn’t foolproof. But, there are problems with both of these approaches.

The VPN+Tor strategy isn’t needed because the connection from your computer to the first Tor node is already encrypted as Tor makes clear.

The Tor+VPN strategy would certainly encrypt your data as it leaves Tor’s exit node but… that encryption comes at a steep cost. That behavior, if observed by malicious hackers or government agencies, points them to a single entity: your VPN provider. And if that company logs your usage, home IP, payments, or other crucial data, then the anonymity you’ve worked so hard to achieve is broken.

The Tor network and browser is privacy by design. Use VPN software to continue hiding your browsing habits from your ISP. But when it’s time to use Tor for more serious anonymity, please use it on its own and not in combination with a VPN. Instead, make sure that you’re using an encrypted messaging solution, like ProtonMail, that works nicely with Tor.

Until next time, keep it safe!

Author: Nicolas Cuts

Product Managers at SwitcherryVPN. Have 5 years background in management and marketing. I never stop learning!

Leave a Reply

Your email address will not be published. Required fields are marked *