Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN.
When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching you. Hackers, government spies, and the websites you visit can find out your IP address, your location, the pages you visit, and even the information you send and receive over the network. But there are two easy-to-use technologies that can protect you: Tor and VPN.
This article explains what Tor is and why you might want to consider using Tor over VPN than Tor by itself.
What is Tor and how does it work?
Tor is a free software program developed by The Tor Project, a nonprofit organization based in Massachusetts. Tor allows users to anonymize their Internet traffic, making it a useful tool for journalists and human rights defenders who may be targeted online. Today a lot of people use Tor every day, from victims of domestic violence to high-profile whistleblowers and activists. Edward Snowden used a combination of Tor and PGP to communicate classified information about the NSA with The Guardian.
With Tor, you can also connect to hidden services known as onion sites, which are only accessible via the Tor network. Proton Mail, for instance, has its own onion site. These can be useful for bypassing regional censorship.
When you connect to the Tor anonymity network, your Internet connection is encrypted and bounced among multiple Tor servers operated by volunteers around the world. Unless the entire Tor network (or a significant fraction) of it is being monitored, a third party will not be able to identify the real IP address of the Tor user. Websites that you visit only see the IP address of the Tor exit node (the last node in the Tor network that your traffic passes through), and not your actual IP.
Using Tor in combination with a VPN
A VPN, or virtual private network, establishes an encrypted tunnel between your device and the VPN server, concealing your true IP address and your activities from your Internet service provider (ISP) and any hackers or spies who might be monitoring the network. (Follow these links to learn more about how VPNs work and the benefits of using one.)
There are a few advantages to using Tor in combination with VPN. Using Tor with a VPN gives you an extra layer of privacy because the VPN encryption prevents the Tor entry node (the Tor server where you enter the hidden network) from seeing your IP address. A compromised Tor entry node is one common way for an attacker to try to break Tor’s anonymity. The VPN will encrypt some Internet traffic that Tor does not support, like ICMP traffic. It also prevents your ISP from knowing you are connecting to Tor.
Additionally, using Tor over VPN gives you access to onion sites like those operated by Proton Mail, Facebook, and The New York Times, among many others.
However, there are also disadvantages of using Tor over VPN. While Proton VPN supports both TCP and UDP traffic, Tor only supports TCP. (For instructions on how to configure Proton VPN to use TCP, click here.) You must also use a VPN service you trust because the VPN server will be able to see your true IP address. VPN trust means using a reputable VPN service that does not keep logs of your activity and does not serve ads or malware. It’s also important to know what a VPN can and cannot protect against. Proton VPN is the only VPN service that provides this information in a comprehensive overview of our threat model.
Proton VPN and Tor
There are a number of ways to use Tor. For example, you can download the Tor browser, use a Tor plugin, or run a Tor operating system on your machine. Proton VPN offers a simpler way of connecting to the Tor network as a convenience for paid users. With a single click, you can gain access to onion sites and to the privacy benefits of the Tor network.
At Proton VPN, we implement Tor over VPN, meaning your Internet traffic is encrypted all the way through the Tor network, and your true IP address is never revealed to your ISP or to any Tor nodes.
To start using Proton VPN, click the signup button below (it’s free). Or if you already have a free account, consider upgrading to take advantage of our advanced security features. When you’re ready to connect to Tor via Proton VPN, you can find step-by-step instructions here.Sign Up Upgrade
The Proton VPN Team
You can follow us on social media to stay up to date on the latest Proton VPN releases:
I want to connect VPN OVER TOR SO MY VPN PROVIDER DOESN’T SEE ME. CAN IT BE DONE AND IF SO. HOW? NOT INTERESTED IN TOR OVER VPN.
Thank you ❤ 😊
Hi Billie. ProtonVPN does not support doing this.
For those that are seriously concerned about privacy I would recommend creating a tails usb and running on a laptop at your local coffee shop, if you want full anonymization this is how you would do it. With masks in full effect it makes it even easier toss on a mask toss on some sunglasses and do whatever you need to do on the deepweb.
I can’t see TOR over VPN being useful at all your generating, as the people in other comments have shown your browser will leave meta data and you’ll no longer be anonymized. The only way I may use this feature in the future is by running tor over the tor over vpn system effectively giving me two layer of tor. Or just simply running tor through one of the average vpn servers that you offer if they are compatible with it. I haven’t tried yet as Im doing my research as everybody should, but if it doesn’t allow i will be swapping to another vpn.
The official Tor documentation states that Tor over VPN Should be avoided.
And if you don’t want your ISP to know you are using Tor just use a bridge.
Hi Vicente. The full pros and cons of using Tor through VPN are officially discussed here. What this feature definitely does is offer one-click convenience.
I personally use this feature on my mobile. My threat model is not unique. Don’t forget that Orbot wanted to “Empower your android device to use the Tor network”…Without the encryption of a VPN. I don’t quite understand the argument against using such a feature, as the vast majority of us don’t have the threat model to warrant such paranoia.
The only thing I DON’T do while using these servers is use apps that contain my real info, like Uber or Doordash, or mobile banking apps. It really is that simple.
So, since I’m not very knowledgable about this stuff could you please tell me what the websites I access see, the VPN IP or the tor IP?
This is a good question. With Tor over VPN, the VPN server connects to a Tor relay (just another name for a server). Your connection then routes through two more Tor relays before it reaches the website. So all the website sees is the IP of the last (exit) Tor relay.
Hope this helps.
i already have the norton/lifelock vpn security system installed in my samsung tab and would like to know if i could also add the tor app too. or do i need to go about it in another order? can it be as simple as this: download the free tor app and install it while the norton vpn is working/on?
thanks for any reply!!!
Should I use Tor and a VPN?
By using a VPN with Tor, you’re creating essentially a permanent entry node, often with a money trail attached. This provides 0 additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required
Hi I’m a little confused because I know there is (1) Tor over VPN and (2) VPN over Tor. The first configuration means first setting up the VPN-connection and then use the Tor browser. In this configuration there is the risk of malicious Tor-nodes and/or a hacked Tor exit node. The second configuration is better because the VPN-encrypted data is send thru the Tor browser, so malicious nodes or a hacked exit node are no problem anymore. My question: does protonVPN offers (1) Tor over VPN or (2) VPN over Tor?
Tor over VPN should totally be avoided. If you use another browser routing it over Tor, its browser fingerprint will be unique and the sole purpose of Tor, anonymity is lost, you’ll be de-anonymised. And let’s say you’re using Tor over VPN in Tor browser, it’ll leave traffic metadata. NSA or FBI analyse the traffic metadata, de-anonymises you and you’re screwed. This ProtonVPN’s feature of Tor over VPN SHOULD be removed. You’re making some users (the ones who use Tor over VPN) vulnerable who don’t understand its implications.
What is the difference between Tor over VPN and VPN over Tor? Can you explain the difference between the two? Which method is the safest? Which method is faster?Thanks.
I have the paid VPN from Proton, but am wondering why we need this if TOR is the ultimate protection. Having said that, I can’t run the TOR over VPN, the link doesn’t work. Can you please address both these issues and send me the link to TOR over VPN. Thanks
Tor is preferred because of making all users look common using Tor bundle ( Tor browser with decentralyzed Tor relays). If we choose to use Tor bundle over your Tor integrated server, basically 6 Tor nodes are relayed before reaching Internet destination. Anyone willing to achieve such level of security is likely to add another 3 layer circuit by his own.
If someone doesn’t want to relay 6 nodes, and simply utilize your one-click convenience, then only benefit he gains is accessing .onion sites and not letting the destination know which VPN we’re using. However, in privacy perspective, unless we bundle with Tor browser and start circuit from end device the entire idea of ProtonVPN’s Tor integration is vague for privacy demanding user.
If I use your free VPN service along with the Tor web browser, would this be equivalent to using the paid feature of Tor over your VPN server, but without having all PC traffic routed?
I’m using protonvpn on my router and tor on my browser. It works fine on the internet but cant access any .onions sites.
Hello, I was wondering if there was a way if I could run my connecting through TOR without running it through a VPN service first or using the TOR Browser. But you’re probably the best VPN Option out there with NordVPN being a Data Mining company that DOES Log your traffic.
I have 2 queries.
1) The tor circuit and identity used after exiting PVPN server, do they change? Because in Tor browser, there is option to change Tor circuit and identity. If same Tor circuit and identity is used after my connection exits PVPN server, it’s not good right?
2) The PVPN servers that are coupled with Tor, do they belong to secure cores which has comparabilities to defend network based attacks?
1) You always get assigned a random Tor IP address as the exit node.
2) TOR servers do not belong to Secure Core ones, but it does not mean that they are not as secure.
Came here from /r/TOR, now I have an urge to say this thing is bullshit. Tor is safe without VPN, and chaining a VPN either before or after Tor increases the risk of your IP being exposed significantly. Can’t you stop spreading misinformation already?
Hello! There is always room for discussion, it would be great if you could elaborate on the risk – maybe we can provide more information on this topic.
Does it matter which VPN you use for Tor? Can you use a normal Secure Core connection for example and then run the Tor browser, or is it strongly recommended to connect to one of the Tor-specific VPN’s and then run the browser?
Tor over VPN servers eliminates the need for using a Tor browser, but you certainly can use a Tor browser along with a VPN connection if it’s more convenient for you.
If you are browsing the web and using “Tor over VPN”, and then connecting to Tor, is it recommended that you avoid accessing any online services, such as email or web forums? The reason I ask is as I understand it any Tor exit node can be compromised, and Tor draws alot of attention from state security apparatus. Am I right in thinking if you are logging in to a service through Tor, you login details could be compromised?
It actually depends on whether the sites/services use https or not. If https is used, your data is secure towards the destination regardless of exit node being compromised. https is the last line of defense. You must prefer https over http.
That’s a good question, and I wonder why there is no answer. This would definitely compromise your privacy. The exit node will be able to make a link between your public identity and the site you are connecting to. Which brings us to another question. In Windows there are many automatism running in the background, like the mail client checking for new mail, etc. Since all the traffic is routed through TOR, this can be visible to the exit node as well, which is why I think it is not recommended to run TOR through windows, better run it as a stand alone with a Tails USB.
What about browser fingerprinting? It seems like using Tor over VPN might lull some people into a sense of false security, using their regular Chrome browser on their main OS, whereas if they use Tor the regular way, they are probably using an anonymized OS and browser with no unique fingerprint. Is this a real threat and if so, what is the best way to mitigate while using Protonmail’s Tor over VPN? Thanks!
Great tip! Thanks for your work!
Comments are closed.