Why use Tor over VPN

Posted on July 25th, 2018 by in Articles & News, Security.

An illustration of Tor over VPN.

 

Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN.

When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching you. Hackers, government spies, and the websites you visit can find out your IP address, your location, the pages you visit, and even the information you send and receive over the network. But there are two easy-to-use technologies that can protect you: Tor and VPN.

This article explains what Tor is and why you might want to consider using Tor over VPN than Tor by itself.

What is Tor and how does it work?

Tor is a free software program developed by The Tor Project, a nonprofit organization based in Massachusetts. Tor allows users to anonymize their Internet traffic, making it a useful tool for journalists and human rights defenders who may be targeted online. Today a lot of people use Tor every day, from victims of domestic violence to high-profile whistleblowers and activists. Edward Snowden used a combination of Tor and PGP to communicate classified information about the NSA with The Guardian.

With Tor, you can also connect to hidden services known as onion sites, which are only accessible via the Tor network. Proton Mail, for instance, has its own onion site. These can be useful for bypassing regional censorship.

When you connect to the Tor anonymity network, your Internet connection is encrypted and bounced among multiple Tor servers operated by volunteers around the world. Unless the entire Tor network (or a significant fraction) of it is being monitored, a third party will not be able to identify the real IP address of the Tor user. Websites that you visit only see the IP address of the Tor exit node (the last node in the Tor network that your traffic passes through), and not your actual IP.

Using Tor in combination with a VPN

A VPN, or virtual private network, establishes an encrypted tunnel between your device and the VPN server, concealing your true IP address and your activities from your Internet service provider (ISP) and any hackers or spies who might be monitoring the network. (Follow these links to learn more about how VPNs work and the benefits of using one.)

There are a few advantages to using Tor in combination with VPN. Using Tor with a VPN gives you an extra layer of privacy because the VPN encryption prevents the Tor entry node (the Tor server where you enter the hidden network) from seeing your IP address. A compromised Tor entry node is one common way for an attacker to try to break Tor’s anonymity. The VPN will encrypt some Internet traffic that Tor does not support, like ICMP traffic. It also prevents your ISP from knowing you are connecting to Tor.

Additionally, using Tor over VPN gives you access to onion sites like those operated by Proton Mail, Facebook, and The New York Times, among many others.

However, there are also disadvantages of using Tor over VPN. While Proton VPN supports both TCP and UDP traffic, Tor only supports TCP. (For instructions on how to configure Proton VPN to use TCP, click here.) You must also use a VPN service you trust because the VPN server will be able to see your true IP address. VPN trust means using a reputable VPN service that does not keep logs of your activity and does not serve ads or malware. It’s also important to know what a VPN can and cannot protect against. Proton VPN is the only VPN service that provides this information in a comprehensive overview of our threat model.

Proton VPN and Tor

There are a number of ways to use Tor. For example, you can download the Tor browser, use a Tor plugin, or run a Tor operating system on your machine. Proton VPN offers a simpler way of connecting to the Tor network as a convenience for paid users. With a single click, you can gain access to onion sites and to the privacy benefits of the Tor network.

At Proton VPN, we implement Tor over VPN, meaning your Internet traffic is encrypted all the way through the Tor network, and your true IP address is never revealed to your ISP or to any Tor nodes.

An illustration of how Tor over VPN works.

To start using Proton VPN, click the signup button below (it’s free). Or if you already have a free account, consider upgrading to take advantage of our advanced security features. When you’re ready to connect to Tor via Proton VPN, you can find step-by-step instructions here.

Sign Up Upgrade

Best Regards,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

TwitterFacebook | Reddit

Get a free Proton Mail encrypted email account

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.

31 comments

  1. Billie

    I want to connect VPN OVER TOR SO MY VPN PROVIDER DOESN’T SEE ME. CAN IT BE DONE AND IF SO. HOW? NOT INTERESTED IN TOR OVER VPN.

    Thank you ❤ 😊

  2. Douglas Crawford

    Hi Billie. ProtonVPN does not support doing this.

  3. why hello

    For those that are seriously concerned about privacy I would recommend creating a tails usb and running on a laptop at your local coffee shop, if you want full anonymization this is how you would do it. With masks in full effect it makes it even easier toss on a mask toss on some sunglasses and do whatever you need to do on the deepweb.

  4. D

    I can’t see TOR over VPN being useful at all your generating, as the people in other comments have shown your browser will leave meta data and you’ll no longer be anonymized. The only way I may use this feature in the future is by running tor over the tor over vpn system effectively giving me two layer of tor. Or just simply running tor through one of the average vpn servers that you offer if they are compatible with it. I haven’t tried yet as Im doing my research as everybody should, but if it doesn’t allow i will be swapping to another vpn.

  5. Vicente

    The official Tor documentation states that Tor over VPN Should be avoided.
    https://support.torproject.org/#faq-5
    And if you don’t want your ISP to know you are using Tor just use a bridge.
    https://tb-manual.torproject.org/bridges/

  6. Douglas Crawford

    Hi Vicente. The full pros and cons of using Tor through VPN are officially discussed here. What this feature definitely does is offer one-click convenience.

  7. Caelius

    I personally use this feature on my mobile. My threat model is not unique. Don’t forget that Orbot wanted to “Empower your android device to use the Tor network”…Without the encryption of a VPN. I don’t quite understand the argument against using such a feature, as the vast majority of us don’t have the threat model to warrant such paranoia.

    The only thing I DON’T do while using these servers is use apps that contain my real info, like Uber or Doordash, or mobile banking apps. It really is that simple.

  8. steve

    So, since I’m not very knowledgable about this stuff could you please tell me what the websites I access see, the VPN IP or the tor IP?

  9. Richie Koch

    Hi Steve,
    This is a good question. With Tor over VPN, the VPN server connects to a Tor relay (just another name for a server). Your connection then routes through two more Tor relays before it reaches the website. So all the website sees is the IP of the last (exit) Tor relay.
    Hope this helps.

  10. paul henderson

    i already have the norton/lifelock vpn security system installed in my samsung tab and would like to know if i could also add the tor app too. or do i need to go about it in another order? can it be as simple as this: download the free tor app and install it while the norton vpn is working/on?
    thanks for any reply!!!

  11. Mewlijf

    Should I use Tor and a VPN?

    By using a VPN with Tor, you’re creating essentially a permanent entry node, often with a money trail attached. This provides 0 additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required

  12. Liam

    Hi I’m a little confused because I know there is (1) Tor over VPN and (2) VPN over Tor. The first configuration means first setting up the VPN-connection and then use the Tor browser. In this configuration there is the risk of malicious Tor-nodes and/or a hacked Tor exit node. The second configuration is better because the VPN-encrypted data is send thru the Tor browser, so malicious nodes or a hacked exit node are no problem anymore. My question: does protonVPN offers (1) Tor over VPN or (2) VPN over Tor?

  13. John Doe

    Tor over VPN should totally be avoided. If you use another browser routing it over Tor, its browser fingerprint will be unique and the sole purpose of Tor, anonymity is lost, you’ll be de-anonymised. And let’s say you’re using Tor over VPN in Tor browser, it’ll leave traffic metadata. NSA or FBI analyse the traffic metadata, de-anonymises you and you’re screwed. This ProtonVPN’s feature of Tor over VPN SHOULD be removed. You’re making some users (the ones who use Tor over VPN) vulnerable who don’t understand its implications.

  14. George

    What is the difference between Tor over VPN and VPN over Tor? Can you explain the difference between the two? Which method is the safest? Which method is faster?Thanks.

  15. Ian

    I have the paid VPN from Proton, but am wondering why we need this if TOR is the ultimate protection. Having said that, I can’t run the TOR over VPN, the link doesn’t work. Can you please address both these issues and send me the link to TOR over VPN. Thanks

  16. Mount

    Tor is preferred because of making all users look common using Tor bundle ( Tor browser with decentralyzed Tor relays). If we choose to use Tor bundle over your Tor integrated server, basically 6 Tor nodes are relayed before reaching Internet destination. Anyone willing to achieve such level of security is likely to add another 3 layer circuit by his own.
    If someone doesn’t want to relay 6 nodes, and simply utilize your one-click convenience, then only benefit he gains is accessing .onion sites and not letting the destination know which VPN we’re using. However, in privacy perspective, unless we bundle with Tor browser and start circuit from end device the entire idea of ProtonVPN’s Tor integration is vague for privacy demanding user.

  17. dunklhit

    If I use your free VPN service along with the Tor web browser, would this be equivalent to using the paid feature of Tor over your VPN server, but without having all PC traffic routed?

  18. TheBoss

    I’m using protonvpn on my router and tor on my browser. It works fine on the internet but cant access any .onions sites.

  19. Daniel

    Hello, I was wondering if there was a way if I could run my connecting through TOR without running it through a VPN service first or using the TOR Browser. But you’re probably the best VPN Option out there with NordVPN being a Data Mining company that DOES Log your traffic.

  20. RG

    I have 2 queries.
    1) The tor circuit and identity used after exiting PVPN server, do they change? Because in Tor browser, there is option to change Tor circuit and identity. If same Tor circuit and identity is used after my connection exits PVPN server, it’s not good right?
    2) The PVPN servers that are coupled with Tor, do they belong to secure cores which has comparabilities to defend network based attacks?

  21. Augustinas

    1) You always get assigned a random Tor IP address as the exit node.

    2) TOR servers do not belong to Secure Core ones, but it does not mean that they are not as secure.

  22. Independenx

    Came here from /r/TOR, now I have an urge to say this thing is bullshit. Tor is safe without VPN, and chaining a VPN either before or after Tor increases the risk of your IP being exposed significantly. Can’t you stop spreading misinformation already?

  23. Augustinas

    Hello! There is always room for discussion, it would be great if you could elaborate on the risk – maybe we can provide more information on this topic.

  24. Scotus

    Does it matter which VPN you use for Tor? Can you use a normal Secure Core connection for example and then run the Tor browser, or is it strongly recommended to connect to one of the Tor-specific VPN’s and then run the browser?

  25. Augustinas

    Tor over VPN servers eliminates the need for using a Tor browser, but you certainly can use a Tor browser along with a VPN connection if it’s more convenient for you.

  26. Ayman

    not good

  27. Scotus

    If you are browsing the web and using “Tor over VPN”, and then connecting to Tor, is it recommended that you avoid accessing any online services, such as email or web forums? The reason I ask is as I understand it any Tor exit node can be compromised, and Tor draws alot of attention from state security apparatus. Am I right in thinking if you are logging in to a service through Tor, you login details could be compromised?

  28. RG

    It actually depends on whether the sites/services use https or not. If https is used, your data is secure towards the destination regardless of exit node being compromised. https is the last line of defense. You must prefer https over http.

  29. Digan

    That’s a good question, and I wonder why there is no answer. This would definitely compromise your privacy. The exit node will be able to make a link between your public identity and the site you are connecting to. Which brings us to another question. In Windows there are many automatism running in the background, like the mail client checking for new mail, etc. Since all the traffic is routed through TOR, this can be visible to the exit node as well, which is why I think it is not recommended to run TOR through windows, better run it as a stand alone with a Tails USB.

  30. Eric

    What about browser fingerprinting? It seems like using Tor over VPN might lull some people into a sense of false security, using their regular Chrome browser on their main OS, whereas if they use Tor the regular way, they are probably using an anonymized OS and browser with no unique fingerprint. Is this a real threat and if so, what is the best way to mitigate while using Protonmail’s Tor over VPN? Thanks!

  31. Путин Хуйло

    Great tip! Thanks for your work!

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN