Combining Tor & VPN together can greatly increase your security and privacy online. This increased security does come at a cost, in the form of slower browsing speeds.

Intro

If you want to step up your online security and privacy, we have a match made in heaven for you: using Tor and VPN.

Whether you have extreme paranoia, are up to something dubious or you just have the honest belief that no one has the right to see what you are doing online, combing TOR and VPN technologies is the perfect way.

What is TOR?

Tor is a somewhat strange acronym for The Onion Router, which was the original name for the project.

In essence, it is a way to make your web presence anonymous by wrapping up your data in encryption and sending it through a jumble of servers to the endpoint.

The maze of servers that it travels through makes it untraceable.

Tor is an open source project that relies on volunteers to obscure your online activity from anyone who might be trying to look in.  It is especially useful for journalists, business people, criminals and anyone who is sick of the government prying into their business.

What is a VPN?

A Virtual Private Network provides an encrypted tunnel for your web traffic.

When they are configured properly, they can prevent your ISP from monitoring your online activity, help to keep the government's eyes off what you have been up to and even fake your location so that you can access geo-restricted content.

Using TOR through a VPN

Using Tor through your VPN is generally the easiest way to combine the two technologies, although it does have some security disadvantages compared to running a VPN through Tor.

First, you will need to download a Tor client and sign up for a VPN.  We like  ExpressVPN a lot, but there are many other choices as well.

Once you have them both set up, you need to connect to your VPN first and then to the Tor network.  In this way, your traffic will go from your computer, through the VPN to Tor and then on to the internet.

When you are connected this way, your IP address will appear as the address of the Tor exit node, while the Tor entry node will see the address of your VPN server.  Your ISP will be able to see that you are using a VPN, but they won't know that you are using Tor as well.  You will also be able to visit hidden Tor websites under this configuration.

Your ISP will be able to see that you are using a VPN, but they won't know that you are using Tor as well.  You will also be able to visit hidden Tor websites under this configuration.

Because your VPN provider will be able to see your real IP address under this configuration, it is best to go with a reliable company that has a good no logs policy.  There are some other downsides, particularly concerning the Tor exit nodes.  There is the potential for the unencrypted non-SSL traffic going through malicious exit nodes and being watched, while some exit nodes may also be blocked.

There are some other downsides, particularly concerning the Tor exit nodes.  There is the potential for the unencrypted non-SSL traffic going through malicious exit nodes and being watched, while some exit nodes may also be blocked.

One thing to note when trying to remain anonymous using Tor through a VPN is that it is best practice to always use the Tor browser.

When you use the Tor browser, the Tor servers will do the encryption, rather than your desktop, if you are using transparent proxies.  Your ISP has the potential to catch your web traffic before it is encrypted by the Tor servers if you are using transparent proxies.

Using a VPN through TOR

This way provides the most secure combination of the two technologies, but like everything, there are downsides as well.

The first thing you will need to do is download a Tor client.  You will also need to sign up to a VPN if you haven't already.  Not all VPN providers easily support this method of combining the two, but we know that BolehVPN and do.  With either of these VPN providers, you can configure them so that your VPN will always connect automatically through Tor.

Once you have them both your Tor and VPN set up, you will need to first connect to Tor, then to your VPN through whichever server you plan to use.

In this way, your traffic goes from your computer, is encrypted by your VPN, goes through Tor, is decrypted by your VPN and then ends up at its destination.  It might be a round-about way to get there, but this method is the best way to keep anonymous.

If you use your VPN through Tor, your provider will see the Tor exit node instead of your actual IP address.  They will be able to see your traffic, but they won't have any way that they can connect it to you.

This method will also keep you safe from malicious exit nodes because your data gets encrypted by your VPN client before going into the Tor network.

Other advantages of setting it up this way are that you can select your server to get around geo-restrictions, get past any blocks on Tor exit nodes and have all of your web traffic going through Tor.

One problem with this way of doing it is that there are possibilities of a global end-to-end timing attack.  This is because the VPN provider will have a fixed point in the chain.  Another disadvantage is that most VPN providers do not have a simple way of setting things up this way.

This is because the VPN provider will have a fixed point in the chain.  Another disadvantage is that most VPN providers do not have a simple way of setting things up this way.

Vulnerabilities of Using Tor and a VPN

Unfortunately, nothing in life is perfect and this includes using Tor and VPNs together.  Practically speaking, to any normal user with the two configured properly, it's essentially impenetrable.  However, theoretically, there are vulnerabilities that a dubious organisation that I won't name (the NSA) or others could exploit if you were a high enough value individual, such as Edward Snowden.

Practically speaking, to any normal user with the two configured properly, it's essentially impenetrable.  However, theoretically, there are vulnerabilities that a dubious organisation that I won't name (the NSA) or others could exploit if you were a high enough value individual, such as Edward Snowden.

The two main problems are end-to-end timing attacks and malicious exit nodes.

End-to-end timing attacks are a process that is used to unmask those who use VPN and Tor.  They involve linking connection times of the user with the time of anonymous but monitored behaviour.  The computer power required to link the two together is insanely high, but with government spying at the level that it is, it isn't above their means.  Using a VPN in combination with Tor will provide you with some extra insulation against attacks like this.

The computer power required to link the two together is insanely high, but with government spying at the level that it is, it isn't above their means.  Using a VPN in combination with Tor will provide you with some extra insulation against attacks like this.

In Tor, an exit node is the last node between your computer and the internet.  The traffic that goes in and out of these is generally not encrypted.  This means that whoever runs the node can monitor the web traffic that goes through it.  Normally, this shouldn't matter because there are at least two further nodes between the user and the exit node.

However, if the traffic coming out of the exit node contains information that identifies the user, it means that whoever is monitoring it will be able to identify the user as well.  These nodes are known as malicious nodes.  To protect yourself more from malicious exit nodes, try to connect through an SSL secured website (https://).  This means that it is encrypted and your data will be secure.

Normally, this shouldn't matter because there are at least two further nodes between the user and the exit node.  However, if the traffic coming out of the exit node contains information that identifies the user, it means that whoever is monitoring it will be able to identify the user as well.  These nodes are known as malicious nodes.

To protect yourself more from malicious exit nodes, try to connect through an SSL secured website (https://).  This means that it is encrypted and your data will be secure.

These nodes are known as malicious nodes.  To protect yourself more from malicious exit nodes, try to connect through an SSL secured website (https://).  This means that it is encrypted and your data will be secure.

Tor and VPNs: What's Best?

For most situations, it's normally considered most secure to run your VPN through Tor, rather than the other way around.  This

This will protect you from malicious Tor exit nodes and mean that your VPN provider won't know who you are.  Unfortunately, most VPN providers don't have an easy way that you can use this configuration.

Either way, combining both together will greatly increase your security and privacy online.  Realistically, with things set up properly, the everyday user shouldn't have any fears.  Of course, all of this security doesn't come without a cost.  Using both Tor and VPN will hamper your speeds, but for most users it is worth it for the peace of mind.

Leave a Comment

Your email address will not be published. Required fields are marked *