Digital Privacy – Why Tor is not the answer but Good VPN
You might have heard of the Tor browser, the mysterious onion browser infamous for the anonymous criminal activities that happen on the dark side of the internet.
Many people know it has the default browser to access the darknet or handle Bitcoin payments.
But beyond its tinted name, Tor is a great privacy tool for everyone, especially if you live under a dictatorship, if you don’t want to be tracked by advertisers, ISPs, and websites or if you need to hide your real IP address.
Before we delve any deeper, let’s look at what Tor is.
What is Tor?
Tor is an open-source network of servers around the world that directs internet traffic through each other randomly, and because traffic is routed randomly before reaching its destination.
It can obfuscate the origin of the data and protect the privacy and anonymity of the user.
Benefits of using Tor
Besides helping individuals anonymize themselves online, the service is free, supported on all major operating systems, and is constantly maintained by a global community of developers.
How powerful is Tor?
In NSA’s internal document, it was even referred to as “the king of high-secure, low latency internet anonymity.”
So in most cases and for most people, that’s should be more than enough protection.
That said, there are still some drawbacks to using Tor that even savvy web users might not be aware of.
The risks of using Tor
Tor relays internet traffic through a large system of servers or nodes before the traffic reaches its destination.
However, if an attacker or organization was able to gain control of a large portion of the network, they would be able to see both the start and end of the circuit.
Further network analysis would also allow investigators to uncover who is viewing what content over the network.
Tor does not offer encryption
So while it may obfuscate the origins of the web traffic, any information sent via Tor will be visible as plain text by default.
That means if you were to enter usernames, passwords, and other confidential without additional security measures, a technically inclined snoop would be able to see the contents of what you send online.
Furthermore, Tor’s anonymity benefits can be compromised by torrenting. Many torrent services simply submit your IP address as part of the information they send to the torrent tracker and peers.
Although Tor obscures where you’re sending your IP address from, that information is still visible to the torrent’s tracker and peers.
Solution: using Tor over VPN
To protect your online privacy, you should use a VPN in conjunction with Tor.
By first connecting to a VPN and then using Tor, you ensure your internet traffic is encrypted and anonymized before it is redirected by Tor servers en route to its destination.
Here’s how using VPN and Tor together eliminates the three risks mentioned above.
A VPN hides your real IP address and replaces it with another IP. This way, even if an attacker or organization had control over a large portion of the Tor network and tried to figure out where you are, it would only see the IP address you received from the VPN.
By using a VPN before connecting to Tor, you remain anonymous even if others can see how you entered the Tor network.
VPNs encrypt your traffic, so any information you send to the internet cannot be read by third parties.
Top VPN providers use AES (Advanced Encryption Standard) with 256-bit keys, which provide 2^256 possible combinations and renders brute-force hacking simply infeasible.
By using a VPN, you ensure your traffic will be indecipherable by any snoops in the Tor network.
Finally, by anonymizing and replacing your IP address, a VPN allows Tor users to access torrents with peace of mind.
Even if a torrenting service tried to send your IP address to the torrent tracker or peers in the torrent, it would only be sending the IP address you got from your VPN provider.
Your actual IP address remains hidden, which keeps your identity private and safe online.
Does it work the other way around?
If the gist is to use Tor and VPN together, why not Tor first, and then VPN? If enabling VPN first before entering Tor is called ‘Tor over VPN’, then the opposite is ‘VPN over Tor’.
If you’re unfamiliar with both VPNs and the Tor browser, this might be where it gets confusing.
‘VPN over Tor is possible in theory and can be done by creating a tunnel through the Tor network and then connecting from there to your VPN service, but it is also more difficult to set up and would slow your connection further.
Given that Tor itself is not the fastest browser around, this setup is highly undesirable.
Due to the disadvantages and the relative technical challenge of achieving ‘VPN over Tor, most VPN providers do not support this method.
What’s more, while this sequence of tools use does hide your traffic from the exit node, the VPN provider would then be able to see your traffic again, meaning that it reintroduces the element of trust into the equation when ‘Tor over VPN’ can operate in a trustless setup.
If you are that privacy-conscious, a setup that gives you no anonymity advantages is certainly a no-go.
When it comes to anonymity, Tor is unbeatable. But, that does not mean that it is not without flaws and weaknesses.
A good VPN can patch up the privacy gaps elegantly with advanced standard encryption from the moment that you are connected, so you can stress less about entry and exit node tracking and ISP identification.
If you need to browse in a private setup, simply connect to a VPN that you trust, and then open the Tor browser to gain access to the anonymous Tor network.