In another post, we looked at the differences between Tor and VPNs. Some people who don’t have a technical understanding of both technologies get confused about how each one works. However, today we are going to look at how to use both at the same time to bolster your online privacy and anonymity.
Firstly, understand the advantages and disadvantages to each. First off, VPNs are great because they offer faster connection speeds and are still appropriate for P2P connections. Furthermore, though VPNs can help mask your geographical locations, your VPN service provider can still see what you are doing online if they choose to log your data.
Tor, on the other hand, can be slower than a VPN, isn’t a great solution for P2P connections, and is sometimes blocked by websites and networks. However, it does provide anonymity. There is a small amount of risk involved using Tor since the government has carried out attacks on this anonymous network that were successful in identifying and tracking people.
Though Tor meets these challenges by finding solutions to their security problems, there will always be a chance that they will be attacked again. In reality, this is true on the vast majority of the Internet. Though nothing is ever guaranteed to work (especially without encryption) using encryption combined with anonymity makes it extremely, extremely hard for anyone to see what you’re up to online. In fact, if you had your traffic encrypted before it enters and after it leaves the Tor network, you wouldn’t need to worry about a compromised exit relay (a server on the Tor network) because even if your traffic was intercepted, no one could read it.
The following are methods to combine Tor and VPN usage to enhance your online security and anonymity. You should know before you implement these techniques that you will experience a slower connection since both the Tor network and VPN connections impose differing amounts of overhead.
Using Tor through a VPN Tunnel
In this scenario, your data will only enter the Tor network after it has reached its VPN endpoint. Essentially, your data will travel through the Internet encrypted until it reaches the VPN server, then it will run through the Tor network, and lastly it will travel through the public Internet. When you fire up your VPN connection and then access the Tor network, this is the net effect. Your IP address will look like that of a Tor exit server to a receiving host, not the masked IP from your VPN provider.
One advantage to this situation is that your local ISP won’t be able to see that you are sending and receiving Tor traffic since it is encrypted inside a VPN tunnel. However, this only hides your data from your ISP and gives you a little more privacy.
Unfortunately, a compromised Tor exit server could still trace your connection back to the IP address of your VPN provider, and this is where things get a little tricky. If your VPN provider logs your traffic, it could eventually be traced back you. Consider that a compromised Tor server could be compromised by the government. In addition, some VPN providers reserve the right to disclose connection information to law enforcement. If you have a poor VPN provider, the government could ultimately trace your data back to you by bullying a VPN provider and by successfully attacking the Tor network. However, many VPN providers have a strict no-logging policy.
Essentially, this scenario is most beneficial because it hides your Tor traffic from your ISP via a VPN tunnel.
Using a VPN Tunnel through Tor
Some VPN service providers, such as AirVPN and BolehVPN, have written their code to work with Tor. In this scenario, your data is encrypted the entire time it is flowing through the Tor network (as opposed to the previous example). Also, you wouldn’t have to worry about a Tor exit node becoming compromised by another attack. Even if an exit node is compromised, there’s nothing the attacker can do to read your encrypted data. This is by far the safest and most effective method at maintaining your online security and privacy, but one disadvantage is that too few VPN service providers structure their software to take advantage of Tor. Another disadvantage is that you will experience more latency and overhead since your combining a VPN tunnel with the Tor network. However, for most situations, this is the safest and easiest way to browse the web with security and privacy.