Tor over VPN is better or not?

Tor over VPN means first connects to their VPN server, and then uses the Tor browser.

Someone said that “By using a VPN with Tor, you’re creating essentially a permanent entry node, often with a money trail attached.” But how about I change the VPN server daily or even hourly?

I want to both enjoy the Privacy benefit from VPN and Anonymous benefit on Tor at the same time. For example I could open my Firefox to see Youtube with Mullvad VPN, and use Tor to browse some particular website at the same time.

Since Tor is blocked by some website (e.g Google), and also not suitable for login-required platform (e.g Bank). It would not be a good idea to see Tor as default browser, which affect my daily life very much (slow connection when watching video)

In conclusion, Tor over VPN is a practicable solution, to balance the needs for Privacy and Anonymous, do you agree?

1 Like

I think the concensus is that using VPN --> Tor brings nothing over Tor directly and Tor --> VPN would be harmful, and thus the question would probably be do you use VPN all the time or only when you are using Tor?

If you use VPN all the time, I guess not using it for Tor would look strange for a network observer.

Tor --> VPN again would be a permanent exit node, with the money trail attached.

3 Likes

Short, simplified explanation:

  • “Normal” case (no Tor, no VPN): You are “directly” connected to servers on the internet via your ISP. The ISP sees to which servers you connect, and the servers see your real IP address. Plus, the ISP may see cleartext traffic that is sent from/to your network.
  • “VPN” case (no Tor, but VPN): You are “directly” connected to a server of the VPN provider via your ISP. The ISP sees that you are connected to the VPN provider, and the servers on the internet see the IP address of the VPN server you use. However, the VPN provider sees both sides (= they know your real address, and they see to which servers on the internet you connect). Plus, the VPN provider may see cleartext traffic that is sent from/to your network. The ISP can’t see cleartext traffic in this case, because it is encrypted between your network and the VPN provider.
  • “Tor” case (Tor, but no VPN): You are “directly” connected to an entry node of Tor via your ISP. The ISP sees that you are connected to Tor (because entry nodes are publicly documented and Tor uses certain port numbers), and the servers on the internet see the IP address of a Tor exit node. The Tor entry node sees your real IP address, but can’t see to which server you connect. The Tor exit node sees to which server another Tor node connects. So the Tor exit node doesn’t learn about your real IP address. Plus, the Tor exit node may see cleartext traffic that is sent from/to your network. The ISP and the first two Tor nodes can’t see cleartext traffic in this case, because it is encrypted between your network and the Tor exit node.

Mixed cases:

  1. You > Tor > VPN > target server: In this case, your ISP sees that you are connected to Tor. Within Tor, everything stays the same. The Tor exit node sees that a Tor node is connected to a VPN provider, but can’t access cleartext data. The VPN provider can see the IP address of the Tor exit node, and the IP address of the target server. However, since you nearly always pay for the VPN provider, you don’t add more anonymity or security here. (Assuming the VPN provider knows you, so you have the “VPN” case.)
  2. You > VPN > Tor > target server: In this case, your VPN provider knows that you use Tor. It is just a replacement for your ISP. So you shift the trust from your ISP to your VPN provider. So there is no added anonymity or security either.

It doesn’t change anything, because it isn’t about a certain VPN server of a company, but about the company itself. Usually, you pay for the VPN access. So, there is “the money trail” pointing from the VPN company to you.

9 Likes

Yes, that’s what I want to ask. It’s not possible to shut down VPN when using Tor, I love multi-tasking and I want to enjoy Youtube when browsing Tor, therefore it is unavoidable to use Tor over VPN, right?

Thanks for your kindly help, a detail explanation about how Tor and VPN operate, (and also the mixed mode).

How about the question about “Work & Life” balance. If I need to close VPN when using Tor, that’s mean I also cannot use Firefox or other app because I will suffer from the ISP monitoring. But I want to make it convenient as much as possible, using VPN+Firefox to enjoy me life, while using Tor Over VPN to work. (At the same time!)

*Unfortunately I can’t customize the VPN to not apply to Tor ~

With some advanced firewall and network interface configuration, you might be able to route Tor traffic outside the VPN tunnel. But that requires plenty of networking knowledge and I don’t think it would be very useful.

I’d say just use Tor over VPN if you use VPN for regular internet browsing or keep it on all the time.

Using Tor over VPN is not more harmful to your privacy than doing regular web browsing over VPN. (Well, perhaps someone could develop counter examples but those are unlikely and highly speculative.)

1 Like

Some VPN providers have browser plugins, so only web browser traffic is routed via VPN. So you can have following setup:

  • Firefox -> VPN
  • Tor browser -> Tor network
  • Everything else from your PC (Mail client, Steam, IM/VoIP clients…) -> Your ISP

The only thing I do that I want to protect is IPTV streaming. Would you recommend a VPN for that ?

What do you mean by “protecting IPTV streaming”?

I’m puzzled by some comments in this post:

First, “Tor > VPN”- how does that happen? I assume if you’re connected to VPN (via the VPN’s app on your device) and run Tor browser this is not what happens. That doesn’t sound less strange than “Tor > ISP”, that’s not how it works, does it?

Second, doesn’t “VPN > Tor” provide additional layer of privacy, since (by the same logic of why there are multiple nodes in Tor) if the entry and exit relays were compromised they still have only your VPN’s address? And also because you trust your VPN more than your ISP but less then your mom or at least you can never trust their ability to protect your data 100%? Meanwhile if you use Tor only with ISP and the rest of the internet goes via VPN you’re needlessly donating this information to your least trusted provider.

Tor > VPN mean using VPN extension on tor browser

This is why tor use random relays every time and you can use https