Having chosen to not take refuge under a large, dense object for the last several years (not that i'd blame you), you're probably aware of how fragile privacy, and thus freedom has become in the digital age. At the network level a lot of people (including Ed) recommend The Onion Router (Tor) in order to protect ones privacy. Others prefer using a Virtual Private Network (VPN) and still others recommend using both with a VPN preceding the connection to Tor. If you're wondering what i recommend, i don't; i'll leave that up to you to since it's not a one-size-fits-all thing and, more importantly, i'm not qualified to make such a decision. What i would like to do however is point out some of the differences between the two as i see them because Tor has certain distinct advantages that VPNs lack, and vise-versa.
- Using the Tor network is free, as is the Tor Browser which is a privacy and security hardened version of Firefox used to connect to the network. The Tor Project source code is public and the servers can be run by anyone, some of which may very well be malicious, however there is debate as to how much damage a malicious operator can do. Using a VPN will cost you roughly $5 to $10 per month and a lot of the companies providing VPN services are highly unethical. Never trust a "free" VPN provider!
- While it is true that no VPN can be fully trusted regarding security and privacy, this is technically true with Tor as well. We know there is a massive amount of money to be made in the malware department and vendors, many of which sell exploits to governments and intelligence communities, have little or no incentive to disclose the vulnerabilities they discover. These vulnerabilities can remain secret for weeks, months, or years. Knowing this, i think it is dangerously illogical to conclude that anything is completely secure, including the Tor network.
- Picking a bad VPN that logs traffic and doesn't respect your privacy is easier than getting your drone stuck in a tree, however there is only one Tor Project and one Tor Browser and the source code is public.
- When using the Tor network, it is strongly suggested to use the Tor Browser in its default configuration. Remaining anonymous on the network depends heavily on uniformity and so, with few exceptions, you can kiss your beloved add-ons goodbye. With a VPN one has more choices as to what browser and add-ons they use, though these choices must be weighed carefully.
- Avoiding browser fingerprinting and tracking is much easier to achieve with Tor, while preventing fingerprinting outside of Tor is quite difficult whether using a VPN or not. In both cases however, the websites you visit will not know your physical location and will be less able to fingerprint and track your browser as long as you take some necessary precautions. That said, nothing can protect your privacy if you log on to privacy toxic surveillance platforms like Facebook, Instagram, Twitter, Google, YouTube, etc., using your real identity or the same credentials you used prior to using Tor or a VPN.
- Because of the layers of encryption that Tor employs, bandwidth limitations, the load on the nodes, etc., Tor will provide a slower web experience, higher latency, and a less stable connection than a good VPN. This problem is exacerbated if one adds more nodes to the Tor circuit (three nodes is considered the minimum).
- Tor may insulate users from a malicious operator better than a VPN, partly because a Tor circuit is composed of multiple nodes whereas a VPN usually presents a single point of attack. Though some VPN providers offer an option to route traffic through more than one node, all the nodes are controlled by the same company.
- Different people require different levels of privacy. A journalist wishing to communicate privately with a source may be better off using Tor. On the other hand, someone wanting to download copyrighted content whilst avoiding nasty-grams from their ISP, or stream high resolution videos or most other non-sensitive and bandwidth intensive operations, may be better off with a VPN. For example, torrenting is actually discouraged on the Tor network because of its limitations.
- With Tor it is non-trivial (and ill advised) to choose what exit node you want to use, whereas any good VPN provider will allow you to connect to any of their servers and usually this requires only a couple of clicks using their client software. One advantage of being able to choose among servers is the ability to watch videos or access other content which is blocked in a particular geographical region.
- VPN client software may not be open source and may not respect your privacy even if it is, though any good VPN provider will allow connections using other methods, such as with OpenVPN. This issue is non-existent with Tor.
- Both Tor exit nodes and VPN nodes are subject to having their IP addresses blacklisted by governments, websites, etc., meaning a website you want to visit may deny access. In the case of a VPN this is fairly rare in my experience, however those who shop and do their banking online are more likely to have trouble with either Tor or a VPN, though the problem may be exacerbated with Tor.
- Choosing to use Tor is a simple yes or no decision, while choosing to use a VPN requires serious research in order to locate a trustworthy provider. The VPN market is exploding and so are the number of ethically retarded providers. Be careful when reading VPN "reviews" because many of them are written by VPN providers or paid bloggers who hype their service while bashing the competition. I've had several offers myself where a VPN provider asked to post content here in exchange for money.
- The only traffic routed through the Tor network when using the Tor Browser is the web traffic generated by your browser, whereas with a VPN, typically all network traffic generated by your computer is routed through the VPN. With a suitable router you also have the option to set up OpenVPN on the router so that anything that connects to your local network will be routed through the VPN. This is fairly easy to do with routers that support it, or those for which you can install custom firmware, such as DD-WRT or the formidable and open Turris Omnia.
Because of the garbage disseminated in the mainstream media, much of the public sees Tor as being synonymous with the 'Dark Web' which many believe is nothing more than a haven for criminals. Tor is simply a tool and like any tool it can be used by bad people to do bad things or good people to do good things. For the average person wanting to protect their privacy, the Tor network simply provides a portal to access the same websites one visits every day, but in a more private and secure way. That said, yes, there is a 'deep' or 'dark' web that is accessible through Tor and while some of the content available there is indeed illegal and extremely offensive, there is also a lot of quality content which is otherwise censored on the open web.
Some people believe that Tor will attract the attention of the intelligence community. While it is apparently true that using encryption will raise the eyebrow of 'The Man', such criminal spying on the public by governments is not at all limited to those using Tor. More importantly, our inherent right of free speech is under severe attack not only by governments, but by ourselves as individuals simply because people who believe they are being watched tend to self-censor. This is a very dangerous situation because we cannot work toward a free and transparent society if our ability to communicate is compromised.
I am very hesitant to recommend a VPN provider if you decide to go that route, however in the interest of hopefully steering you away from much of the garbage, i will say that i have used and liked AirVPN and NordVPN, however Nord is a huge player in the VPN market and that, in and of itself, may give one pause. Many seem to speak very highly of Mullvad VPN, though i have no experience with them.
Lastly, i recommend reading the following articles by Sven Taylor of Restore Privacy:
- Five Eyes, Nine Eyes, 14 Eyes - Explained (2019)
- VPN vs Tor: In-Depth Comparison
- Why Does Anyone Still Trust Tor?
Regarding the article, Why Does Anyone Still Trust Tor?, it is my non-professional opinion that Sven goes a little overboard in attacking Tor. I think that you could swap out the word Tor with any VPN service or web browser or operating system and make several of the same arguments. There have been many bugs and vulnerabilities discovered in Tor that were patched and very likely many more that have yet to be discovered, or have been discovered but not disclosed, and the same is true for any other software. In the end, i don't think privacy on the internet can ever be guaranteed.
- About to use Tor. Any security tips? - Matt Traudt
- Exploit vendor drops Tor Browser zero-day on Twitter | ZDNet
- How Can You Trust a Virtual Private Network to Protect Your Privacy? | Stay Safe Online
- "No Logs" IPVanish Embroiled in Logging Scandal | Restore Privacy
- Tor (anonymity network) | Wikipedia
- Torproject TOR : List of security vulnerabilities
- Tor Browser news: Three vulnerabilities allow spies to detect Tor browsers | Cloud Pro
- Tor Browser Has a Flaw That Governments May Have Exploited | PCMag.com
- UNITED STATES DISTRICT COURT for the District of Massachusetts United States of America V. Ryan S. Lin | U.S. DOJ (PureVPN found to be keeping logs)
- Virtual private network | Wikipedia
- VPN + Tor: Not Necessarily a Net Gain - Matt Traudt
- VPN Comparison by That One Privacy Guy
- VPN vs Tor: In-Depth Comparison | Restore Privacy
- VPNs are Lying About Logs | Restore Privacy
- Well, I read up on Tor… | MobilityDigest
- Which VPN Services Keep You Anonymous in 2018? - TorrentFreak
- Why Does Anyone Still Trust Tor? | Restore Privacy
- 3 Years Later, the Snowden Leaks Have Changed How the World Sees NSA Surveillance | Electronic Frontier Foundation
- ghacks-user.js: An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting | GitHub
- In Depth Review: New NSA Documents Expose How Americans Can Be Spied on Without A Warrant | Electronic Frontier Foundation
- Opt out of global data surveillance programs like PRISM, XKeyscore, and Tempora | PRISM Break
- Privacy International
- Tech | 12Bytes.org (this website)
- The second operating system hiding in every mobile phone | OSnews