This article assumes you have a basic understanding of The Onion Router (Tor) and Virtual Private Networks (VPN), as well as a desire to protect your privacy on the Wild World Web. Please visit those links if you're not familiar with Tor and/or a VPN.
Having chosen to not take refuge under a large, dense object for the last several years (not that i'd blame you), you're probably aware of how fragile privacy has become in the digital age. At the network level a lot of people (including Ed) recommend The Onion Router (Tor) in order to better protect ones privacy, while others prefer using a Virtual Private Network (VPN). If you're wondering what i recommend, i don't; i'll leave that up to you to since it's not a one-size-fits-all thing. Here i'd just like to point out some of the differences between the two because Tor has certain distinct advantages that VPNs lack, and vise-versa. Consider the following…
- Using the Tor network is free, as is the Tor Browser which is a privacy and security hardened version of Firefox used to connect to the network. The Tor Project source code is public and the servers are run by volunteers, some of which may be malicious, however there is debate as to how much damage a malicious node can do. Using a VPN will cost you roughly $5 to $10 per month and many of the companies providing VPN services are also highly unethical (never trust a "free" VPN provider).
- While it is true that no VPN can be fully trusted regarding security and privacy, this is technically true with Tor as well. We know there is a massive amount of money to be made in the malware department and vendors, many of which sell exploits to governments and intelligence communities, have little or no incentive to disclose the vulnerabilities they discover. These vulnerabilities can remain secret for weeks, months, or years. Knowing this, i think it is dangerously illogical to conclude that anything is secure, including Tor, though Tor is quite possibly generally more secure than even the best VPN.
- Picking a bad VPN that logs traffic and doesn't respect your privacy is easier than getting your drone stuck in a tree, however there is only one Tor Project and one Tor Browser and they are widely trusted, in part because the source code is public.
- When using the Tor network, it is strongly suggested to use the Tor Browser in its default configuration. Remaining anonymous on the network depends largely on uniformity and so, with few exceptions, you can kiss your beloved add-ons goodbye. With a VPN one has more choices as to what browser and add-ons they use, though these choices must be weighed carefully.
- Avoiding browser fingerprinting and tracking is much easier to achieve with Tor, while preventing fingerprinting outside of Tor is quite difficult whether using a VPN or not. In both cases however, the websites you visit will not know your physical location and will be less able to fingerprint and track your browser as long as you take some necessary precautions. That said, nothing can protect your privacy completely if you log on to privacy hating platforms like Facebook, Instagram, Twitter, etc., using your real identity or the same credentials you used prior to using Tor or a VPN.
- Because of the layers of encryption that Tor employs, bandwidth limitations, the load on the nodes, etc., Tor will generally provide a slower web experience, higher latency, and a less stable connection than a good VPN would. This problem is exacerbated if one adds more nodes to the Tor circuit (three nodes is considered the minimum).
- Tor may insulate users from a malicious operator better than a VPN, partly because a Tor circuit is composed of multiple nodes whereas a VPN usually presents a single point of attack. Though some VPN providers offer an option to route traffic through more than one node, all the nodes are controlled by the same company.
- Different people require different levels of privacy. A journalist wishing to communicate privately with a source is probably better able to protect the identity of their source and the content of their communication using Tor verses a VPN. On the other hand, someone wanting to download copyrighted content whilst avoiding nasty-grams from their ISP, or stream high resolution videos or most other non-sensitive and bandwidth intensive operations, may be better off with a VPN. For example, torrenting is actually discouraged on the Tor network because of bandwidth and other limitations.
- With Tor it is non-trivial (and ill advised) to choose what exit node you want to use, whereas any good VPN provider will allow you to connect to any of their servers with just a couple of clicks using their client software. One advantage of being able to choose among servers is the ability to watch videos or access other content which is blocked in a particular geographical region.
- VPN client software may not be open source and may not respect your privacy even if it is, though any good VPN provider will allow connections using other methods, such as with OpenVPN. This issue is non-existent with Tor and the Tor Browser.
- Both Tor exit nodes and VPN nodes are subject to having their IP addresses blacklisted, meaning a website may deny access. In the case of a VPN this is fairly rare in my experience, however those who shop and do their banking online are more likely to have trouble with either Tor or a VPN, though the problem may be exacerbated with Tor.
- Choosing to use Tor is a simple yes or no decision, while choosing to use a VPN may require some serious research in order to locate a good and trustworthy provider. The VPN market seems to be exploding and so are the number of ethically retarded providers. Be careful when reading VPN "reviews" because many of them are written by VPN providers "reviewing" their own service, bashing another providers service, or by paid bloggers.
- Lastly, it is not generally suggested to use Tor and a VPN together.
Because of the garbage disseminated in the mainstream media, much of the public sees Tor as being synonymous with the 'Dark Web' which many believe is nothing more than a haven for criminals. Tor is simply a tool and, like any tool, it can be used by bad people to do bad things or good people to do good things. For the average person wanting to protect their privacy, the Tor network simply provides a portal to access the same websites one visits every day, but in a more private and secure way. For those who are at risk of being persecuted, such as a whistle-blower disclosing highly sensitive information, Tor can be a life saver, literally. That said, yes, there is a 'deep' or 'dark' web that is accessible primarily through Tor and while some of the content available there is indeed illegal and extremely offensive, there is also a lot of quality content which is otherwise censored on the regular web.
Some people believe that Tor will attract the attention of the intelligence community. While it is apparently true that using encryption will raise the eyebrow of 'The Man', such criminal spying on the public by governments is not at all limited to those using Tor. More importantly, our inherent right of free speech is under attack simply because people believe they are being watched and therefore they self-censor. This is a very dangerous thing because we cannot work toward a truly free and transparent society if our ability to communicate is compromised.
Lastly, i am very hesitant to recommend a VPN provider if you decide to go that route, however in the interest of hopefully steering you away from much of the garbage, i will say that i have used and liked AirVPN. I currently use NordVPN, but i'm not convinced the company is fully transparent. Many seem to speak very highly of Mullvad VPN, though i have no experience with them. See the resources below for more information.
- Tor (anonymity network) | Wikipedia
- About to use Tor. Any security tips? – Matt Traudt
- VPN + Tor: Not Necessarily a Net Gain – Matt Traudt
- Torproject TOR : List of security vulnerabilities
- Exploit vendor drops Tor Browser zero-day on Twitter | ZDNet
- Tor Browser news: Three vulnerabilities allow spies to detect Tor browsers | Cloud Pro
- Tor Browser Has a Flaw That Governments May Have Exploited | PCMag.com
- Well, I read up on Tor… | MobilityDigest
- Virtual private network | Wikipedia
- How Can You Trust a Virtual Private Network to Protect Your Privacy? | Stay Safe Online
- VPNs are Lying About Logs | Restore Privacy
- "No Logs" IPVanish Embroiled in Logging Scandal | Restore Privacy
- UNITED STATES DISTRICT COURT for the District of Massachusetts United States of America V. Ryan S. Lin | U.S. DOJ (PureVPN found to be keeping logs)
- VPN Comparison by That One Privacy Guy
- Which VPN Services Keep You Anonymous in 2018? – TorrentFreak
- Opt out of global data surveillance programs like PRISM, XKeyscore, and Tempora | PRISM Break
- Privacy International
- Tech | 12Bytes.org (this website)
- ghacks-user.js: An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting | GitHub
- In Depth Review: New NSA Documents Expose How Americans Can Be Spied on Without A Warrant | Electronic Frontier Foundation
- 3 Years Later, the Snowden Leaks Have Changed How the World Sees NSA Surveillance | Electronic Frontier Foundation
- The second operating system hiding in every mobile phone | OSnews