Tor over VPN: what is it and how to use it?

6 min
tor logo seen on the smartphone screen

Tor is one of the best online privacy protection tools. Combining it with a VPN sounds like a wonderful idea to maximize one’s anonymity and become almost invisible online. Provided that it actually works. Combining Tor and VPN gives several possibilities, with varying difficulty and advantages. In this article, we shed a little light on how those two technologies can be used together. 

A quick reminder: what’s Tor?

The Tor Project is a global, community-run initiative for the security and freedom of the Internet. It implements onion routing, in which every connection is relayed through a circuit of intermediary servers, supplied by the volunteers. There are about 10,000 of them worldwide (as of December 2023). What’s with the onion metaphor? This vegetable has layers you need to peel off to get to the inside. Here, the inside is a piece of data you want to protect – the actual message. Every layer is an encryption with a different key, which can be removed only by a specific server. The ‘onion’ is created at the originator (your device) and sent to the first server, which removes the ‘top’ encryption and sends it to the next server in the circuit. The process repeats until it reaches the exit node, which sends the actual message to the recipient.

Benefits of the Tor network

All this complexity has its advantages:

  • Every layer of encryption blocks the attackers. Even if a key to one cipher is compromised, there are others, equally effective.
  • None of the servers know what the message source and destination are: the real sender and receiver, or just relays. Only the exit node knows the destination is the recipient. It makes pinpointing anyone on the network extremely hard.
  • Most servers are public, so they can be blocked by your network administrators. This doesn’t apply to the secret servers called bridges. Tor reaches even into strictly controlled networks!
  • The path of the relays is changed about every 10 minutes. Even a successful attack on a server has little time to cause you any harm before you just leave.

The Tor Project has created the Tor browser. It handles all the technicalities behind a user-friendly interface, making this solution available to anyone.

Now, how can you combine a Tor browser with a VPN? And what are the benefits?

Does the Tor browser have a VPN?

While using Tor and VPN at the same time is possible, it’s not that simple. The Tor browser doesn’t supply a VPN embedded within it. Those are separate solutions, and they should be because they operate on different levels. The point of a reliable VPN is to manage all the regular online transfers of a given device. It uses tunneling protocols for that, which typically work on one of the lower layers of the protocol stack. Web browsers, on the other hand, rely on the top layer. A VPN must either fundamentally change the functioning of the browser or just work on the same layer only, but then it won’t be able to do anything outside that browser.

The Tor browser is a free, user-friendly, and powerful solution. Setting up a Tor connection manually is quite a challenge since it requires cybersecurity experience, an understanding of the network architecture, and a lot of optimization tweaks. Mistakes could compromise your security and slow down your browsing. Every smart expert would rather use a ready-made, trustworthy solution instead of risking breaking something unintentionally.

So, in most cases, you need to take care of the Tor and VPN separately. There are also commercially available solutions – we’ll cover them later on. Generally, combining the two comes down to a choice between the two possibilities: onion over VPN or the reverse.

What’s onion over VPN?

This is the much-preferred solution, putting VPN before onion protocol. You first normally connect to the remote server of your VPN vendor. Then follows the Tor network with its relays, and finally the recipients. That hides the Tor under the VPN and allows you to connect to the onion services (websites hidden from ordinary browsing). The fact that you’re using Tor is impossible to recognize from the outside, not even for your ISP.

Reverse solution: VPN over Tor

In this configuration, you must route your VPN tunnel through the Tor network. This is much harder to set up and gives less anonymity. The one upside is that you get some protection at the Tor exit node (which is a somewhat weak spot, as it has access to your decrypted data). There are some entities that know and disallow access from Tor. This method might circumvent the block. But it takes away the advantage of Tor’s frequent path changes because you get stuck with the VPN server for an extended time. And your ISP could recognize that you’re using Tor. You wouldn’t be able to access onion services, too.

Do I need a separate VPN with Tor?

You might be wondering, what’s the point? If Tor gives such great privacy protection, what else is needed? Is Tor safe without a VPN? The answer is twofold. First, the Tor browser and VPN exist for different reasons. Second, people perceive them differently.

VPN is quite a popular solution used for remote work, improving privacy and bypassing geo-restrictions – mostly innocent activities. Its connection is ‘static’ in the sense that the client and server are always the same – unless there is a periodic server rotation. But servers handling VPNs are generally easy to track for a determined agent.

Tor defends against tracking, surveillance, and censorship. It is extremely hard to hack, though not impossible. Sadly, it is widely recognized as a criminals’ method to hide their tracks when doing anything illegal on the dark web. There is a lot of truth in that, but a study from 2020 showed only about 6.7% of Tor users connect to Onion services for strictly illicit reasons. Tor is perfectly legal in most countries. Still, some ISPs ban it because of that bad fame. The community has found a number of ways around censorship. VPN cloaking the Tor might be the simplest one.

In short, using Tor over VPN gives you additional privacy protection from your ISP. It raises your anonymity even higher than Tor does by itself, provided the VPN supplier is trustworthy.

How to use a VPN with Tor?

Despite all the mentioned technical intricacies, setting up a simple VPN-Tor combination is straightforward. Just remember, a VPN must be launched first to be able to completely hide Tor usage. Provided you already have chosen and tested a reliable VPN provider, just turn your VPN app on and connect. Then you may download and install the Tor browser. Bearing in mind that it’s a community project and protection software, it’s remarkably user-friendly. Use it at will while being continually connected to a VPN.

There is also a ready-made solution, though just a few vendors offer it. Because the VPN tunnel comes first, the VPN vendor can automatically connect its users directly to the Tor network. Some call this option ‘onion VPN’. Technically, it works in the same way as the above-mentioned manual configuration, but you don’t need to remember about the order of things. Also, it might give you protection in a rare case when a VPN connection drops. Losing it while still connected to Tor leaves you with just one protection instead of two. Luckily, VPNs typically have a kill switch with a similar function. It shuts down your Internet connection in case of that exact failure.

How fast is the Tor browser with VPN?

Last but not least, the speed aspect. Tor assumes every piece of exchanged data gets encrypted and decrypted several times. This takes time, and the relaying itself adds more. Modern opinions indicate that the speed might be enough for many online activities, especially if you happen to use fast Tor servers. Latency, the delay between sending a request and receiving a response, is worse, however. And the biggest performance problem is the speed instability. It’s because your circuit through the Tor network changes often and unpredictably. Will the servers in it be slow and overloaded, or efficient and unoccupied? Your carefree Web surfing might quickly change to a painstakingly slow one. Refer to the Tor Metrics for recent speed measurements, if you wish to interpret them yourself.

With Onion over VPN, the connection will usually be even slower and latency increased, so the result might be quite disappointing. You need to remember that this solution is different from a regular browser. A typical netizen just doesn’t care about his privacy this much. If you aren’t a typical internet user and can’t afford to take any chances, be prepared to sacrifice speed for safety.

Compared with VPN, Tor might be called the next level of privacy protection. Because their domains are quite distinct, the two can be combined for an even greater cybersecurity boost. It does come at the cost of speed. If you’re looking for ways of becoming next to invisible online, consider putting these two solutions together!

BackNext article