Some VPN providers offer a VPN + Tor feature. In this article, I discuss how such features work and what the implications of using them are.
Take a look below at the top 5 Tor VPNs that have been picked out by our experts. Scroll below the providers to find out more about using a VPN with Tor.
- No logs at all
- VPN through Tor
- Transparent service
- Accepts Bitcoin
- P2P: yes
- Techiness does put people off
- Customer support could be better
- Limited number of servers worldwide
This Italian provider offers among the best security and anti-censorship technology available on the web, allowing both SSH and SSL tunneling to evade government blocks. Add in no logs, some of the strongest encryption around, and a Windows, Mac OSX and Linux client with built-in DNS leak protection and kill switch, and AirVPN should be on the top of every privacy fanatic’s wish list.
In keeping with its usual technical excellence, AirVPN is one of the only two VPN providers I know of to offer VPN through Tor (plus it provides instructions for connecting Tor through VPN using the Tor Browser). The main problem with AirVPN is that its service is definitely aimed at techies, which despite initial interest does appear to put many of our readers off. Additional features: Real-time user and server statistics, VPN through SSL and SSH tunnels, very reliable, open source client with internet kill switch and DNS leak protection, 3-day free trial, dynamic port forwarding, 3 simultaneous connections Best for VPN through Tor!
Try the Best VPN Service Today!Visit AirVPN »30 day moneyback guarantee
- No logs at all
- VPN through Tor
- Client with VPN kills switch and DNS leak protection
- Accepts Bitcoin
- SmartDNS included
- Could be more user-friendly
Based at an off-shore location somewhere off Malaysian coast, this provider offers ‘xCloak’ servers designed bypass government censorship. BolehVPN has a no logs at all policy, that it now uses excellent encryption, allows P2P downloading, and has great connection speeds. The Windows and OSX client is also very funky, and features a VPN kill switch and DNS leak protection. The fact that BolehVPN throws in a SmartDNS services for free is also great.
Like AirVPN, BolehVPN offers VPN over Tor, allowing for true anonymity while online, and provides instructions for connecting Tor through VPN using the Tor Browser. Also like AirVPN, it is a little consumer-unfriendly and assumes a level of technical know-how from users that may not be to everyone’s tastes.
Additional features: P2P: yes, 2 simultaneous connections, “xCloak” servers.
- No logs
- Based in Panama
- Accepts Bitcoin payment
- Tor over VPN
- 2 simultaneous connections
- Can be very slow
Based in Panama, NordVPN has a ‘no logs at all’ policy, uses strong encryption, and accepts anonymous payment using Bitcoin. It also supports Tor through VPN via one of its OpenVPN configuration file. The main advantage of this over simply using the Tor browser with the VPN connected is that all your internet traffic is routed Tor through VPN rather than just that of the Tor Browser.
Although it scores very well in terms of privacy and security, NordVPN is somewhat let down by poor speed performance, which is a shame, as it is otherwise a very good service.
- No logs
- Tor through VPN
- Accepts Bitcoin
- Android app
- No custom desktop client
This Czech-based provider is notable for being very wallet-friendly, but is otherwise fairly barebones (for example it has no custom desktop VPN client, although it does have a promising Android app with secure email and chat built-in). Privatoria’s speed performance is a little underwhelming, but it makes up for this somewhat by keeping no logs and
Additional features: 3 simultaneous connections, P2P: yes (on most servers).
- Tor through VPN
- Tor "hybrid mode" (insecure)
- Strong encryption
- Dynamic port forwarding
- Based in UK (legally)
- Extensive connection logs
- P2P: no
Although it operates out of Hungary, TorVPN is based in the UK, and is therefore required to keep quite extensive connection logs. It does, however, use excellent encryption, and is very cheap. Interestingly, in addition to offering “regular” Tor through VPN (similar to NordVPN and Privatoria), TorVPN offers a hybrid node that allows you to access .onion websites using its own Tor DNS server. Even TorVPN, however, freely admits this is very insecure!
How We Picked the Top Tor VPN for 2018
Here at BestVPN.com, we’re fortunate to have some of the VPN industry’s foremost experts as staff members. Based on our detailed VPN reviews and data collected as part of our BestVPN.com Awards process, we’ve carefully considered a range of factors that go into making a great VPN service for Tor.
We recognize that due to the versatility of VPN technology, VPN benefits for one user may miss the mark for another. As such, these top five VPN for Tor picks are a consensus choice made after much careful deliberation by the BestVPN.com staff.
It is worth stressing, however, that Tor over VPN is of debatable benefit. If you do choose to go down this route, please be aware it is more secure to connect to any good VPN and then access the web using the Tor browser than using the kind of setup offered by these VPNs.
For more information about how we review VPNs visit our BestVPNs.com’s review process overview.
What is Tor?
The name Tor originated as an acronym for The Onion Router, and refers to the way in which data encryption is layered. When using Tor:
- Your internet connection is routed through at least 3 random “nodes” (volunteer run servers)
- These nodes can be located anywhere in the world
- The data is re-encrypted multiple times (each time it passes through a node)
- Each node is only aware of the IP addresses “in front” of it, and the IP address of the node “behind” it
- This should mean that at no point can anyone know the whole path between your computer and the website you are trying to connect to (even if some nodes along the path nodes are controlled by malicious entities)
The real beauty of the Tor system is that you do not have to trust anyone. It is designed so that no-one can discover your true identity, and (if you connect to a secure website) no-one can access your data. For a detailed look at Tor, please check out our full Tor Review.
What is a VPN For Tor?
A VPN is a way to connect your computer or mobile devices securely to a “VPN server” run by a commercial VPN provider. Your computer then connects to the internet via this VPN server.
- The VPN encrypts all data passing between your device and the VPN server. This is sometimes referred to as an “encrypted tunnel.” The VPN hides your data from your Internet Service Provider (ISP), so that it can’t spy on what you do online.
- VPN providers usually operate server locations around the world. This is great for avoiding censorship, as you can simply connect to a server located in a country where there is no censorship.
- When you connect to the internet via a VPN server, anyone on the internet will see the Internet Protocol (IP) address of the VPN server, not your real IP.
What are main differences between Tor and VPNs?
Tor provides a very high degree of true anonymity, but at the cost of day-to-day internet usability. Using a VPN can provide a high degree of privacy, but should never be regarded as anonymous because your VPN provider will always know your true IP address.
A VPN does, however, provide a much better day-to-day internet experience than Tor, and because of this, is a much more flexible general-purpose privacy tool.
Tor, on the other hand, is a vital tool for that tiny subset of internet users who really require the maximum possible anonymity. Thanks to being free, Tor can also make quite a handy anti-censorship tool. The only problem being that many repressive governments go to great lengths to counter this by blocking access to the network (to varying degrees of success).
- VPNs are faster than Tor, and are suitable for P2P downloading. The major downside (and reason VPNs are said to provide privacy rather than anonymity) is that it requires you trust your VPN provider. This is because, should it wish to (or is compelled to), your VPN provider can “see” what you get up to on the internet. a VPN also allows you to easily spoof your geographic location.
- Tor is much slower, is often blocked by websites, and is not suitable for P2P. But it does not require that you trust anybody, and is therefore much more truly anonymous than a VPN. Malicious exit nodes present a real threat when using Tor.
Using Tor and a VPN Together
VPNs and can be used together. In theory, this can provide an extra layer of security and privacy, but this is a hotly debated point – especially when it comes to Tor though VPN setups.
The Tor network is designed from the ground-up to provide security and anonymity. there is a very strong argument that adding a VPN to the equation actually weakens the setup.
That said, there are also good arguments that using Tor and a VPN together is beneficial, and that it mitigates some of the drawbacks of using either technology exclusively.
One thing that is certain is that using Tor and a VPN together is slow. You will suffer the combined speed hit of using both Tor and a VPN.
There are two basic ways that Tor and a VPN can be combined. You can connect to your VPN then route the connection through the Tor network (Tor through VPN), or you can connect to the Tor network before routing your connection through your VPN…
Tor Through VPN
This is the most common Tor + VPN setup. In this configuration you connect first to your VPN server, and then to the Tor network before accessing the internet:
Your computer -> VPN -> Tor -> internet
Although most of the providers listed above offer to make such a setup easy, this is also what happens when you use the Tor Browser or Whonix (for maximum security) while connected to a VPN server. It means that your apparent IP on the internet is that of the Tor exit node.
- Your ISP will not know that you are using Tor (although it can know that you are using a VPN).
- The Tor entry node will not see your true IP address, but the IP address of the VPN server. If you use a good no-logs provider this can provide a meaningful additional layer of security.
- Allows access to Tor hidden services (.onion websites).
- Your VPN provider cannot see what you get up to on the internet if you use the Tor Browser.
- Your VPN provider knows your real IP address
- No protection from malicious Tor exit nodes. Non-HTTPS traffic entering and leaving Tor exit nodes is unencrypted and could be monitored
- Tor exit nodes are often blocked
Important note: With the exception of AirVPN, the VPNs listed above offer VPN through Tor via an OpenVPN configuration file which transparently routes your data from their VPN servers to the Tor network.
- This means that your entire internet connection benefits from Tor through VPN (not just the Tor Browser).
Please be aware, however, that this is nowhere near as secure as connecting to a VPN and using the Tor browser.
- The Tor Browser will Tor-encrypt your data on your desktop, which prevents your VPN provider from seeing it. The Tor via an OpenVPN configuration file method means trusting a third party (your VPN provider) to Tor-encrypt your data for you. This also means that (as with any normal VPN) your VPN provider can see your data.
- The Tor Browser has been “hardened” for improved privacy security. It is also the best defense against browser fingerprinting For more details on this please see my Tor Review.
So if you want to use Tor through VPN, for maximum security use the Tor Browser, not the transparent routing method.
VPN Through Tor
This involves connecting first to Tor, and then through a VPN server to the internet:
Your computer -> encrypt with VPN -> Tor -> VPN -> internet
This setup usually requires you to configure your VPN client to work with Tor. The only VPN provider I know of to support this is AirVPN. It is also possible using a Tor router (see below). Your apparent IP on the internet is that of the VPN server.
- Because you connect to the VPN server through Tor, the VPN provider cannot see your real IP address – only that of the Tor exit node. When combined with an anonymous payment method (such as properly mixed Bitcoin) made anonymously over Tor, this means the VPN provider has no way of identifying you.
- Protection from malicious Tor exit nodes, as data is encrypted by the VPN client before entering (and exiting) the Tor network (although the data is encrypted, your ISP will be able to see that it is heading towards a Tor node).
- Bypasses any blocks on Tor exit nodes.
- Allows you to choose server location (great for spoofing where you are).
- All internet traffic is routed through Tor (even by programs that do not usually support it)
- You can open ports through the VPN (is the VPN provider supports this feature).
- Your VPN provider can see your internet traffic (but has no way to connect it to you)
- If an adversary can compromise your VPN provider, then it controls one end of the Tor chain. Over time, this may allow it to pull off an end-to-end timing or other de-anonymization attacks. Any such attack would be very hard to perform, and if the provider keeps logs it cannot be performed retrospectively. But this is a point the Edward Snowden’s of the world should consider.
This configuration allows you to maintain complete (and true) anonymity. But so does using Tor on its own.
Remember that to maintain anonymity it is vital to always connect to the VPN through Tor (if using AirVPN this is performed automatically once the client has been correctly configured). The same holds true when making payments or logging into a web-based user account.
Using a VPN or Tor Router
If you connect to a VPN router and then use the Tor Browser, you have a straight-forward Tor through VPN setup.
There also exist some special Tor routers (for example the Anonabox). If you connect to one of these and also use a VPN on your device, then you have a VPN through Tor setup. Your data is routed through the Tor network before you connect to the VPN server. This means your real IP address is hidden from the VPN provider.
Using Tor Inside Tor
In theory, it is possible to run a Tor connection inside another Tor connection. For example by using AirVPN’s VPN through Tor feature together with the Tor Browser, using a service that routes your VPN connection to the Tor network together with the Tor Browser, or connecting to a Tor router and using the Tor browser.
This not a good idea. At best it will provide no additional benefit, as all traffic is going through the Tor network anyway.
At worst, “an infinite connection loop occurs because communication between Tor and the guard node (the first node of each circuit) will fall back to the VPN (causing errors like Inactivity timeout, recv_socks_reply: TCP port read timeout expired: Operation now in progress, Assertion failed at misc.c:785).”
Malicious Exit Nodes
When using Tor, the last exit node in the chain between your computer and open internet is called an exit node. Traffic to or from the open internet (Bob in the diagram below) exits and enters this node unencrypted. Unless some additional form of encryption is used (such as HTTPS), this means that anyone running the exit node can spy on users’ internet traffic.
This is not usually a huge problem, as a user’s identity is hidden by the 2 or more additional nodes that traffic passes through on its way to and from the exit node. If the unencrypted traffic contains personally identifiable information, however, this can be seen by the entity running the exit node.
Such nodes are referred to as malicious exit nodes, and have also been known to redirect users to fake websites.
HTTPS connections are encrypted, so if you connect to an HTPPS secured website (https://) your data will be secure, even it passes through a malicious exit node.
A closed padlock icon in your browser’s URL bar indicates that a website is secured by HTTPS
End-to-end Timing (e2e) Attacks
This is a technique used to de-anonymize VPN and Tor users by correlating the time they were connected to the timing of otherwise anonymous behavior on the internet.
An incident where a Harvard bomb-threat idiot got caught while using Tor is a great example of this form of de-anonymization attack in action. It is worth noting, though, that the culprit was only caught because he connected to Tor through the Harvard campus WiFi network.
On a global scale, pulling off a successful e2e attack against a Tor user would be a monumental undertaking. But possibly not impossible for the likes of the NSA, who are suspected of running a high percentage of all the world public Tor exit nodes.
If such an attack (or other de-anonymization tactic) is made against you while using Tor, then using VPN as well will provide an additional layer of security.
Is Tor + VPN worth doing?
As already mentioned, this is a hotly debated subject. Using a good no-logs VPN with Tor (in both Tor through VPN and VPN through Tor setups) provides an additional obstacle that an adversary must overcome. As discussed above, each setup also provides other perks.
On the other hand, it introduces a potentially unreliable third party into a setup that is the most secure and anonymous way to access the internet yet devised.
My personal feeling is that VPN through Tor of the kind offered by AirVPN is a much more interesting proposition than Tor through VPN. It allows for complete anonymity while using a VPN, and will protect you from malicious Tor exit nodes.
Tor through VPN means that your VPN provider knows who you are, although as with VPN through Tor, using a trustworthy provider who keeps no logs will provide a great deal of retrospective protection.
Is it worth the hassle over just using Tor on its own? That is for you to decide. One thing that using Tor + VPN is not useful for, though, is providing of the extra layer of encryption. Both Tor and good OpenVPN encryption are very strong on their own, so “doubling up” provides no meaningful additional benefit.
How to Choose a VPN for Tor
If you want service that supports VPN through Tor then you have no choice but AirVPN. Luckily, AirVPN is a great provider if you are more technically inclined. The other services on the list above are featured in this article because they support Tor through VPN using transparent routing.
Many may like this feature as it can be convenient and allows you to access .onion sites using your regular browser. Do remember, however, that this is not very secure. It is much more secure and private to use any secure and no-logs VPN with the Tor Browser. Just run the Tor Browser after a VPN connection has been established.
Whichever configuration you choose, combining VPN and Tor can provide some meaningful privacy and security benefits.
I do, however, encourage any user who requires a very high level of security to carefully weigh up the pros and cons of each setup in relation to their particular needs. You should also carefully consider whether using Tor and a VPN together offers any real advantage over just using Tor on its own.