Update, August 2013: Wired magazine reported that TOR has been compromised by the FBI and many TOR users could be identified via malware that they injected into certain sites. Unless you take big technical precautions, TOR is starting to look like a weaker option for anonymity. You can read our summary here.
What is Tor?
Tor is an anonymity network that provides free software designed to allow you to access the internet anonymously. Unlike VPN, where the VPN provider knows your real IP address, and can see your internet traffic at the exit point (the VPN server), with Tor your signal is routed through a number of nodes, each of which is only aware of the IP addresses ‘in front’ of the node and ‘behind’ it, so that at no point can anyone know the whole path between your computer and the website you are trying to connect with.
The name Tor originated in the acronym The Onion Router, which was developed by US Navy and refers to the way in which data encryption is layered, being re-encrypted multiple times as it passes between randomly selected nodes.
Tor is therefore considered an extremely secure way to access the internet while keeping your true identity hidden.
Tor is endorsed by many civil liberties groups, including the Electronic Frontier Foundation (EFF), and has been widely praised for allowing dissidents, whistleblowers and human rights workers to freely access the internet, express their views, talk to journalists, and otherwise become involved in political activity that has been banned by their own repressive regimes.
It does of course also allow criminals to act with impunity, and famously allows access to the underground market The Silk Road, which only works when connected to using Tor. Those interested in the ethics of internet anonymity should keep a lookout for our upcoming article on the subject.
How Tor works
As we noted above, Tor passes data between a number of randomly selected nodes, encrypting it each time. Each node knows where signal comes from and the node it is going to, but cannot see the whole route (circuit).
For reasons of efficiency these relay circuits are randomly reset every 10 minutes so that your actions cannot be linked to earlier actions.
Each node is run by a volunteer, and therefore the more volunteers there are, the more secure the whole Tor network is.
Volunteering to run an exit node is therefore of great service to the Tor community, and strikes a meaningful blow for freedom and against oppressive censorship. It is also not difficult to set up. However, running an exit node means that other Tor users’ activity, including potentially highly illegal activity, will appear to originate from your IP address, which may lead to trouble. There is an article on how to minimize the risks available here.
Installing Tor is very easy these days (it used to be a little more complicated), and it is available for Windows, OSX, Linux/Unix and Android.
In Windows you need only download and run Tor package, which will self-extract into a directory of your choice (no additional installation files are added to your computer.
Double-click on the ‘Start Browser.exe, and the connection dialogue will start.
Once connected, the Tor client starts a customized version of Firefox Portable. Not only is this very lightweight, but it allows you to carry a version of Tor with you on a USB stick (for example) so you can easily access the internet anonymously from any PC.
You can now surf the internet anonymously! The Tor service can be tuned on and off using the Onion icon, or customized using the icon’s drop-down menu.
Tor also provides a customized version of the Tails Live CD/USB Linux based distro, so you can boot directly into a secure OS.
Tor vs. VPN
As you can see, the purpose of Tor is very similar to that VPN’s primary purpose – to maintain internet users’ online anonymity and to evade firewalls. Like VPN, it can also be used to spoof geo-location by the user continually re-connecting until the exit node is in the desired country (quite easy if you want a US based exit node, less easy for smaller or less internet connected countries).
However, not only is the technology used quite dissimilar (for a discussion on how VPN works see here), but they are also quite different in use.
- No-one can trace you to external IPs visited
- Distributed network – almost impossible to shut down or attack in a meaningful way
- Very slow – because your data is randomly bounced through a number of nodes, each of which could be anywhere in the world, using Tor can be painfully slow
- Not suitable for P2P filesharing – while there is no way to stop you from using BitTorrent over Tor (and people do it) it is a) very slow, and b) very bad form as it slows down the entire network for every other user, for some of whom access to the internet via Tor may be of critical and possibly life threatening importance
- While it can, at a pinch, be used for location spoofing (see above), Tor is a very fiddly and inefficient way to go about it. In addition to this, the slowness of Tor means that using the service to stream geo-restricted media services is unfeasible.
- Fast – generally speaking you will see very little slowdown to your raw internet connection speeds when using a VPN service
- Location spoofing is very easy – most VPN providers offer servers in many locations worldwide. Because connections are fast, VPN is ideal for streaming geo-restricted media content
- Ideal for P2P filesharing – while many providers prohibit it, many are set up with filesharing in mind
- The VPN provider can see your internet activity – and in many countries is required by law to keep records of it, which may be handed over to the authorities or to copyright lawyers. VPNs are also vulnerable to server raids by the police, in an effort to obtain the information they may contain. This is why it is vital to choose a provider who keeps no logs (and is in a position to keep this promise). Of course, even when a VPN provider promises to keep no logs, you must trust them to keep their word …
- Costs money (although typically under $10 a month, or less if you buy in bulk)
The great advantage of Tor is that you do not need to trust anyone – your internet use is completely anonymised. However it is very slow, and largely as a consequence of this, it is not suitable for many of the most popular activities people want to use VPN for, such as filesharing and streaming geo-restricted media content.
As long as a trustworthy no logs VPN provider is used, then VPN is a very secure, consumer oriented privacy solution that provides much greater performance and flexibility than Tor can offer.
If, on the other hand, you are a mafia whistleblower, or a dissident living under regime in which it would be very dangerous to be caught performing certain activity (such as writing political blogs), then Tor is the safest solution.
Just remember that there is no such thing as a 100% guarantee of anonymity, whichever route you take. There are always, at least potentially, loopholes in any security arrangement, and individuals often give their true identifies away through patterns of behavior, unguarded comments made while on-line, or any other number of simple and not-so-simple mistakes.
Using VPN with Tor
We have only come across one VPN provider who supports this, AirVPN. Although slow, this method provides an additional layer of privacy, as the VPN server will only see the VPN exit node instead of your real IP address. In addition to this, the fact that you are using Tor is hidden by the VPN, so websites which discriminate against known Tor exit nodes can be accessed as normal.