By now even nontechnical and casual web surfers have heard of Tor, whether or not they fully understand what it does. Tor is an online privacy mechanism that promises to protect the anonymity of their users. Or that’s the goal, anyway.
Many of you may have heard that the FBI had hacked their network in an attempt to thwart some criminal activities, and this breach led many to distrust the once reputable service.
Believe it or not, Tor was originally a project that was developed by the United States Navy, though it has since become its own organization. Once an Internet user becomes aware of the existence of Tor, it often sparks the same question. If Tor is free to use and it protects my identity online, do I still need a VPN tunnel? The short answer is yes; it is still highly advisable to use a VPN service.
However, we’re going to dig a little deeper and look at the benefits and drawbacks of both VPNs and Tor, and even show you how to use both services together for an extra layer of protection. So, let’s take a closer look at how Tor protects users’ online anonymity and take a look at past security breaches.
First and foremost, users need to understand that Tor does not provide encryption. That means that unless you are ultimately connecting to a server that uses HTTPS or another encryption mechanism, all of your data will be sent in plain text.
By now you might be wondering how it protects you online. Essentially, Tor masks and disguises the origin of your traffic, making it nigh on impossible for other online entities to see where the initial web server request came from.
This is achieved by obfuscating the source of the traffic, so it is nearly impossible to trace the traffic back to your computer. At its core, Tor is a network of servers, called relay nodes, that ferret your data and information around to seemingly random servers. A
fter your data has been passed around the network, it exits the Tor network through and exit relay, and only then is your data passed on to the intended destination server. From the website’s perspective, they only see that the request originated from the IP address of the exit relay server, thereby ensuring that your true IP address cannot be seen.
Sounds pretty great, right? Well, it isn’t perfect. You see, Tor has been hacked by the government a few times in the past. Admittedly, I think we can all agree that hacking a network for the sake of capturing child pornographers has its moral merits, which brings up two main points.
First of all, is it ethical to use Tor if criminals have taken advantage of the service in the past? Most people agree that it is completely ethical to use Tor, since it isn’t anyone’s business what you do online. Most Tor users aren’t up to any nefarious or illicit activities – just average Joe’s that don’t want big brother looking over their shoulder.
Secondly, is it safe to use Tor? Tor has claimed that they have cracked down on the security of their network to prevent future attacks. But many people still have qualms using their service in the wake of these hacks.
My recommendation for people that want to use Tor is to use it in conjunction with a VPN service, so you get the added security benefits of encryption. With that said, let’s take a look at VPN tunnel benefits.
Conversely, VPN tunnels offer both security (with encryption) and anonymity (the VPN service behaves in a similar manner to a proxy). By encrypting your traffic, it is completely impossible for t data is decrypted by the VPN server, your data is safe and secure.
Furthermore, VPN tunnels mask your true IP address, which is how they are able to unblock web content that has been geo-restricted as well as national censorship programs. As long as your VPN service provider has a strict no-logging policy, you can rest assured that your Internet communications will be secured through the VPN tunnel.
This begs the question: why do some people want to use a VPN in conjunction with Tor?
The simple answer is that they want an extra layer of privacy.
You see, when you use a VPN with Tor, not only is your data secured with encryption and your true IP address masked with an IP from the service provider, but it is also nearly impossible to discover the source of your Internet transmissions. Some ISPs may have specific policies about using the Tor network, but using a VPN tunnel in conjunction with Tor will make the fact that you are using the Tor service invisible.
In this scenario, you are connecting to your VPN service provider first, and then connecting to the Tor network. The path that your data takes looks like this:
This will route data through the Tor network and OpenVPN transparently. But this is not as secure as using the Tor browser. When using the Tor browser, data is encrypted only as the data is traversing the Tor network.
The more preferred option, in my opinion, is to establish a VPN connection all the way through the Tor network. In this scenario, your data takes the following path:
However, these types of configuration is a little more difficult to setup, because your VPN service provider needs to have coded features into their software that allow for this type of configuration. As of now, it seems that the only two providers that offer this functionality are AirVPN and BolehVPN.
Some users may feel it is overkill to use a VPN tunnel in combination with Tor. Nevertheless, there are plenty of users who take their Internet security and privacy very seriously, and they will likely want to take advantage of the Tor network.
I would advise that users abstain from using the Tor network without a VPN tunnel, though, because of the security concerns with the FBI in the past. If they infiltrate the Tor network, they will be able to trace user activities. But a VPN tunnel, when used appropriately, will be able to safeguard your data in the event of a breach.