VPN vs Tor
mirimir (gpg key 0x17C2E43E)
|Design||VPN protocols were developed in the 80s-90s for securing government and commercial networks. The first VPN services appeared in the mid 90s. They provide secure, private wormhole tunnels through the public Internet from client apps to VPN servers.||Tor is a second-generation onion-routing anonymity system. It was developed at the U.S. Naval Research Laboratory in the early 00s, and then released into the public domain. It's now managed by an NGO, the Tor Project.|
|Source(s) of Funding||VPN services are generally private firms or NGOs.||The Tor Project has been funded primarily by U.S. government programs.|
|Number of Hops to Exit||Most are one-hop. A few are two- or three-hop.||Normally, there are three hops. For onion (aka `hidden`) services, clients and servers each use three-hop circuits to reach rendezvous nodes.|
|Number of Independent Hops||One, because one provider runs them all.||Three by design, but collusion is possible.|
|Number of Servers||There are typically 10-100, but some services claim as many as a few hundred.||There are over 6000.|
|Number of Possible Routes through System||For even the largest VPN services, there are at most a few hundred distinct routes.||That depends on relay availability. With ~1700 entry guards, ~1000 exit relays and ~2300 non-entry/non-exit relays, about four billion distinct circuits are possible.|
|Frequency of Route Change||That depends on the provider. For most providers, it's done manually, either in custom clients or by users. A few VPN providers offer custom clients that change routes automatically.||Each connection by an app uses a new, dedicated circuit. And circuits are replaced at ten minute intervals, unless they've been pinned open by active connections.|
|Chance of Getting Recently-Used Routes||There are few possible routes, so reuse is likely on a scale of days (or at most weeks, for the largest providers).||With billions of possible routes, reuse is unlikely on a scale of months, or even years.|
|What does your ISP know?||It knows only that you're using a VPN service.||It knows only that you're using Tor.|
|Anonymity: Who knows what about you?||VPN providers: 1) know that you have an account; 2) know your IP address when you connect; and 3) know what Internet sites you visit. And they can see all content that's not end-to end encrypted with Internet sites. However, reputable (and prudent) providers don't look at traffic, keep logs, or associate entry and exit activity.||There are normally three relays in a circuit. All traffic is encrypted between users and exit relays. So like VPN providers, exit relay operators can see all content that's not end-to end encrypted with Internet sites. However, only entry relays (aka entry guards) know your IP address, and they don't see your Internet destinations, other metadata, or content. Middle relays isolate entry guards and exit relays. Their operators don't know your IP address. And they also don't see your Internet destinations, other metadata, or content.|
|Distribution of Trust||You must trust the VPN provider.||Although the code is freely available for review, virtually all users must trust the system design, and some mix of those who implemented it and those who reviewed it. By design, there's no need to trust any particular resource contributor. But collectively, you must trust the group that manages core directory servers for relays and onion servers. And you must trust that enough relay operators are honest, and not colluding with each other to deanonymize you. And finally, you must trust that system attacks will be detected and mitigated.|
|Security and Privacy: Who can see and mess with your data?||As long as the service uses the secure IPSec or OpenVPN protocols, adversaries between you and the VPN server can't see or alter your traffic. They can block it, of course. But the connection is encrypted with perfect forward secrecy. Even if an adversary somehow manages to decrypt some of the VPN traffic, that won't allow them to easily decrypt past or future traffic. The VPN provider, of course, can see traffic that it's handling. And your traffic is exposed after it leaves the VPN exit. So it's important to employ end-to-end encryption with Internet destinations (e.g., HTTPS for websites, and TLS for email).||Tor connections are multiply encrypted, all with perfect forward secrecy. Your connection to the exit relay is encrypted. So is your connection to the middle relay, which is relaying traffic to the exit relay. And so is your connection to the entry guard, which is relaying traffic to the middle relay, and so on. Given that, only the exit relay operator can see and mess with your data. And as with VPN services, your traffic is exposed after it leaves the exit. So it's important to employ end-to-end encryption with Internet destinations (e.g., HTTPS for websites, and TLS for email).|
|Ease of Use||VPN services are the simplest type of anonymity system that's secure and reliable. VPN servers automatically proxy all of the client's Internet traffic. There's no need to configure apps. They're usually very easy to setup, with client software (or perhaps just configuration files) from providers.||Tor browser is very easy to install, but only browser traffic uses Tor. It's not designed to easily route other apps via Tor. And using the plain Tor client is complicated, and not well documented for new users. Other options include the Tails LiveDVD, and Whonix, which is a pair of VirtualBox VMs. Both include numerous apps. Using Whonix, even misconfigured apps cannot bypass Tor.|
|Potential Pitfalls, and Mitigation||VPN connection may drop, and while it's reconnecting, traffic may reach Internet sites directly - some VPN client apps prevent that - and one can also block bypass using firewall rules - also potential for DNS leaks - VPN server tells your client app what DNS servers to use - but your computer also knows about DNS servers from your ISP - so when the VPN is connected, it may access ISP-associated DNS servers - and that may reveal your VPN exit IP address to your ISP - some VPN client apps also prevent that - and one can also block DNS bypass using firewall rules||If your apps and/or Tor are misconfigured, you'll be accessing the Internet directly, at least in part. And it's all too easy to get caught, by not knowing what to worry about. A classic example is using BitTorrent via Tor. It's very hard to force all BitTorrent connections to use Tor. That's because BitTorrent apps are designed for speed, and not for security. Given the risks in using the Tor browser, it's best to use either the Tails LiveDVD or Whonix. Also see Want Tor to really work?|
|Conclusion||VPN services are an excellent choice where speed, and privacy from local adversaries, are most important. They also provide limited anonymity on the Internet, but that's vulnerable to adversaries who can coerce providers, or snoop on their servers. See Will a VPN Protect Me? and Adversaries and Anonymity Systems. They're easy to install and use. Once setup properly, they reliably handle all Internet traffic.||When the Tor client starts, it displays a warning: `This is experimental software. Do not rely on it for strong anonymity.` But there's arguably no better alternative. See Adversaries and Anonymity Systems. And so Tor is the best choice when anonymity is most important. But Tor is much slower than VPN services. And you must use it properly.|
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.
Suggest an edit on GitHub.