• YOUR ISP:Amazon
  • STATUS: Not connected

IVPN Privacy Guides

Expert guides from the leaders in VPN

Why use Tor with a VPN service?


The Tor network has been a staple tool for the privacy-aware internet user since 2002. While it has shown itself to be an invaluable tool in protecting one’s privacy through anonymity, it is anything but a panacea. Today we are going to examine two of the known vulnerabilities in the Tor system and then see how using a quality VPN service in conjunction with Tor can mitigate many of those vulnerabilities thus substantially reducing your privacy risk surface.

The first vulnerability we are going to examine is the scenario where the attacker is passively monitoring the connection of both the sender and recipient. For simplicity’s sake, we will be using the common cryptographic archetypes of Alice and Bob et. al. If you are not familiar with these characters see the wikipedia entry. Additionally, we will be assuming that you have basic knowledge of how the Tor network functions.

Scenario A

In this first scenario, Alice is connecting to Bob’s server over the Tor network. Additionally, Eve is positioned to passively monitor traffic coming both from Alice and to Bob. This is a scenario we know already exists at both the individual ISP level and at the level of major backbone interconnects through government access. It has been demonstrated since 2002 that Eve can correlate traffic between Alice and Bob with a degree of accuracy that completely eliminates false positives1. Further, this attack does not necessitate physical-level access to both Alice and Bob’s individual networks. Because the Tor network allows anyone to run an end node, Mallory could simply have physical access to Alice’s network and then run an end node herself. On the occasions when Alice’s traffic is exiting the tor network from Mallory’s end node (without regard to the locations and number of intermediate hops), there would be a functional replacement for the need to have physical access to Bob’s network, as all traffic from Alice to Bob would pass through Mallory’s node with all the intermediate encryption stripped off (assuming that Bob’s server did not support end-to-end encryption, of course).

By using a quality VPN service that has a high enough Tor traffic volume, the ability of Eve or Mallory to correlate Alice and Bob’s traffic is severely hindered. This ability could be further reduced if Alice were to concurrently generate traffic over the VPN connection to multiple Tor sites along with non-Tor traffic. Essentially what this accomplishes is padding Alice’s connection to the VPN server with sufficient extra data that correlation becomes even more difficult.

Scenario B

The second vulnerability to examine is referred to as the “bad apple” attack. Here, we will assume that Alice and Bob are communicating via bittorrent. Mallory injects traffic that triggers Alice to make a UDP connection to Mallory’s server. By taking advantage of the fact that Tor only provides a secure TCP connection, Alice is then tricked into revealing her actual identity. By properly configuring one’s VPN connection to tunnel all traffic and by applying the other padding strategies above, Alice is no longer vulnerable to this attack.

One of the most important features one should look for when shopping for VPN services is variable multi-hop capabilities. Here, one has the opportunity to bounce his encrypted traffic across multiple networks, further reducing the possibility that traffic-analysis based attacks would be successful. Additionally, one can, at the drop of a hat, choose a different multi-hop path for his traffic. Remember that in analysis attacks, padding is your friend and each individual encryption wrapper provides additional padding that can confound Mallory’s attempts to correlate traffic.


  1. See Andrei Serjantov and Peter Sewell – Passive attack analysis for connection based anonymity systems. In Einar Snekkenes and Dieter Gollmann, editors, Computer Security ñ ESORICS 2003, 8th European Symposium on Research in Computer Security, pages 141-159, Gj¯vik, Norway, October 2003. Springer-Verlag, LNCS 2808. and Lasse ÿverlier and Paul Syverson. Locating hidden servers. In 2006 IEEE Symposium on Security and Privacy (S& P 2006), Proceedings, pages 100-114. IEEE CS, May 2006.

5 Responses to Why use Tor with a VPN service?

  1. Darren Chaker says:

    Good scenarios and well written. Demonstrates why a VPN is important, inasmuch to be used with TOR.
    Well done! Continue to keep people informed how to retain their privacy.

  2. joe says:

    i think using the two introduces more complexity to the whole privacy stuff and makes it more difficult to figure out who is behind the system

  3. VPN through TOR says:

    Currently I have my ASUS RT-AC56U running Merlin firmware. There is a TOR option that allows all devices that pass through the router to use TOR nodes…. I also use a client side VPN on my operating system. So here is my question….

    Does using an OS client side VPN (Encryption AES256, Auth.SHA256, Handshake RSA-4096) going through a TOR enabled router add additional security? I would image my IP would be masked by the TOR network first before reaching my VPN provider, then get encrypted again as it passes thorugh my VPN provider…. Any insight on this would be helpful. Thanks!

  4. The more hops/masks the better says:

    Wouldnt your OS VPN be the first to mask your computers IP then Tor would essentially mask your local and the final layer would be the masking of your entry node?

  5. tom says:

    ok so i works like this

    l Alice l
    | vpn layer | tor | ssl or what ever | vpn layer |
    | |
    | |
    |ISP eve|
    |backbone and layer 2|
    / / || | | \\
    vpn –vpn —vpn —-vpn=============== ssl=============example.com
    \ \ | | | | / /

    so vpn cant decrypt your tor packets?

Leave A Comment

Start Protecting Your Online Privacy Now