Aside from controversy, Tor is gaining ground as a free privacy and pro-human rights tool. But how does it compare to a VPN with things like convenience, privacy issues, geo-blocking, and more?
Well, the short answer is no. In fact, under certain circumstances, you could actually endanger your device by using Tor, unless you are using Tor over a VPN. This includes everything you keep on your hard drive, from family photos to work files and even saved passwords.
How does Tor work?
Tor was previously known as the Onion Router because it has layers, like an onion. Tor works by redirecting your traffic to several random servers called “nodes” before it gets to its destination (the website or service you are trying to access). Volunteers manage these nodes around the world.
In addition, the nodes crossed by your traffic are randomized every 10 minutes, so that no one can determine who you are based on your online activity. Regarding the layers we mentioned, these are the additional layers of encryption that your traffic receives when it passes through each node.
The bottom line here is that each node is only aware of two things:
- Where does the connection come from (ie the previous node in the “circuit”)
- The next node to which your traffic is headed.
Therefore, the first node in the circuit knows your IP address, but not the website you are trying to access. Meanwhile, the end exit node can see the website, but does not know that you are accessing it. In this regard, we need to hand it over to Tor for offering a more “complete” online anonymization package than a VPN.
Want to know more? Check out our ultimate Tor guide for a deep dive into the details.
So why is Tor not a suitable alternative to VPN?
Tor is less reliable for bypassing geographic blocks
More than half of all VPN users opt for a VPN so that they can access geo-blocked content, such as Netflix, Hulu or BBC iPlayer. Technically, you can use Tor in the same way by reconnecting until your exit node is in the country of your choice, but it's a laborious process compared to the ease of a VPN.
Netflix regularly blocks Tor nodes when they appear
And since the public Tor nodes are services like Netflix have no problem blocking them. In fact, Tor developers maintain a list of services that block the network where Netflix is often featured. Meanwhile, VPN providers, especially those who heavily advertise their ability to unblock content, are continually acquiring new IP addresses for their users as services attempt to block old ones.
The only advantage of Tor in this case is that it's completely free, allowing you to read geo-restricted articles if you have problems with GDPR regulations, without having to dive into your pocket. Unfortunately for Tor, there are many reliable free VPNs that do the same thing without having to reconnect 50 times before hitting a good exit node.
Tor is less practical than a VPN
No one likes slower internet speeds, especially if you already have a bad connection at the start. Unfortunately, Tor is naturally slow given its lengthy workaround for privacy. These speeds have improved over the years, but your traffic still has to go through at least three knots to reach its destination.
Tor is naturally slower than many VPNs and can be annoying to use
Using a VPN will also slow down your connection, which is especially true of free VPNs, but a decent VPN provider has the advantage of dedicated high-speed servers – which cannot be said of all volunteers in the Tor network. We recommend that you consult our list of Fastest VPNs to avoid slowdowns when broadcasting your favorite shows or playing video games that require low ping.
The other thing that will interrupt your browsing is what CloudFlare thinks of Tor. Specifically, their data shows that the majority of requests on the Tor network come from spam bots, content scrapers, connection scanners, and other malicious automations. As a result, even innocent Tor users will be hit by irritating “CAPTCHA” tests on any website with CloudFlare protection.
It is not that they have nothing against these security measures. Right now, they are probably the most effective way to counter bots. But if your concern is to maximize convenience, for example, staying safe from oppressive government (journalists, whistleblowers, dissidents, etc.), then you'd better use a VPN.
Tor has obvious ties to the US government
Speaking of governments, privacy-minded people might want to know a few things:
- The Tor project was launched by Dr. Paul Syverson of the US Naval Research Lab, with Roger Dingledine and Nick Mathewson of MIT at the time. The onion routing was developed with the help of the Defense Advanced Research Projects Agency (DARPA).
- They received funds from the United States government through independent third parties. Not only that, but they figured that the sponsors could influence the direction of the Tor project.
- FOIA (Freedom of Information Act) documents requested by a reporter suggest that Tor informs the government of security breaches before informing the public.
Given the number of times the NSA and other government and non-government actors have attacked the network (and partially succeeded), this questions the amount of Tor's work against excessive government powers.
Of course, we have to consider the other side of the argument here:
- Since CIA, NSA, etc. agents use Tor to anonymize their online traffic, that means it should also work exceptionally well for non-agents.
- DARPA played a key role in the development of what ultimately became the Internet as we know it today. Believe it or not, the government can also finance good research!
Finally, it may seem strange that the US government is funding the project while simultaneously trying to exploit all of its vulnerabilities. But we must remember that government is not a single entity. It is not impossible that one part of the government is trying to catch bad people on the network, while another is trying to perfect anonymization software for its own agents.
Governments and ISPs Can Block Tor
Just as Netflix can block exit nodes, an ISP can too, and your government can even create firewall rules against them using the public list of Tor nodes. They have already done this in Venezuela, Turkey and (surprise, surprise) in China.
There are of course obfuscation methods called “Tor bridges” which allow users to connect to the network even if their country tries to block it. Currently, there are only about 1,000 of them and they are not publicly listed, which makes them much more difficult to block. The problem, which is recognized by Tor developers, is that they can They always end up on a block list, so they constantly need new volunteers to serve as bridges.
VPNs can also be blocked (for example, by blocking the IP of known VPN servers) – but there are also as many ways to bypass VPN blocks.
Malicious exit nodes are a huge problem
Remember how the exit nodes can see which service you are trying to access, but not your identity? Well, they don't really need to know anything about you to cause harm. According to ThreatPost, an output node added malicious code to binary files (i.e. any non-text file) downloaded via Tor.
Not all Tor exit nodes are reliable and could compromise your security.
As the article says, it could cause huge problems if malicious actors find a way to insert their code into a crucial service like Windows or OS X updates. Something apparently safe and reliable could become a dangerous weapon against people who are just trying to protect their privacy.
That's why we mentioned that your device could be at risk. Previously, more than 110 Tor nodes were caught spying on user traffic.
While your privacy is somewhat protected with exit nodes unable to see who owns the traffic, WikiLeaks has successfully intercepted over a million documents transferred using the Tor network. Sure, that revealed some shady relationships from the powers that be, but it's a clear example of exit nodes capable of collecting large-scale data, which could inevitably be used to identify you based on what the documents contain. .
There are a few other things that could be said about Tor. For one, its slow speeds make it a poor choice for P2P file sharing. In fact, it is considered bad manners because it also slows down the network for other users. Before using it for data-intensive services like torrents or streaming, think about users who live under oppressive regimes and depend on the Tor network for their security.
Another thing to keep in mind regarding output nodes is that you never know how reliable this node is. Suppose more people join the Tor network and you have a statistically higher chance of getting a good one. Well, this node is still subject to data collection and subpoenas requesting that data.
Since many Tor volunteers are not particularly technically savvy, this does not bode well for the security of your data. In the case of VPN without logs, you know they keep no tabs on your online activity. Obviously, it also depends on the trust you place in your supplier, but the same can be said of any Tor node.
All this does not mean that Tor is useless. It has many uses that a VPN cannot offer, such as browser fingerprint protection, which makes it all the more upsetting that the service is struggling with the coronavirus pandemic and is asking for donations as support. But if your threat level is to the point where browser fingerprints are an issue, we recommend that you check out the Tor over VPN guide, anyway.