The Essentials

Tor vs. VPN: How Do They Work and Which Is Better For Online Privacy?

Callum Tennent

Tor and VPNs both promise to keep you anonymous online, but how private are they really? Find out how Tor works, how to stay safe, and how it compares to a VPN in this comprehensive guide to Tor vs. VPN.

An illustration of two characters choosing between a VPN shield and a Tor onion.

Tor and VPNs have a lot in common. They both promise to let you use the web anonymously, they are both increasingly popular, and they are both often misunderstood.

But what really separates the Tor Network from VPN services? Is it safe to use the Tor Browser? And which option is best for online privacy?

In this guide we’ll answer all of the questions we’ve received about Tor and VPN services. We’ll explain how they work, how to safely access Tor, and the advantages and disadvantages of both.

If you already know how Tor works, you can jump straight to our direct comparison of Tor vs. VPN. Alternatively, you can skip to our sections on How to Use Tor and How Stay Safe Using Tor.

What Is Tor?

The Tor Network — often referred to as just “Tor” — is a free, open-source system designed to enable anonymous communication on the web. The name is derived from the original project name: “The Onion Router”.

The Tor Network anonymizes your online activity by encrypting your communications and randomly bouncing them through a global network of access points, or ‘nodes’, which are all maintained by volunteers.

The most common way to use Tor is through the Tor Browser. This is a free, Firefox-based application that can be downloaded and installed on your computer. The Tor Browser uses the Tor network to conceal your identity, location, and online activity from tracking or surveillance.

The technology was originally designed for the US military and is favored by political activists and privacy advocates — as well as by some more unsavory characters looking to evade detection. It helps you access content which has been blocked by your country or your internet service provider (ISP).

Most importantly, it hides your identity from both the websites you visit and the network itself.

To summarize, the Tor Network allows you to:

  • Hide your IP address from the websites you visit.
  • Access ‘hidden’ .onion domains.
  • Anonymise your online activity.
  • Communicate confidentially.
  • Access censored content.
  • The size of the infrastructure around Tor and the lack of any centralized authority has moved it into the mainstream over the last decade. However, the trade-off for this large network of community-managed nodes is an unreliable connection and often very slow speeds.

    The Tor network remains most active in Europe and North America, but its reach is steadily expanding across the world. It is particularly popular in countries where online communication is monitored or censored and a lack of privacy could result in jail time.

    A visualisation of Tor's data flow around the world, taken from TorFlow.

    Visualization of Tor’s global data flow, 3 to 6 January 2016 by TorFlow.

    As it has grown, Tor has earned endorsements and praise from a range of civil liberties organisations, including Amnesty International and the Electronic Frontier Foundation (EFF).

    Tor can be used with a variety of operating systems and protocols, but the vast majority of users run it on a computer using the Tor browser. For details on how to install and use the Tor browser, you can skip straight to How Do I Use Tor?

    Tor also lets you access a number of unlisted websites with the .onion domain name — part of the so-called ‘Dark Web’. The most notorious of these sites is the now shut-down Silk Road marketplace, but there are also less sinister sites in operation such as a mirror of BBC News designed to beat censorship.

    Tor is undoubtedly the cheapest privacy tool around. But there are risks inherent to using Tor. Unless you alter your browsing habits, you are at risk of exposing your true IP address or other personally identifiable information: completely wrecking your anonymity. You can learn more about this in our section on How to Stay Safe Using Tor.

    We do not condone using Tor (or a VPN) for anything illegal, and recommend you stay away from the Dark Web as a general precaution.

How Does Tor Work?

Diagram of data passing through the Tor netork

How your data passes through the Tor network.

Like an onion, Tor has layers. The Tor Network bounces your traffic between a number of servers to make you completely anonymous.

In this section we’ll cover exactly how Tor works. If you’d like to skip this section, you can jump straight to Tor vs. VPN: Which is Better? or How Do I Use Tor?

Here’s how the Tor Network encrypts and anonymises your internet traffic:

  1. Before connecting to the Tor Network, Tor selects three or more random servers (nodes) to connect to.
  2. The Tor software encrypts your traffic in such a way that only the final node — called the exit node — can decrypt it.
  3. The Tor software then adds additional layers of encryption for each of the nodes your traffic will pass through, ending at the first node you will connect to, called the guard node.
  4. At this point in the process your traffic is protected by at least three layers of encryption.
  5. When your computer contacts the guard node, the guard node knows your IP address but cannot see anything about your traffic (its content or destination).
  6. The guard node decrypts the first layer of encryption to discover the next node in the chain. It then sends your traffic onwards — still protected by at least two layers of encryption.
  7. The next node in the chain receives your encrypted traffic. It knows the IP address of the previous server in the chain but does not know your true IP address or how many steps have occurred in the chain up until this point. This node removes a layer of encryption to reveal the identity of the next server in the chain. It then sends your data forwards.
  8. This process is repeated until your traffic reaches the exit node. The exit node decrypts the final layer of encryption. This reveals your traffic but the exit node has no way of knowing who you are.
  9. Your traffic completes its journey to the internet.

At no stage in this process does any node know both who you are and what you are doing. Because each node only knows the identity of the server directly next to it in the chain, it is also impossible for any server to reverse engineer your route through the onion network — even if it has malicious intent.

For added security, your path through the onion network is randomly reassigned around every ten minutes.

This process is designed to be fully anonymous, but it isn’t fully private. The exit node has no way of knowing who you are, but it can theoretically observe what you are doing. If you were to email someone your name, or your true IP address, you would undermine the whole process.

Tor is only designed to handle traffic using the popular TCP protocol, which represents the majority of normal browsing traffic. Being limited to this protocol creates a potential vulnerability, because all traffic which uses UDP or any other internet protocol will travel outside the Tor network. Voice and video traffic is generally transmitted using UDP.

Is Tor a VPN?

While often confused, Tor and VPN are actually very different technologies.

A Virtual Private Network (VPN) is a privately-owned network of servers which you can connect to for a variety of reasons including improving security, circumventing censorship, and masking your true IP address.

When you use a VPN, the connection between your computer and the VPN server is encrypted. This prevents your ISP or any third party from viewing your online activity.

However, your VPN provider always has the technical ability to observe your activity. They can view and potentially record your true IP address, so you need to be able to place a lot of trust in your provider.

This is why it is so important to find a VPN provider with both a minimal logging policy and a track record for maintaining the security of its network.

Tor, on the other hand, is a network of community and volunteer owned servers – or ‘nodes’. Using this network allows you to browse the internet anonymously, but does not provide the same security benefits as a VPN, or the same utility for accessing geo-blocked content.

The Tor Project, which maintains the Tor browser software, does not own the network of servers the software operates on. Unlike a VPN server, which knows who you are and what you are doing, no single server in the Tor Network can access both your identity and activity.

Tor achieves this by using multiple layers of encryption and routing your traffic through several servers before releasing it to the wider internet. This means you don’t have to put your trust in the service provider like you do with a VPN, but it also leads to slow browsing speeds and some specific security vulnerabilities you wouldn’t have to worry about with a trusted VPN.

In short, a VPN is a tool for privacy first and foremost. Tor, on the other hand, is a tool for anonymity.

To summarize, a VPN allows you to:

  • Hide your IP address from the websites you visit.
  • Encrypt your browsing traffic.
  • Access geographically-restricted websites.
  • Choose between multiple private server locations.
  • Access censored content.
  • Protect your data on public WiFi networks.

If you want to know more about what a VPN is, we’ve written a comprehensive guide that contains everything you need to know.

Alternatively, you can find a direct comparison between Tor and VPN services in the Tor vs. VPN: Which Is Better? section of this guide.

The Onion Router vs VPN Encryption

Tor and VPN both use encryption to give you additional privacy online, but they each apply encryption very differently.

When you use a VPN, all your traffic is secured by a ‘tunnel’ of encryption and sent to a single VPN server that belongs to your VPN provider. Once received, the traffic is decrypted and released to its final destination.

Unless there are advanced obfuscation tools in use, the VPN tunnel won’t stop your ISP from knowing you are using a VPN, but it will prevent it from seeing which websites you are visiting and what you are doing when you get there.

By contrast, Tor’s ‘Onion Network’ uses multiple layers of encryption, each of which can only be decrypted by a randomly assigned server. These servers do not belong to Tor, but are owned and maintained by volunteers.

Your ISP may be able to tell that you are using Tor, but the initial layer of encryption will prevent them from seeing where you are browsing.

While you need to have very strong trust in your VPN provider, Tor has been built to eliminate the need to trust any individual server operator.

In terms of encryption strength, some VPNs rely on weak and outdated encryption protocols like PPTP, which can be broken by brute force within 24 hours.

That said, high-quality VPNs use much more secure protocols like IKEv2/IPSec and OpenVPN. These protocols operate with secure encryption ciphers like AES-256 and RSA-1024, none of which have yet been broken. With current computing technology, it would take longer than the life of the universe to achieve this.

Tor utilises a combination of these same secure ciphers. That said, the high level of encryption used by Tor is removed at the exit node, which means your browsing activity will be exposed. As long as nothing leaks, however, it will be impossible to link this activity to your identity. You can read more about these leaks in the Is Tor Safe to Use? section.

You can find out more about VPN encryption protocols and ciphers in our Guide to VPN Encryption.

Which Is Better: Tor or VPN?

The biggest difference between Tor and VPNs is that Tor exists to achieve complete anonymity, whereas VPNs have a wider range of privacy and security applications.

Here’s a quick comparison table showing the pros and cons of each tool:

A table comparing VPN and Tor.

Tor vs. VPN comparison table.

There are benefits and drawbacks to each network, and certain activities will be better suited to one over the other.

In this section, we’ll cover the advantages and disadvantages of Tor and VPN in detail. To skip these advantages and disadvantages, you can jump straight to our summary of which tool you should use.

Tor Advantages

Illustration showing the advantages of Tor

  1. Decentralized network. Because Tor is composed of a distributed network of thousands of servers around the world — without a headquarters, office, or central server — it is extremely difficult for any government or organization to shut it down.

    Anyone looking to take Tor down would have to go after each individual server. This also means that there is no centralized point for a malicious actor to attack. There is also no central server which could be seized to view usage logs.
  2. Complete anonymity. The routing method utilized by Tor prevents any association being drawn between your true IP address and your online activity. The first node you connect to (the guard node) will know your IP address but be unable to see anything about your activity.

    No subsequent nodes will be able to see your true IP address, and neither will any sites you connect to. Tor also changes your route through its network every ten minutes, while a VPN maintains a single server connection for the duration of your connection.
  3. Cross-border. Tor is able to bypasses geographical restrictions by routing your traffic to nodes in different countries. Web content previously inaccessible in your location can be accessed with the Tor browser using the Tor network. This is because any websites you visit see the IP address of the exit node, not your true IP, and use this to determine your location.

    However, the route you take through the Tor network is completely random. While possible, choosing a specific server location to ‘spoof’ is very difficult. The combination of technical complexity and slow speeds make Tor the wrong choice for streaming geo-blocked video.
  4. Free. You won’t ever have to pay for Tor. The software and network are both free and open-source, maintained by volunteers and charities all around the world. Unlike some free VPNs, there aren’t any adverts and you won’t have to worry about the risk of Tor itself logging and selling your data.

Tor Disadvantages

Illustration showing the disadvantages of Tor

  1. Very slow. Tor is very slow compared to a VPN. Data in the Tor network is routed through multiple random and widely-dispersed nodes, each with varying bandwidth, and encrypted and decrypted multiple times. You are at the mercy of the slowest node on your route.

    This means that Tor is not a good choice for watching high-quality streaming videos, P2P file-sharing, or anything else that requires a high speed connection.

    Torrenting in particular is not recommended as it risks exposing your true IP address. It also puts a lot of strain on the network, slowing everyone else’s connection down.

  2. Poor compatibility. You can only access the Tor network using the Tor browser or an application with Tor access built in. If you want to use another browser or application, you will not be protected by Tor.

    There is an app for Android but no Tor browser for iOS, meaning you can’t use it on your iPhone or iPad.

    There are some more advanced methods of routing applications through the network, such as ‘Torifying’ programs or running ‘VPN over Tor’. These are both tricky processes, though, which risk leaking your true identity if not implemented properly.

  3. No customer support. As The Tor network is run by a network of volunteers, there’s no direct funding to pay for maintaining and upgrading the network as a whole. Some servers in the network are old and slow, and there is no central support team to turn to if you encounter problems.

    There is, however, an active community of enthusiasts who may be willing to help if you find yourself stuck — just don’t expect live chat.
  4. Unwanted attention. As you may already know, Tor has a reputation for attracting those who are very keen on avoiding detection. This includes journalists and whistleblowers – but also criminals.

    Your ISP can see that you are using Tor even if they don’t know what you’re doing. For this reason, frequent use of Tor can potentially mark you for surveillance.

    You can also get into a lot of trouble on the Dark Web (.onion sites), which are only accessible through the Tor browser. These are, more often than not, dangerous places to be.

  5. Complexity. Unlike with a VPN, you can’t just ‘turn on’ the Tor browser and hide your IP address. If you don’t configure your browser properly and modify your browsing habits, it’s incredibly easy to reveal your true IP and with it your real life identity.

    Torrenting over Tor, opening documents downloaded through Tor, or using Windows are just a few examples of activities that could reveal your IP. For more information, read our chapter on How to Stay Safe Using Tor.
  6. Malicious exit nodes. While your traffic is encrypted for most of its journey through the Tor network, it is exposed when it passes through the final node — called the exit node.

    This means that an exit node has the ability to spy on your activity, just like an ISP would if you weren’t using Tor or a VPN.

    Anyone can set up an exit node to spy on users, including governments and criminals. For more information on malicious exit nodes, you can skip to the next chapter: Is Tor Safe?

  7. Lack of precision. As we have already mentioned, Tor can be used to bypass geographical restrictions on content, but it is a very inefficient method of spoofing a particular location. In addition, the slow speeds can make streaming geo-restricted media almost impossible.

VPN Advantages

Illustration showing the advantages of a VPN over Tor.

  1. Much faster. Using a VPN will almost always be much faster than Tor. With a VPN your encrypted data goes directly to one VPN server and then to your destination. With Tor it travels between three servers spread across the world.

    For this reason you will see only small drops in speed when connecting to a nearby VPN server. In certain niche cases — such as where your ISP is throttling your connection to certain sites — you may even see a slight improvement in speed.
  2. Customer support. VPN services are provided by dedicated companies. The trustworthy ones have infrastructures that can be asked for help or held to account when things go wrong.

    VPN subscriptions pay for maintenance of the network and, in some cases, large customer support teams. This means you can recognize the good ones from the bad ones, unlike malicious Tor exit nodes, which you can’t see coming.
  3. Advanced features. High-quality VPNs come equipped with advanced features designed to help further protect your privacy.

    These include kill switches to automatically cut your internet connection if you disconnect from the VPN, leak protection to prevent IP or DNS leaks, obfuscation technologies for censorship circumvention, specialist servers for streaming or torrenting, and much more.
  4. Easy location spoofing. Using a VPN is the most effective way to quickly access geographically restricted websites. Most VPN providers offer servers in dozens of locations worldwide, allowing you to choose your preferred location.

    While it is possible to have some control over the location of your exit node in Tor, it isn’t easy or reliable. With a VPN, choosing a location is as simple as selecting it from a list.

    Because VPN connections are much faster, they are ideal for streaming media from other countries or P2P file sharing.

  5. Ease of use. The technology behind VPNs might be complicated, but they’re generally very simple to install and operate.

    In most cases you just download an installation file and then follow on screen instructions. Often, you can even set your VPN to connect automatically when you boot your device.
  6. Wide compatibility. The best VPN services are compatible with pretty much every device you might connect to the internet. By contrast, Tor is only really available on desktop or Android.

    Pretty much all VPN providers have desktop and mobile apps as well as browser extensions. Some providers even offer software that runs on your home router, protecting all your internet connected devices at once and permanently protecting your privacy.
  7. Network-wide protection. Tor only protects traffic from within the Tor browser itself. A VPN will reroute and encrypt all of your traffic, including any background applications.

VPN Disadvantages

Illustration showing the disadvantages of a VPN vs. Tor.

  1. Logging practices. VPN services might protect your data from your ISP, but you have to trust your VPN provider. Unlike Tor, which is totally decentralized, you’re trusting your data entirely with one company because you’re using its software and servers.

    Some providers keep logs of your activity or connection data. This could be for its own use, or because it is compelled to by authorities. This data could be kept for days, months, or even years.

    Some services falsely advertise “zero-logs” policies. If logs do exist, there’s potential for an agency to use this information against you, and there are limits to what a VPN can do to protect you. This is why it’s vital to choose a provider that keeps absolutely no personally-identifiable logs.

    Even VPNs with no-logging policies have the technical capacity to keep logs. External audits go some way to guaranteeing a VPN company is actually doing what it says it is — but it can’t guarantee the company will continue to do this in the future.

    Tor exit nodes might be able to see and log your activity, but they don’t know your true identity. With a VPN you have to live with the knowledge that both your identity and activity rest in your VPN provider’s hands.

  2. More expensive. There are free VPNs, but pretty much all VPNs worth their salt charge a subscription of some kind.

    Network maintenance and software development requires money. If you aren’t paying a VPN with cash you’re paying it with adverts or user data. Many free VPNs even include adware.

    If you must go with a free VPN, we suggest choosing something from our list of the best free VPNs to avoid unsafe providers.

  3. Breaks in connection. In order to stay protected, the VPN software on your device must be working properly. If the software crashes for any reason, there is a risk that data being sent to and from your computer could leak. This would completely undermine your anonymity and leave you vulnerable to the eyes of third parties.

    Many VPNs include a kill switch to safeguard against this issue. This is a feature which cuts off your internet connection entirely if the VPN ever loses connection. We strongly recommend using a VPN with a kill switch.
  4. Quality Variation. VPNs are private companies. As a result, they come in a spectrum of quality and trustworthiness. For your communications to be safe, the encryption used by the VPN service must be unbreakable, and the connection completely free from leaks.

    Almost all of the disadvantages of VPN compared to Tor can be offset by a reliable provider.

    The best VPNs use AES-256 bit encryption, but some lower tier services use weaker algorithms like PPTP and Blowfish. Look carefully at the specifications when choosing a VPN subscription, or choose from our recommended VPN providers.

Which Should You Use: Tor or VPN?

Illustration showing two hands choosing between a Tor onion and VPN shield.

The best privacy tool will vary depending on your situation. Here are some concrete tips for when it’s best to use a VPN or Tor.

When You Should Be Using a VPN

A good VPN will be the best solution for most people because it balances privacy, security and usability. It is also much less likely to leak because it protects all of your internet traffic (not just the traffic from your browser).

In addition, a VPN doesn’t require the same kind of technical understanding to prevent things from going wrong.

As long as a trustworthy, zero-logs VPN provider is used, a VPN offers a very secure privacy solution with excellent performance and flexibility when compared to Tor.

You should use a VPN if you are:

  • Concerned primarily about your privacy.
  • Travelling to a heavily-censored country.
  • Connecting to a public WiFi network.
  • Making purchases online.
  • Streaming or torrenting media.
  • Accessing geographically-restricted content.

When You Should Be Using Tor

Tor’s biggest strength is that it removes the need for you to put your faith in a private VPN company. Its two biggest weaknesses — a lack of security and very slow speeds — make it a poor choice for lots of popular activities, such as file-sharing, streaming, or shopping transactions.

There are situations where we would recommend choosing Tor over a VPN. In particular, Tor is the superior choice for anonymity – but only if you are willing to sacrifice security and privacy to achieve it. Your activity will be open for others to see, but impossible to link back to you.

This kind of anonymity is really only needed for the likes of whistleblowers and journalists, who want their messages to be seen but need to keep their origin a secret. If you do decide to use Tor, be sure to read our chapter on How to Stay Safe Using Tor.

You should use Tor if you are:

  • Concerned primarily with complete anonymity.
  • Unable to afford a trustworthy VPN.
  • Concerned with accessing ‘hidden’ websites with a .onion domain.
  • Seeking to release sensitive information e.g. you are a journalist, activist, or whistleblower.

Is Tor Safe to Use?

The Tor Project exists to help solve the problem of trust online. But can you really trust the Tor Network?

This is a legitimate question, but one that does not yet have a definite answer. There are, however, several known and suspected vulnerabilities in the design of Tor.

Is Tor Compromised?

Suspicions that the FBI and other US government agencies can de-anonymize Tor users have existed for years. Certainly, they have put resources into achieving this capability. The fact that Tor is still largely funded by the US government is a very poorly kept secret.

Such suspicions appeared to have been confirmed in a 2017 court case, but the FBI ultimately refused to give evidence or disclose any potential Tor vulnerability, completely collapsing the case.

Researchers at Columbia University have also developed attacks that allow them to potentially de-anonymize up to 81% of Tor users.

If an intelligence agency did publicly disclose a Tor vulnerability, regular users would flock from the platform. It would then be impossible to use the platform for surveillance, and easy to identify any remaining traffic as state-affiliated.

Because of this, any capabilities to de-anonymize Tor users remains unconfirmed, as does the mechanism by which it might do it or the scale on which this could be rolled out.

Much more definite is the fact that the Tor was conceived and developed by the US Navy. This is not necessarily a problem in itself, but the ongoing collaboration between the Tor developers and the US government — identified by Yasher Levine in her book Surveillance Valley — is more of a concern.

Several email correspondences between Tor developers and US government agencies have been made public in recent years. Here is an example in which a Tor co-founder discusses cooperation with the Department of Justice, including reference to the installation of “backdoors”:

Screenshot of an email sent by Roger Dingledine, Tor co-founder.

Screenshot of an email sent by Roger Dingledine, Tor co-founder.

You can see more of this correspondence, along with several other exchanges between Tor developers and US intelligence agencies, here.

Is Tor Legal?

It is legal to use Tor. That said, some of the websites accessible through the Tor network are popular amongst criminals and do host illegal content. While Tor is legal to use, frequent use could mark you for surveillance.

Windows Vulnerabilities

Windows wasn’t built for anonymity. Even if you are careful and only access the internet from within the Tor browser, the operating system sends information back to Microsoft by default, which can result in your identity being revealed. It is considered safer and more reliable to run Tor on Linux when possible.

Tails and Whonix are both popular Linux variants which have been built for use with Tor, but you can run Tor safely on any practically any version of the Linux operating system.

IP & DNS Leaks

When used correctly Tor should not leak your IP or DNS information. However, if you use it like a normal browser it will almost certainly result in DNS or IP leaks.

If you want to prevent IP and DNS leaks when using Tor, you need to avoid:

  • Using browser extensions.
  • Downloading and opening files.
  • Downloading torrent files.
  • Enabling JavaScript.

All of these activities have the potential to route traffic outside of the Tor browser or retain information that can de-anonymize you even within the Tor browser.

Another common mistake is accessing HTTP sites. This won’t directly reveal your IP address, but makes you much more vulnerable to surveillance, and adds risk to any of the above behaviours. You can learn more about how to use Tor safely in the next chapter of this guide.

Malicious Exit Nodes

One way in which Tor has definitely been compromised is via malicious exit nodes.

While your traffic is encrypted for most of its journey through the Tor network, it is exposed when it passes through the final node – called the exit node.

This means that the exit node has the ability to view your activity, just like an ISP would if you weren’t using Tor or a VPN. This does not necessarily undermine your anonymity, though, as the exit node has no way to see your true IP address.

If you were to access an email account or Facebook page associated with your real life identity, this could be observed and undermine your anonymity.

Anyone can operate an exit node. They have been known to be used for surveillance by criminals and even to operate man-in-the-middle attacks.

Some healthy skepticism can keep you safe here, and it is wise to always assume that someone is watching you.

Can Tor Be Traced?

If you’re careful and Tor is configured properly then no, you cannot be traced.

Once your activity leaves the Tor network it is unencrypted. This means your government or another third party can see it, but they won’t be able to tell who you are unless your browsing activity lets them know.

It’s best to assume your activity can always be seen, but that onlookers have no idea who you are. As long as you don’t do anything to identify yourself (like visiting any personal accounts, or allowing Tor to leak), your activity cannot be traced back to you through the Tor network.

How Do I Use Tor?

If you’ve decided to use Tor, you can follow these simple steps to install the Tor Browser on your computer or mobile. If you’ve already got the Tor Browser installed, you can jump to the next chapter on How to Stay Safe Using Tor.

How to Install the Tor Browser on Your Computer

The Tor Browser will work for any Windows, Linux or MacOS computer, and is easy to install.

To install the Tor Browser on your computer:

  1. Navigate to the download page of the Tor Project website.

    Since your ISP or network administrator undoubtedly monitors your browsing habits you may want to have a VPN active when you visit the Tor website.

    This might sound paranoid, but there are real life examples of people identifying themselves this way. In 2013 a Harvard student who sent a fake bomb threat via Tor to avoid an exam was identified using university WiFi connection logs. The student was singled out because he was the only user who had accessed Tor on the campus network.

  2. Select your operating system of choice:

    Screenshot of the Tor browser download page
  3. An .exe file will download: open it.
  4. Select your language from the drop-down menu:

    Screenshot of Tor language select installation window.
  5. Unless you are looking for an advanced setup, press connect:
    Screenshot of Tor installation window
  6. Tor will automatically set itself up.

    Screenshot of installed tor browser

Once you’ve downloaded the file you won’t have to install anything else. Tor is completely self-contained — you can even run it from a USB thumb drive.

Only your activity from within the browser will be routed through Tor, though. Anything outside — including emails sent from a separate app like Outlook — will be exposed to surveillance.

How to Install the Tor Browser on Mobile

There is a Tor browser app available for Android devices and maintained by the Guardian Project. It is easy to download and use, but the same limitations apply as when you use the browser on desktop: only what you do in the browser will remain anonymous online.

If you’d like to skip this section, you can jump straight to How to Stay Safe Using Tor.

To install the Tor Browser on your Android device:

  1. Press install on the Google Play Store page.
  2. Press connect to access the Tor Network. This will take a few minutes to load.
  3. Cycle through the welcome messages.
  4. You are now ready to use the Tor Browser on mobile. Click on the address bar at the top to enter the website you want to visit.

Unfortunately, due to Apple’s heavily restricted App Store, there isn’t currently an app for iOS and there isn’t likely to be in the future. This means you won’t be able to use Tor on iPhone or iPad.

Other Tor-Enabled Applications

We mentioned earlier that Tor can handle all traffic which uses the TCP protocol. While this is true, it isn’t easy to get a lot of applications to work only with TCP.

Any information not transmitted via TCP will default to outside the Tor network. This will cause DNS, WebRTC or IP leaks, exposing your identity and activity to any onlookers.

Tor offers its own in-depth guide to ‘Torifying’ applications, which we only recommend for more advanced users.

The Linux variant Tails routes all activity through the Tor network by default. It comes with several pre-installed and pre-configured applications and automatically cuts off any non-Tor traffic to prevent leaks.

This is an effective setup but it won’t be compatible with lots of popular apps — don’t expect to be using YouTube, Facebook Messenger, or Spotify from your desktop.

Unfortunately, the majority of Voice-over-IP (VoIP) applications rely on the UDP protocol. Because Tor is not currently compatible with this protocol it is not possible to use video chat applications like Skype over the Tor network.

How to Stay Safe Using Tor

Most of the risks associated with Tor can be solved by changing your behaviour when you are browsing the internet.

If you use Tor like a normal browser it will almost certainly result in DNS or IP leaks.

Remember: only your web traffic is protected when you use the Tor browser. Other applications, like email or even other browsers, aren’t funneled through the network.

We recommend that you read the list of current known issues with Tor before using the browser for the first time.

The three biggest risks when using Tor are:

  • Being surveilled or suffering a man-in-the-middle attack from a malicious exit node.
  • Accidently leaking non-Tor traffic and revealing your true identity.
  • Otherwise revealing your identity to the site you are visiting.

The most important precautions you need to take are:

  • Avoiding behaviour which might result in a technical leak of information.
  • Avoiding behaviour which an onlooker might use to infer your identity.

Avoiding leaks generally requires that you use only TCP traffic and stick to the Tor browser itself. There are also specific known vulnerabilities, such as JavaScript or BitTorrent, both of which can leak your IP address.

Preventing an onlooker from working out your identity requires you to avoid accessing any information associated with your identity, such as a named email account or Facebook account.

The best way to avoid man-in-the-middle attacks is to only use encrypted HTTPS connections.

How to Stay Anonymous Using Tor

Here are the most important rules for staying safe on Tor:

  1. Don’t use mobile 2-step verification.
  2. Never post your personal accounts.
  3. Avoid operating the same accounts inside and outside of Tor.
  4. Only access secure, HTTPS-encrypted websites.
  5. Delete cookies and local website data after every browsing session.
  6. Don’t use Google (DuckDuckGo is a good alternative).
  7. Don’t connect to the same remote server with and without the Tor browser simultaneously.
  8. Avoid torrenting (it slows the network) — and BitTorrent especially.

How to Use a VPN With Tor

Is it even more secure to use both a VPN and Tor at the same time?


There are two ways of using Tor and VPN together: Tor over VPN and VPN over Tor. They both have some unique benefits as well as some pretty major drawbacks, which we will cover in this section.

Tor Over VPN

Diagram showing Tor running over a VPN .
‘Tor over VPN’ is when you connect to your VPN before you run the Tor Browser. This is the most common way of combining Tor with a VPN.

It’s easy to do: just connect to your VPN then launch the Tor browser from your desktop or smartphone.

Your VPN will act like an extra node before the Tor network.

When you combine Tor with a VPN in this way:

  1. Your ISP and network operator will not know you are connected to the Tor network.
  2. The Tor network entry node will not see your true IP address.
  3. Your VPN provider will be unable to see your traffic.

This is particularly useful if you do not want a network administrator to know you are connecting to Tor, or if your VPN provider has an invasive or vague logging policy.

However, it should be noted that:

  1. Your VPN provider will see your true IP address.
  2. Your VPN provider will also be able to see that you are connected to the Tor network.
  3. Tor exit nodes – including malicious exit nodes – will still be able to view your traffic.

Some VPN services, including NordVPN and ProtonVPN, have servers dedicated to Tor traffic.

VPN Over Tor

A diagram showing running a VPN over Tor.
This option works in reverse: connecting to the Tor network before using your VPN.

This is technically possible, but not easy. You will need explicit Tor support from your VPN provider. Currently, very few VPNs offer support for running via Tor in this manner.

In theory, this method has four key advantages:

  1. All of your VPN traffic goes through the Tor network, not just your web browsing. This gives you double-strength privacy protection, no matter what you’re doing online.
  2. Alongside the benefits of Tor, you also get the advanced features of your VPN. This includes the ability to switch servers for better speeds or use the kill switch to prevent unwanted IP address leaks.
  3. If you need to use .onion resources you can get to them via an alternative browser (not just the Tor browser) via your VPN.
  4. Tor exit nodes will no longer be able to view your traffic.

While this method eliminates the dangers associated with malicious exit nodes, it also undermines one of the key purposes of using Tor. A third party — your VPN provider — will have access to both your identity and activity.

For most users this method is a waste of resources. Using a VPN over Tor allows your provider access to the same information as using the VPN alone, just with the added slowness and inconvenience of the Tor network.

There are a few other key downsides worth mentioning when you use a VPN provider that offers a specific Tor option:

  1. Your choice of VPN provider will be restricted.
  2. You will experience a huge hit to your connection speeds. Using a VPN over Tor could make a sluggish VPN even more of a chore to use.
  3. Encrypting data with a VPN and then encrypting it again with Tor is overkill that will not improve your privacy significantly.
  4. Using a VPN through Tor will usually require extra configuration. You may have to install a specific client, download a specific connection file, or change your settings — all of which require time, technical knowledge, and patience.

VPNs and the Tor browser both enhance your privacy independently of each other. You can connect to your VPN and then use the Tor Browser if you’re really concerned, but combining the two is overkill for most people.

You’re better off using Tor if you need complete anonymity in extreme circumstances. If it’s just all-round internet privacy you’re looking for, choose a VPN.

About the Author

  • Headshot of Site Editor Callum Tennent

    Callum Tennent

    Callum is our site editor and a member of the IAPP and the EC-Council's Knowledge Review Committee. He oversees all our VPN testing, reviews, guides and advice. Read full bio