The Essentials

Tor vs. VPN: What’s the Difference and Which Is Better For Online Privacy?

Callum Tennent
Updated

Tor and VPNs both promise to keep you safe online, but how private and anonymous are they really? Learn all about Tor and how it compares to a VPN in this comprehensive guide to Tor vs. VPN.

An illustration of two characters choosing between a VPN shield and a Tor onion.

Tor and VPNs have a lot in common: they both encrypt your internet activity, hide your IP address, and improve online security. But there are also many differences between Tor and VPN.

A VPN routes your connection through a single, privately-owned VPN server, whereas Tor bounces your connection through a number of volunteer-run, randomly-assigned servers. This means that Tor is designed for maximum anonymity, while VPNs focus on providing privacy.

VPNs tend to be much faster than Tor and much more flexible when it comes to unblocking region-restricted websites. Meanwhile, Tor has the advantage of being a free and decentralized resource, which enables users to browse anonymously without having to place their trust in any individual server operator.

This guide will explore the differences between Tor and VPNs in much greater detail. We’ll explain how they both work, which one is better, and how you can use them together.

If you already know how VPNs and Tor work, you can jump straight to our direct Tor vs. VPN comparison. Alternatively, you can skip to our sections on how to use Tor and whether it is safe to do so.

What Is Tor and How Does It Work?

The Tor network — often referred to as just “Tor” — is a free, open-source system designed to enable anonymous communication on the web. The name is derived from the original project name: “The Onion Router”.

The Tor network anonymizes your online activity by encrypting your communications and randomly bouncing them through a global network of access points, or ‘nodes’, which are all maintained by volunteers.

Importantly, the process is designed to be fully anonymous, but it isn’t fully private. The final node — or ‘exit node’ — has no way of knowing who you are, but it can theoretically observe what you are doing. If you were to email someone your name, or your true IP address, you could give away your identity.

Diagram of data passing through the Tor netork

How your data passes through the Tor network.

Like an onion, Tor has layers. Here’s how the Tor network encrypts and anonymizes your internet traffic:

  1. Before connecting to the Tor network, Tor selects three or more random servers (nodes) to connect to.
  2. The Tor software encrypts your traffic in such a way that only the exit node can decrypt it.
  3. The Tor software then adds additional layers of encryption for each of the nodes your traffic will pass through, ending at the first node you will connect to (the guard node).
  4. At this point in the process your traffic is protected by at least three layers of encryption.
  5. When your computer contacts the guard node, the guard node knows your IP address but cannot see anything about your traffic (its content or destination).
  6. The guard node decrypts the first layer of encryption to discover the next node in the chain. It then sends your traffic onwards — still protected by at least two layers of encryption.
  7. The next node in the chain receives your encrypted traffic. It knows the IP address of the previous server in the chain but does not know your true IP address or how many steps have occurred in the chain up until this point. This node removes a layer of encryption to reveal the identity of the next server in the chain. It then sends your data forwards.
  8. This process is repeated until your traffic reaches the exit node. The exit node decrypts the final layer of encryption. This reveals your traffic but the exit node has no way of knowing who you are.
  9. Your traffic completes its journey to the internet.

Each node only knows the identity of the server directly next to it in the chain, making it impossible for any malicious actor to reverse engineer your connection’s route through the onion network.

At no stage in this process does any node know both who you are and what you are doing.

For added security, your path is also randomly reassigned around every ten minutes — meaning your connection is assigned a new set of servers to bounce between.

Tor is most commonly used through the Tor Browser. This is a free, Firefox-based application that can be downloaded and installed on your computer. The Tor Browser uses the Tor network to conceal your identity, location, and online activity from tracking or surveillance.

The technology was originally designed for the US military and is favored by political activists and privacy advocates — as well as by some more unsavory characters looking to evade detection. It helps you access content which has been blocked by your country or your Internet Service Provider (ISP), whilst also keeping your identity hidden from both the websites you visit and the network itself.

Tor also lets you access a number of unlisted websites with the .onion domain name — part of the so-called ‘Dark Web’. The most notorious of these sites is the now shut-down Silk Road marketplace, but there are also less sinister sites in operation such as a mirror of BBC News designed to beat censorship.

Despite its occasional link to criminality, Tor often receives endorsements and praise from civil liberties organisations, such as Amnesty International and the Electronic Frontier Foundation (EFF).

In short, Tor allows you to:

  • Hide your IP address from the websites you visit.
  • Hide your identity from the nodes in the network.
  • Access ‘hidden’ .onion domains.
  • Anonymize your online activity.
  • Communicate confidentially.
  • Access censored content.
A visualisation of Tor's data flow around the world, taken from TorFlow.

Visualization of Tor’s global data flow, 3 to 6 January 2016 by TorFlow.

Over the last decade, the size of the infrastructure and the lack of any centralized authority has moved Tor into the mainstream. However, the trade-off for this large network of community-managed nodes is an unreliable connection and often very slow speeds.

In addition, Tor is only designed to handle traffic using the popular TCP protocol, which represents the majority of normal browsing traffic. Being limited to this protocol creates a potential vulnerability, because all traffic which uses UDP or any other internet protocol will travel outside the Tor network. Voice and video traffic, for example, are generally transmitted using UDP.

Tor is undoubtedly the cheapest privacy tool around. But there are risks inherent to using Tor. Unless you alter your browsing habits, you are at risk of exposing your true IP address or other personally identifiable information: completely wrecking your anonymity. You can learn more about this in our section on How to Stay Safe Using Tor.

For details on how to install and use the Tor browser, check out How Do I Use Tor?

What Is a VPN and How Does It Work?

A Virtual Private Network (VPN) is a service that hides your IP address and protects you from the prying eyes of ISPs, governments, and malicious third parties.

When you use a VPN, your traffic requests are encrypted and sent to a remote VPN server. At the server, the requests are decrypted and passed onto the internet.

When the website sends information back to your device, it is again routed via the VPN server. Here, it is encrypted before being transmitted to your device, where it is then decrypted.

This creates a secure communication channel between your device and the VPN server — often referred to as the “VPN tunnel”.

Diagram showing how users connect to the internet using a VPN

How you connect to the internet using a VPN.

Using a VPN has two main effects:

  1. The websites you visit see the VPN server’s IP address, and not your real one. This allows you to spoof your browsing location in order to hide your identity and access geographically-restricted content.
  2. ISPs, governments, and other snooping third parties are unable to track your online activity. Because your connection is encrypted, all they see is that you are connecting to the VPN server’s IP address. They can no longer observe the exact details of your browsing activity.

Like Tor, VPN providers tend to have servers located in many countries across the globe. However, unlike Tor, specifying which VPN server location you would like to use is easy.

This makes VPNs a great tool for bypassing government censorship (e.g. Great Firewall of China) and accessing content previously restricted in your location. A user in the US, for example, can access the UK Netflix library by simply connecting to a VPN server located in the UK.

Screenshot of Express VPN on desktop with server locations

Screenshot of ExpressVPN with list of server locations.

While there is just a single Tor network, VPN providers number into the hundreds (maybe even thousands). Picking the right VPN service for you is therefore a crucial part of using a VPN.

There are a number of red-flags to look out for when choosing a VPN, including connection speed, logging policy, and data leaks. We cover these factors and more in our complete guide on What Is a VPN?

Is Tor a VPN?

While often confused, Tor and VPN are actually very different technologies.

Tor is not a VPN.

With a VPN, the provider owns the VPN software installed on your device and the VPN servers you connect to. You are therefore entirely reliant on the provider to protect your privacy.

Your VPN provider always has the possibility to observe, monitor, and record your activity. That is why it is so important to find a VPN with both a minimal logging policy and a track record for maintaining the security of its network.

In contrast, the Tor network is decentralized: no single entity owns both the Tor software on your device and the nodes you connect to. Unlike with VPNs, this means that no one has access to both who you are and what you are doing.

You don’t need to place your trust in anyone when you use Tor. Whereas, with a VPN, you need to trust the service provider.

Along with the differences in encryption we outlined above (i.e. The Onion Router vs VPN Encryption), this is primarily what distinguishes Tor from a VPN.

For added security, you can even use Tor and a VPN simultaneously. Our section below explains how.

Tor vs VPN: Which Is Better?

The biggest difference between Tor and VPNs is that Tor primarily exists to achieve complete anonymity, whereas VPNs have a more diverse range of privacy and security applications. VPNs are faster, more widely compatible, and are better for location spoofing, streaming, and P2P file sharing. But they do not provide anonymity.

A table comparing the pros and cons of VPN and Tor.

Tor vs. VPN comparison table.

In this section, we’ll comprehensively cover the advantages and disadvantages of Tor and VPN. We’ll then take a detailed look at which of these online security tools you should use.

Tor Advantages

Illustration showing the advantages of Tor

  1. Decentralized network. Because Tor is composed of a distributed network of thousands of servers around the world — without a headquarters, office, or central server — it is extremely difficult for any government or organization to shut it down.

    Anyone looking to take Tor down would have to go after each individual server. Unlike with VPN services, this means there is no centralized point for a malicious actor to attack. There is also no central server which could be seized to view usage logs.
  2. Complete anonymity. The routing method utilized by Tor prevents any association being drawn between your true IP address and your online activity. The first node you connect to (the guard node) will know your IP address but be unable to see anything about your activity.

    No subsequent nodes will be able to see your true IP address, and neither will any sites you connect to. Tor also changes your route through its network every ten minutes, while a VPN maintains a single server connection for your entire session.
  3. Cross-border. Tor is able to bypasses geographical restrictions by routing your traffic to nodes in different countries. Web content previously inaccessible in your location can be accessed using the Tor network. This is because any websites you visit see the IP address of the exit node, not your true IP, and use this to determine your location.

    However, unlike selecting a specific VPN server location, the route you take through the Tor network is completely random. While possible, choosing a server location is very difficult. The combination of technical complexity and slow speeds make Tor the wrong choice for streaming geo-blocked videos. A VPN is preferable
  4. Free. You won’t ever have to pay for Tor. The software and network are both free and open-source, maintained by volunteers and charities all around the world. Unlike some free VPNs, there aren’t any adverts and you won’t have to worry about the risk of Tor itself logging and selling your data.

Tor Disadvantages

Illustration showing the disadvantages of Tor

  1. Very slow. Tor is very slow compared to a VPN. Data in the Tor network is routed through multiple random and widely-dispersed nodes, each with varying bandwidth, and encrypted and decrypted multiple times. You are at the mercy of the slowest node on your route.

    This means that Tor is not a good choice for watching high-quality streaming videos, P2P file-sharing, or anything else that requires a high speed connection.

    Torrenting in particular is not recommended as it risks exposing your true IP address. It also puts a lot of strain on the network, slowing everyone else’s connection down.

  2. Poor compatibility. You can only access the Tor network using the Tor browser or an application with Tor access built in. If you want to use another browser or application, you will not be protected by Tor.

    There is an app for Android but no Tor browser for iOS, meaning you can’t use it on your iPhone or iPad.

    There are some more advanced methods of routing applications through the network, such as ‘Torifying’ programs or running ‘VPN over Tor’. These are both tricky processes, though, which risk leaking your true identity if not implemented properly.

  3. No customer support. As The Tor network is run by a network of volunteers, there’s no direct funding to pay for maintaining and upgrading the network as a whole. Some servers in the network are old and slow, and there is no central support team to turn to if you encounter problems.

    There is, however, an active community of enthusiasts who may be willing to help if you find yourself stuck — just don’t expect the impressive live chat functionality offered by many VPN providers.
  4. Unwanted attention. Unsurprisingly, Tor has a reputation for attracting those who are very keen on avoiding detection. This includes journalists and whistleblowers – but also criminals.

    Your ISP can see that you are using Tor even if they don’t know what you’re doing. For this reason, frequent use of Tor can potentially mark you for surveillance.

    You can also get into a lot of trouble on the Dark Web (.onion sites), which are only accessible through the Tor browser. These are, more often than not, dangerous places to be. We do not condone using Tor (or VPNs) for anything illegal, and recommend you stay away from the Dark Web as a general precaution.

  5. Complexity. Unlike with a VPN, you can’t just ‘turn on’ the Tor browser and hide your IP address. If you don’t configure your browser properly and modify your browsing habits, it’s incredibly easy to reveal your true IP and with it your real life identity.

    Torrenting over Tor, opening documents downloaded through Tor, or using Windows are just a few examples of activities that could reveal your IP. For more information, read our chapter on How to Stay Safe Using Tor.
  6. Malicious exit nodes. While your traffic is encrypted for most of its journey through the Tor network, it is exposed when it passes through the final node — called the exit node.

    This means that an exit node has the ability to spy on your activity, just like an ISP would if you weren’t using Tor or a VPN.

    Anyone can set up an exit node to spy on users, including governments and criminals. For more information on malicious exit nodes, you can skip to the next section: Is Tor Safe?

  7. Lack of precision. As previously mentioned, Tor can be used to bypass geographical restrictions on content, but it is a very inefficient method of spoofing a particular location. In addition, the slow speeds can make streaming geo-restricted media almost impossible.

VPN Advantages

Illustration showing the advantages of a VPN over Tor.

  1. Much faster. Using a VPN is almost always faster than Tor. With a VPN your encrypted data goes directly to one VPN server and then to your destination. With Tor it travels between three servers spread across the world.

    For this reason you will see only small drops in speed when connecting to a nearby VPN server. In certain niche cases — such as where your ISP is throttling your connection to certain sites — you may even see a slight improvement in speed.
  2. Customer support. VPN services are provided by dedicated companies. The trustworthy ones have infrastructures that can be asked for help or held to account when things go wrong.

    VPN subscriptions pay for maintenance of the network and, in some cases, large customer support teams. This means you can separate the good providers from the bad ones — unlike with malicious Tor exit nodes which you cannot foresee.
  3. Advanced features. High-quality VPNs come equipped with advanced features designed to help further protect your privacy.

    These include kill switches to automatically cut your internet connection if you disconnect from the VPN, leak protection to prevent IP or DNS leaks, obfuscation technologies for censorship circumvention, specialist servers for streaming or torrenting, and much more.
  4. Easy location spoofing. Using a VPN is the most effective way to quickly access geographically restricted websites. Most VPN providers offer servers in dozens of locations worldwide, allowing you to choose your preferred location.

    While it is possible to have some control over the location of your exit node in Tor, it isn’t easy or reliable. With a VPN, choosing a location is as simple as selecting it from a list.

    Because VPN connections are much faster, they are ideal for streaming media from other countries or P2P file sharing.

  5. Ease of use. The technology behind VPNs might be complicated, but they’re generally very simple to install and operate.

    In most cases you just download an installation file and then follow on-screen instructions. Often, you can even set your VPN to connect automatically when you boot your device.
  6. Wide compatibility. The best VPN services are compatible with pretty much every device you might connect to the internet. By contrast, Tor is only really available on desktop or Android.

    Pretty much all VPN providers have desktop and mobile apps as well as browser extensions. Some providers even offer software that runs on your home router, protecting all your internet connected devices at once and permanently protecting your privacy.
  7. Network-wide protection. Tor only protects traffic from within the Tor browser itself. A VPN will reroute and encrypt all of your traffic, including any background applications.

VPN Disadvantages

Illustration showing the disadvantages of a VPN vs. Tor.

  1. Logging practices. VPN services might protect your data from your ISP, but you have to trust your VPN provider. Unlike Tor, which is totally decentralized, you’re trusting your data entirely with one company because you’re using its software and servers.

    Some providers keep logs of your activity or connection data. This could be for its own use, or because it is compelled to by authorities. This data could be kept for days, months, or even years. It is therefore vital to choose a provider that keeps absolutely no personally-identifiable logs.

    Even VPNs with ‘no-logging policies’ have the technical capacity to keep logs. External audits go some way to guaranteeing a VPN company is actually doing what it says it is, but they can’t guarantee the company will continue to do so in the future.

    With Tor, the exit nodes might be able to see and log your activity, but they don’t know your true identity. With a VPN you have to live with the knowledge that both your identity and activity rest in your VPN provider’s hands.

  2. More expensive. There are free VPNs, but pretty much all VPNs worth trusting charge a subscription of some kind.

    Network maintenance and software development requires money. If you aren’t paying a VPN with cash you’re paying for it with adverts or user data. Many free VPNs even include adware.

    If you must go with a free VPN, we suggest choosing something from our list of the best free VPNs to avoid unsafe providers.

  3. Breaks in connection. In order to stay protected, the VPN software on your device must be working properly. If the software crashes for any reason, there is a risk that data being sent to and from your computer could leak. This would completely undermine your anonymity and leave you vulnerable to third-party snooping.

    Many VPNs include a kill switch to safeguard against this issue. This is a feature which cuts off your internet connection entirely if the VPN ever loses connection. We strongly recommend using a VPN with a kill switch.
  4. Quality Variation. VPNs are private companies. As a result, they come in a spectrum of quality and trustworthiness. For your communications to be safe, the encryption used by the VPN service must be unbreakable, and the connection completely free from leaks.

    Almost all of the disadvantages of VPN compared to Tor can be offset by a reliable provider.

    The best VPNs use AES-256 bit encryption, but some lower tier services use weaker algorithms like PPTP and Blowfish. Look carefully at the specifications when choosing a VPN subscription, or choose from our recommended VPN providers.

Which Should You Use: Tor or VPN?

Illustration showing two hands choosing between a Tor onion and VPN shield.

Tor is mostly used by activists, whistleblowers, journalists, and political dissidents — where online anonymity is of the utmost importance. Whereas, for the majority of other people, a VPN provides sufficient privacy and security, without compromising on performance and functionality.

You should use a VPN if you are:

  • Concerned primarily about your privacy.
  • Traveling to a heavily-censored country.
  • Connecting to a public WiFi network.
  • Making purchases online.
  • Streaming or torrenting media.
  • Accessing geographically-restricted content.

VPNs don’t require the same level of technical proficiency as using Tor does. However, you should still make sure to pick a trustworthy, zero-logs VPN provider that is known not to leak user data.

You should use Tor if you are:

  • Concerned primarily with complete anonymity.
  • Unable to afford a trustworthy VPN.
  • Interested in accessing ‘hidden’ websites with a .onion domain.
  • Seeking to release sensitive information e.g. you are a journalist, activist, or whistleblower.

Tor’s biggest strength is that it removes the need for you to put your faith in a private VPN company. This makes Tor the superior choice for anonymity — but be aware that you are sacrificing privacy to achieve it. Your activity will be open for others to see, but impossible to link back to you.

Tor’s two biggest weaknesses — a lack of security and very slow speeds — make it a poor choice for popular activities, such as file-sharing, streaming, and shopping transactions. For these tasks, we recommend using a VPN.

If you do decide to use Tor, be sure to read our section on How to Stay Safe Using Tor.

Is Tor Safe to Use?

The Tor Project exists to help solve the problem of trust online. But can you really trust the Tor Network?

This is a legitimate question, but one that does not yet have a definite answer. There are, however, several known and suspected vulnerabilities in the design of Tor.

The three main risks when using Tor are:

  • Being surveilled or suffering a man-in-the-middle attack from a malicious exit node.
  • Accidentally leaking non-Tor traffic and revealing your true identity.
  • Otherwise revealing your identity to the site you are visiting.

This section will explore these risk factors in greater detail. But if you’d rather just learn How To Use Tor, you can jump straight to that section. Alternatively, you can learn about using Tor and VPN together.

Is Tor Compromised?

Suspicions that the FBI and other US government agencies can de-anonymize Tor users have existed for years. Certainly, they have put resources into achieving this capability. The fact that Tor is still largely funded by the US government is a very poorly kept secret.

Such suspicions appeared to have been confirmed in a 2017 court case, but the FBI ultimately refused to give evidence or disclose any potential Tor vulnerability, completely collapsing the case.

Researchers at Columbia University have also developed attacks that allow them to potentially de-anonymize up to 81% of Tor users.

If an intelligence agency did publicly disclose a Tor vulnerability, regular users would boycott the platform. It would then be impossible to use the platform for surveillance, and easy to identify any remaining traffic as state-affiliated.

Because of this, any capabilities to de-anonymize Tor users remains unconfirmed, as does the mechanism by which it might do it or the scale on which this could be rolled out.

Much more definite is the fact that the Tor was conceived and developed by the US Navy. This is not necessarily a problem in itself, but the ongoing collaboration between the Tor developers and the US government — identified by Yasher Levine in her book Surveillance Valley — is more of a concern.

Several email correspondences between Tor developers and US government agencies have been made public in recent years. Here is an example in which a Tor co-founder discusses cooperation with the Department of Justice, including reference to the installation of “backdoors”:

Screenshot of an email sent by Roger Dingledine, Tor co-founder.

Screenshot of an email sent by Roger Dingledine, Tor co-founder.

You can see more of this correspondence, along with several other exchanges between Tor developers and US intelligence agencies, here.

Governments have made similar attempts to collaborate (often by coercion) with VPN companies in order to log the activity of individual VPN users. Sometimes the VPN provider has cooperated, as was the case with HMA and IPVanish. Other times, the provider has protected their users’ privacy. This is what happened when ExpressVPN and PIA had their servers seized by authoritarian governments.

There is also speculation that certain VPN technologies have been cracked by intelligence agencies. Edward Snowden, for example, suggested that the VPN protocol IPsec — which many VPN services use — has been compromised by the NSA.

Is Tor Legal?

It is legal to use Tor in most countries around the world. But there are still some places where it is banned, including Belarus and Turkey.

While Tor is usually legal to use, you should be aware that some of the websites accessible through the Tor network are popular amongst criminals and do host illegal content. As such, frequent use could mark you for surveillance.

Similarly, VPNs are legal in the majority of places around the world. That said, illegal activity is still illegal, regardless of whether you’re using a VPN or not.

Windows Vulnerabilities

Windows wasn’t built for anonymity. Even if you are careful and only access the internet from within the Tor browser, the operating system sends information back to Microsoft by default, which can result in your identity being revealed. It is considered safer and more reliable to run Tor on Linux when possible.

Tails and Whonix are both popular Linux variants which have been built for use with Tor, but you can run Tor safely on any practically any version of the Linux operating system.

IP & DNS Leaks

When used correctly Tor should not leak your IP or DNS information. However, if you use it like a normal browser it will almost certainly result in DNS or IP leaks.

If you want to prevent IP and DNS leaks when using Tor, you need to avoid:

  • Using browser extensions.
  • Downloading and opening files.
  • Downloading torrent files.
  • Enabling JavaScript.

All of these activities have the potential to route traffic outside of the Tor browser or retain information that can de-anonymize you even within the Tor browser.

Another common mistake is accessing HTTP sites. This won’t directly reveal your IP address, but makes you much more vulnerable to surveillance, and adds risk to any of the above behaviors. You can learn more about how to use Tor safely in the next section of this guide.

Malicious Exit Nodes

One way in which Tor has definitely been compromised is via malicious exit nodes.

While your traffic is encrypted for most of its journey through the Tor network, it is exposed when it passes through the the exit node. This means that the final server operator has the ability to view your activity, just like an ISP would if you weren’t using Tor or a VPN.

This does not necessarily undermine your anonymity since the exit node has no way to see your true IP address. However, if you were to access an email account or Facebook page associated with your real life identity, this could be observed and undermine your anonymity.

Anyone can operate an exit node. They have been known to be used for surveillance by criminals and even to operate man-in-the-middle attacks.

Some healthy skepticism can keep you safe here. It is wise to always assume that someone is watching you.

Can Tor Be Traced?

If you’re careful and Tor is configured properly then no, you cannot be traced.

Once your activity leaves the Tor network it is unencrypted. This means your government or another third party can see it, but they won’t be able to tell who you are unless your browsing activity lets them know.

It’s best to assume your activity can always be seen, but that onlookers have no idea who you are. As long as you don’t do anything to identify yourself (like visiting any personal accounts or allowing Tor to leak), your activity cannot be traced back to you through the Tor network.

How to Stay Safe Using Tor

Most of the risks associated with Tor can be resolved by changing your browsing behavior. In order to stay anonymous using Tor, you must avoid behavior that might result in an information leak or might enable an onlooker to infer your identity

If you use Tor like a normal browser it will almost certainly result in DNS or IP leaks. Your web traffic is only protected when you’re using the Tor browser. Other applications, such as email and other browsers, aren’t funneled through the network.

To stay safe using Tor, you should:

  1. Never use mobile 2-step verification.
  2. Never post your personal accounts.
  3. Avoid operating the same accounts — such as email and Facebook — inside and outside of Tor.
  4. Only access secure, HTTPS-encrypted websites.
  5. Delete cookies and local website data after every browsing session.
  6. Not use Google (DuckDuckGo is a good alternative).
  7. Avoid simultaneously connecting to the same remote server with and without the Tor browser.
  8. Avoid torrenting (it slows the network) — and BitTorrent especially.

We also recommend reading the list of current known issues with Tor before using the browser for the first time.

How Do I Use Tor?

Follow these simple steps to install the Tor browser on your computer or mobile. Alternatively, you can skip to the next section to learn about using Tor and a VPN simultaneously.

How to Install the Tor Browser on Your Computer

The Tor browser will work for any Windows, Linux or MacOS computer, and is easy to install.

To install the Tor browser on your computer:

  1. Navigate to the download page of the Tor Project website.

    Since your ISP or network administrator undoubtedly monitors your browsing habits you may want to have a VPN active when you visit the Tor website.

    This might sound paranoid, but there are real life examples of people identifying themselves this way. In 2013 a Harvard student who sent a fake bomb threat via Tor to avoid an exam was identified using university WiFi connection logs. The student was singled out because he was the only user who had accessed Tor on the campus network.

  2. Select your operating system of choice:

    Screenshot of the Tor browser download page
  3. An .exe file will download: open it.
  4. Select your language from the drop-down menu:

    Screenshot of Tor language select installation window.
  5. Unless you are looking for an advanced setup, press connect:
    Screenshot of Tor installation window
  6. Tor will automatically set itself up.

    Screenshot of installed tor browser

Once you’ve downloaded the file you won’t have to install anything else. Tor is completely self-contained. You can even run it from a USB thumb drive.

Only your activity from within the browser will be routed through Tor, though. Anything outside — including emails sent from a separate app like Outlook — will be exposed to surveillance.

How to Install the Tor Browser on Mobile

There is a Tor browser app available for Android devices and maintained by the Guardian Project. It is easy to download and use, but the same limitations apply as when you use the browser on desktop: only what you do in the browser will remain anonymous online.

To install the Tor browser on your Android device:

  1. Press install on the Google Play Store page.
  2. Press connect to access the Tor Network. This will take a few minutes to load.
  3. Cycle through the welcome messages.
  4. You are now ready to use the Tor Browser on mobile. Click on the address bar at the top to enter the website you want to visit.

Unfortunately, due to Apple’s heavily restricted App Store, there isn’t currently an app for iOS and there isn’t likely to be in the future. This means you won’t be able to use Tor on iPhone or iPad.

For information on How To Install a VPN, we’ve put together a dedicated step-by-step guide.

Other Tor-Enabled Applications

We mentioned earlier that Tor can handle all traffic which uses the TCP protocol. While this is true, it isn’t easy to get a lot of applications to work only with TCP.

Any information not transmitted via TCP will default to outside the Tor network. This will cause DNS, WebRTC or IP leaks, exposing your identity and activity to any onlookers.

Tor offers its own in-depth guide to ‘Torifying’ applications, which we only recommend for more advanced users.

The Linux variant Tails routes all activity through the Tor network by default. It comes with several pre-installed and pre-configured applications and automatically cuts off any non-Tor traffic to prevent leaks.

This is an effective setup but it won’t be compatible with lots of popular apps. Don’t expect to be using YouTube, Facebook Messenger, or Spotify from your desktop.

Unfortunately, the majority of Voice-over-IP (VoIP) applications rely on the UDP protocol. Because Tor is not currently compatible with this protocol it is not possible to use video chat applications like Skype over the Tor network.

How to Use Tor and a VPN Together

It is sometimes even more secure to use both a VPN and Tor at the same time.

There are two ways of using Tor and VPN together: Tor over VPN and VPN over Tor. They both have some unique benefits as well as some pretty major drawbacks, which we will cover in this section.

Tor Over VPN

Diagram showing Tor running over a VPN .
‘Tor over VPN’ is when you connect to your VPN before you run the Tor Browser. This is the most common way of combining Tor with a VPN.

It’s easy to do: just connect to your VPN then launch the Tor browser from your desktop or smartphone.

Your VPN will act like an extra node before the Tor network.

When you combine Tor with a VPN in this way:

  1. Your ISP and network operator will not know you are connected to the Tor network.
  2. The Tor network entry node will not see your true IP address.
  3. Your VPN provider will be unable to see your traffic.

This is particularly useful if you do not want a network administrator to know you are connecting to Tor, or if your VPN provider has an invasive or vague logging policy.

However, it should be noted that:

  1. Your VPN provider will see your true IP address.
  2. Your VPN provider will also be able to see that you are connected to the Tor network.
  3. Tor exit nodes – including malicious exit nodes – will still be able to view your traffic.

Some VPN services, including NordVPN and ProtonVPN, have servers dedicated to Tor traffic.

VPN Over Tor

A diagram showing running a VPN over Tor.
This option works in reverse: connecting to the Tor network before using your VPN.

This is technically possible, but not easy. You will need explicit Tor support from your VPN provider. Currently, very few VPNs offer support for running via Tor in this manner.

In theory, this method has four key advantages:

  1. All of your VPN traffic goes through the Tor network, not just your web browsing. This gives you double-strength privacy protection, no matter what you’re doing online.
  2. Alongside the benefits of Tor, you also get the advanced features of your VPN. This includes the ability to switch servers for better speeds or use the kill switch to prevent unwanted IP address leaks.
  3. If you need to use .onion resources you can get to them via an alternative browser (not just the Tor browser) via your VPN.
  4. Tor exit nodes will no longer be able to view your traffic.

While this method eliminates the dangers associated with malicious exit nodes, it also undermines one of the key purposes of using Tor. A third party — your VPN provider — will have access to both your identity and activity.

For most users this method is a waste of resources. Using a VPN over Tor allows your provider access to the same information as using the VPN alone, just with the added slowness and inconvenience of the Tor network.

There are a few other key downsides worth mentioning when you use a VPN provider that offers a specific Tor option:

  1. Your choice of VPN provider will be restricted.
  2. You will experience a huge hit to your connection speeds. Using a VPN over Tor could make a sluggish VPN even more of a chore to use.
  3. Encrypting data with a VPN and then encrypting it again with Tor is overkill that will not improve your privacy significantly.
  4. Using a VPN through Tor will usually require extra configuration. You may have to install a specific client, download a specific connection file, or change your settings — all of which require time, technical knowledge, and patience.

VPNs and the Tor browser both enhance your privacy independently of each other. You can connect to your VPN and then use the Tor Browser if you’re really concerned, but combining the two is overkill for most people.

You’re better off using Tor if you need complete anonymity in extreme circumstances. If it’s just all-round internet privacy you’re looking for, choose a VPN.

About the Author


  • Headshot of Top10VPN.com Site Editor Callum Tennent

    Callum Tennent

    Callum is our site editor and a member of the IAPP and the EC-Council's Knowledge Review Committee. He oversees all our VPN testing, reviews, guides and advice. Read full bio