Tor vs VPN: the web privacy shootout

Tor and VPN logos
(Image credit: Future)

If you're looking to stay incognito online, the best VPNs and Tor should be right at the top of your privacy shortlist. 

Meanwhile, Tor is great for its simplicity and ease of use, while both are excellent when it comes to keeping your web data safe. 

Each option is based on a similar principle, where they protect your internet traffic with industrial-strength encryption software, as well as shield your IP address by routing it through their own servers. 

But there are big, big differences, too - their encryption, what they'll protect, how they connect to servers and a whole lot more. 

While there is seemingly plenty of choice, especially when it comes to VPNs, there’s a very good reason why the bigger, well-known names continue to dominate when it comes to web privacy needs. 

The likes of ExpressVPN, CyberGhost, IPVanish and NordVPN along with other key players frequently come out on top for VPN needs, but there’s invariably a subscription cost involved. However, they are well worth paying for over some of the best free VPNs to get added security features. 

Tor (which stands for ‘The Onion Router’) can be a great option too, but comes with the definite bonus of being free, open-source software.

Which is best? We're about to pit Tor against VPNs, not just on value for money but by homing in on the most important privacy factors you should consider. 

Tor vs VPN: Anonymity 

Tor is completely free to use. No need to register, hand over your email address, payment details or anything else. Connect to Tor and your traffic is routed through at least three three servers or ‘relays’, randomly chosen from thousands around the world, making it almost impossible to log your activities. 

Even if anyone tried, only the first Tor server has your IP address, and otherwise it has no idea who you are, as each packet of data is encrypted three times. 

Conversely, if you sign up for most VPNs you'll typically have to create an account, provide your email and maybe make a payment. Whenever you connect, the app logs in with your account details, ensuring the provider knows precisely who you are. And, as you're always using VPN servers run by the same company, it's easy for your browsing history to be connected to your account. 

You can reduce these risks firstly by choosing a VPN provider such as ExpressVPN or NordVPN that accept anonymous payment methods like Bitcoin. This makes your purchase harder to trace. You can also use a new email address and password to register with the VPN service. 

Even if you do this, anyone with access to your VPNs connection records will be able to see the IP address from which you’re connecting. These days, many VPN providers operate a “no logs” policy and submit themselves for auditing, so users can be sure this is the case. 

Result: A big win for Tor, which cloaks your IP address and doesn’t require any personal data. 

Tor vs VPN: Obfuscation 

Tor is designed to protect your web traffic from snoopers but by default anyone with access to your connection records can see that you’re accessing the Tor network through techniques like DPI (Deep Packet Inspection).

As Tor data packets are so distinctive, this makes it very difficult to hide the fact you’re trying to hide your data if that makes sense - some ISP and countries even block connections to the Tor network, supposedly to prevent illegal activity.

When you first launch the Tor Browser, you can tell the software that your ISP blocks connections to Tor. The software will try to make use of virtual ‘bridge’ relays. These are run by volunteers and make it much harder for someone to tell you’re using Tor.

Certain VPN protocols are very easy to spot, making it difficult to use services in countries which restrict or ban VPN usage. Some VPN Protocols such as OpenVPN try to disguise your traffic as regular HTTPS data. Service Providers like VyperVPN have also developed their own protocols to disguise the fact you’re using a VPN.

Result: This is one time VPNs and Tor come out even. Both have options to disguise your web traffic and both require similar time and trouble to set up. One all.  

Tor vs VPN: Versatility 

There’s no doubt that the Tor Browser is one of the best privacy tools out there. It does a great job of maintaining your privacy when you're browsing online. In fact, it's probably the ultimate tool for delivering the best in private browsing. 

But that's where the feature list stops. If you want to use any other app over Tor’s “dark net”, you’ll need to install the specialist Tor software and configure your program of choice to use it as a SOCKS5 proxy. If your app doesn’t support this, then you can’t use it with Tor. You’ll also need to repeat these steps for every application that you want to proxy over Tor.

This is one big bonus about VPNs - they encrypt all your traffic, not just what you’re browsing. So that means if you’re streaming, playing games and/or using P2P apps, they all get the same level of protection - there's a reason why streaming VPNs and VPNs for Netflix have become so popular. 

And if that's still not enough for your needs, check out how to install a VPN on your router. This means that any devices connected to your wireless network such smart TVs, games consoles, video doorbells will connect via the VPN without you needing to install extra specialist software. In theory you can use a Raspberry Pi to browse anonymously, but this is difficult to set up correctly unless you’re a power user. 

Whilst VPNs will encrypt all your traffic by default, many also support connecting only certain apps to the VPN whilst leaving others unchanged. This might be useful if, say, you want to access Netflix in another country via your browser but leave a database program you use for work to connect in a regular way. This is called split-tunneling and can be extremely useful.

Result: Tor handles its one task very well, but VPNs win this one with their ability to protect traffic from all your devices as well as support split-tunneling. 

Tor vs VPN: Ease of Use 

If you’re looking for simplicity and ease of use, you’ll find the Tor Browser makes a lot of sense, purely because it is so straightforward to configure. Tor is just a simple browser (a custom version of Firefox, if you're interested). 

As a result, that means it has no complicated settings to master. There's nothing special to learn, which makes it immediately appealing if you’re more of a novice computer user. In fact, if you've ever used another web browser, you'll probably be at home with Tor immediately. 

It's not hugely different if you head in the direction of a tried and tested VPN either though. In fact, for some of the better options, VPN use can also be as simple as installing the app, although in many cases there's more work to do. 

You might have to inspect and tweak some key settings to make sure your VPN really is as private as the provider claims, for instance by checking your VPN kill switch and DNS leak protection - to suit your needs. This might give the jitters to anyone who’s not confident when it comes to getting under the bonnet of their computer or laptop. 

Not all VPN providers will necessarily have a dedicated app for the device or protocol you want to use. For instance PC users running Linux will need to content themselves with NordVPNs command line app if they want to encrypt all their traffic. (Fortunately there’s also a plugin for most major browsers).

If you want to use the secure OpenVPN protocol, you may also have to install a third-party app like OpenVPN Connect and manually enter the VPN settings. This isn’t particularly difficult but it’s important to enter the information correctly to ensure your connection is secure. 

Another point to note on the ease-of-use front is to remember that VPNs can sometimes cause network issues or conflict with other apps or browser plugins, too. While this isn’t going to be a major deal, it could leave you having to troubleshoot some potentially tricky problems. That’s not going to be for everyone. 

The Tor Browser on the other hand has deliberately selected its own browser and plugins to provide a stable connection. You don’t need to change these and indeed it’s a bad idea to do so in case you’re identified through browser fingerprinting

Result: Tor effortlessly beats VPNs in the simplicity web browsing stakes, no question. No hidden complexities, you can install and use it just like any other app. 

Tor vs VPN: Speed 

Most of us are time poor and no more so when it comes to our productivity. In that respect you should find that while Tor works very hard to protect your identity. Each packet of data is encrypted with three separate keys and routed through servers all around the world. This will almost certainly affect your workflow, as despite Tor’s efforts  to keep you safe it hugely slows down your connection. 

You can speed up Tor browsing speeds by using only hidden services. Since your traffic doesn’t leave the dark net, it doesn’t have to travel via an exit node to retrieve data from the regular internet. 

Kind volunteers who have bandwidth to spare can volunteer to help improve others’ connection speed whilst using Tor by choosing this option when the browser loads. If your connection is particularly slow you can also tell the browser to establish a new “circuit” over the Dark net. 

VPNs, on the other hand, will usually encrypt your traffic only once, and send it through a single server located in your own or another country. These aren't the underpowered volunteer-run servers you get with Tor, either - the fastest VPNs use dedicated servers in high-powered data centers with leading-edge connectivity and ultra-fast connections. So, if you’re looking for speed above all else the VPN route is going to be the best option for boosting productivity and speeding up workflow.

Many such providers will operate a server in your home country which reduces the time it takes for your ‘client’ device to communicate with them. As VPNs also encrypt your traffic your data is also usually protected from traffic shaping, whereby ISP’s deliberately slow down certain types of traffic like streaming video.

Result: A clear performance victory for VPNs, where reduced overheads, enterprise-level network connections and powerful hardware leave Tor trailing far, far behind. 

Tor vs VPN: Unblocking 

Using Tor or a VPN is all about improving your web privacy and both tools are great for the task, though there are distinct differences between the two that can make one distinctly better than the other.

Tor is specifically designed to hide your identity, and a big part of that is routing your traffic through a random set of servers from around the world. London, Toronto and Addis Ababa today, maybe Frankfurt, Lima and Canberra tomorrow? 

That's great for anonymity, but it means by default you can't use the service for unblocking specific sites, as you can't guarantee where your Tor exit node will be. Skilled users can work around this slightly by programming the browser only to use exit nodes in a specific country. If no exit nodes are available when you connect however, you still won’t be able to access geo-specific services and there’s no way to tell in advance if this will happen.  

That’s where the humble VPN comes into play and kicks Tor firmly into touch. One of the best things about VPNs is that they can help keep life simple and all by connecting you to a single server in your preferred country. For example, if you're looking to unblock Netflix in another country, then all you have to do is choose a city in that country. Admittedly, this isn’t going to give you guaranteed access to your favorite shows, but you might well be in with a chance. 

Many service providers like Netflix do take steps to try to block VPNs but as long as your provider has enough servers in the country in question, you’ve a much better chance of viewing content like this. 

Result: Tor's anonymity-first design makes it unsuitable for most unblocking: VPNs for the win. 

Tor vs VPN: Vulnerabilities 

Tor does a lot to protect you online, but it has limits. The exit node (the server which sends your traffic to its destination) can see and modify what you're doing if the connection isn't encrypted. The point to remember about this arrangement is that these servers are run by volunteers, so there's no way to tell if they're trustworthy.

Rather worryingly, one past report suggested 23% of Tor exit nodes were engaged in a 2020 malicious attack on cryptocurrency users, and 4-6% may still be involved in the same campaign. If that makes you at all nervous, and it probably should, you’ll need to bear in mind the vulnerability aspect of Tor before making use of it.

Of course, you could simply keep your traffic within the Tor network by only using hidden services, but this means that you can only access those sites for which there’s a .onion address. In December 2022, a vulnerability was discovered in the Tor software which under certain circumstances could identify users visiting the old v2-style onion addresses. The Tor Project have stopped supporting these officially and recommend everyone operating a hidden service updates to the new, longer ‘v3’ addresses.

That’s not to say VPNs don’t have their weak spots, too. A NordVPN server was compromised in 2018, for instance and that’s a well-known brand with a high profile and lots of resources at its disposal. The company also came under criticism for not revealing the attack until the following year. In fairness to NordVPN they claim that they hadn’t known about it before then and immediately carried out an audit of their other 5,000+ servers. 

Still, the repercussions of an attacker taking control of a VPN server are pretty obvious and could prove potentially damaging to your web privacy. A compromised server could be used to trace your home IP address or record what sites and apps you’re using. It could even be used to infect your home systems with malware.

Result: A close-run thing, but we're giving VPNs a marginal win. Tor's exit nodes are always going to be run by a crowd of people, and you'll have little idea of who they are or what they're doing. VPNs have issues, too, but they can at least minimize them with smart anti-hacking ideas like ExpressVPN’s TrustedServer and NordVPN use servers which run in RAM). VPNs can also assure users by adopting no-log policies verified by VPN audits

Tor vs VPN: Price 

Tor is totally, utterly, entirely no-strings free. It doesn't even display ads or use analytics in the apps or on the website. If you want to use it, just visit the website, download, install and run. Naturally, the Tor Project accepts voluntary donations.

Most VPNs charge a monthly or annual subscription to access services. You can often pay extra, too, for features like a dedicated IP address for a VPN - an especially smart move if you’re thinking of using a gaming VPN.

There are free virtual private networks, but we mostly don't recommend them - and it’s debatable whether there are any truly free VPNs. Often, you have no idea who's running them, what data they collect, or how they make their money. Even honest providers may have to throttle your bandwidth or ask you to view adverts in order to keep the lights on. 

Result: An easy win for Tor. It's also way more transparent than the average free VPN. Want to know who runs the service, where the money comes from? Check the Tor website, it's all there. 

Tor vs VPN: Verdict 

VPNs won our shootout, but only just, edging their way to the privacy crown by 5 points to Tor's 4. The great thing about the VPN marketplace is that there is plenty of choice, depending on what you’re looking for. Naturally, it’s best to stick with known names that have already proved their worth too, such as ExpressVPN, NordVPN, or Surfshark

It's certainly better to pay a subscription fee and avoid using any free options. This is especially so considering the whole reason you’re signing up for a VPN in the first place is to improve your web privacy. Stick with a tried and trusted resource.

While giving the thumbs-up to VPNs might not be the right result for everyone it ultimately all depends on your needs. If you absolutely don't want anyone to know where you're browsing - not your current network, ISP or even a VPN - then Tor's anonymity makes it a must. There’s a price to pay for that though and if download speeds or unblocking Netflix are a priority, then Tor scores zero: VPNs are a clear win in the speed stakes.

You don't have to choose, of course. You can use Tor for extremely private activities where you need to conceal your location and VPNs for everything else. 

If you want the best of both worlds, many VPN providers are aware of the advantages of using Tor to browse anonymously, so operate specialist servers to allow you to use their service with Tor’s dark net. One such offering is NordVPN’s “Onion over VPN”, which allows you to route your connection through their servers. This not only better conceals the fact you’re using Tor but also conceals your IP address when connecting to the first Tor relay, providing better privacy. 

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.

With contributions from