Tor and a VPN are both tools that use a combination of proxies and encryption to make it difficult for snoopers to track you. While they share some similarities, the key difference is that Tor is for anonymity, and a VPN is for privacy. The two can be used in tandem to further bolster both privacy and anonymity. This article will cover the best VPNs for Tor and explain how to use a Tor VPN.
If you don’t want to read all the details, here are the best VPNs for Tor:
- NordVPN: No logs, huge server network, strong security.
- ExpressVPN: Fast and secure. Accepts bitcoin and has an onion site.
- CyberGhost: Excellent security, fast speeds, and zero logs.
- PrivateVPN: Simple to use, fast servers, and no logs.
- IPVanish: Great security, zero logs, and fast.
How to use Tor with a VPN
We’ll use Tor Browser as an example, though there are several ways to connect to Tor. With the Tor Browser installed:
- Sign up with a VPN. Our top recommendation is NordVPN.
- Download and install the VPN app.
- Run the app and select a VPN server.
- Hit the Connect button and wait for the app to confirm the connection.
- Open the Tor Browser and surf the web.
This setup sends your internet traffic first through the VPN server, and then through the Tor network. That means your data goes through two phases of encryption before it ever leaves your device: once by Tor and then again by the VPN. Your internet service provider can’t see what’s in the VPN’s encrypted tunnel, and therefore cannot detect that Tor is being used.
Best VPNs for the dark web
We’ve evaluated the best VPNs for Tor based on the following criteria:
- Features designed specifically for Tor users
- No logs policy
- Strong encryption
- Anonymous payment methods
- Fast speeds
These are the best VPNs for Tor:
NordVPN gives users access to specialized servers pre-configured with Tor over VPN, which means all traffic is first sent through the VPN and then automatically redirected through the Tor network. This is great if you have apps other than a browser that you’d like to use with Tor. A double-VPN option is also available, which could be used with the Tor browser for a total of two VPNs and the Tor network, if you can tolerate the speed hit. NordVPN also boasts a strict zero logs policy and 256-bit AES encryption. The company accepts Bitcoin.
Apps are available for Windows, MacOS, iOS, and Android.
Note that some experts object to Tor over VPN servers because NordVPN could hypothetically see what users are doing with their Tor connection by analyzing traffic before Tor encrypts it. NordVPN says it keeps zero logs, but if this is a concern, we recommend setting up Tor and the VPN independently.
- Onion servers
- No logs
- Strong security
- Accepts bitcoin
- A few servers didn’t work
BEST FOR TOR:NordVPN is our top choice High speeds and exceptional unblocking ability with plenty of advanced options. Includes a 30 day money back guarantee so you can try it risk-free.
Read our full NordVPN review.
ExpressVPN recently launched a .onion version of its website for users who want to anonymously make an account. The British Virgin Islands-based company accepts Bitcoin and sticks to a good no-logs policy. Some non-identifying information is logged such as dates (not times), choice of server location, and total amount of data transferred each day. Cutting-edge encryption is used by default including 256-bit AES encryption, 4,096-bit DHE-RSA keys with perfect forward secrecy, and SHA512 authentication.
ExpressVPN is highly rated, fast, user-friendly and has apps available for Windows, MacOS, Android, iOS, and Linux (command line).
- Fast and reliable
- Accepts bitcoin
- Has a .onion site
- Great security
- No identifying logs
- Slightly more expensive
FAST AND RELIABLE:ExpressVPN is fast, secure, and able to unblock a huge range of streaming services. Includes a 30-day money-back guarantee.
Read our full review of ExpressVPN.
CyberGhost doesn’t have any Tor-specific features, but it is the only VPN to earn a perfect score in our 2018 security and privacy assessment. For this reason, it pairs well with the Tor Browser. CyberGhost assigns each user a unique anonymous ID, and the email address you use to sign up is encrypted. This prevents third parties from connecting a users’ email address to their CyberGhost account. CyberGhost stores no identifying logs.
The company is based in Romania, which has no mandatory data retention laws. Strong encryption, leak protection, a kill switch, and perfect forward secrecy are all included in the apps, even on mobile. Speeds are plenty fast enough to handle Tor traffic.
Apps are available for Windows, MacOS, iOS, and Android. You may connect up to seven devices at a time.
- Fantastic security
- Zero logs
- Bitcoin accepted
- No Tor-specific features
BEST VPN FOR NOVICES:With comprehensive protection and one-click unblocking enabled by default, as well as high speeds and a low cost, CyberGhost is ideal for those new to VPNs. This comes with a 45 day money-back guarantee.
Read our full CyberGhost review.
PrivateVPN’s website has a helpful guide on how to alter the OpenVPN configuration files included in the app so that outgoing internet traffic first passes through the Tor network, and then through the VPN—a setup known as “VPN over Tor”. If you want to use Tor to access sites on the clear web that don’t normally allow Tor connections, your IP address will be that of the VPN server, and the site won’t block you. Note that if you don’t want your ISP to see that you’re using Tor, it’s better to use a standard VPN connection with the Tor browser.
PrivateVPN offers great speeds and security, plus a no-logs policy. You can connect six devices simultaneously.
- Zero logs
- Fast servers
- Strong encryption
- Supports Tor-over-VPN
- Smaller server network
UP AND COMER:PrivateVPN is a newer provider that earns its place among the veteran players. It comes with a 30-day money-back guarantee.
Read our full PrivateVPN review.
IPVanish is a speedy VPNs that doesn’t sacrifice privacy or security. A subscription gets you strong leak protection, unbreakable encryption, and a no-logs policy. IPVanish allows up to 10 simultaneous connections — more than any other provider on this list. IPVanish apps come with an obfuscation feature that disguises the encrypted VPN tunnel as normal internet traffic. You can opt to periodically change your assigned IP address at certain intervals, making you harder to track. It doesn’t accept bitcoin, though, so if you want to make an anonymous purchase, look elsewhere.
Apps are available for Windows, MacOS, iOS, and Android.
- Fast speeds
- Security is solid
- No logs
- Bitcoin not accepted
FAST & SECURE:IPVanish offers a great combination of speed and security, plus a 7-day money-back guarantee.
Read our full IPVanish review.
VPNs that Tor users should avoid
Due to poor logging policies that have led to the arrest of at least one user in the past and more invasive data retention laws recently passed in the UK, England-based VPN provider HideMyAss should be avoided by anyone who values privacy and anonymity.
Privacy advocates earlier this year filed a formal complaint with the FTC alleging freemium VPN provider Hotspot Shield illegally hijacked HTTP requests for certain ecommerce websites, redirecting users to affiliate sites where it stood to financially benefit. The complaint also accuses Hotspot Shield of injecting tracking cookies into users’ browsers to collect browsing data used by third-party ad agencies. Until these allegations are cleared up, we recommend avoiding Hotspot Shield.
Why use a VPN with Tor?
A VPN encrypts all of a device’s traffic and routes it through a remote server in a location of your choosing. This assigns the user a new IP address–a string of numbers and decimals unique to a device that can be used to pinpoint the user’s location. The encryption prevents internet service providers from being able to monitor your activity.
While most good VPN providers offer a “no logs” policy, VPNs still require a degree of trust that the provider won’t record user traffic or give in to corporations, hackers, and governments that demand user information. Your activity is private, but not necessarily anonymous.
Tor encrypts the user’s traffic and routes it through several nodes run by volunteers, known as the Tor network. Every time a new website request is sent, the route changes, making it next to impossible for anyone to trace the user. Unlike a VPN service, there’s no central authority that controls the traffic flow, so trust is not necessary.
These entry and exit nodes are well documented, however, so both your ISP and the destination server can easily find out if you’re using Tor. Some ISPs, websites, apps, and governments will block traffic to and from Tor entry and exit nodes altogether. In some countries, simply accessing the Tor network will get your name added to an ISP’s naughty list. That means your activity is anonymous, but not entirely private.
VPNs are faster and thus more suitable for streaming video, torrenting, and other download-intensive tasks. Tor is more suitable for anonymous web browsing and accessing .onion websites on the DarkNet.
For extra protection and more flexibility, Tor and a VPN can be combined. Traffic can be encrypted by both and then channeled first through the Tor network and then over a VPN (VPN over Tor) or vice versa (Tor over VPN). We’ll discuss the pros and cons of both configurations further down, but first let’s talk about which VPNs are most suitable for Tor users. Note that while combining Tor with a VPN will improve anonymity and privacy, it will have a heavier impact on connection speed and latency than using either one on its own.
Can I use a free VPN with Tor?
Yes, but you might be doing more harm than good. Technically, nothing is stopping you from connecting to a free VPN service and firing up the Tor browser.
Be wary of free VPNs. They look enticing on the surface, but in reality, they often use substandard encryption, poor logging policies, force users to wait in queues to connect and impose data or bandwidth caps on users. They often have fewer servers and IP addresses, which makes it easier to trace individual users. Many inject advertisements and tracking cookies into users’ browsers, sacrificing their privacy rather than bolstering it.
Tor over VPN vs VPN over Tor
Should you use VPN over Tor or Tor over VPN? Both have their advantages when it comes to both security and usability. We’ll outline the advantages and disadvantages here.
Tor over VPN
You can use Tor over VPN simply by connecting to a VPN and accessing the internet through the Tor browser. Your traffic is encrypted by both Tor and the VPN before leaving your device. The traffic flow looks like this:
My device –> Encrypted by VPN and Tor –> VPN server –> Tor Network –> Internet
- ISP cannot see you are using Tor
- Neither ISP nor VPN can see your traffic*
- Easy to set up. Just connect to VPN and turn on Tor browser
- Access to .onion websites
- Flexibility to use VPN by itself with a normal browser for non-critical tasks
- Tor entry node cannot see real IP address
- Websites can block traffic from Tor exit nodes
- VPN can see (and potentially log) your real IP address
- Exposes traffic to compromised Tor exit nodes
*Note that NordVPN and BolehVPN could hypothetically analyze your traffic before it’s encrypted by the Tor network when using their Tor-over-VPN-enabled servers. The trade off is that all traffic can be routed through Tor without configuring individual apps to be used with Tor.
VPN over Tor
VPN over Tor is more difficult to set up because it requires configuration on the VPN server. As far as we know, only AirVPN offers this capability. The traffic flow looks like this:
My device –> Encrypted by VPN and Tor –> Tor network –> VPN server –> Internet
- Neither ISP nor VPN can see your traffic
- Access to websites and apps that normally block traffic from Tor exit nodes
- VPN cannot see your real IP address
- Not vulnerable to compromised Tor exit nodes
- All traffic routed through Tor without individual configuration
- No packet discrimination by Tor exit nodes
- ISPs can see you are using Tor
- Difficult setup, requires VPN provider’s assistance
- No access to .onion websites
- Tor entry node sees your real IP address
- Not application-specific, so unable to run P2P or other programs outside of Tor network without disconnecting from the VPN
- 1 How to use Tor with a VPN
- 2 Best VPNs for the dark web
- 3 1. NordVPN
- 4 2. ExpressVPN
- 5 3. CyberGhost
- 6 4. PrivateVPN
- 7 5. IPVanish
- 8 VPNs that Tor users should avoid
- 9 Why use a VPN with Tor?
- 10 Can I use a free VPN with Tor?
- 11 Tor over VPN vs VPN over Tor