tor
Tor vs VPN: Which One Actually Protects You?
Tor vs VPN compared at the protocol level — anonymity model, speed, ISP visibility, and which tool fits which threat model. No hype, just the tradeoffs.
Tor vs VPN trips people up for the wrong reason: it isn't that either tool is hard to install. Most writeups skip the only question that sorts the answer—which threat are you modeling? At the protocol layer they solve different problems; picking the wrong one buys misplaced confidence.
How They Differ at the Protocol Level
A VPN creates an encrypted tunnel between your device and a single VPN server. Your traffic exits from that server's IP. Your ISP sees an encrypted connection to the VPN server — nothing more. The VPN provider, however, sees everything: your real IP, the sites you visit, and the timing of every connection. You've shifted trust from your ISP to the VPN company. That's the whole transaction.
Tor routes your traffic through a minimum of three relays — guard, middle, and exit — each knowing only its immediate neighbors in the chain. The guard relay knows your IP but not your destination. The exit relay knows your destination but not your IP. No single node has the full picture. This is the property that makes Tor structurally different from a VPN, not just a better or worse version of the same thing.
The Tor Project's design documentation formally specifies this multi-hop onion routing architecture. It's worth reading if you want to understand the cryptographic guarantees rather than take anyone's word for them.
Anonymity Model: Many-to-Many vs One-to-One Trust
A VPN's anonymity guarantee rests entirely on whether your VPN provider keeps logs and whether they'll hand those logs over under legal pressure. "No-log" policies are marketing claims until they're proven under subpoena — some providers have held up, some haven't. You're trusting one commercial entity, in one jurisdiction, with a complete record of your activity.
Tor's anonymity doesn't require trusting any single relay. An attacker would need to compromise your guard node and your exit node simultaneously to correlate your traffic — and even then, correlation attacks require statistical analysis across many circuits, not trivial surveillance. As of 2024, the Tor network runs approximately 7,000 volunteer-run relays in dozens of countries. Controlling enough of them to mount a reliable correlation attack is a nation-state capability, not a commercial ISP's.
The practical implication: Tor provides anonymity. A VPN provides pseudonymity — your real IP is hidden from the sites you visit, but someone in the chain (the VPN provider) still knows who you are.
Speed, Latency, and ISP Visibility
This is where the tradeoffs become concrete:
| Property | Tor | VPN |
|---|---|---|
| Latency | 200–500ms typical | 5–50ms typical |
| Throughput | 1–5 Mbps typical | Near-ISP speeds |
| ISP sees | Tor guard relay connection | Encrypted VPN tunnel |
| Provider sees | Nothing (by design) | Your full activity |
| Exit IP | Volunteer relay (changes per circuit) | VPN server (static or semi-static) |
| Blocked by sites | Sometimes (Tor exit blocks) | Rarely |
| Censorship resistance | High (bridges available) | Low (VPN IPs are blockable) |
VPN speed is near your ISP speed because there's only one hop. Tor speed is lower because three relays introduce latency and relay operators are volunteers sharing bandwidth. For video streaming or large downloads, a VPN wins on speed. For genuine anonymity against capable adversaries, Tor wins by design.
When to Use Tor, When to Use a VPN, When to Use Neither
Use Tor when:
- Your threat model includes an adversary who can compel a VPN provider to hand over logs
- You're accessing .onion services (Tor is the only way in)
- You need genuine anonymity, not just IP hiding — journalists contacting sources, activists in surveilled regions
- Your ISP or network is blocking specific sites (though a VPN can help here too)
Use a VPN when:
- You trust the provider more than your ISP and your threat is a passive observer on your local network
- You need speed for streaming, large transfers, or gaming
- You're protecting yourself from basic data broker profiling, not from government-level surveillance
- The sites you visit block Tor exit nodes (some services do this)
Use neither when:
- Your threat model is someone with physical access to your device — Tor and VPNs don't protect your disk
- You're logged into accounts tied to your real identity — your account is your identity regardless of your IP
- You want a false sense of security over actually addressing your threat model
Before choosing a tool, read the threat modeling guide — it'll give you a framework for answering "what am I actually protecting against?" without guessing.
The "Tor over VPN" Question
Some people run VPN-then-Tor: connect to a VPN first, then open Tor Browser. This prevents your ISP from seeing that you're using Tor, which matters if Tor use itself is suspicious in your environment. It also means your guard relay never sees your real IP — only the VPN's IP.
The tradeoff: your VPN provider now knows you're using Tor. You've traded one visibility problem for another. Whether that's better depends entirely on your threat model — specifically, whether your ISP or your VPN provider represents the higher risk.
For a full breakdown of both configurations and their OPSEC pitfalls, see the Tor over VPN guide.
Threat Model
Tor and a VPN protect against different adversaries. Get this wrong and you'll invest time and money in tools that don't address your actual risk.
A VPN protects against:
- Your ISP selling your browsing data
- Coffee shop Wi-Fi snoopers
- Basic geo-blocks and site-level IP tracking
A VPN does not protect against:
- The VPN provider itself (they see everything)
- Legal process served on the VPN provider
- Sophisticated deanonymization attacks
Tor protects against:
- Any single party in the network learning both your identity and your destination
- ISP traffic analysis of which sites you visit
- Basic fingerprinting and cross-site tracking (hardened Firefox baseline)
Tor does not protect against:
- Correlation attacks by adversaries controlling multiple relays
- Malicious JavaScript at Standard security level
- OPSEC failures that link your real identity to your activity
The EFF's surveillance self-defense page on Tor covers this threat model mapping in more detail and is worth bookmarking.
Frequently Asked Questions
Does a VPN make me anonymous?
No. A VPN makes you pseudonymous with respect to the sites you visit — your IP is replaced by the VPN's IP. But the VPN provider has your real IP and a record of everything you accessed. If they're compelled to produce that data (or if they sell it), your pseudonymity evaporates. Anonymity requires that no single party can link your identity to your activity, which is the architectural property Tor provides and VPNs don't.
Can Tor be detected by my ISP?
Yes, unless you use bridges. A direct Tor connection to a guard relay is identifiable by your ISP through traffic analysis — the Tor consensus is public, so ISPs can compare your connection endpoints against it. Using obfs4 or Snowflake bridges obfuscates the connection so it doesn't look like Tor traffic. See the Tor Browser setup guide for bridge configuration.
Is it safe to use a free VPN?
Generally, no. Free VPNs have to monetize somewhere, and that monetization is often your data — sold to advertisers or used to inject ads. Some free VPNs have been caught logging and selling browsing histories. If you're using a VPN to protect privacy, a free one undermines that goal. Privacy Guides maintains a vetted VPN list with transparent criteria.
Can I use both Tor and a VPN at the same time?
Yes. The two common configurations are VPN-before-Tor (hides Tor use from ISP) and Tor-before-VPN (rarely adds meaningful privacy). Read the Tor over VPN guide for the full breakdown.
Related guides
- Complete Tor Browser setup guide — verified install, security levels, bridges
- Tor over VPN — when it helps and when it doesn't
- Onion routing explained — how the three-hop circuit actually works