How Tor Works
Tor (The Onion Router) encrypts your traffic in three layers and routes it through three volunteer-run relays: a guard node, a middle relay, and an exit node. Each relay decrypts one layer of encryption and forwards the traffic — the guard node knows your IP but not your destination; the exit node knows the destination but not your IP; no single node knows both. This architecture means traffic correlation requires simultaneously observing the guard node and the exit node — a global passive adversary attack that is difficult but not impossible in practice.
The exit node decrypts the final layer and connects to the destination website. If the website uses HTTPS, the content is still encrypted end-to-end; the exit node sees only the encrypted TLS traffic. If the site is HTTP-only, the exit node can see the content in plaintext — a meaningful risk on Tor where the exit node operator is unknown.
How a VPN Works
A VPN (Virtual Private Network) creates an encrypted tunnel from your device to a VPN server. All your traffic is encrypted between you and the server, then forwarded to the destination. Your ISP sees encrypted traffic to the VPN server and nothing else. Websites see the VPN server's IP address instead of yours. The VPN provider, however, sees everything — your real IP, the sites you visit, the timing and volume of traffic. The privacy guarantee is only as strong as the provider's trustworthiness and jurisdiction.
Threat Model Comparison
| Who You're Hiding From | Tor | VPN |
|---|---|---|
| Your ISP (traffic content) | Yes | Yes |
| Your ISP (sites visited) | Yes | Yes |
| Websites (your IP) | Yes | Yes |
| The VPN provider | Yes (no VPN used) | No — they see all traffic |
| Government subpoena to provider | Yes (no provider to subpoena) | Depends on no-log policy |
| Global traffic correlation | Difficult but not impossible | No protection |
| Network-level censorship | Partial (Tor bridges help) | Yes, effectively |
Speed and Usability
Tor is significantly slower than a VPN — traffic takes three hops through volunteer relays, latency is typically 200–500ms+, and bandwidth is limited by the slowest relay. Streaming video or large downloads over Tor are impractical. Tor Browser isolates each tab and clears state on close — logging into accounts that can identify you defeats anonymity.
VPNs add 10–50ms latency depending on server distance and protocol (WireGuard is fastest; OpenVPN adds more overhead). Most streaming, gaming, and browsing activities work normally over a good VPN. A VPN lets you use any browser and any app — it operates at the OS network level.
What Each Is Actually Used For
Tor is appropriate when:
- You need strong anonymity — journalists communicating with sources, whistleblowers, activists in restrictive regimes.
- You cannot trust any single intermediary (VPN provider, ISP, cloud provider).
- You're accessing .onion hidden services.
A VPN is appropriate when:
- You want to hide browsing from your ISP and prevent ISP-level data selling.
- You need a different geographic IP for accessing geo-restricted content.
- You're on a public Wi-Fi network and want traffic encryption.
- You need a consistent fast connection — gaming, streaming, large transfers.
What Neither Protects Against
Both Tor and VPNs fail to protect against:
- Account-based tracking: If you log into Google or Facebook, those services know who you are regardless of your IP.
- Browser fingerprinting: Your browser's unique combination of fonts, plugins, screen size, and settings can identify you even without an IP address.
- Malware on your device: Either tool protects network-layer traffic only. Malware can exfiltrate data regardless of what network it's on.
- Metadata at endpoints: Who sent what email at what time, regardless of transport encryption.
Frequently Asked Questions
Does using a VPN make you anonymous?
No — pseudonymous. Websites see the VPN server's IP, not yours, and your ISP sees encrypted traffic to the VPN server. But the VPN provider sees everything and knows your real IP. If you log into identifying accounts, you're identified regardless. True anonymity requires Tor's multi-hop architecture where no single party sees both your identity and your destination.
Can I use Tor and a VPN together?
Yes, but it rarely improves security for most threat models and adds latency and complexity. Tor-over-VPN hides Tor use from your ISP; VPN-over-Tor hides Tor use from the destination but the VPN provider knows you used Tor. For most users, Tor alone provides stronger anonymity than combining them.