This might just be the most sure-fire way to anonymize your internet connection. While a VPN is an excellent tool for security, it’s not necessarily the most private. Tor (The onion router) is ideal for privacy but falls a little short on security for the first hop. Does combining the two provide better protection? What is onion over VPN?
Onion over VPN (or Tor over VPN) is a combination of technologies used to protect and anonymize internet traffic. A user first connects to a trusted VPN service which then passes through The Onion Router (Tor) network. Directing the user’s connection through 4 or more systems hides its origination.
Is using Tor and a personally-owned or privacy-respecting VPN service overkill? First, you need to understand a middle-ground technique.
Table of Contents
A double VPN is an internet traffic security technique. Data is encrypted twice on a user’s smartphone or computer. The traffic is sent to a VPN server where the first layer is decrypted. The protected data passes to an exit server where the second layer is removed before forwarding to a destination.
Ok, but what are the advantages?
- Safety. When selecting a VPN, consider a service provider that offers a double VPN feature. This option is also be referred to as double-hop or multi-hop VPN and is not standard among VPN services. Mullvad, ProtonVPN, and NordVPN include double VPN to subscribers. A double VPN configuration can be accomplished for tech-savvy users by combining two disparate VPN services, though the resulting connection will be slower.
- Speed. When using a double-hop VPN connection from a single virtual private network company, the connection speed is roughly the same as a standard, single-hop connection.
- Privacy. Both a standard VPN connection and the multi-hop provide comparable privacy when offered by the same company. A double VPN provides better privacy protection when you use: your own VPN server + a commercial VPN company, OR two different VPN companies. Typically, you’re safe as long as you’re choosing service providers with a no-log policy. This directive means all data, metadata, and connection information passing through a company’s servers are never be recorded or stored.
So why use a double VPN if there’s only a minor gain in privacy, a slight reduction in performance, and only marginally more safe?
What is onion over VPN?
To step up from double VPN, we can use Tor which builds on the same concept of layering encryption around your internet data.
Definition Break: What is Tor?
Tor or The Onion Router is a free VPN software that connects to volunteer-operated VPN servers. A user’s internet traffic is wrapped in 3 layers of encryption, with each layer only revealing where next to send the traffic. VPN nodes are chosen at random and can change over time, anonymizing the origin.
Linus over on the Techquickie channel does an excellent job in this video (3m7s@2x) explaining Tor.
As Linus mentioned in the video, we can combine Tor with a standard VPN to achieve an Onion over VPN or Tor over VPN connection.
How to connect to onion over VPN?
Many VPN providers offer the ability to connect to onion over VPN. Users can create a Tor over VPN connection using the Tor browser or Brave’s Tor window while connected to a trusted VPN server. The reverse connection, VPN over Onion or VPN over Tor, is done using a VPN from within a Whonix or Tails.
Via VPN Service
Using onion over VPN is easiest when your VPN service provider offers the option within your subscription.
Activating Tor over VPN is usually a button click or toggle switch away. The VPN program will perform everything in the background. The data packets making up your internet traffic will route through the VPN’s private servers, the Tor network, and reach the destination.
The free tier of ProtonVPN provides users Tor over VPN. This company is excellent and aligns its business practices with its values of internet privacy. Other companies like NordVPN and AirVPN also offer this functionality.
Onion over VPN is slow. When offered as a VPN service feature, it’s slightly more performant than when users create the connection themselves in a browser or through their own operating system.
Via Browser + Trusted VPN
- Connect to your VPN server or service provider.
- Launch a specialized web browser with built-in Tor functionality.
- The official Tor browser is recommended.
- The Brave browser on the desktop includes a Private Window with Tor option.
Here’s a quick how-to video showing how I use a combination of Mullvad and the Tor browser.
Via A Tor-Based Operating System + Trusted VPN
There are two great Tor-based operating systems, Tails and Whonix.
I’ve seen it documented, so I created this section specifically to advise against using a standard VPN from within an operating system based on Tor.
Is onion over VPN safe?
Onion over VPN is safe. By routing a user’s internet traffic first through a trusted VPN, then through several random, anonymous servers, origination is hidden. As with Tor alone, users must remember to remain anonymous, safely staying away from tasks that include personally identifiable information.
Benefits of Onion over VPN:
- First hop protection Since anyone can run a Tor node, placing a trusted VPN server in front of the chain mixes the source of your traffic with other users. The Tor entry server does not know the true origin of the traffic.
- VPN exit hiding Similarly, the VPN service provider does not know the final destination of your traffic on the internet. A good VPN company should not be logging traffic, but adding a random Tor entry ensures they are freed from this liability.
- Access Tor When Tor is blocked by your school, work, internet service provider, or government, using Onion over VPN can be used to get around filtering restrictions.
The most significant disadvantage to Onion over VPN and The Tor network itself is the slow connection speed that results.
Does Tor slow down internet?
Tor does slow down the internet connection for devices connected through the network. Volunteer Tor servers vary in internet bandwidth and computer hardware quality. Onion over VPN, with the first hop through a trusted VPN server, further reduces performance—users trade speed for privacy.
Is VPN or Tor better?
Tor is better than VPN when more anonymity is desired. VPN is better than Tor when connection speed and securing traffic from public WiFi or internet service providers is more important. Users should consider the expected threat and match it using the onion router network, a VPN, or both.
With the combination of the two, Onion over VPN does not add a meaningful amount of privacy or security for the average user. You may find that Tor over VPN is overkill. But in that case, how do you choose whether or when to use a standard VPN or Tor?
The Hated One on YouTube has this comparison video (6m15s@2x) to help you decide.