1. Home
  2. VPN / Privacy
  3. Vulnerable using tor
We are reader supported and may earn a commission when you buy through links on our site. Read Disclosure

Am I Vulnerable When Using Tor?

TOR is practically synonymous with anonymity, but there are still security risks you must consider when using The Onion Router. Today, we’ll cover these in depth, plus show you how to use a VPN with TOR to vastly improve your privacy and safety online.

Why Trust AddictiveTips
Our expert team has rated and compared 30+ VPNs over a decade. As technology advances, we update our rigorous testing and scoring methodologies to match it and stay relevant.

Alongside VPNs, TOR is probably the most instantly recognizable and most commonly used online security and privacy tool around at the moment. In recent years, the number of TOR users has grown considerably, and it is telling that an increasing number of these users are regular people rather than tech experts. This is because awareness of the risks of going online is growing, and TOR is recognized as one of best tools to counter these threats.

Boost your anonymity on TOR with these highly secure VPNs:

  1. NordVPNBest for TOR – NordVPN is one of the few providers with specialty servers geared specifically for TOR. Surf in total anonymity with military-grade encryption and the world’s best logging policy.
  2. Surfshark – Obfuscation on every server, sophisticated tunneling, great privacy policy.
  3. ExpressVPN – Blazing fast speeds, dynamic rotating IPs, split tunneling, leak protection.

But just how secure is TOR? In recent times, there have been one or two stories that have suggested that using TOR might not be quite as secure as is sometimes made out. How accurate are these stories and are there any steps that TOR users should be taking to ensure their online privacy and security is maintained? In this article, we will tell you just how vulnerable you are when using TOR and make some suggestions of how to address these risks.

68% OFF + 3 Month FREE

What are the risks of using TOR?

While online anonymity should be possible with TOR, like all software, it has encountered a few problems over the years. These have led some to question just how secure the TOR network actually is. And it is not a simple question to answer. But there are a few key areas of TOR security where there is genuine cause for concern.

Software vulnerabilities

The first thing to remember is that the TOR browser is just a piece of free software and like all software, it is going to contain some vulnerabilities. As the TOR developers identify these, they are patched through regular updates. That means that if you are not updating your TOR browser regularly, you are likely to be leaving it with known vulnerabilities which hackers could exploit.

Often these vulnerabilities are minor issues which carry minimal risks. But, there have been some bigger ones which are more concerning for users. The latest of these was last year when security researchers identified a critical vulnerability in the TOR browser. This vulnerability directly affected the way TOR anonymises it users and meant there was a significant risk that TOR could leak the real IP Address of users. This particular vulnerability affected users of Macs and Linux devices, but not Windows users. Details of the vulnerability were not released, and TOR developers have since patched it. But the discovery showed that the TOR browser is not a perfectly secure bit of software and may contain other, as yet unidentified vulnerabilities which hackers could already be exploiting.

Encryption weaknesses

There are also potential vulnerabilities in the way TOR encrypts the data of users, which could potentially make this vulnerable. Firstly, TOR doesn’t encrypt usernames and passwords to every server involved in the relaying of your data. That means that some computers acting as relays in the network could be able to access your personal information. TOR also does not apply end-to-end encryption for users. This means that if you are visiting a website which is not encrypted by HTTPS, any data being sent is not encrypted when it travels between the final TOR relay and the site itself.

Law enforcement access

The other big question made over TOR is based more on rumour and supposition than cold hard facts, but is still worth mentioning nonetheless. It relates to a number of high profile criminal investigations into illegal activity on the Dark Web. The dark web is part of the internet not indexed by search engines and which makes use of TOR to protect its users who are frequently involved in illegal activities. Dark Net activities should be almost impossible for law enforcement authorities to break, but there have been a number of high profile cases such as the FBI shutting down the infamous Silk Road Dark Web marketplace and Operation Onymous, which saw Europol seize a number of Dark Web domains. Questions about whether law enforcement has exploited vulnerabilities in the TOR network to crack these cases are always asked, but never really adequately answered.

How to keep yourself safe when using TOR

For all of these concerns, TOR still remains an excellent bet for helping to keep you anonymous online. But it is not the perfect solution that some users probably thought it was. For that reason, it is a good idea to consider using TOR alongside another online security and privacy device which can help to address some of the potential vulnerabilities in the TOR network. We are therefore recommending that users consider using a VPN alongside TOR.

There are a number of different reasons for this. Firstly, a reliable VPN will employ end-to-end encryption which means that you can be sure that your online data is always encrypted. Using a VPN will also mean that for most of the time, your data will be double-encrypted using different protocols. This is because most VPNs use the OpenVPN protocol as standard which is different from that employed by TOR. This is an extra level of security that some users will appreciate.

Many of the best VPNs to use with Tor are located offshore and this means that they can bring a level of security and privacy that might not be possible elsewhere. The best VPNs will keep absolutely no user logs and with their high levels of encryption, the likelihood of hackers or law enforcement agents being able to access your data is minute.

RELATED READING: 5, 9, and 14 Eyes Surveillance Groups

TOR users need a VPN

So, if you want to use a VPN alongside TOR to address some of its vulnerabilities, the next question is which VPN should you use? There are literally hundreds of different providers out there all claiming to be the best on the market. To narrow down the field, we used the following criteria for our recommendations:

  • Fast and large server networks – TOR is infamously slow, so make sure your VPN doesn’t slow your connections down to a crawl. The best providers have powerful, robust networks that reduce overhead and offer nearby nodes to connect to for faster speeds.
  • Encryption strength and security – To double down on the built-in TOR encryption, the ideal VPN needs the strongest possible encryption too.
  • Effectiveness of privacy policies – People use TOR for privacy and they will expect the same from a VPN, so any provider must have the strongest possible privacy protections, namely zero logging policies.
  • No restrictions on bandwidth – While you won’t likely be doing bandwidth-intensive activities on TOR like downloading or streaming 4k movies, you still won’t want your VPN to cut you off because of bandwidth restrictions. Shoot for a provider that allows unlimited usage of their network.

There are some other factors you might want to bear in mind, such as the number of simultaneous connections a VPN provider permits if you are using TOR on more than one device and any extra security features that might be available. But for most TOR users, these five criteria are the ones that really matter. So, based on those, which VPN providers rise to the top of the pile?

1. NordVPN

NordVPN - Editors choice

Once upon a time, NordVPN had a reputation for being a bit slow and we would almost certainly not have suggested using them alongside the TOR network. But times have changed and their recent investments in upgrading much of their infrastructure to super-fast servers means their speeds are now among the most responsive in the industry.

With 5,400 servers available in 59 countries globally, NordVPN users are absolutely spoiled for choice in optimizing their VPN connections. There is no compromise needed on security either, with 256-bit encryption used as standard on all OpenVPN connections. NordVPN also offers some special additional security features too, including a Double VPN server option, which reroutes your internet data via two servers for extra protection and Onion over VPN servers, which automatically pushes your traffic through the TOR Network as well as a VPN for additional security meaning you don’t even have to use the TOR browser if you don’t want to. There are no restrictions on bandwidth either, which means NordVPN is another ideal VPN for TOR users.

Read our full NordVPN review.

Pros
  • SPECIAL OFFER: 2-yr plan (70% off - link below)
  • Over 5,400 servers in 61 countries
  • 256-bit AES encryption with perfect forward secrecy
  • Extra-secure Double VPN for data encryption
  • Live Chat Support.
Cons
  • Not much
  • Can't specify City or Province in App.
BEST FOR TOR: NordVPN’s fast speeds and powerful privacy provisions are ideal for use with TOR. Get a huge 70% discount on the 3-year plan ($3.49/mo), backed by a hassle-free 30-day money-back guarantee.

2. Surfshark

Surfshark VPN

Surfshark is an unusual VPN for many reasons, but it can be summed up by the fact that they seem to have a central philosophy: offer more, cost less. Looking at monthly fees, this provider is solidly a “budget” pick, but it goes toe to toe with industry giants for critical tasks like securing your identity on TOR.

Consider their core offering: 256-AES-GCM encryption, plus tunneling via OpenVPN, IKEv2/IPSec, WireGuard and Shadowsocks. These are the most modern protocols commercially available, and on their own are enough to greatly boost your privacy on TOR. Add to that automatic obfuscation, leak protection (IP, DNS, and WebRTC), plus the CleanWeb module which intercepts and blocks adware, trackers, and known malware links before they have a chance to load.

And you don’t even have to compromise on performance; Surfshark’s RAM-only network spans 800+ servers in 50 countries, ensuring you always have a stable connection nearby.

Pros
  • Unblock 15 international Netflix libraries, including the US and Japan
  • Diskless server network ensures you leave no trace behind
  • Bitcoin, Etherium, and other cryptocurrencies accepted as payment
  • Favorable BVI jurisdiction guarantees no logs kept
  • Refund requests are simple and fast–no waiting or hassle.
Cons
  • Connection speeds won't impress users of other high-end VPNs
  • Power users may wish for more settings to fiddle with.

Read our full Surfshark review.

BEST BUDGET OPTION: Surfshark is an affordable way to stay safe on TOR. Get 83% off a two-year plan + 3 months FREE for just $2.21 per month.

3. ExpressVPN

ExpressVPN

ExpressVPN is the perfect companion for users of the TOR browser. As its name suggests, ExpressVPN specialises in super-fast connection speeds which should help to minimise the slowdown that can be caused when using a VPN and TOR together. Just as importantly, ExpressVPN’s speeds are also consistent and reliable and are available across their entire network of servers. This currently numbers more than 3,000 servers in 94 countries around the world, which is among the biggest of all the major VPN providers.

ExpressVPN offers industry-standard 256-bit AES encryption, along with a trustworthy no activity- or connection-log policy. As they are based in the British Virgin Islands, they are at liberty to offer cast-iron privacy guarantees free from government overreach. They have no bandwidth restrictions either meaning you can use ExpressVPN 24/7 if you so wish.

Read our full ExpressVPN review.

Pros
  • SPECIAL OFFER: 3 months free (49% off - link below)
  • Fastest servers we have tested
  • Torrenting/P2P allowed
  • Keeps no logs of personal data
  • Customer Service (24/7 Chat).
Cons
  • Priced slightly higher.
GREAT ALL-ROUNDER: Get 3 months free and save 49% on the annual plan. 30-day money back guarantee included.

How do VPNs work?

If you are not already familiar with VPNs, they work differently to the TOR network. Once you sign up for a VPN, your provider will allow you to download software which allows you to access their own network of servers. Every VPN provider operates a network of secure servers located in different cities around the world. When a VPN user connects to one of these servers (a process which can usually be done with just a single click of the mouse) all of your online data is redirected down an encrypted tunnel and via your chosen server before heading on to the website or service you are trying to visit.

Everything that happens between your device and the VPN server is encrypted and after that point, all your data is tagged with a different IP address making it almost impossible to trace it back to you. This helps to make VPN users anonymous online and while it is not as private as TOR, which bounces your data around several servers, it is much faster and therefore user-friendly.

If you want to use a VPN to evade online censorship or access geo-restricted websites, all you have to do is connect to a server in a different country where these restrictions are not in place. Because your ISP and the websites you visit can only see the location of the server and are unable to see where you are actually located, they should let you access their service as usual if the server is in the right place. The TOR network doesn’t offer this facility, nor is it able to support online streaming or downloading, which most VPNs can manage fine as well.

How to install and use your VPN

The installation process for a VPN will differ slightly depending on which provider you choose to subscribe to, but broadly speaking, they all follow the same pattern. It is not a complicated process, but there are a few different steps you have to complete before you are up and running. So, while you should always check with your provider and follow their specific instructions, here is a short guide to the general installation process for a VPN, which will certainly work with both of the providers we have recommended in this article for TOR users:

  1. Select a VPN provider and visit their website. We suggest you pick one of the two from our recommended VPN list above and then just click on the link to visit their site.
  2. On the website, select a subscription package and then follow the onscreen instructions to sign up for their service. Don’t worry, most VPNs will cost you no more than a few dollars a month.
  3. When you have subscribed, you then need to download and install the VPN software onto your device. Most providers, including those we have recommended here, offer dedicated apps for Windows and Mac computers as well as Android and iOS devices. Apps for some other devices are available too. Choose the right software for your device and then follow the on-screen instructions to download it onto your device.
  4. Once the app has installed, open it and when asked, enter the login details you were given when you completed step 2 of this process.

This will open your app and you are then ready to connect to your VPN. With most VPNs, including both ExpressVPN and NordVPN, you will be able to connect to their network with a single click. Alternatively, you can select which of their servers you want to connect to, or otherwise customize their service to suit your needs using the settings and options available.

What is TOR?

TOR is a piece of free software that helps internet users maintain privacy when going online. The acronym TOR stands for ‘The Onion Router’. The word ‘onion’ might sound a little strange here, but as you will see, it is a fitting simile for how TOR works. When you download TOR, what you are actually downloading is an internet browser like Google Chrome or Microsoft Edge. But whereas these browsers are constantly collecting data about your online habits, the TOR browser does the exact opposite. It directs all of your online activity through a secure channel which ensures that everything you browse for online is anonymous. It also stops your Internet Service Provider (ISP) from being able to see what you are doing online, meaning they cannot keep data about your internet habits and sell this to third parties.

It does this by sending all of your online data through its own network first. The TOR Network consists of a network of many hundreds of thousands of different servers located all over the world. Because your data is passed around this network before reaching its destination and each connection has no observable link to the previous one, it becomes almost impossible to trace your activity back to you. This process, therefore, makes you anonymous online. For privacy, TOR appears to be perfect, but there are a few drawbacks to it too. The TOR browser is not 100% secure itself and has been known to install malware onto user devices in the past. TOR also doesn’t secure your data as well as other online privacy and security tools like a VPN. And TOR can make internet connections extremely slow. We will address some of these concerns in a little more detail below.

How does TOR work?

As we have explained above, TOR operates like a network. This TOR Network is made up of a vast number of different servers, which are commonly referred to as nodes or relays. When you use the TOR browser, all the internet data you are using is encrypted and then sent through the TOR network before heading off to the site you are trying to use. The data is bounced between an unspecified number of different relays each time. This is where the term “onion” comes from because the TOR network is multilayered (like an onion).

Each relay is able to decrypt a single layer of the encrypted data you are sending before passing it on to the next relay. The final relay it reaches is the intended destination of your data (i.e. the website you are trying to visit). When your data passes through the TOR network, it becomes, in theory, almost impossible for anyone to try and follow it and so monitor your online activity. With TOR, perfect online anonymity should be possible.

How to install TOR

If you are not already a TOR user and want to try out the network for yourself, all you really need to do is download the TOR browser onto your chosen device. This is a fairly straightforward process, but to help you through it, we have put together this easy-to-follow step-by-step guide for you:

  1. Visit https://www.torproject.org/projects/torbrowser.html to download and save the TOR Browser. It is available for Windows, Mac OS, and GNU/Linux devices and in 16 different languages.
  2. When the file has downloaded, click Run to set up the Tor Browser
  3. Choose the destination folder you want the TOR files to be saved in. Ensure that there is at least 80 MB free disk space available.
  4. Now click Install and the TOR Browser will be downloaded. Follow the simple onscreen instructions and when you have finished, the TOR Browser should be installed and ready to use.

Conclusion

TOR is a popular online privacy tool and rightly so. It is a great and free service which offers a dependable privacy protection service. However, it is not a service which is without faults and there are a few vulnerabilities that users should be aware of. As we have highlighted in this article, these include software flaws, encryption limitations, and the suggestion that some law enforcement bodies may have compromised the TOR network more than they are letting on. This is why we are suggesting that if you really value your online privacy, it is sensible to use TOR alongside a VPN to really enhance both your online privacy and online security.

Are you a TOR user? Have you had personal experience of any of the vulnerabilities or issues with TOR we have highlighted in this article? Have you tried using a VPN alongside TOR to address these issues? How was your experience of doing that? Did you find the advice in this article helpful? We always welcome the thoughts and opinions of all our readers, so why not share them with us using the comment box below?

How to get a FREE VPN for 30 days

If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.