Tor vs VPN: Which Gives You More Privacy?
Tor and VPNs both mask your IP, but they operate on different trust models. This comparison breaks down which tool fits which threat — and when to use both.
Tor and VPNs both route your internet traffic through intermediary servers — but they operate on different threat models and make fundamentally different trust assumptions. A VPN asks you to trust one company with all your traffic. Tor distributes that trust across three volunteer relays, none of which has the full picture. Neither is universally better. The right choice depends entirely on what you're trying to protect against.
What Each Tool Does
VPN (Virtual Private Network): All traffic from your device travels to a single VPN server, which forwards it to the destination. Your ISP sees an encrypted connection to the VPN server. The destination sees the VPN server's IP. The VPN provider sees everything — your real IP, the destination, and (if unencrypted) the content.
Tor: Your Tor Browser traffic travels through three relays before reaching the destination. Your ISP sees an encrypted connection to Tor's entry guard. The destination sees the exit relay's IP. No single relay has both your IP and the destination.
The core difference: a VPN concentrates trust. Tor distributes it.
Threat Model Comparison
| Threat | Tor | VPN |
|---|---|---|
| ISP seeing browsing content | Protected | Protected |
| ISP knowing destination sites | Protected | Protected |
| ISP knowing you use the tool | Visible (by default) | Hidden |
| Website seeing your real IP | Protected | Protected |
| Provider logging your traffic | Not applicable | Risk |
| Global traffic correlation | Partial protection | No protection |
| Access to .onion hidden services | Yes | No |
| Protecting non-browser traffic | No | Yes |
A few rows deserve explanation.
ISP seeing you use the tool: Your ISP can see that you're connecting to Tor's entry guard by default. That's observable. With a VPN, your ISP sees only an encrypted connection to the VPN server — the VPN usage is harder to detect. If hiding Tor from your ISP matters, use bridges or connect through a VPN first (see Tor over VPN).
Provider logging: A VPN that logs traffic can be subpoenaed or hacked. Mullvad VPN and ProtonVPN have both been audited by independent firms (Cure53 and SEC Consult respectively) to verify no-logs policies. Audits don't eliminate risk, but they reduce it. Tor has no single provider — the three relays are operated by independent volunteers and organizations globally.
Global traffic correlation: Neither tool fully protects against an adversary capable of monitoring large volumes of internet traffic simultaneously. Tor's multi-relay design makes this harder; a VPN provides no protection against it at all.
Speed and Usability
VPN: near-native speeds. Most users notice minimal latency on good connections. Suitable for streaming, video calls, large downloads.
Tor: significant latency by design. Three relays, volunteer bandwidth, encryption overhead. Typical Tor circuits run at speeds between 1–10 Mbps — adequate for text-based browsing and moderate downloads, unsuitable for HD streaming or large file transfers. The Tor Project explicitly advises against using Tor for BitTorrent.
If speed is critical to your use case, a VPN is the practical choice. If anonymity is more important than speed, Tor is the better option.
Trust Model
A VPN works only if the provider does what it claims. Many publish no-logs policies. Fewer have them independently audited. Almost none have had their claims tested by a state-level compelled disclosure that they successfully resisted — because in most cases, disclosed logs would be the result.
Tor's trust model doesn't require trusting any single operator. Even if one relay — including the entry guard — is compromised or operated by a malicious party, the circuit still holds: that relay can't see both your IP and your destination simultaneously. The protocol is designed to remain secure even when some fraction of the relay network is adversarial.
That said, Tor is not unconditional protection. If the same entity controls your entry guard and exit relay, traffic correlation becomes possible. Tor guards against this with circuit selection algorithms, but it's worth understanding the model.
When to Use Each
Use Tor when:
- You need to access .onion hidden services
- Maximum anonymity is the priority and speed is secondary
- You can't or don't want to trust any single third party
- Your threat model includes the risks of the dark web or adversarial surveillance
Use a VPN when:
- You need full-device traffic protection (not just browser)
- Speed matters: streaming, video conferencing, large downloads
- You need to appear in a specific country for geo-restricted content
- Your threat model is mainly ISP snooping or basic IP masking
Use both (Tor over VPN) when:
- Your ISP or country flags or blocks Tor usage
- You want to hide Tor usage from your ISP, and you trust the VPN provider more than you trust your ISP's discretion
See Tor over VPN for a full explanation of the traffic path and tradeoffs of combining both.
For context on what PGP encryption and other tools add on top of network-level protection, see the privacy cluster.
Frequently Asked Questions
Is Tor better than a VPN for privacy?
For anonymity specifically — yes, in most threat models. Tor distributes trust, eliminates a single logging point, and provides access to .onion services. But "better" depends on what you're protecting against. For basic IP masking and speed, a VPN is more practical.
Should I use a VPN before Tor?
Only if you have a specific reason to hide Tor usage from your ISP. Adding a VPN introduces a new point of trust. If your ISP doesn't actively monitor or flag Tor connections — which applies to most users in Western countries — the VPN adds overhead without meaningful benefit. In high-surveillance environments, the calculation is different.
Can police track you through a VPN?
If the VPN provider logs traffic and cooperates with law enforcement, yes. Jurisdiction and logging policy both matter. A VPN with a genuine no-logs policy, verified by audit, in a privacy-friendly jurisdiction, provides meaningful protection against routine law enforcement requests. It does not protect against targeted investigation with court orders and cooperation from the VPN provider.
Does Tor hide my IP address?
From the destination site, yes — the destination sees the exit relay's IP, not yours. From your ISP, your IP is known (they can see you connecting to the entry guard), but your destination and traffic content are hidden. Tor does not make you invisible at the network layer; it separates the knowledge of who you are from the knowledge of where you're going.