VPN vs Tor vs dVPN - What are the real differences?
In this article we will break down the fundamental differences between three different types of technologies that protect your privacy online.
Not a reader? Check out this video where one of our contributors sums up the ways in which the technical architecture of VPN, Tor and dVPNs differ.
What is Tor, and how is it different to a distributed VPN (dVPN)?
The internet was not built to be private and secure by default. Its flexible protocols allow people to build unique software and applications, but these still need to be protected. In this VPN vs Tor comparison, we will look at the various ways the technologies are similar and different.
Tor is a project designed to protect users since 2002. It’s an open-source browser which enables anonymous communication online. It was first developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson, who originally called it The Onion Routing (Tor) project, due to its “layers” of encryption.
Tor browser and VPNs are similar in their aims but not in their technological approach. While both will hide your identity and ensure your browsing activity is kept private and encrypted, there are certain advantages and disadvantages to each. That’s why using the two systems together is your safest bet for securing your digital privacy.
How Tor works
Tor utilises a system that was originally developed by the US Navy to protect intelligence communications. It “bundles” your data into smaller, encrypted packets before it begins routing these through its vast network of nodes, which can be run by anyone. The chosen path is randomised and predetermined, and your traffic will pass through a minimum of three relay nodes before it reaches a final exit node.
Each time your traffic passes through a relay node, a “layer” of encryption is removed, revealing which relay node the traffic should be sent to next. Each relay node will only be able to decrypt enough data to identify the location of the next relay, and the one before it who passed on the traffic.
Exit nodes, however, remove the last layer of encryption. It can’t see your location or IP address, but it is possible for an exit node to see your activity if you visit an unsecure website (one that is not HTTPS).
How does a VPN work?
A regular VPN seems much simpler, because there is a third party involved. Your VPN provider will encrypt all of your data and browsing activity, directing all your traffic to a remote server owned or hired by them. You can usually choose from a list of servers located across the world, so you’re able to unlock your content based on where the website is based.
A decentralized VPN mimics the architecture of Tor more closely. As a peer to peer system, you plug into a global network of nodes run by people voluntarily. However, all nodes are paid for providing the VPN service and keeping the network powered. In the case of Mysterium Network, you can select your connection from a list of nodes (as most of them provide residential IP addresses) from around the world. Traffic is encrypted and directed through the network, and you pay the node for the minutes you are connected and the traffic you’re sending through them. Mysterium has built its own micropayments system specifically to accommodate these fast, frequent and small P2P transactions.
Let’s now dive into VPN vs Tor vs dVPN so you can see how they compare.
How does a VPN work?
A global collection of nodes (usually run in people homes) power a VPN network by sharing their bandwidth P2P in exchange for cryptocurrency.
Users can easily become a node and also download the VPN app to select from a global menu of node IDs
The main goal of Tor is privacy and anonymity. It’s a browser which anonymizes your web browsing by sending your traffic through various nodes, which can be hosted by anyone. Your traffic cannot be traced as each node encrypts traffic and hides the source IP.
Not a network, but more a global centralised VPN service which uses dedicated data center servers around the world in hundreds of different locations. Such VPN companies provide, centralized VPNs also allow P2P traffic on certain servers and can additionally provide Dedicated IP address, Double VPN, Onion Over VPN and connection to the Tor anonymity network.
How are nodes incentivised or rewarded?
Monthly bounties which reward nodes in cryptocurrency. Only a crypto wallet on Ethereum blockchain is required.
P2P payment network
Nodes set their own price based on supply and demand. This unique micropayments system utilises cryptocurrency payments, so nodes can sell their bandwidth in small intervals, ensuring security and convenience.
Tor doesn’t have node incentivisation. All nodes are operated by volunteers.
This lack of incentivisation for nodes in the network has meant it remains relatively small (after 10+ years of development, it still only has 6500 exit nodes).
Nodes are not incentivized in centralized VPNs as these businesses own the infrastructure and charge end users for the service.
Anyone can run a node using their laptop, or even mini computers such as a Raspberry Pi. In future, even mobile devices are planned to be supported to run node). Link a node to their Ethereum wallet address via an easy to use dashboard, and track earnings at My.Mysterium.Network.
Anyone can create and run a Tor node. However, there are various technical requirements and it’s recommended that you do not run a relay (non-exit) node from a consumer-level route, as it may overwhelm it.
VPN companies manage their own servers/exit nodes, so all setup and maintenance is done by company’s employees.
By paying for the service, users get access to the VPN service, but do not help power it.
Node onboarding costs & fees
While on testnet, Mysterium VPN is currently free to use.
Once live, users will pay in cryptocurrency for only the bandwidth they consume on a pay-per-use model.
Nodes earn cryptocurrency directly from users of this VPN service. They will pay a small fee to their “accountant” for validation of their payments, similar to paying miners for processing your transactions in a blockchain network.
Tor is free to use.
Monthly subscription model, rather than a pay-as-you-go structure. Sometimes users are even motivated to pay for a 3 year subscription in advance.
Mysterium is a fast and scalable security layer to reinvent privacy via VPN. It’s built so that different protocols can be plugged into the node network.
Mysterium is also working on a traffic slicing solution which could send traffic to different services via different nodes.
Thanks to Wireguard and OpenVPN protocols, user’s traffic is encrypted, so even ISPs can’t see what is in there.
While Tor has better privacy/anonymity properties and is great at hiding your browsing activity, your ISP can still see that you’re connected to Tor. This could lead to surveillance, as US government agencies (FBI/NSA) are constantly trying to crack Tor and discover its users activity.
The owner of the entry node will be able to see your real IP address. After this node hides your address, the rest of the nodes will no longer know who you are. The last node will see what you’re looking at, but not your identity.
This presents some risks when using the network, but in terms of privacy, it is the best available option at the moment.
Traditional VPN services route all users’ internet traffic through a remote server, hiding IP addresses and encrypting all incoming and outgoing data. For encryption, they use the OpenVPN and Internet Key Exchange v2/IPsec technologies in their applications.
One company admits their servers were hacked due to an expired internal private key being exposed, potentially allowing anyone to spin out their own servers imitating their own.
Additionally, a VPN exit node knows both a user’s IP and destination addresses. If that destination is not encrypted (e.g. not using HTTPS), they can see the content you’re accessing.
No centralised logs! The distributed architecture of Mysterium Network removes any technical possibility for collecting or storing logs centrally.
Some hypothesize that a number of nodes are run by malicious actors (eg. the NSA) who could potentially control enough nodes to effectively track users’ activity. The network itself is unable to store logs, however a Tor entry and exit node may be able to see your traffic or IP address, but actually piecing the information together to identify you would require a lot of effort.
In theory, a centralized VPN *could* keep logs of a user’s activity, but many state they are committed to a zero-logs policy. However, nobody can be really sure that they’re not cooperating with governments or not selling user’s browsing data to 3rd parties.
Mysterium allows users to select whitelisted traffic only, designed to protect nodes. However nodes can choose to accept any kind of traffic and increase their earning potential. They’ll soon identify and block bad actors from the network through the use of registered identities and reputation system.
We are currently in R&D for a traffic slicing solution which will allow node runners to preselect the type of traffic they are willing to run through their node – i.e. social media, blogging, streaming, etc. while the remaining traffic could be sent forward into Tor or rejected.
Running a node can be risky, as you can potentially receive a lot of shady outbound traffic as an exit node. Being an exit node comes with the highest legal exposure and risk, so you should not run a node from your home. Your ISP may disconnect your service and you may receive some letters from various authorities.
Nodes are protected as the centralized VPN assumes all security and legal risks.
Ease of Use
VPN is simple to use via desktop or mobile application.
New nodes can get set up in just 5 minutes and 5 steps via a simple, user-friendly dashboard. There is a knowledgebase and support team on hand to help.
Users will need to have some basic understanding of cryptocurrency and must have an Ethereum wallet set up (or have a crypto exchange account) to receive payments.
Learn more about our network and development.
Anyone can download and install Tor browser to connect to the internet (similar to any other browser).
However, browsing is slow (as all your traffic has to pass through numerous nodes first). Its practical usability suffers (e.g. not being able to unblock media content) but this drawback is the exchange for better anonymity.
For nodes, a Tor relay must be able to host a minimum of 100 GByte of outbound traffic (and the same amount of incoming traffic) per month.
Some VPNs have smart algorithms which automatically select the best server for you based on location, loads, or your special requirements.
Centralised VPN apps are also easier to use, allow convenient payment methods (eg. via credit card) and have 24/7 user support.
As with most P2P infrastructure, the more participants which join the network, the stronger and more robust it becomes.
Mysterium’s micropayments system is a homegrown Layer 2 solution. It was built to handle large volumes of users and transactions, making the network fast and more scalable.
Tor is currently used by a couple million of users. Due to its distributed nature, the network can (in theory) grow larger. However it would require a much higher number of nodes. Unfortunately, despite its millions of users, Tor has not had huge growth in nodes due to its being a free service run by volunteers. Without incentivisation for nodes, it can only grow so fast.
Depends on high bandwidth throughput and fast connection speeds to provide an optimal service for their users. Often use multiple tunneling protocols to ensure their network can scale and can adapt to various needs.
Android, Mac, Windows, Linux.
Tor for android, Windows, Mac, Linux and as a separate tab in Brave browser.
Android, Windows, Mac, iOS, Chrome/Firefox extension, Linux.
Yes – open source pioneer.
No – centralized VPNs are proprietary and closed source.You can only imagine what they do with your collected data stored in their servers.
Yes, but it doesn’t use blockchain for payments.
Testnet live – 900 residential nodes, with more than 500 live at any given point.
Approx. 6500 exit nodes.
Depends on size of VPN provider, but biggest can provide over 5200 servers in 59 countries.
So, Tor or VPN - why not both?
Tor and VPNs are complementary privacy solutions, so they can work together to enhance your security and anonymity even more.
There are two methods for merging Tor with VPN:
VPN over Tor: connect to the Tor browser, then activate your VPN. This is a more complex method as it requires some manual configuration. As your VPN’s server acts as the final exit node, Tor’s own exit nodes will not be able to peel back the final layer of encryption to reveal your activity. While your ISP can tell that you’re using Tor, it would be able to trace your activity and keeps your IP address hidden from your VPN service.
Tor over VPN: Connect to your VPN, then open your Tor browser. Your VPN will encrypt all of your traffic before it enters the Tor network, and also hides your IP address. It also hides the fact you’re using Tor from your ISP. However, if your VPN provider chooses to keep logs, it can see that you’re using Tor. This is why it’s best that you use a decentralised VPN, which cannot keep user logs.
Both Mysterium and Tor can be pieced together to ensure full privacy coverage. One of Mysterium’s most considered features is to extend our whitelisting in such a way so that your traffic would only exit via a Mysterium node’s IP, while the rest of the traffic would be forwarded throughout the Tor network. In this way, Mysterium users will get to un-geoblock content, and our node runners will not risk unwanted content going through their node.
The Bigger Picture
Mysterium and Tor Network are both grassroots, open source technologies who have managed to grow large community-driven technologies without any corporate backing or support. However, we have one point of difference; while regular VPNs offer to protect their users (for a price), we believe the fight against surveillance, censorship and cybercrime is a shared one. Regular VPNs do nothing to address the infrastructural flaws of the internet, instead they apply a quick fix solution. We want to rebuild the internet itself, creating people-powered networks that are immune to corporate or government control.
Tor helped kickstart this grassroots anonymity revolution and now we’re taking it even further. Our trustless, P2P payment network (currently on testnet) will be the first of its kind. It allows users of our global, distributed VPN to pay each other in short and frequent intervals, whenever they “rent” a VPN service from each other. We believe this is the missing link for current privacy solutions – mutual incentivisation, and the goal of restoring the internet to its former glory.