VPN vs Tor vs dVPN - What are the real differences?
The internet was not built to be private and secure by default. This means no matter what you do online, there’s always some new malware or cybercriminal trying to get to you.
In this VPN vs Tor vs dVPN comparison, you’ll learn just how good these security tools are when it comes to hiding your information and keeping you safe online.
Want to skip the read? Check out this video where we sum up the VPN, Tor browser and dVPN solutions.
What is TOR - is TOR a VPN?
Tor is a privacy project that launched in 2002. It’s an open-source and free browser that enables anonymous communication online. It was first developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson, who originally called it The Onion Router (Tor) project, due to its “layers” of encryption.
Tor browser and VPNs are similar in their aims but not in their technological approach. While both are great at hiding your identity and ensure your browsing activity is kept private and encrypted, there are certain advantages and disadvantages to each. That’s why using the two systems together is your safest bet for securing your digital privacy.
How Tor works
The Tor network utilises a system that was originally developed by the US Navy to protect intelligence communications. It “bundles” your data into smaller, encrypted packets before it begins routing these through its vast network of nodes, which can be run by anyone for free.
The chosen path is randomised and predetermined, and your traffic will pass through a minimum of three relay nodes before it reaches a final exit node.
Each time your traffic passes through a relay node, a “layer” of encryption is removed, revealing which relay node the traffic should be sent to next. Each relay node will only be able to decrypt enough data to identify the location of the next relay, and the one before it who passed on the traffic.
Exit nodes, however, remove the last layer of encryption. It can’t see your location or IP address, but it is possible for an exit node to see your activity if you visit an unsecure website (one that is not HTTPS).
How does a VPN work?
A regular VPN seems much simpler, because a company simplifies everything with a nice user interface and additional features. You can run an app in the background, or connect through a browser extension, while you access sites around the world.
Your VPN provider will keep you hidden and encrypt all of your data, directing all your traffic to a remote server owned or hired by them. You can usually choose from a list of servers located across the world, so you’re able to access the internet via a secure and private connection, and unblock your content based on where a website is located. However, your protection has its limits, and you won’t be completely anonymous.
What is a dVPN?
A decentralized VPN mimics the architecture of Tor more closely, but has the same ease of use as a VPN. As a peer to peer system, you plug into a global network of nodes run by people voluntarily. Unlike Tor network, all nodes are paid for providing the VPN service and keeping the network powered and safe.
One example of this in action is Mysterium Network. This dApp (decentralized application) allows people to select the connection from a list of available nodes (mostly providing residential IP addresses) from around the world. Traffic is encrypted and directed through the network, and users pay the provider for the minutes they are connected and the traffic they’re sending through those nodes.
But how do all these popular privacy tools really compare?
This breakdown explores the most important differences between VPN, Tor and dVPN, comparing new features, access, connecting speed, rewards and more.
For this comparison, we use Mysterium as an example of a dVPN, though there are other projects out there, each with their own technical approaches, solutions and advantages.
A global collection of nodes (usually run in people homes) power a VPN network by sharing their bandwidth P2P in exchange for cryptocurrency. Anyone can easily become a node and also download the VPN app to select from a global menu of node IDs.
The main goal of Tor is privacy and anonymity. It’s a browser that anonymizes your web browsing by sending your traffic through various nodes in the Tor network, which can be hosted by anyone. Traffic cannot be traced as each node encrypts it and hides the source IP.
Not a network, but more a global, centralised service that uses dedicated data center servers around the world in hundreds of different locations. Centralized VPNs also allow P2P traffic on certain servers and can additionally provide Dedicated IP address, Double VPN, Onion Over VPN and connection to the Tor anonymity network.
How are nodes rewarded?
Nodes set their own price based on supply and demand. This unique micropayments system utilises cryptocurrency payments, so nodes can sell their bandwidth in small intervals, ensuring security and convenience.
Tor doesn’t have incentivisation. All nodes are operated by volunteers. This lack of incentivisation for nodes in the network has meant it remains relatively small (after 10+ years of development, it still only has 6500 exit nodes).
No rewards or incentive – centralized VPNs are businesses who own the infrastructure and charge customers for the service.
Anyone can run a node using their laptop, or even mini computers such as a Raspberry Pi. (In theory, even mobile devices can run one). Node runners can link their crypto wallet address via an easy to use dashboard, and track earnings.
Anyone can create and run a Tor node. However, there are various technical requirements and it’s recommended that you do not run a relay (non-exit) node from a consumer-level route, as it may overwhelm it.
VPN companies manage their own servers/exit nodes, so all setup and maintenance is done by company’s employees. By paying for the service, you get access to the VPN service, but do not help power it.
Costs & fees
Users pay in cryptocurrency for only the bandwidth they consume on a pay-as-you-go model. Nodes earn cryptocurrency directly from users of this VPN service. They will pay a small fee to payment hubs for validation of their payments, similar to paying miners for processing transactions in a blockchain network. (Mysterium is currently free to use while in BETA)
Tor is free to use.
Monthly subscription model, rather than a pay-as-you-go structure. Sometimes users are even motivated to pay for a 3 year subscription in advance.
As a fast and scalable security layer to reinvent privacy via VPN, it’s built so that different protocols can be plugged into the network.
A traffic slicing solution could send traffic to different services via different nodes. Thanks to Wireguard and OpenVPN protocols, it’s already encrypted, so even ISPs can’t view what is in there.
While Tor has better privacy properties, offers protection via anonymity, it’s not risk free. Your ISP can still see that you’re connected to Tor. This could lead to surveillance, as US government agencies (FBI/NSA) are constantly trying to crack Tor and discover its users web activity. Note that installing Tor is not illegal, but if you’re looking at things you shouldn’t, keep in mind arrests have been made in the past linked to Tor users’ browsing activity.
The owner of an entry node will be able to view your real IP address. After this node hides your address, the rest of the nodes will no longer know who you are or what sites you visit. The last node will see what you’re looking at, but not your identity. This presents some risks when using the network, but in terms of fully private internet access, it is the best available option at the moment.
Traditional VPN services route all their customer’s data through a remote server, hiding IP addresses and encrypting all incoming and outgoing data. For encryption, they use the OpenVPN and Internet Key Exchange v2/IPsec technologies in their applications. One company admits their servers were hacked due to an expired internal private key being exposed, potentially allowing anyone to spin out their own servers imitating their own.
Additionally, a VPN exit node knows a user’s IP, destination addresses, and in many cases (because of fiat payments) even user’s identity (name, email, etc.). If that destination is not encrypted (e.g. not using HTTPS), they can see the content you’re accessing, which may compromise your security.
No centralized logs! The distributed architecture removes any technical possibility for collecting or storing logs centrally.
Some hypothesize that a number of nodes are run by malicious actors (eg. the NSA) who could potentially control enough nodes to effectively track users. The network itself is unable to store logs, however a Tor entry and exit node may be able to see your activity or IP address, but actually piecing the information together to identify you would require a lot of effort.
In theory, a centralized VPN *could* keep logs of a user’s activity, but many state they are committed to a zero-logs policy. However, nobody can be really sure that they’re not cooperating with governments or not selling user’s browsing data to 3rd parties.
Mysterium allows users to select whitelisted traffic only, designed to protect nodes. However nodes can choose to accept any kind of traffic and increase their earning potential. They’ll soon identify and block bad actors from the network through the use of registered identities and reputation system.
We are currently in R&D for a traffic slicing solution which will allow node runners to preselect the type of traffic they are willing to run through their node – i.e. social media, blogging, streaming, etc. while the remaining traffic could be sent forward into Tor or rejected.
Running a node can be risky, as you can potentially receive a lot of shady outbound traffic as an exit node. Being an exit node comes with the highest legal exposure and risk, so you should not run a node from your home. Your ISP may disconnect your service and you may receive some letters from various authorities.
Nodes are protected as the centralized VPN assumes all security and legal risks.
Ease of Use
Simple apps can be used on desktop or a mobile device.
New nodes can get set up in just 5 minutes and 5 steps via a simple, user-friendly dashboard. There is a knowledgebase with all relevant guides and information, and support team on hand to help. Users will need to have some basic understanding of cryptocurrency, and how to keep it secure. An Ethereum wallet is easy to set up and you can receive payments any time.
Anyone can download and install Tor browser to connect to the internet (similar to any other browser).
However, browsing is quite slow (as all your traffic has to pass through numerous nodes first). Its practical usability suffers (e.g. not being able to unlock media content) but this drawback is the exchange for better anonymity and protection. A Tor relay must be able to host a minimum of 100 GByte of outbound/inbound traffic per month.
Many VPN services offer apps or browser extensions for instant security. Some VPNs have features such as smart algorithms that can automatically choose the best server for you based on location, time, or your special requirements.
You can use a VPN because they’re easier to navigate, allow convenient payment methods (eg. via credit card) and have 24/7 user support. However, they may slow down your speed and don’t always have unlimited streaming options.
As with most P2P infrastructure, the more participants which join the network, the stronger and more robust it becomes.
Mysterium’s micropayments system is a homegrown Layer 2 solution. It was built to handle large volumes of users and transactions, making the network fast and more scalable.
Tor is currently used by a couple million people. Due to its distributed nature, the network can (in theory) grow larger. However it would require a much higher number of nodes. Unfortunately, despite its millions of users, Tor has not had huge growth in nodes due to its being a free service run by volunteers. Without incentivisation for nodes, it can only grow so fast.
The service depends on high bandwidth throughput and fast connection speeds to provide an optimal service for customers. Often use multiple tunneling protocols to ensure their network can scale and can adapt to various needs.
Mysterium – Android devices, macOS, Windows, Linux for desktop. Apps for iPhone coming soon.
Tor for Android, Windows, Mac, Linux and as a separate tab in Brave browser.
Currently offers the widest choice for connecting; Android, Windows, Mac, iOS, Chrome/Firefox extension, Linux.
Yes – open source pioneer.
No – centralized VPNs are proprietary and closed source. You can only imagine what they do with your collected data stored in their servers.
Yes, but it doesn’t use blockchain for payments.
In the case of Mysterium, the testnet has 900 residential nodes, with more than 500 live at any given point.
Approx. 6500 exit nodes.
Depends on size of VPN provider, but biggest can provide over 5200 servers in 59 countries.
So, Tor or VPN - why not both?
Tor and VPNs/dVPNs are complementary solutions, so they can work together to enhance your privacy and security even more.
There are two methods for merging Tor with VPN:
VPN on Tor: connect to the Tor browser, then use a VPN. This is a more complex method as it requires some manual configuration. As your VPN server acts as the final exit node, Tor’s own exit nodes will not be able to peel back the final layer of encryption to reveal your activity. While your ISP can tell that you’re using Tor, it wouldn’t be able to trace you and keeps your IP address hidden from your VPN service.
Tor over VPN: Connect to your VPN, then use Tor browser. Your VPN will encrypt your traffic before it enters the Tor network, and also hides your IP address. It also hides the fact you’re using Tor from your ISP. However, if your VPN provider chooses to keep logs, it can see that you’re using Tor. This is why it’s best that you use a decentralised VPN, which cannot keep user logs.
Both Mysterium and Tor can be pieced together to ensure full privacy coverage and secure internet access. One of Mysterium’s most considered features is to extend our whitelisting in such a way so that your traffic would only exit via a Mysterium node’s IP, while the rest would be forwarded throughout the Tor network. In this way, Mysterium users will get to unblock content, and our node runners will not risk unwanted content passing through.
The Bigger Picture
Decentralized privacy networks like Mysterium and Tor are grassroots, open source technologies who have managed to grow large community-driven platforms without any corporate backing or support.
However, we have one point of difference; while regular VPNs offer to protect you for a price, we believe the fight against surveillance and censorship is a shared one.
Regular VPNs do nothing to address the infrastructural flaws of the internet, instead they apply a quick fix solution. We want to rebuild the internet itself, creating people-powered networks that are immune to corporate or government control.
In the case of Mysterium, our trustless, P2P payment network (currently on testnet) will be the first of its kind. It allows users of our global, distributed VPN to pay each other in short and frequent intervals, whenever they “rent” a VPN service from each other. We believe this is the missing link for current privacy solutions – mutual incentivisation, and the goal of restoring the internet to its former glory.
Tor helped kickstart this grassroots anonymity revolution and now the dVPN industry is taking it even further.