Virtual Private Networks (VPNs) and Tor

Browse the Internet through a Virtual Private Network (VPN).

A Virtual Private Network is a tool to help anonymize your Internet connection and secure your communications from being tampered with. There are many VPN providers on the Internet. Some of them are free services, others are paid, and a few more are do-it-yourself software projects that you can install on your own Internet server.

Which VPNs to buy.

The technology publication CNET recently rated the following VPNs as being among the best:

• ExpressVPN

• Surfshark

• NordVPN

• IPVanish

I have never used any of these VPNs personally, so I cannot vouch for them.

Never use a free VPN provider.

Many companies on the Internet offer VPN service for free. It may be tempting to use these, but they may be harmful to your security.

Keep in mind that it is possible for the VPN provider to see what you are doing. Some VPN providers insert their own ads or sell your traffic data. Famously, Facebook purchased a free VPN provider called Onavo. This allowed Facebook to observe Onavo users' traffic data, which Facebook used to estimate the marketshare of their competitors.

VPNs do not protect against all ways to determine your identity.

Many websites will ask you for location information or place small pieces of information called "cookies" in your browser which sometimes allow them to follow your path through the Internet. VPNs hide the origin of your network traffic, but VPNs alone do not fight all the ways you can be de-anonymized.

Remember that you are not anonymous to your VPN provider.

A VPN is a decent way to obscure the origin of your Internet traffic from the websites you visit, but your VPN provider always knows the origin of your Internet traffic, and they also have your billing information.

This means that when you use a VPN provider, you are implicitly trusting them with who you are--even if you do not think you have told them. The Tor network is a free and secure alternative to VPN providers that do a better job at hiding who you are. Read more below.

Use Tor to hide your identity online when you cannot trust any VPN provider.

VPNs are great for obscuring to websites where you are connecting from. But one problem is that your VPN provider knows who you are and what traffic you are sending. If this is an unacceptable security risk, you can use the Tor network instead.

Tor is a computer network that encrypts routes your Internet connections through multiple servers--such that no server knows both where your connection is coming from and where it is going. This offers much higher anonymity than VPNs.

Tor is free to use. The Tor Project runs on people donating their money or computer network bandwidth. However, this means that Tor can be much slower than many VPNs. Because Tor capacity is granted on a volunteer basis, Tor is not appropriate for high-definition video streaming, BitTorrent usage, or running bulk email servers.

Use the Tor Browser Bundle.

Tor is a low-level computer network that can route traffic from many different computer programs. However, those programs ma have high-level behaviors that can de-anonymize you.

The Tor Browser Bundle is a web browser designed to include all of the best practices involved in for using Tor. Use it when you want to browser the World Wide Web without leaking information.

Use Tor Bridge relays when you need to hide your Tor connection from your ISP.

Certain ISPs restrict or monitor access to the Tor network, making it difficult to connect. The entry and exit nodes are publicly-known on the Internet, which makes them easy to block.

To avoid restrictions or surveillance that your ISP may have placed on the official Tor network, you can connect to Tor through a bridge address.

Use Tor hidden services (".onion" services) whenever possible.

Tor is largely a tool to anonymize your connection to the public Internet. But for additional security, many people run hidden services--websites and other servers that are only accessible from within Tor.

Tor Hidden Services have the following advantages:

The location of the hidden service is anonymized on the Internet.

When hosting a website on the regular Internet, it is possible for ISPs and law enforcement to determine the physical location of the website's servers. It is much harder to determine the location of a hidden service, which makes hidden services a great way to conduct business that must be hidden.

Neither you nor the Hidden Service have to trust a Tor exit node.

When you access the regular Internet through Tor, an exit node makes the connection between the Tor network and your destination on the Internet. Exit nodes can observe unencrypted connections from the Tor network to your destination on the regular Internet, but they do not know the origin of the connections.

When accessing a hidden service, your connection is is encrypted in a way that the exit node cannot observe the content of your communications.

Be aware of Tor's limitations.

Tor is vulnerable to a series of attacks, ranging from the theoretical to the practical. If your adversary is a powerful government, it is possible that control a significant number of the nodes on the Tor network and can use the information they collect to de-anonymize traffic.

Using Tor may attract the attention of law enforcement.

Tor is commonly used by people to access child pornography, online marketplaces for drugs, or discussion forums for those that want to conduct illegal behavior.

Because of this, using Tor might earn you the attention of law enforcement, even if they are unable to decrypt your traffic. The FBI successfully identified Eldo Kim as being responsible for sending a bomb threat to Harvard University because of his usage of Tor. They likely couldn't decrypt his traffic, but using Tor put him at the top of the suspect list.

Tor cannot protect against JavaScript-based trackers. Try to disable JavaScript when using Tor.

JavaScript is a programming language used on many websites to offer interactive features, dynamic advertising, and user tracking. It is possible for a website using JavaScript to track you even though Tor obscures the origin of your Internet connection.

However, many interactive websites require JavaScript to function, and it is not possible to use these websites without JavaScript.

Tor hidden services are often used to share highly-illegal content like child pornography. This content is illegal to possess, so do everything you can to avoid it.

Do not use Tor to visit websites that contain child pornography, even by accident. Even given Tor's security features, downloading this type of content is a fast trip to prison. In the past, law enforcement have been able to use security vulnerabilities to attack and de-anonymize Tor users downloading child pornography. They may also be in control of child pornography sites, using them to deliver malware to de-anonymize visitors.