The internet was not built to be private and secure by default. This means no matter what you do online, there’s always some new malware or cybercriminal trying to get to you.
In this VPN vs Tor vs dVPN comparison, you’ll learn just how good these security tools are when it comes to hiding your information and keeping you safe online.
Tor is a privacy project that launched in 2002. It’s an open-source and free browser that enables anonymous communication online. It was first developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson, who originally called it The Onion Router (Tor) project, due to its “layers” of encryption.
Tor browser and VPNs are similar in their aims but not in their technological approach. While both are great at hiding your identity and ensure your browsing activity is kept private and encrypted, there are certain advantages and disadvantages to each. That’s why using the two systems together is your safest bet for securing your digital privacy.
The Tor network utilises a system that was originally developed by the US Navy to protect intelligence communications. It “bundles” your data into smaller, encrypted packets before it begins routing these through its vast network of nodes, which can be run by anyone for free.
The chosen path is randomised and predetermined, and your traffic will pass through a minimum of three relay nodes before it reaches a final exit node.
Each time your traffic passes through a relay node, a “layer” of encryption is removed, revealing which relay node the traffic should be sent to next. Each relay node will only be able to decrypt enough data to identify the location of the next relay, and the one before it who passed on the traffic.
Exit nodes, however, remove the last layer of encryption. It can’t see your location or IP address, but it is possible for an exit node to see your activity if you visit an unsecure website (one that is not HTTPS).
A regular VPN seems much simpler, because a company simplifies everything with a nice user interface and additional features. You can run an app in the background, or connect through a browser extension, while you access sites around the world.
Your VPN provider will keep you hidden and encrypt all of your data, directing all your traffic to a remote server owned or hired by them. You can usually choose from a list of servers located across the world, so you’re able to access the internet via a secure and private connection, and unblock your content based on where a website is located. However, your protection has its limits, and you won’t be completely anonymous.
A decentralized VPN mimics the architecture of Tor more closely, but has the same ease of use as a VPN. As a peer to peer system, you plug into a global network of nodes run by people voluntarily. Unlike Tor network, all nodes are paid for providing the VPN service and keeping the network powered and safe.
One example of this in action is Mysterium Network (the team which I work with). This dApp (decentralized application) allows people to select the connection from a list of nodes (mostly providing residential IP addresses) from around the world. Traffic is encrypted and directed through the network, and users pay the node for the minutes they are connected and the traffic they're sending through nodes.
This breakdown explores the most important differences between VPN, Tor and dVPN, comparing new features, access, connecting speed, rewards and more.
For this comparison I use Mysterium as an example of a dVPN, though there are other projects out there, each with their own technical approaches, solutions and advantages.
dVPN: A global collection of nodes (usually run in people homes) power a VPN network by sharing their bandwidth P2P in exchange for cryptocurrency. Users can easily become a node and also download the VPN app to select from a global menu of node IDs.
Tor: The main goal of Tor is privacy and anonymity. It’s a browser that anonymizes your web browsing by sending your traffic through various nodes in the Tor network, which can be hosted by anyone. Traffic cannot be traced as each node encrypts it and hides the source IP.
VPN: Not a network, but more a global, centralised service that uses dedicated data center servers around the world in hundreds of different locations. Centralized VPNs also allow P2P traffic on certain servers and can additionally provide Dedicated IP address, Double VPN, Onion Over VPN and connection to the Tor anonymity network.
dVPN: P2P network allows nodes to set their own price based on supply and demand. This unique micropayments system utilises cryptocurrency payments, so nodes can sell their bandwidth in small intervals, ensuring security and convenience.
Tor: Tor doesn’t have incentivisation. All nodes are operated by volunteers. This lack of incentivisation for nodes in the network has meant it remains relatively small (after 10+ years of development, it still only has 6500 exit nodes).
VPN: No rewards or incentive – centralized VPNs are businesses who own the infrastructure and charge customers for the service.
dVPN: Anyone can run a node using their laptop, or even mini computers such as a Raspberry Pi. (In theory, even mobile devices can run one). Node runners can link their crypto wallet address via an easy to use dashboard, and track earnings.
Tor: Anyone can create and run a Tor node. However, there are various technical requirements and it’s recommended that you do not run a relay (non-exit) node from a consumer-level route, as it may overwhelm it.
VPN: VPN companies manage their own servers/exit nodes, so all setup and maintenance is done by company’s employees. By paying for the service, users get access to the VPN service, but do not help power it.
dVPN: Users pay in cryptocurrency for only the bandwidth they consume on a pay-as-you-go model. Nodes earn cryptocurrency directly from users of this VPN service. They will pay a small fee to payment hubs for validation of their payments, similar to paying miners for processing transactions in a blockchain network. (Mysterium is currently free to use while in BETA)
Tor: Free to use.
VPN: Monthly subscription model, rather than a pay-as-you-go structure. Sometimes users are even motivated to pay for a 3-year subscription in advance.
dVPN: As a fast and scalable security layer to reinvent privacy via VPN, it’s built so that different protocols can be plugged into the network. A traffic slicing solution could send traffic to different services via different nodes. Thanks to Wireguard and OpenVPN protocols, it’s already encrypted, so even ISPs can’t see what is in there.
Tor: While Tor has better privacy properties, offers protection via anonymity, it’s not risk free. Your ISP can still see that you’re connected to Tor. This could lead to surveillance, as US government agencies (FBI/NSA) are constantly trying to crack Tor and discover its users web activity.
The owner of the entry node will be able to see your real IP address. After this node hides your address, the rest of the nodes will no longer know who you are or what sites you visit. The last node will see what you’re looking at, but not your identity. This presents some risks when using the network, but in terms of fully private internet access, it is the best available option at the moment.
VPN: Traditional VPN services route all users’ data through a remote server, hiding IP addresses and encrypting all incoming and outgoing data. For encryption, they use the OpenVPN and Internet Key Exchange v2/IPsec technologies in their applications. One company admits their servers were hacked due to an expired internal private key being exposed, potentially allowing anyone to spin out their own servers imitating their own.
Additionally, a VPN exit node knows a user’s IP, destination addresses, and in many cases (because of fiat payments) even user’s identity (name, email, etc.). If that destination is not encrypted (e.g. not using HTTPS), they can see the content you’re accessing, which may compromise your security.
dVPN: No centralized logs! The distributed architecture removes any technical possibility for collecting or storing logs centrally.
Tor: Some hypothesize that a number of nodes are run by malicious actors (eg. the NSA) who could potentially control enough nodes to effectively track users. The network itself is unable to store logs, however a Tor entry and exit node may be able to see your activity or IP address, but actually piecing the information together to identify you would require a lot of effort.
VPN: In theory, a centralized VPN *could* keep logs of a user’s activity, but many state they are committed to a zero-logs policy. However, nobody can be really sure that they’re not cooperating with governments or not selling user’s browsing data to 3rd parties.
dVPN: Simple apps can be used on desktop or a mobile device.
New nodes can get set up in just 5 minutes and 5 steps via a simple, user-friendly dashboard. There is a knowledgebase and support team on hand to help. Users will need to have some basic understanding of cryptocurrency, and how to keep it secure. An Ethereum wallet is easy to set up, and you can receive payments any time.
Tor: Anyone can download and install Tor browser to connect to the internet (similar to any other browser). However, browsing is quite slow (as all your traffic has to pass through numerous nodes first). Its practical usability suffers (e.g. not being able to unlock media content) but this drawback is the exchange for better anonymity. For nodes, a Tor relay must be able to host a minimum of 100 GByte of outbound/inbound traffic per month.
VPN: Many VPN services offer apps or browser extensions for instant security. Some VPNs have features such as smart algorithms that can automatically choose the best server for you based on location, time, or your special requirements.
You can use a VPN because they’re easier to navigate, allow convenient payment methods (eg. via credit card) and have 24/7 user support. However, they may slow down your speed and don’t always have unlimited streaming options.
dVPN: As with most P2P infrastructure, the more participants which join the network, the stronger and more robust it becomes.
Mysterium’s micropayments system is a homegrown Layer 2 solution. It was built to handle large volumes of users and transactions, making the network fast and more scalable.
Tor is currently used by a couple million of users. Due to its distributed nature, the network can (in theory) grow larger. However it would require a much higher number of nodes. Unfortunately, despite its millions of users, Tor has not had huge growth in nodes due to its being a free service run by volunteers. Without incentivisation for nodes, it can only grow so fast.
VPN: Depends on high bandwidth throughput and fast connection speeds to provide an optimal service for their users. Often use multiple tunneling protocols to ensure their network can scale and can adapt to various needs.
dVPN: Android, macOS, Windows, Linux.
Tor: Tor for android, Windows, Mac, Linux and as a separate tab in Brave browser.
VPN: Offers the widest choice — Android, Windows, Mac, iOS, Chrome/Firefox extension, Linux.
dVPN: Yes — transparent and collaborative from Ground Zero. Check out Myst codebase.
Tor: Yes — open source pioneer — check out Tor codebase.
VPN: No — centralized VPNs are proprietary and closed source. You can only imagine what they do with your collected data stored in their servers.
dVPN: Duh.
Tor: Yes, but it doesn’t use blockchain for payments.
VPN: Nope.
dVPN: Testnet live, ~900 residential nodes, with more than 600 live at any given point.
Tor: Approx. 6500 exit nodes.
VPN: Depends on the size of your provider, but the largest will connect you to a VPN server in over 59 countries.
Tor and VPNs/dVPNs are complementary solutions, so they can work together to enhance your privacy and security even more.
There are two methods for merging Tor with VPN:
VPN on Tor: connect to the Tor browser, then use a VPN. This is a more complex method as it requires some manual configuration. As your VPN server acts as the final exit node, Tor’s own exit nodes will not be able to peel back the final layer of encryption to reveal your activity. While your ISP can tell that you’re using Tor, it wouldn’t be able to trace you and keeps your IP address hidden from your VPN service.
Tor over VPN: Connect to your VPN, then use Tor browser. Your VPN will encrypt your traffic before it enters the Tor network, and also hides your IP address. It also hides the fact you’re using Tor from your ISP. However, if your VPN provider chooses to keep logs, it can see that you’re using Tor. This is why it’s best that you use a decentralised VPN, which cannot keep user logs.
Both Mysterium and Tor can be pieced together to ensure full privacy coverage and secure internet access. One of Mysterium’s most considered features is to extend our whitelisting in such a way so that your traffic would only exit via a Mysterium node’s IP, while the rest would be forwarded throughout the Tor network.
In this way, Mysterium users will get to unblock content, and our node runners will not risk unwanted content passing through.
Decentralized privacy networks like Mysterium and Tor are grassroots, open source technologies who have managed to grow large community-driven platforms without any corporate backing or support.
However, we have one point of difference; while regular VPNs offer to protect their users (for a price), we believe the fight against surveillance and censorship is a shared one.
Regular VPNs do nothing to address the infrastructural flaws of the internet, instead they apply a quick fix solution. We want to rebuild the internet itself, creating people-powered networks that are immune to corporate or government control.
In the case of Mysterium, a trustless and P2P micropayment system (currently on testnet) can become a game-changer and will lead to a much higher amount of exit nodes.
Tor helped kickstart this grassroots anonymity revolution and now the dVPN industry is taking it even further.
You can try dVPN apps for Android. You can also decide whether to use Tor browser for android.
Check us out our Github or join our Discord to ask our developers any questions directly.