Can I use TOR with the Private Internet Access service?

Yes! Make sure you run the TOR Browser after you have connected to the PIA service.

Although in many ways very different, both VPN and the Tor anonymity network use encrypted proxy connections in order to hide users’ identities.

  • VPN is faster than Tor. Your PIA service is to provide privacy rather than anonymity.
  • Tor is much slower, is often blocked by websites, and is not suitable for P2P, but it does not require that you trust anybody, and is therefore much more truly anonymous.

The cool thing is that VPN and Tor can be used together in order provide an extra layer of security, and to mitigate some of the drawbacks of using either technology exclusively. The main downside of doing so combines the speed hit of both technologies, making connecting in this way secure… but slow.

 

Tor through your PIA Service

You connect first to your choice of PIA server, and then to the Tor network before accessing the internet:

Your computer -> VPN -> Tor -> internet

Although some of the providers listed above offer to make such a setup easy, this is also  what happens when you use the Tor Browser (or Whonix or TAILS for maximum security) while connected to a PIA server, and means that your apparent IP on the internet is that of the Tor exit node.

Pros:

  • Your ISP will not know that you are using Tor (although it can know that you are using a VPN)
  • The Tor entry node will not see your true IP address, but the IP address of the PIA server. As we are a verified no logging VPN provider, this means that your identity is safe and secure.
  • Allows access to Tor hidden services (.onion websites).

Cons:

  • No protection from malicious Tor exit nodes. Non-HTTPS traffic entering and leaving Tor exit nodes is unencrypted and could be monitored
  • Tor exit nodes are often blocked
  • Please should note that using a Tor bridge such as Obfsproxy can also be effective at hiding Tor use from your ISP (although a determined ISP could in theory use deep packet inspection to detect Tor traffic).

Important note: Private Internet Access currently do not offer Tor through VPN via an OpenVPN configuration file.

Please be aware, however, that this is nowhere near as secure as using the Tor browser, where Tor encryption is performed end-to-end from your desktop to the Tor servers. The Tor Browser has also been hardened against various threats in a way that your usual browser almost certainly has not been.

VPN and Tor

For maximum security when using Tor through VPN you should always use the Tor browser


Security Risk: Malicious exit nodes

When using Tor, the last exit node in the chain between your computer and open internet is called an exit node. Traffic to or from the open internet (Bob in the diagram below) exits and enters this node unencrypted. Unless some additional form of encryption is used (such as HTTPS), this means that anyone running the exit node can spy on users’ internet traffic.

Tor-onion-network exit node

This is not usually a huge problem, as a user’s identity is hidden by the 2 or more additional nodes that traffic passes through on its way to and from the exit node. If the unencrypted traffic contains personally identifiable information, however, this can be seen by the entity running the exit node.

Such nodes are referred to as malicious exit nodes, and have also been known to redirect users to fake websites.

SSL connections are encrypted, so if you connect to an SSL secured website (https://) your data will be secure, even it passes through a malicious exit node.

Security Risk: End-to-end timing attacks

This is a technique used to de-anonymise VPN and Tor users by correlating the time they were connected, to the timing of otherwise anonymous behaviour on the internet.

An incident where a Harvard student (who make bomb threats to skip finals) got caught while using Tor is a great example of this form of de-anonymisation attack in action, but it is worth noting that the culprit was only caught because he connected to Tor through the Harvard campus WiFi network.

On a global scale, pulling off a successful e2e attack against a Tor user would be a monumental undertaking, but possibly not impossible for the likes of the NSA, who are suspected of running a high percentage of all the world public Tor exit nodes.

 

Have more questions? Submit a request