Using a VPN with TOR

Should I use a VPN with Tor? Tor over VPN, or VPN over Tor?

VPN over Tor
Probably not. Your performance will likely be terrible since most VPNs (AKA OpenVPN) work best using UDP, which Tor can’t handle.

You also probably paid for that VPN somehow, right? Well, if you weren’t careful about how you did so, that may be a trail leading back to you.

You say you managed to pay for your VPN 100% anonymously, and there’s no way to trace the payment to you? Okay, well, now you have to be super careful every time you use it. You can never accidentally connect to it without Tor. You can never log in to their website without Tor. Messing up means that now all your traffic—with and without Tor—can now be correlated to you.

Tor over VPN
Let’s cover some of the reasons you might want to do this.

1. Tor is blocked where you are

Try using a bridge. Bridges are just unlisted relays you can use as guards. If Tor is blocked by blacklisting all known relay IPs, this will work (at least for a little while).

2. Tor is still blocked with a bridge

Try using an obfuscating bridge. These disguise the traffic between you and your guard so that it doesn’t look like Tor traffic. Some places can detect Tor traffic and block it, but this usually beats these blocks.

3. Tor isn’t blocked, but I don’t want my ISP seeing that I use Tor

Use an obfuscating bridge.

4. My adversary can monitor my traffic when it enters the Tor network and when it exists (this is not an easy feat). I wish to have my VPN be where I enter the network, not my home IP.

This is where using a VPN with Tor might actually begin to make sense. However, consider the points above about using a VPN over Tor; namely, you must be very careful about how you pay for the VPN and access it. You are putting a lot of trust in the VPN provider. If your adversary is capable of correlating your traffic entering and exiting Tor, they probably are capable of extracting information from your VPN provider. You have to trust that they don’t keep logs (which in some countries is not okay). At least with Tor, an individual node can keep logs and not deanonymize a user by itself.