Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

whats the diff between TOR and VPN?

ghworker2010

By ghworker2010
in IT and Computers

 Share

Recommended Posts

ghworker2010 Silver Member

ghworker2010

Posted
Posted

In easy to understand English, can you explain what is the difference between using a TOR and VPN for privacy. What are the advantages / disadvantages of both?

thanks

  • Popular Post
AyG Platinum Member

AyG

Posted
  • Popular Post
Posted

TOR is a system which routes your communications through a number of different connections before they get to the final destination, making it difficult to track down the actual location of the person using TOR.

A VPN connection is a point-to-point connection where the data are encrypted, but the location of the user is not obfuscated.

TOR shouldn't be used for transferring large amounts of data (e.g. watching videos, torrents) since capacity is limited, and to do so would be antisocial. (Many torrent sites will also ban you if you use TOR.)

Neither is 100% secure. The (American) NSA is believed to have compromised TOR and can break encryption.

TOR is free; VPNs (usually) cost money.

Broadly speaking, TOR is best for someone living under a repressive regime such as China or North Korea. VPN is best for everybody else.

  • Like 5
WitawatWatawit Platinum Member

WitawatWatawit

Posted
Posted

AyG, you say neither is 100% secure. I was always given to believe that a VPN - a quality one, paid for - was perfectly safe. Would be grateful for your thoughts on this. I sometimes use a free VPN to do a little digging on a sensitive subject - would hate to get caught and end up inside for 15 years.

  • Like 1
  • Popular Post
AyG Platinum Member

AyG

Posted
  • Popular Post
Posted

Thanks to Ed Snowden's leaks we know that the NSA and GCHQ have broken VPN encryption. They did so back in 2010. What we don't know is how they've done it. There are two obvious possibilities:

(1) they have obtained the root certificates which are used to sign private keys

(2) they have found an exploitable flaw in the encryption standards. (The paranoid believe that the NSA introduced flaws into the standards themselves for this purpose.)

So, when you use the Internet you should assume that the NSA and GCHQ can see everything you do when using a VPN. However, given the massive volume of data which passes through the Internet, they can't spy on absolutely everything, so unless you're being specifically targeted for investigation, you're probably relatively safe.

Also be aware that after communication is decrypted it can be visible to anyone monitoring the website you've connected to. So, for example, if you were researching how to make chemical weapons, it's possible (or even probable) that the US authorities would know what you've been doing.

  • Like 4
Pib Star Member

Pib

Posted
Posted (edited)

During WWII the Germans thought they had secure communications via their Enigma machine but British intelligence was able to decrypt many Enigma encoded messages. And again during WWII Japanese naval codes were decrypted by the Americans. I have no doubt that every encryption method available to the public can be read my "some" intelligence agencies due to the resources and super computers they can throw at the effort...but those agencies will never admit it...and if they do, it will be so many years after the fact when nobody will care and/or think deep down we all know there are few ways to keep things truly secret in the world (or at least for long).

However, I don't think any intelligence agencies give a crap about my internet communications and seriously, seriously doubt hackers/crooks have super computers they can use, therefore I feel safe with my VPN connections.

Edited by Pib
  • Like 1
  • Popular Post
SoiBiker Platinum Member

SoiBiker

Posted
  • Popular Post
Posted

I sometimes use a free VPN to do a little digging on a sensitive subject - would hate to get caught and end up inside for 15 years.

That sounds like a spectacularly bad idea.

  • Like 3
  • Popular Post
Chicog Star Member

Chicog

Posted
  • Popular Post
Posted

AyG, you say neither is 100% secure. I was always given to believe that a VPN - a quality one, paid for - was perfectly safe. Would be grateful for your thoughts on this. I sometimes use a free VPN to do a little digging on a sensitive subject - would hate to get caught and end up inside for 15 years.

I think that's called "The Pete Townshend Defence".

tongue.png

  • Like 4
Jeffrey346 Silver Member

Jeffrey346

Posted
Posted

VPN is a better choice than TOR. VPN being 1 to 1 and TOR routing you via numerous computers. BTW, those computers they route you through are others using the TOR protocol. Can we guarantee that they are safe? I wouldn't trust them...

anfh Senior Member

anfh

Posted
Posted

A VPN connection is not encrypted, the connection merely gives the user a false IP address which therefore hides their correct location. But any data they view, transmit or receive is not encrypted. This is the same for TOR. This not only gives a false IP address it hides the location of viewer under many false connections, but again, it does not encrypt any viewed sites etc.

heybuz Silver Member

heybuz

Posted
Posted

An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting",[8] and the Parliamentary Office of Science and Technology deemed it, with approximately 2.5 million users daily "by far the most popular anonymous internet communication system." [9]


Onion routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion, used to anonymize communication. Tor encrypts the original data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it.


  • Like 1
Pib Star Member

Pib

Posted
Posted

A VPN connection is not encrypted, the connection merely gives the user a false IP address which therefore hides their correct location. But any data they view, transmit or receive is not encrypted. This is the same for TOR. This not only gives a false IP address it hides the location of viewer under many false connections, but again, it does not encrypt any viewed sites etc.

Incorrect on the "A VPN connection is not encrypted" part.

post-55970-0-64107900-1430652511_thumb.j

  • Like 1
sometimewoodworker Ruby Member

sometimewoodworker

Posted
Posted

A VPN connection is not encrypted, the connection merely gives the user a false IP address which therefore hides their correct location. But any data they view, transmit or receive is not encrypted.

100% wrong. The traffic from your computer or mobile devices is encrypted from you to the VPN endpoint, which can be in a different country your office or merely at your home. It is then decrypted, if you are using a VPN to access the Internet, and sent out onto the internet.

  • Like 1
AyG Platinum Member

AyG

Posted
Posted

A VPN connection is not encrypted, the connection merely gives the user a false IP address which therefore hides their correct location. But any data they view, transmit or receive is not encrypted.

100% wrong. The traffic from your computer or mobile devices is encrypted from you to the VPN endpoint, which can be in a different country your office or merely at your home. It is then decrypted, if you are using a VPN to access the Internet, and sent out onto the internet.

Actually, the poster isn't 100% wrong. A VPN connection may or may not be encrypted. Encryption is pretty much universal these days, but the use of dedicated connections and virtual tunnelling protocols can also both be used to establish a VPN. Traffic encryption is not the only fruit.

Chicog Star Member

Chicog

Posted
Posted (edited)

A VPN connection is not encrypted, the connection merely gives the user a false IP address which therefore hides their correct location. But any data they view, transmit or receive is not encrypted. This is the same for TOR. This not only gives a false IP address it hides the location of viewer under many false connections, but again, it does not encrypt any viewed sites etc.

It's supposed to be, hence the word "Private". Edited by Chicog
wump Advanced Member

wump

Posted
Posted

There is a lot of misinformation in this thread.

Unless specifically switched off, VPN connections are always encrypted. Your VPN provider can read them though, so you might want to stay away from American companies (=NSA).

VPN connections do mask the location of the user and appear as the country the VPN server is located in.

I don't really know why anyone would use TOR except for ordering drugs or much worse stuff. It's dead slow so all the advantages lie with VPN.

  • Like 1
nkped Apprentice Member

nkped

Posted
Posted

There is a lot of misinformation in this thread.

Unless specifically switched off, VPN connections are always encrypted. Your VPN provider can read them though, so you might want to stay away from American companies (=NSA).

VPN connections do mask the location of the user and appear as the country the VPN server is located in.

I don't really know why anyone would use TOR except for ordering drugs or much worse stuff. It's dead slow so all the advantages lie with VPN.

Fewer restrictions on the NSA in monitoring out of US communications. If you're not a US person, basically no restrictions.
Maggusoil Silver Member

Maggusoil

Posted
Posted

During WWII the Germans thought they had secure communications via their Enigma machine but British intelligence was able to decrypt many Enigma encoded messages. And again during WWII Japanese naval codes were decrypted by the Americans. I have no doubt that every encryption method available to the public can be read my "some" intelligence agencies due to the resources and super computers they can throw at the effort...but those agencies will never admit it...and if they do, it will be so many years after the fact when nobody will care and/or think deep down we all know there are few ways to keep things truly secret in the world (or at least for long).

However, I don't think any intelligence agencies give a crap about my internet communications and seriously, seriously doubt hackers/crooks have super computers they can use, therefore I feel safe with my VPN connections.

Sorry to disrupt your assumptions, but internet hacking is now one of the world's biggest and most profitable businesses. Professional criminals spend millions of dollars on the best and brightest young computer scientists to get the edge. While government agencies play power games and perhaps fascinate themselves with intelligence issues, the real game is in hacking small amounts of money out of bank transactions, by the million.

They have moved to targeting the banks. According to some classified information I was accidentally privy to, they are at least six to nine months ahead of the law.

The Chinese have always had a predilection for cash under the bed. Always ahead of the game.

Maggusoil Silver Member

Maggusoil

Posted
Posted

TOR is a system which routes your communications through a number of different connections before they get to the final destination, making it difficult to track down the actual location of the person using TOR.

A VPN connection is a point-to-point connection where the data are encrypted, but the location of the user is not obfuscated.

TOR shouldn't be used for transferring large amounts of data (e.g. watching videos, torrents) since capacity is limited, and to do so would be antisocial. (Many torrent sites will also ban you if you use TOR.)

Neither is 100% secure. The (American) NSA is believed to have compromised TOR and can break encryption.

TOR is free; VPNs (usually) cost money.

Broadly speaking, TOR is best for someone living under a repressive regime such as China or North Korea. VPN is best for everybody else.

Repressive regimes? How about here. Would that extend to internet gaming?

SoiBiker Platinum Member

SoiBiker

Posted
Posted

While government agencies play power games and perhaps fascinate themselves with intelligence issues, the real game is in hacking small amounts of money out of bank transactions, by the million.

Are you sure you're not just thinking of Superman III?

  • Like 1
quandow Silver Member

quandow

Posted
Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

AyG, you say neither is 100% secure. I was always given to believe that a VPN - a quality one, paid for - was perfectly safe. Would be grateful for your thoughts on this. I sometimes use a free VPN to do a little digging on a sensitive subject - would hate to get caught and end up inside for 15 years.

My TrueVPN gave me a REAL stern warning one time when I downloaded a current Hollywood movie via torrent from ThePirateBay. They monitor EVERYTHING you transmit through them.

  • Like 1
chingching Advanced Member

chingching

Posted
Posted

There is a lot of misinformation in this thread.

Unless specifically switched off, VPN connections are always encrypted. Your VPN provider can read them though, so you might want to stay away from American companies (=NSA).

VPN connections do mask the location of the user and appear as the country the VPN server is located in.

As if America (or most any nation state) couldn't afford to set up VPN's in any country they want to. A VPN and TOR can only be successful if many people are using them. A tor connection is routed thru at least 3 intemediaries, but if you are the only one using TOR and your destination happens to be the only other one active on TOR, then a 1:1 connection is proved. Of course this is highly unliikely, on the other hand some speculate that 50% of TOR relays are u.s.a. govt owned. This makes sense as it costs money to keep a server running, and is a big hassle for very little return.

A VPN is the same, if you have 100's of connections in and 100's out, tracking you is doubtful, but if you are the only one on the VPN at the moment, your identity is absolutely certain.

Cypress Hill Silver Member

Cypress Hill

Posted
Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

Thanks to Ed Snowden's leaks we know that the NSA and GCHQ have broken VPN encryption. They did so back in 2010. What we don't know is how they've done it. There are two obvious possibilities:

(1) they have obtained the root certificates which are used to sign private keys

(2) they have found an exploitable flaw in the encryption standards. (The paranoid believe that the NSA introduced flaws into the standards themselves for this purpose.)

So, when you use the Internet you should assume that the NSA and GCHQ can see everything you do when using a VPN. However, given the massive volume of data which passes through the Internet, they can't spy on absolutely everything, so unless you're being specifically targeted for investigation, you're probably relatively safe.

Also be aware that after communication is decrypted it can be visible to anyone monitoring the website you've connected to. So, for example, if you were researching how to make chemical weapons, it's possible (or even probable) that the US authorities would know what you've been doing.

NSA and GCHQ have cracked PPTP and L2TP VPN encryption protocols. They've also cracked HTTPS.

OpenVPN encryption continues to frustrate their efforts.

Telegram is a great mobile app that offers full encryption of communications between two phones/mobiles. Only you and the person messages are intended for can read them

Any file encrypted with TrueCrypt (at the time) was impenetrable to them but now that the developers of Truecrypt aren't developing it any more, you'd be best off using alternatives like VeraCrypt which is based on Truecrypt but with even stronger encryption. thumbsup.gif

I got a DMCA complaint from HBO after downloading a few episode torrents of one of its hit shows through StrongVPN. They keep logs of IPs connecting to their servers.

Needless to say, I didn't renew my subscription and changed to a VPN provider that doesn't log IPs.

AyG Platinum Member

AyG

Posted
Posted (edited)

Thanks to Ed Snowden's leaks we know that the NSA and GCHQ have broken VPN encryption. They did so back in 2010. What we don't know is how they've done it. There are two obvious possibilities:

(1) they have obtained the root certificates which are used to sign private keys

(2) they have found an exploitable flaw in the encryption standards. (The paranoid believe that the NSA introduced flaws into the standards themselves for this purpose.)

So, when you use the Internet you should assume that the NSA and GCHQ can see everything you do when using a VPN. However, given the massive volume of data which passes through the Internet, they can't spy on absolutely everything, so unless you're being specifically targeted for investigation, you're probably relatively safe.

Also be aware that after communication is decrypted it can be visible to anyone monitoring the website you've connected to. So, for example, if you were researching how to make chemical weapons, it's possible (or even probable) that the US authorities would know what you've been doing.

NSA and GCHQ have cracked PPTP and L2TP VPN encryption protocols. They've also cracked HTTPS.

OpenVPN encryption continues to frustrate their efforts.

How do you know? It was several years after the NSA broke VPN encryption before Ed Snowden's leaks revealed they had. In all probability the OpenVPN encryption is broken too.

Any file encrypted with TrueCrypt (at the time) was impenetrable to them but now that the developers of Truecrypt aren't developing it any more, you'd be best off using alternatives like VeraCrypt which is based on Truecrypt but with even stronger encryption. thumbsup.gif

Again, how do you know? Indeed, if it was truly impenetrable, then why abandon the project? For that matter, why did the TrueCrypt team post on their website "Using TrueCrypt is not secure as it may contain unfixed security issues". The reasons for TrueCrypt's developers' actions are unclear. The official reason - that Microsoft ended support for Windows XP - is clearly horse pucky. Could it be that they learned of an unfixable security loophole? Were they under pressure from the NSA to include security backdoors and didn't want to comply? Anything based upon TrueCrypt is now going to be suspect until the truth comes out. I most certainly wouldn't trust any product based upon TrueCrypt.

Edited by AyG
Cypress Hill Silver Member

Cypress Hill

Posted
Posted

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

Thanks to Ed Snowden's leaks we know that the NSA and GCHQ have broken VPN encryption. They did so back in 2010. What we don't know is how they've done it. There are two obvious possibilities:

(1) they have obtained the root certificates which are used to sign private keys

(2) they have found an exploitable flaw in the encryption standards. (The paranoid believe that the NSA introduced flaws into the standards themselves for this purpose.)

So, when you use the Internet you should assume that the NSA and GCHQ can see everything you do when using a VPN. However, given the massive volume of data which passes through the Internet, they can't spy on absolutely everything, so unless you're being specifically targeted for investigation, you're probably relatively safe.

Also be aware that after communication is decrypted it can be visible to anyone monitoring the website you've connected to. So, for example, if you were researching how to make chemical weapons, it's possible (or even probable) that the US authorities would know what you've been doing.


NSA and GCHQ have cracked PPTP and L2TP VPN encryption protocols. They've also cracked HTTPS.

OpenVPN encryption continues to frustrate their efforts.

How do you know? It was several years after the NSA broke VPN encryption before Ed Snowden's leaks revealed they had. In all probability the OpenVPN encryption is broken too.

Any file encrypted with TrueCrypt (at the time) was impenetrable to them but now that the developers of Truecrypt aren't developing it any more, you'd be best off using alternatives like VeraCrypt which is based on Truecrypt but with even stronger encryption. alt=thumbsup.gif>

Again, how do you know? Indeed, if it was truly impenetrable, then why abandon the project? For that matter, why did the TrueCrypt team post on their website "Using TrueCrypt is not secure as it may contain unfixed security issues". The reasons for TrueCrypt's developers' actions are unclear. The official reason - that Microsoft ended support for Windows XP - is clearly horse pucky. Could it be that they learned of an unfixable security loophole? Were they under pressure from the NSA to include security backdoors and didn't want to comply? Anything based upon TrueCrypt is now going to be suspect until the truth comes out. I most certainly wouldn't trust any product based upon TrueCrypt.

How do you know? It was several years after the NSA broke VPN encryption before Ed Snowden's leaks revealed they had. In all probability the OpenVPN encryption is broken too.

Granted just a blog but published earlier this year but it's likely more credible than some bloke on Thaivisa forum

https://www.bestvpn.com/blog/12269/openvpn-appears-safe-nsa/

Again, how do you know? Indeed, if it was truly impenetrable, then why abandon the project? For that matter, why did the TrueCrypt team post on their website "Using TrueCrypt is not secure as it may contain unfixed security issues". The reasons for TrueCrypt's developers' actions are unclear. The official reason - that Microsoft ended support for Windows XP - is clearly horse pucky. Could it be that they learned of an unfixable security loophole? Were they under pressure from the NSA to include security backdoors and didn't want to comply? Anything based upon TrueCrypt is now going to be suspect until the truth comes out. I most certainly wouldn't trust any product based upon TrueCrypt.

OK well anyone can speculate. There's any number of reasons why they could have abandoned the project. Governmental agency pressure for refusing to build backdoors into the software being just one but I'm thinking that if that was the case, where's the logic in believing that TrueCrypt volumes could now be vulnerable?

Maybe you should read up on VeraCrypt before dismissing it and spouting conspiracy theories.

http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html

AyG Platinum Member

AyG

Posted
Posted (edited)

Thanks to Ed Snowden's leaks we know that the NSA and GCHQ have broken VPN encryption. They did so back in 2010. What we don't know is how they've done it. There are two obvious possibilities:

(1) they have obtained the root certificates which are used to sign private keys

(2) they have found an exploitable flaw in the encryption standards. (The paranoid believe that the NSA introduced flaws into the standards themselves for this purpose.)

So, when you use the Internet you should assume that the NSA and GCHQ can see everything you do when using a VPN. However, given the massive volume of data which passes through the Internet, they can't spy on absolutely everything, so unless you're being specifically targeted for investigation, you're probably relatively safe.

Also be aware that after communication is decrypted it can be visible to anyone monitoring the website you've connected to. So, for example, if you were researching how to make chemical weapons, it's possible (or even probable) that the US authorities would know what you've been doing.

NSA and GCHQ have cracked PPTP and L2TP VPN encryption protocols. They've also cracked HTTPS.

OpenVPN encryption continues to frustrate their efforts.

How do you know? It was several years after the NSA broke VPN encryption before Ed Snowden's leaks revealed they had. In all probability the OpenVPN encryption is broken too.

Any file encrypted with TrueCrypt (at the time) was impenetrable to them but now that the developers of Truecrypt aren't developing it any more, you'd be best off using alternatives like VeraCrypt which is based on Truecrypt but with even stronger encryption. alt=thumbsup.gif>

Again, how do you know? Indeed, if it was truly impenetrable, then why abandon the project? For that matter, why did the TrueCrypt team post on their website "Using TrueCrypt is not secure as it may contain unfixed security issues". The reasons for TrueCrypt's developers' actions are unclear. The official reason - that Microsoft ended support for Windows XP - is clearly horse pucky. Could it be that they learned of an unfixable security loophole? Were they under pressure from the NSA to include security backdoors and didn't want to comply? Anything based upon TrueCrypt is now going to be suspect until the truth comes out. I most certainly wouldn't trust any product based upon TrueCrypt.

How do you know? It was several years after the NSA broke VPN encryption before Ed Snowden's leaks revealed they had. In all probability the OpenVPN encryption is broken too.

Granted just a blog but published earlier this year but it's likely more credible than some bloke on Thaivisa forum

https://www.bestvpn.com/blog/12269/openvpn-appears-safe-nsa/

Again, how do you know? Indeed, if it was truly impenetrable, then why abandon the project? For that matter, why did the TrueCrypt team post on their website "Using TrueCrypt is not secure as it may contain unfixed security issues". The reasons for TrueCrypt's developers' actions are unclear. The official reason - that Microsoft ended support for Windows XP - is clearly horse pucky. Could it be that they learned of an unfixable security loophole? Were they under pressure from the NSA to include security backdoors and didn't want to comply? Anything based upon TrueCrypt is now going to be suspect until the truth comes out. I most certainly wouldn't trust any product based upon TrueCrypt.

OK well anyone can speculate. There's any number of reasons why they could have abandoned the project. Governmental agency pressure for refusing to build backdoors into the software being just one but I'm thinking that if that was the case, where's the logic in believing that TrueCrypt volumes could now be vulnerable?

Maybe you should read up on VeraCrypt before dismissing it and spouting conspiracy theories.

http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html

The point I've been trying to make is that the NSA is prepared to move heaven and earth to ensure that individuals have no privacy and no security. For most of us that doesn't matter. However, if I were an Islamic terrorist (I'm not) or an aficionado of pictures of prepubescent children being raped (I'm not) I would not trust any of the products currently available 100% to guarantee that I remain out of prison, am not abducted on the streets and transferred to one of the USA's "secret" foreign torture camps, and will not have a weaponised drone appearing above my home and blowing me to smithereens.

As Herod Agrippa said to Claudius "Trust no one, my friend, no one. Not your most grateful freedman. Not your most intimate friend. Not your dearest child. Not the wife of your bosom. Trust no one."

Edit: messed up the formatting. Goldenrod text is new

Edited by AyG
mango66 Gold Member

mango66

Posted
Posted

Thanks to Ed Snowden's leaks we know that the NSA and GCHQ have broken VPN encryption. They did so back in 2010. What we don't know is how they've done it. There are two obvious possibilities:

(1) they have obtained the root certificates which are used to sign private keys

(2) they have found an exploitable flaw in the encryption standards. (The paranoid believe that the NSA introduced flaws into the standards themselves for this purpose.)

So, when you use the Internet you should assume that the NSA and GCHQ can see everything you do when using a VPN. However, given the massive volume of data which passes through the Internet, they can't spy on absolutely everything, so unless you're being specifically targeted for investigation, you're probably relatively safe.

Also be aware that after communication is decrypted it can be visible to anyone monitoring the website you've connected to. So, for example, if you were researching how to make chemical weapons, it's possible (or even probable) that the US authorities would know what you've been doing.

you can tell it propably open:

all your adresses and conversations already on watch and stored !!

they beleave to seat above good !

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...