ForumTechnical Corner ► Tor vs vpn, or both?
What are the security differences between tor and vpn?
  
A VPN is a point-to-point encrypted tunnel that your computer uses as a gateway for network traffic. It's like having a secure connection to your home router while you're at a Starbucks:
* Hackerman over at the table in the back can't steal your logins because that traffic doesn't directly touch the store WiFi.
* Hosts you connect to see your connection coming from the remote end of the tunnel, not the physical network you're tunneling out of.
* Since remote hosts can tell you're using a VPN if they try (see previous), there may be some stigma attached. e.g. Watching region-locked TV shows, the provider may say "please disconnect your VPN to proceed". They may make some technical argument about quality of service, or straight up admit they want to verify your location.
* It's still somebody else's computer so you have to either trust the VPN provider not to snoop on your traffic or take precautions to stop them doing so.

TOR is very like a VPN from the end-user's perspective, but better in several technical aspects. Instead of one entry point there's a zillion of them, instead of one exit point there are many, and instead of data going from you straight to the VPN endpoint, traffic is bounced around several or many other TOR nodes before landing back on the regular Internet for final routing.
* Exit nodes are less common since a computer filling that role becomes the visible origin of a lot of sketchy Internet traffic so fewer people volunteer for it.
* TOR peer nodes can't see your data since it's end-to-end encrypted (exit nodes still could snoop since someone has to transmit the original packets).
* Routing within TOR is deliberately unpredictable to make it Really Hard to trace connections.
* TOR routing is by nature inefficient (see previous) so expect slowness.
* Everyone running TOR contributes to routing so expect increased inbound and outbound traffic on your computer and Internet connection as you help transmit data you can't read from people you don't know to destinations you can't predict. It really is a miracle this stuff works at all.
* Remote hosts may be able to tell you're using TOR since again, there are a limited number of exit nodes, and there is definitely stigma due to the perception that TOR is for people with something bad to hide.

In terms of security, a regular VPN is fine if you just need to protect your online banking session. Unless you're using a really dodgy provider, they won't be interested in individual-level thievery.
TOR brings the heavier firepower to keep dark-web stuff (and anything else) safe from law enforcement (and anyone else) snooping but it will be apparent you're up to something even if they can't see what. Remember that even though the technology works, there are a thousand ways to compromise your own opsec and if a government wants to crack your connections they just have to be willing to take the time and spend the money to do so.
  
Will it be able to protect me while I spy on a group of Discord raiders?
  
TOR is a transport mechanism and can't make Discord forget it saw you or otherwise change how that service works.

Now, I think what you're proposing is to use a Discord alt account to snoop on some people and you want to keep that account from being traced back to you? If so, yes TOR is the right tool for this sneaky job.
  
If it's only on Discord, your IP address is already invisible. There's no need to take that extra step. Just make an alt account.
  
eriophora said:
your IP address is already invisible
Do you know for certain that Discord clients are never told the IPs of other users' connections, even if it's not displayed in the UI? I mean at the protocol level. If that information ever gets sent to other users' machines then a suffciently-determined attacker can get the data. Whether by sniffing network traffic or inspecting the client app's memory while it runs. Hiding your physical home IP from Discord ensures there's nothing to leak.

Ifthere's money involved anywhere in this endeavour then the safe bet is to assume the people you're hiding from are going to be taking care of their own operational security. Furthermore if you're doing something snoopy that could be construed as cheating someone out of some cash-valued goods then your own "criminal due diligence", as it were, is to make sure you don't get caught.

I'm not advocating for or against anything in particular, just approaching the topic with a IT-security mindset. [edit: uh... don't do drugs, kids.]
  
Don’t worry, there’s no money involved, just raiders that claim to have hackers
  
Forum > Technical Corner > Tor vs vpn, or both?