Onion Over VPN is a NordVPN feature and, generally speaking, a type of Internet access setup that’s been gaining popularity among the most hardcore believers in online privacy for quite a while now. It’s somewhat similar to a double VPN, except it doesn’t use a second virtual private note for rerouting traffic and instead opts to replace it with a crowdsourced network of computers doing almost the same thing – tunneling traffic in order to make themselves harder to track or identify.
“Almost” because the main draw of the Tor Network for many isn’t enhanced security but access to less… censored parts of the Internet. Neither the Tor Browser nor its network are illegal in any shape or form, but many of the so-called Dark Web domains, unlisted domains hosted through multiple layers of encrypted, rerouted traffic most certainly are. As the home of the worst face of humanity lending a platform to human traffickers and other vile criminals and collectives, the Dark Web has been a heavy burden to The Tor Project’s legitimacy since its inception in the mid-noughties.
Yet millions remain drawn to Tor every single day, lending to the rise in VPN setups involving The Onion Browser. Some industry leaders like NordVPN are now even promoting the idea of pairing virtual private networks with Tor.
Setting human curiosity aside, if you’re considering what’s commonly called the Onion over VPN setup because you believe it will strengthen your privacy protections online, we’d urge you to reconsider that notion. Using Tor over a VPN connection will, in most cases, amount to an absolutely miserable Internet browsing experience. Even the best VPNs in business have days when their networks are struggling to keep up, ultimately tanking your speeds.
Drop the onion to the ground and get your minds some fresh air
Then there’s the more paranoid crowd subscribing to double VPN setups which are, naturally, even less reliable, though it can’t be argued they don’t offer better security while further mitigating the risk of having one’s identity exposed online. That trend continues as you move to triple VPN territory and beyond, but a VPN-Tor-Browser combo is when most logic has to go out the window.
As a free platform with crowdsourced infrastructure, Tor is, by itself, as sluggish as browsers come, which is by design. But what many users approaching it like a free VPN alternative aren’t aware of is that it has a much worse track record with cybersecurity incidents than virtually any VPN provider still in business.
The Tor Project is a noble initiative promoting open-source excellence, but it’s also a platform whose users are actively targeted not just by petty criminals fishing for cryptocurrency but entire government-funded deanonymization campaigns. In many real-world scenarios, replacing a traditional IPsec VPN with The Tor Browser results in a worse online experience and higher security risks, doubly so if in an Onion over VPN system.
Perhaps the biggest issue with the project is that while the browser itself is a legitimate app, joining its rerouting network with malware-riddled servers is apparently still all too easy to achieve and there’s really no helping it. No software is perfect, few can be systematically targeted as consistently as Tor, seeing how it has its fundamental design is essentially just a massive attack vector.
The bottom line is that being a privacy-minded netizen and Tor Browser user aren’t necessarily mutually inclusive things, but for the love of Jeff Bezos, think twice before expecting to use it as a replacement or complement to your VPN. If you’re concerned about your ISP knowing you’re a Tor user, you should probably be looking into switching providers anyway. Granted, doing so unfortunately isn’t an option for everyone in the U.S. any longer, though that’s pretty much the story of the Internet’s history as a whole.