Using VPN and Tor (Onion Browser) on iOS 

If you’re looking to improve your privacy on your iPhone or iPad, you may find yourself considering a VPN or the Tor network. Unfortunately, things get a little tricky when it comes to iOS, regardless of whether you’re only using Tor or combining it with a VPN.

Apple’s iOS operating system has some limitations that can make true anonymity more difficult to achieve. In particular, the use of WebKit, Apple’s proprietary browser engine, is one of the biggest hurdles privacy-seeking iOS users are likely to face. In this post, we’ll explore the issues of using a VPN and Tor on iOS, whether they’re safe, and what your best options are.

What are VPNs and Tor (and why use them)?

VPNs and Tor are two of the most powerful and popular tools when it comes to online privacy. Yet they work in different ways and provide different levels of protection.

What is a VPN?

A VPN, short for Virtual Private Network, takes your iPhone or iPad’s internet traffic and routes it via an encrypted tunnel to a secure server in another location before forwarding it to its destination. Encryption ensures your ISP and other snoopers can’t see what you’re doing online, be it the websites you’re visiting or the data you’re sending.

Websites and services you visit will only see the IP address of the VPN server. This is not only advantageous for privacy, but also as a means of bypassing geographic restrictions. Connecting to a server in another country allows you to spoof your location, helping you sidestep geo-blocking.

What is Tor?

Tor, short for The Onion Router, is a decentralized network that anonymizes internet traffic. When you use Tor, your encrypted internet traffic is routed through three random servers (often referred to as “relays”). Each relay peels away a layer of encryption, much like the layers of an onion, until the decrypted data reaches its final destination.

Although Tor is slower than a VPN due to the multiple layers of encryption, it offers stronger anonymity. You don’t have to place trust in a third party as you do with a VPN, and Tor has the added advantage of being free (although free VPNs exist, we don’t recommend them).

Why use a VPN and Tor?

People use VPNs and Tor for a range of reasons, including the following:

• Secure sensitive data such as emails and payment information
• Protecting privacy from ISPs, governments, and other snoopers
• Accessing geo-blocked or government-censored content
• Circumventing surveillance in oppressive countries
• Researching sensitive topics without being tracked
• Safeguarding communication for journalists, activists, and whistleblowers

Some people choose to combine both a VPN and Tor to add an extra layer of protection when browsing. The effectiveness of this really depends on how it’s done as well as which device is being used. Indeed, there are some things to take into account with a Tor+VPN setup on iOS.

The iOS WebKit limitation

All browsers on iOS have to use Apple’s WebKit engine. Even privacy-focused browsers such as Firefox, Brave, and the Onion Browser, the latter of which connects to the Tor network, are all built on the same underlying technology.

If you’re using the Onion Browser on iOS, it’s still based on Apple’s modified version of WebKit. This differs from the official Tor browser on desktop, which, based on Firefox, can be extensively customized for privacy and anonymity.

This restriction is problematic for a few reasons, primarily because it limits the Onion Browser’s ability to implement some of Tor’s most powerful privacy features. For example, it can’t fully prevent JavaScript-based fingerprinting, a technique websites use to track users without using cookies. Instead, it relies on collecting unique details about your browser and device setup. This can include the following:

• Operating system and browser version
• Screen size and resolution
• Timezone and system language
• Installed fonts and plugins
• Whether you’re using dark mode
• The way your browser renders images or processes JavaScript

Individually, this information is fairly harmless. However, when combined it can form a unique fingerprint that’s capable of identifying and tracking you across different websites. In fact, it can do this even if you’re using Tor and blocking cookies.

Onion Browser also lacks first-party isolation, which prevents different websites from linking your activity across multiple tabs or sessions. As a result, although the Onion Browser on iOS routes traffic through the Tor network, your anonymity isn’t as well protected as if you were on a desktop using the official Tor browser.

Is the Onion Browser safe to use?

The Onion Browser is the best way to access the Tor network on iOS. It’s open-source and even endorsed by the Tor Project. For these reasons, many users find it to be a safe and useful tool for improving privacy on iOS. If you’re looking to browse .onion sites or hide your IP address from websites, the Onion Browser certainly does the job.

Whether the Onion Browser is safe really depends on your threat model. Due to the fact that it runs on Apple’s WebKit browser engine, Onion Browser lacks some of the advanced protections found in the desktop Tor browser. These include not fully blocking fingerprint techniques or isolating websites from one another. As a result, it’s easier for sites to track you across sessions or identify your device.

Even with its limitations, the Onion Browser is still more secure and private than Chrome, Firefox, Safari, or any other mainstream browser on iOS, provided you’re using it correctly. The Tor network routing hides your IP address and anonymizes traffic. It also blocks trackers by design.

The Onion Browser is perfectly suitable for casual browsing, but you may want to reconsider if you plan on using it for more sensitive activities such as evading surveillance.

Combining a VPN with Tor on iOS

It’s possible to combine a VPN with Tor on iOS, but you’ll find it’s more limited than what you can do on a desktop. On iPhones and iPads, you’re largely limited to the following configuration:

VPN + Tor (Tor over VPN)

A Tor over VPN setup is very simple in that you only need to open your VPN, connect to a server, and then launch Onion Browser on your iPhone or iPad. There are several benefits to doing so.

By connecting to a VPN first, you’ll hide the fact that you’re using Tor from your ISP. This is useful if you’re using Tor in a country where Tor usage can raise red flags – even if you’re not actually doing anything illegal. Oppressive governments may associate Tor traffic with bypassing censorship, cybercrime, accessing the dark web, or whistleblowing.

If Tor usage is logged or flagged in your location, connecting to a VPN first means your ISP only sees encrypted traffic going to the VPN server. This is less likely to stand out if more people use VPNs than Tor in your country. Having said this, if using Tor is an issue in your country, it’s unlikely that VPNs are looked on more favorably.

Tor over a VPN protects Tor from local network monitoring. If you’re on public wifi or a network you don’t entirely trust (in a school or workplace, for example), your VPN encrypts all traffic before it leaves your device. If a network blocks access to the Tor network, a VPN can potentially help you bypass it. The network will only see a VPN connection and not a Tor connection. Some VPNs obfuscate connections, disguising VPN traffic as regular web traffic so a network may not even know you’re using a VPN.

Likewise, you may want to prevent Tor entry nodes from seeing your real IP address. However, there are some cases where using Tor over a VPN doesn’t help that much. A VPN doesn’t make you entirely invisible and, in reality, just shifts trust from your ISP to your VPN provider. If you’re under high surveillance or have a high-risk profile, other tools such as a Tor bridge may be more appropriate.

Tor + VPN (VPN over Tor)

The other setup is far less common and involves routing your traffic through Tor first and then tunneling out through a VPN. This typically requires advanced configuration. Indeed, iOS doesn’t really allow this kind of custom routing between apps.

The potential benefit of a VPN over Tor is that you can then hide Tor usage from the destination site and encrypt exit traffic. This can give you access to sites, apps, and services that otherwise block Tor connections or prompt Tor users with incessant CAPTCHAs.

Setting up a VPN over Tor is more complex, but it can be helpful for individuals seeking to access websites that block Tor traffic.

How to browse safely on iOS

Most people don’t need to use both a VPN and Tor. Further, iOS does have some built-in security strengths, such as sandboxed apps and strict app store controls. It’s just that when it comes to online privacy and anonymity, iOS users are somewhat limited by Apple’s mandatory WebKit for all browsers.

Here are a few things you can do to browse more safely on iOS:

1. Use the Onion Browser

Although it may not be perfect due to WebKit, Onion Browser remains arguably the most private browser option available on iOS. It routes your traffic through the Tor network, hides your IP address, and grants access to .onion sites. Selecting the “Safest” security level disables scripts and reduces tracking risks.

2. Use a reputable, no-logs VPN

The Onion Browser only encrypts your browser traffic and not that of your apps. A quality VPN securely encrypts all of your iPhone or iPad’s traffic. It also hides your IP address from both your ISP and websites you visit. It’s important to choose a reputable VPN provider that has a strict no-logs policy – preferably one that’s been independently audited to prove it.

3. Use a privacy-focused browser (when not using the Onion Browser)

One downside of the Onion Browser is that, due to the layers of encryption involved, it can be quite slow. It may not always be suitable for casual browsing and is certainly not compatible with bandwidth-intensive activities such as streaming or online gaming. For this reason, you may want to find a privacy-focused browser when you’re not using it. The likes of DuckDuckGo and Brave have a much better reputation for privacy than Safari or Chrome, as they block trackers and enforce HTTPS.

4. Limit tracking and data sharing in iOS settings

You can reduce the amount of data that apps, advertisers, and even Apple can collect about you in the background. This lowers your risk of being profiled or tracked across different apps and services. To do this, go to Settings > Privacy & Security and review the following:

• App tracking transparency: Disable tracking for all apps.
• Location services: Set to “While using the app” or disable where not needed.
• Analytics & Improvements: Turn off iPhone Analytics and sharing with Apple/developers.

5. Be aware of your digital footprint

You can reduce your digital footprint by regularly clearing your browser’s cache and cookies. Some browsers, such as DuckDuckGo and Onion Browser, include auto-clear options. If you’re trying to browse anonymously, it’s best not to stay logged into accounts.

VPN and Tor on iOS: FAQ