It is a little bit more complicated than that. VPNs are far worse than Tor for some sorts of privacy. The primary difference between Tor and a VPN is that with Tor far more people see your exit traffic. Some of those people log unencrypted exit traffic to spy on exit traffic for various reasons. With a VPN your exit traffic is concentrated often to a single point, and rarely more than a few. If this single point is not spied on then nobody is spying on any of the traffic. However, if someone is spying on that point then 100% of the unencrypted exit traffic is compromised by that attacker. Tor decreases the amount of information that any one attacker can intercept by increasing exposure to many nodes, although VPNs generally say they wont spy on exit traffic they are much more likely to be forced to by a court order and to comply with the court order. VPNs in most countries that don't deal with abuse traffic get shut down pretty quickly, and if its serious enough Abuse that the feds care they will spy on it at the VPNs data centers in many cases. Often times it is the upstream hosting provider who doesn't tolerate abuse traffic even if the police don't get involved. So in theory a VPN can offer much better privacy than Tor can by restricting all traffic to a single point that they protect from being spied on, and in some places this might even work like in Russia or other countries with providers who can ignore or delay foreign complaints, but generally almost all VPN services offer stronger privacy than Tor does only to people who are not breaking any laws, and worse privacy by far (100% of exit traffic intercepted by your primary attacker) to anyone who is breaking the law. VPNs also offer anonymity to various degrees, although most of them only to a very minimal extent. If you use a single VPN solution you automatically leak the small list of entry nodes you could be using, and you leak that you are someone who uses the VPN service. Different corporate structures seem to add strength to some VPN services claims of anonymity, instead of getting a court order to force a single company to hand over records they can use a split corporate structure with each node run in a different jurisdiction its own. Some services manage to offer pretty good protection from law enforcement, there are specialized cyber crime server hosts in countries like Russia that resist abuse complaints very well. In the end Tor and VPN services are both defeated by the same primary attack, entry/exit traffic correlation, and in either case it is only a matter of time for a dedicated attacker to be able to deanonymize a target, especially if they target a lot of people. Tor does protect from a significant number of attacks that VPNs do not protect from though, and Tor is widely considered to be substantially superior to VPNs, but there are case studies where targets using VPNs proved untraceable to FBI (although there are many case studies where people using VPN services were traced), however there are no examples of Tor ever having a user deanonymized by LE. The person who uses Tor and gets a bad entry:exit on their first circuit to SR is going to be screwed faster than someone who gets a VPN that isn't currently being worked on by LE. But don't take this to be an endorsement for VPNs , Tor is the clear winner. When it comes to more VPN type technology people seem to think JAP is the role model (and it has certainly received more technical scrutiny from the academic anonymity community than any other anonymity VPN service has) , they have a nice arrangement where node operators sign legally binding contracts saying they will not spy on traffic content or store headers or content without a valid court order in their jurisdiction forcing them to do so, and then they chain these nodes together into two or three hop international cascades often in countries without data retention laws. And that is great for the amount of time it takes LE to produce valid court orders on the path back to you (or even leak frogging potentially). Tor is great until you rotate to a new entry node that is pwnt by someone who can watch traffic arrive at your destination.