[deleted]
It’s based on your threat model. Wouldn’t use it all the time but there are circumstances
Yes because while TOR is great protection for everything within the browser, my VPN provides at least a bit of protection across my entire system (Computer or phone).
I use Proton VPN, while the country list/speeds are limited on the free system, their free system is better than some paid systems out there.
If using a normal OS, use a VPN to protect normal traffic. And if you want to use Tor Browser, do Tor Browser over VPN (leave VPN running as usual, then later launch Tor Browser). That’s what I do.
In “Tor Browser over VPN” configuration, VPN doesn’t help or hurt Tor Browser, and VPN helps protect all of the non-Tor-Browser traffic (from services, cron jobs, other apps) coming out of your system while you’re using Tor Browser (and after you stop using Tor Browser). Using a VPN and letting the VPN company see some info is better than letting your ISP see the same info, because the ISP knows more about you. So leave the VPN running 24/365, even while you’re using Tor Browser. [PS: I’m talking about running TB in a normal OS; Tails or another all-traffic-goes-over-Tor setup is a different situation.]
That said, neither VPN nor Tor/onion are magic silver bullets that make you safe and anonymous. VPN mainly protects your traffic from other devices on same LAN, from router, and from ISP. Also hides originating IP address from destination web sites. Tor/onion does same, but only for Tor browser traffic; also adds more hops to make it harder to trace back from the destination server to your original IP address, and also mostly forces you into using good browser settings. Both VPN and Tor/onion really protect only the data in motion; if the data content reveals your private info, the destination server gets your private info.
Why do people always turning discussion from Tor with VPN into Tor vs VPN? and dismissing the actual concerns?
Lets address the first logic. Why hasn’t anybody been directly arrested because they were just using Tor Browser. We always see people being arrested because they had bad opsec outside Tor. Why are you sure that is the case? FBI/CIA would never admit they caught someone by exploiting Tor, this will prevent other criminals from using it. They will instead wait for secondary evidence (since they already know their target its not that hard to find) and officially blame on the worst opsec mistake for his arrest. It makes total sense to keep other users delusional that their threat model is safe. “Look how conveniently law enforcement are finding these people with silly mistakes, must have been an opsec mistake”
So, yes this is indeed a big concern. If you do not know if your single source of trust is compromised or not, its better to have multiple sources of trust. Any future exploit or any compromised developer (publishing compromised version) will easily put everyone’s security at risk.
Lets talk about VPNs. If you are using any mainstream VPN, its useless and doing nothing for your security. Lets assume your tor gets compromised as leaks your VPN IP. They will just simply give your real IP to law enforcement.
BUT if the VPN is something like Mullvad which you can pay with crypto-currencies and doesn’t log IP (or use public internet if you don’t trust), Tor getting compromised will not compromise you. So this is indeed a real concern and a real use of VPN with Tor. Don’t trust any service that provides VPN over Tor or Tor over VPN, just set-up your own.
Best set-up would be to use Qubes-OS with Tails and route Tails traffic through Mullvad VPN. So even if your entire OS get compromised you will have a second line of defense. If Mullvad gets compromised your Tor traffic will still protect you. Unless both (which are independent unique technologies) get compromised at the same time, you are still secure.
The only reason NOT to use a VPN is…
A. You trust your ISP more than your VPN.
B. You don’t want the extra latency.
C. You don’t want to spend money on it.
I’ve yet to see a single good argument against a VPN such as Mullvad before jumping onto the network.
i use a vpn for tor only cause i use a vpn for everything else
Yes, because my ISP actually blocks Tor.
I know I could use proxies but I am lazy.
No, and neither should you.
I don’t use a vpn because tor already doea what a vpn does
Wth? Why so many people do not use one, i dont care how secure you think you are, ALWAYS USE A VPN AND SECURITY SETTINGS TO THE MAX, create a new identity online instead of using your personal info and every half an hour clear your identity, stay safe y’all
So guys should I be running vpn while on tor or not am I better if just using tor and no vpn I need an expert opinion and i get vpn services sell data I have heard it’s worse to use vpn and better someone give it to me straight
Exactly bro and as the saying goes many sketchy tor users get caught in the meatspace that is compromising their opsec in the real world, rare are the people who get caught because they didnt use vpn while browsing tor. Infact i read somewhere that if you use a vpn you are just a subpeona away from getting caught.
Controlling entry and exit nodes isn’t enough to identify who is doing what. You need all three nodes.
You only need to control two, where you can match traffic entering and exiting the network. Tor does not defend against this type of attack, known as end-to-end corrrelation
Do you really think the smart people running Tor don’t understand the possibility of nodes being compromised? Do you not thing they are watching for this? Do you not think they have nodes they trust that analyze the behavior of the entire network, looking for things like this? .
The problem with this line of thinking is that sybil attacks have gone undetected in the past. It’s not a trivial thing to defend against, by any means.
VPN only protect traffic if you are on a un-trusted network and your VPN is running on a network that you trust
Apparently it does. There’s still people out there making people think that the VPN → Tor approach is the same as the Tor → VPN approach. You can make a case for “unnecessary”, but that’s up to each user. Some think that using Tor on Android or IOS is a good idea, and that using Tails or Whonix is “unnecessary”. It’s 100% up to each player. However, from my perspective IOS and Android are really bad options, but I won’t judge.
I’ve yet to see a single good argument against a VPN such as Mullvad before jumping onto the network.
you can just use a bridge
would the NSA snoop twenty ISPs or or one mullvad
You can very well decrease your anonymity by using VPN/SSH in addition to Tor. (Proxies are covered in an extra chapter below.) If you know what you are doing you can increase anonymity, security and privacy.