Tor seems to shield your IP address just fine, and I’ve read that using a VPN with Tor can open up holes that weren’t there to begin with. Why should I, or why should I not, be using a VPN with Tor?
A VPN before Tor will only be useful if you somehow ended up with the incredible misfortune of having a guard node and exit node controlled by the same nefarious entity. Tor does a pretty reliable job of ensuring that this doesn’t happen though. A VPN after Tor makes it more likely that you’ll be deanonymized on the basis that the encryption provided by a VPN is only as strong as a court order and their actual logging practices make it. Tor is for the most part is an open source project. We can see with the code they use that they are not collecting any data, which means nothing to hand over in the event of a subpoena. Can you say with certainty that your VPN is doing the same?
Use a VPN before Tor, if you trust the VPN provider more than you trust your ISP. Let’s say that you’re in the UK, where ISPs have been forced to pwn their customers for the government. So then pick a VPN provider that’s relatively unlikely to cooperate with the UK government. See 10 Best VPN Services 2025: Security, Features + Speed for relevant information.
Well, there are three threat models.
-
Your government can force you to incriminate yourself and turn over passwords and steal your laptop. If this is the case Tails or Subgraph live with no persistence is ideal. If you need persistence use the built in encryption tools to upload encrypted files to the cloud. This gives you total plausible deniability. The threat here comes from the weaknesses in Tor and Tor Browser not your setup(unless there are backdoors)
-
You live in a country with protections against self incrimination. In this case a dedicated laptop running Qubes OS(built from source to limit backdoor options) and VPN(s) protecting Whonix on Qubes. This would take steps to make sure Tor and the Tor Browser are not the weak link.
-
You live in a country where Tor is dangerous to use. You have to find a way to hide it. You must realize that tor sends packets of the same size to avoid fingerprinting of the traffic, but this is unique to Tor. A VPN or meek bridge hides the connection to Tor with something innocent, but still exposes Tor usage on close examination. If this is your threat you wouldn’t be able to beat this if you are asking for help on reddit.
Note: If you do this for fun or to give the NSA and the like a hard time you probably don’t have to worry Ubuntu with Tor Browser is good enough.
I suggest using something like Whonix or Tails as they help isolate your machine. Tails boots from a Flash Drive whilst Whonix is run from a VM. Both OSs I believe are immune to DNS leaks but I may be wrong.
Hi! i want to bay marijuana or haz
No we do not need a vpn server while using tor, tor is connected to the dark web and is more safer than any vpn moreover I even if u use vpn for ethical pusrposes,its legal.Only if u use it for illegal and non cultural purposes it’s not allowed. Except.Porn
Why not use a bridge instead?
Really bad advice. Your vpn provider can pawn you.
Actually, what I wrote previously (below the line) is if you connect to a VPN over Tor. What you describe is connecting to Tor over a VPN, but what you talk about worrying about is the opposite.
So you don’t really make sense to me.
If you’re worried about the exit nodes you connect to, how is putting a VPN between you and your guard going to help? Because that’s what you’ll accomplish by following your advice.
Doing this will make all your traffic go over the same Tor circuit, which throws away a lot of security properties Tor gets you.
Doing this requires 100% trust in your VPN provider to not be actively malicious or accidentally malicious. In addition, you are trusting yourself to not screw up when paying for it or accidentally accessing it without Tor.
Who the fook is that guy?
What? How would your purpose for using Tor affect whether or not you should use a VPN?
Well, your ISP can pwn you, as well. And you have much more choice about VPN than ISP. So your call.
Jeremy Stephens looking for a new career.
Why? What concrete gain does a VPN get you that a bridge doesn’t get you? Why recommend a VPN over a bridge when a bridge doesn’t require trust?
You have to trust the bridge operator, no?
No more than you’d have to trust a guard. Go ahead and call this backpeddling or moving the goalposts, but when I said “a bridge doesn’t require trust” I mean “Tor as a whole doesn’t require trust. A single bad relay can’t do anything to attack you.” And I don’t see how adding a VPN–which requires trust–is gaining you anything.
If you’re arguing that a VPN hides your Tor traffic from your ISP, well a bridge does that too.
Why should a VPN be used instead of a bridge? Or, since you also suggested using both, why should both be used? What specific gains do you get from these two suggestions, and how do they apply to an OP that has said nothing about his security needs?