I came along that article explaining why using TOR alone, without a VPN is better.
What do you think ?
I think the source is reliable.
Is Brave browser using “Private window with TOR” sufficient ?
Or better combine it with VPN ?
This is a somewhat complex and highly debated topic. I’ll try to do my best to narrow it down and simplify:
TOR is a decentralized approach to connecting to an endpoint. VPN is a centralized/single-point (for the most part) method.
What this essentially means is you don’t need to trust a single company/provider when using TOR. It’s “trustless” by design, allowing you to rely instead on the algorithms and coding behind how it handles your data in a decentralized fashion with many different trustless nodes.
Trustless doesn’t mean they cannot be trusted, per se, it means they don’t have to be trusted because no single node is fully relied upon for handling unencrypted traffic.
With VPN you do need to trust a single point of contact…not necessarily to not read your data as it is encrypted…but moreso to not log or monitor your activity and IP address. Activity being what sites you are visiting (which your ISP can also see if not being encrypted).
With both TOR and VPN connections, your ISP will no longer be able to identify what sites you visit. However, with TOR, the entry and exit nodes, the node you connect to originally and the node that connects to your desitnation (like the node that ends up actually getting the data from the site you’re visiting), are your security risk points. In addition, your ISP CAN see if you are connecting to a TOR node. This isn’t necessarily a bad thing or unwanted in general, it depends on your own security and threat model. The TOR node you connect to can also see your real IP. An adversary would need to do traffic analysis attacks on you to see your real IP and the associated online behavior you’re conducting, to make that connection of behavior to identity…which does happen and isn’t as difficult as you might imagine. Especially when your entry and exit nodes are compromised or owned by your adversary (also happens, not just theoretical).
With VPN your ISP can also see you are connecting to a particular IP…which they could if they wanted identify to a VPN provider. But again, the sites you visit etc are encrypted in your VPN traffic, so all they can see is a connection to an IP…that’s it.
The VPN is your “node” in this case, and if they wanted they could see what sites you’re visiting (unless you are using multiple VPNs layered together, or VPN → TOR), and the VPN provider can also see your real IP. So if your VPN provider is either logging your activity, even just your IP, either a traffic analysis attack can be performed on you or just a demand for data in some way by your adversary. I’m not just talking “legal” demands, there are many adversaries who are not legal and are working hard to perform these tasks for their own betterment…like going after journalists.
In addition, even if your VPN provider does not log, they may be coerced or forced into providing monitoring of their systems in real-time to reveal this information…and they can be the target of this if they don’t have strong privacy protocols in place for account creation, payment and management.
For example, ProtonVPN uses a traditional email/password style for logins. This is very bad imo. Sure it’s easier and unlikely you’d lose access after you paid if you forgot your password. But this “ease-of-use” trade is trading for privacy and security. Mullvad, on the other hand, has a system which autogenerates a unique ID for you when you sign up, which is in no way tied to your payment after 40 days from paying (they offer 30 day money back, so there’s a 40 day window of slight risk). It’s unlikely an adversary would be able to mobilize fast enough to enter through that 40 day window. In addition, Mullvad does not have any other personal data you can even give them, no email, no name, etc. If you forget your account number you’re out-a-luck pal but the trade off is a safer system, which an adversary would be hard pressed to verify you use. Except they do allow you to use card or bank payments…but they also accept cryptocurrency and even cash in the mail, to give you the ability to have the highest level of security and privacy possible.
VPN → TOR is often discouraged, mainly because it doesn’t usually make sense and is best in a particular set of threat models.
For example, you may not want your ISP to know you use TOR, so you do VPN → TOR. That doesn’t mean you are less secure either, it just means you’re placing your trust in being seen as using TOR in your VPN rather than your ISP. Technically it doesn’t cause some extra expose.
Or perhaps you want to ensure your real IP address is never at risk of being captured in a traffic attack or seen by a node. Again, you are placing your trust in the VPN to ensure that doens’t occur.
So the real argument about vpn vs tor or why not vpn->tor, usually comes down to who do you trust and why and with what. Every piece you add also includes the possibility of another point of risk and trust being violated. So stacking 10 VPN connections up doesn’t necessarily make it safer and sometimes can make it less secure due to this trust principle.
Even if a VPN provider says they don’t log, still means you have to trust that they actually don’t. That’s where reputation, transparency, and history come in. Do your research and find a long-standing provider who has a solid track record of trust and transparency and you’re on the right track.
Oh and by the way, you don’t need a special “TOR VPN” feature, like proton offers, to do this. They are just making it simple and marketing to an audience. Any VPN can be used as your gateway to TOR.
EDIT: I forgot one other important factor with regard to VPN providers…and this pretty much applies to all of them: Even if they don’t log or monitor you in any way, they are running their service using servers in a datacenter. The datacenter obviously also has connections to the Internet, which involve routers and firewall hardward. This is another point of risk, regardless of how good your VPN provider is at securing you once you hit their server, they cannot always guarantee (depending on the server you are connecting to and where it is housed and how it connects to the Web) that your incoming or outgoing traffic won’t be actively monitored.
So it is still possible and even likely in many cases, that traffic to/from the datacenter wherein the server is physically located which provides the VPN connection is compromised in some way, logging all traffic, actively monitoring for any number of groups or organizations, etc.
This is why it’s also important when choosing a VPN provider to see transparency on how they are configured physically in their hardware/server implementation. If they don’t tell you what servers are “owned” vs “rented” for example, that’s not very good or helpful in supporting your privacy needs. Also, just because a server is “owned” doesn’t mean it’s 100% secured. Again, the Internet has to connect to it. If that “pipe” coming into the datacenter is not also owned by the provider, you are still establishing a connection wherein an adversary could see your real IP address if they had access to the routers and similar hardware handling the incoming traffic to that server.
That’s the jist of that part anyway, there’s a lot more to that also. So the ideal situation is that your provider owns the datacenter and has a top tier internet “pipe”. Still not impervious, but that’s ideal…Next best would be they own the servers within the datacenter AND have an exclusive “pipe” to the internet, which does not touch any other router or hardware device within the datacenter and is all secured with exclusive access to your provider only.
I’ve worked in many datacenters, and even those that house systems where the company owns the internet pipe/has an exclusive connection incoming to the data center, often don’t secure their hardware, leaving their Cisco devices not only physically accessible but leaving default logins or sharing their logins readily, sometimes even sticky notes on the devices, to make their jobs easier so they can get the grunt workers in the datacenter to be their hands-on if something goes wrong.
Imagine if your adversary discovered you use a VPN, discovered which one, discovered what IP you commonly connect via (giving them the physical region of the servers), and simply got a job working at the datacenter, then eventually gained access to a router.
To be clear however, when you establish a VPN connection the data is still encrypted. So an adversary actively spying on a router/connection isn’t going to just be able to see plain text, but they will be able to identify packet sizes, destinations, ports, and originating IP addresses. This is why some people use several VPNs, or bridged VPNs, to help obfuscate their connection and packet footprints and make it harder for a single point to successfully or easily/quickly do a traffic analysis attack and associate it with an originating IP.
Sorry for the big edit, but this is a crucial consideration in the entire picture that most people don’t realize or think about and most VPN providers don’t talk about.
I won’t touch Brave, look up their privacy policy and TOS. From the TOR project, I believe they say if you want to use a VPN, connect direct to TOR first, then turn on VPN, you can find the explanation on their site. The bad is if you are on a VPN, yes, it is another way of hiding your identity, but is it leaking, is it only giving you one route? My opinion, always run Tails from boot on usb with persistence and forget the VPN.
If using a normal OS, use a VPN. And if you want to use Tor Browser, do Tor Browser over VPN (leave VPN running as usual, then later launch Tor Browser):
In “Tor Browser over VPN” configuration, VPN doesn’t help or hurt Tor Browser, and VPN helps protect all of the non-Tor traffic (services, cron jobs, other apps) coming out of your system while you’re using Tor browser (and after you stop using Tor browser). Using a VPN and letting the VPN company see some info is better than letting your ISP see the same info, because the ISP knows more about you. So leave the VPN running 24/365, even while you’re using Tor Browser. [PS: I’m talking about running TB in a normal OS; Tails is a different situation.]
That said, neither VPN nor Tor/onion are magic silver bullets that make you safe and anonymous. VPN mainly protects your traffic from other devices on same LAN, from router, and from ISP. Tor/onion does same, but only for Tor browser traffic; also adds more hops to make it harder to trace back from the destination server to your original IP address, and also mostly forces you into using good browser settings. Both VPN and Tor/onion really protect only the data in motion; if the data content reveals your private info, the destination server gets your private info.
I don’t trust whoever runs Exit nodes, but I trust ProtonVPN, simple as.
Brave - https://www.enterprisetimes.co.uk/2020/06/09/brave-browser-accused-of-trust-breach/
VPN plus Tor = 
If have no words to thank you for that fantastic explanation !
Thanks for your time and making me understand all !
Very good explanation. It is sometimes hard to explain that VPN and Tor have two different use cases and trust models. The need for one, or both, depends on the user threat model. I would add that protecting privacy and anonymity are different use cases.
People trying to stay private and anonymous should also use tracker blocking (I think this is partially built into Brave) and protect their DNS by using encrypted DNS along with a resolver that uses DNSSEC. Depending on the network being used, it may also be needed to validate DNS traffic is not being transparently redirected by a firewall.
I wish I would have read replies first, I gave a brief comment, you put in some work!
With VPN you do need to trust a single point of contact…not necessarily to not read your data as it is encrypted…but moreso to not log or monitor your activity and IP address.
This is a red herring. Without a VPN, you’d have to have the same level of “trust in a single company”: you’d be trusting your ISP instead of the VPN.
And trusting the ISP is far worse, because the ISP knows far more about you: your name, home address, probably phone number, maybe sees your phone and TV traffic.
Use a VPN, not to help Tor, but to shield all of your non-Tor traffic from being visible to your ISP.
For example, you may not want your ISP to know you use TOR, so you do VPN → TOR.
This is a common argument, but you don’t need a VPN to do this. Tor offers a thing called bridges, which you should use if you don’t want your ISP to know.
That was awesome - thank you!
Damn I want to be your friend
So we are basically screwed in terms of privacy
Running Tor over a VPN means that everything you’re browsing is going through the VPN’s servers before they hit the Tor newtork so your ISP can always request the VPN provider for logs of what you’ve been searching on internet.
The only reason why I’d use Tor over a VPN is when your you want to hide from your ISP that you’re using Tor.
You shouldn’t trust either. Or your ISP, or the data centers involved, or the other ISPs involved. Encrypt, compartmentalize, defense in depth, keep really private stuff off internet, maybe don’t do illegal stuff.
Tor standalone (with VPN)
or Brave with Tor (private window option) ?
It’s chromium based- how trustworthy could it be?
There is a 11 hour delay fetching comments.
I will be messaging you in 10 days on 2021-01-19 22:28:49 UTC to remind you of this link
CLICK THIS LINK to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) ^(delete this message to hide from others.)
No worries! The best security and privacy protection you can implement is knowledge, awareness, understanding, and intent.