I don’t get why people say not to vpn to connect to tor. It adds another layer of security and if your provider doesn’t keep logs it is far better than your isp, which definitely keeps logs.
I’ve always wondered this same point too. I know the vpn is a single point of failure with potential to see your activity, but isnt that better than guaranteed logs from any ISP?
If you really want Tor over VPN, please at least don’t use these “super secure and private” VPNs (NordVPN, SurfsharkVPN, ExpressVPN), use something like Mullvad or IVPN.
It depends in the first place on who you want to hide from. The TOR Docu and many other sources tells you not to use TOR over a VPN Connection, bc many VPN Provider (Generell all that you know from youtube ads or something like that) are making money out of userdata and metadata that are harvested from your online activitys. Your ISP may collect some data like your IP at a given time or the connections that you are establish to a IP or even your DNS requests if you using the DNS from your ISP. But - at least in europe - your ISP never sells these data to other companys. If you use TOR over VPN, your ISP can´t see that you are establishing a TOR connection but he can see your VPN connection. Your VPN provider on the other hand can see all of your unencrypted traffic in plain and he also can tell that you are transferring encrypted TOR Traffic. Your VPN provider have a very powerful position in this situation and you CANT tell at any time that you are on a “save” VPN Server / provider that does not record all your activits. You can never tells whats happen on those VPN servers.
Statements like this “I have a trusted vpn provider” cannot be verified under any circumstances.
you don’t really need to tor over vpn. 3 layers of protection are more than enough, adding a 4th doesn’t add any benefits, it only makes the connection slower. vpn companies often make false ads about why you should always tor over vpn because they want to increase their sales which is what pisses off some people. The only harm that comes out of using tor over vpn is slow speed which isn’t that big of a problem, but their is no benefit either.
There’s no wrong in keeping your VPN on all the time, but it’s wrong to fall for false advertising.
People don’t say. They just reading documentation.
Because it doesn’t add much. While adding a VPN does add one more proxy hop, it’s a single step proxy. Any adversary able to defeat Tor’s three-layer onion routing almost certainly has the ability to overcome a single-stage VPN through either legal coercion or traffic analysis.
The logs are kind of a moot point. If your ISP keeps logs of your traffic then those logs now show “you accessed a VPN at X time” instead of “you accessed Tor at X time”. Why is this an improvement?
Tor / vpn noob here - So if I wanted to browse privately, I’d use tor on its own (using my normal isp’s service) with the vpn off, and if I want to torrent I just run my vpn in the background, correct?
Using a vpn defeats the purpose of a trustless system.
Use a bridge instead.
I’m my opinion yes. If you have a reputable paid no logs vpn it seems like it’d add another layer of security between your actual ip and the entry node. Also it would prevent the tor traffic from being seen by the isp As well.
isnt that better than guaranteed logs from any ISP?
Yes, because your ISP probably knows far more about you than your VPN does. ISP knows your name and home postal address. Probably knows your phone number and bank acct number. Maybe sees your phone traffic and TV traffic.
In contrast, it’s easy to sign up with a VPN using all fake data as long as your payment method works. VPNs cater to people who want to hide their identity; ISPs don’t.
Use a VPN, hide your traffic details from your ISP.
Any links on why the formers are not to be trusted
And I thought ExpressVPN has no logs policy.
The TOR Docu and many other sources tells you not to use TOR over a VPN Connection
No, they actually make much less strong statements such as “you may increase or decrease your security and privacy, depending on how you do it”.
many VPN Provider (Generell all that you know from youtube ads or something like that) are making money out of userdata and metadata that are harvested from your online activitys.
But if you’re using Tor over VPN, all the VPN can “harvest” and sell is “he’s using Tor”. The VPN can’t see what sites you’re accessing or any of your traffic contents.
Your VPN provider on the other hand can see all of your unencrypted traffic in plain
Yes, if you’re using HTTP, then VPN (or ISP if you’re not using a VPN) can see all of it. The lesson there is “use HTTPS”, not “don’t use VPN”.
Statements like this “I have a trusted vpn provider” cannot be verified under any circumstances.
True. Don’t trust either your VPN or your ISP. Encrypt, compartmentalize, give fake data, use blockers, etc.
I posted this cause some other dude just said never use tor with vpn. They may be following the documents but comments like that seem misleading.
You could do either but personally I have my vpn on while browsing tor as well.
The problem is your VPN provider can get information on you and if needed be they would hand it over to law inforcement without a second thought
Same is true of your ISP, if you’re not using a VPN.
Don’t use a VPN if you are doing something illegal
Use Tor or TAILS, but you could also use a VPN if you wish.
Use Tor over VPN, but not to help the Tor traffic. Tor doesn’t need help, and VPN doesn’t help or hurt the Tor traffic.
Instead, the VPN is there to protect the non-Tor traffic coming out of your system: other apps, updaters, email client, etc. That traffic can come out at unpredictable times.
So I run a VPN all the time, and sometimes I run Tor browser on top of the VPN.
Your ISP will see VPN use instead, which is no less interesting.
By using a VPN before Tor (i.e. packets leave the VPN and go to your guard node) you give yourself a fixed entry point, which may or may not be problematic.
Running VPN after tor (i.e. packets leave the Tor exit and hit the VPN provider) gives you a fixed exit point. The only benefit you get there is the VPN provider can’t see where you’re connecting from (so, if they know who you are because of your account details/payment messages, all you’ve done is add latency for no good reason as you’re literally getting no benefit)
VPN providers are fairly high value targets too, so there’s probably a higher chance of traffic being observed at that point than on your ISPs network (depending on ISP, country etc)
I’m guessing its be cause they reside in the “five eyes” countries and may collect logs or collaborate with 3 letter agencies. I use the term may lightly. I don’t personally believe this is a threat to the average user If they do any of the above but it’s down to peoples threat level and paranoia level. Though most people do not need the extra layer of security a VPN provides when using tor.