Yeah that’s what I was about to say I run VPN and it sometimes slows down the connection while using TOR so I’ll pause it to do what I need to do
Just to be sure, so you’re saying it’s better to not use VPN together with TOR at all ?
VPN → TOR, then that’s fine. But if you accidentally run TOR → VPN
Your diagrams would be clearer as:
VPN server -> TOR entrance, then that's fine. But if you accidentally run TOR exit -> VPN server
The fact is wether you use a VPN or not your still blending in with other Tor users. The difference it makes is only the entry node which no one can view anyway unless it’s an authority or criminal running that entry node. This is why a VPN becomes safer with Tor. Wether the VPN logs or not it’s better than your own ISP in first place especially considering if you can find a provable VPN provider that actually doesn’t log including mullvad VPN.
If you’re concerned about the VPN provider leaking your identity, then it doesn’t matter whether it comes before or after Tor. The only thing that changes is what they have access to, in VPN + Tor, they know who you are, where you’re from and that you’re using Tor. In the Tor + VPN setup, they don’t know where you at, but they know you and what you’re doing online, so in the context of a non anonymous VPN account, it depends on what you want to hide.
In the case of an anonymous VPN account though, VPN + Tor is pretty useless since it reveals everything about you to your VPN provider, but Tor + VPN is actually not so bad in theory, since you connect through an anonymous endpoint to another anonymous endpoint. This lets your ISP know you use Tor on the other hand, so you might want to throw in a bridge there. It can be pretty tricky to set this all up correctly though.
WIth that being said, for a large majority of the users, Tor is sufficient and adding a VPN only adds unnecessary complexity.
I might be wrong as well, but one of the things Tor does to keep you protected is frequently changing your route across the network. Both running VPN + Tor or Tor + VPN defeats this purpose by adding a permanent begin/end point. Also, is important to distinguish between a VPN belonging to the user and a commercial VPN. It doesn’t matter how good is the reputation of a commercial VPN, they’re always choosing to protect themselves before protecting an user.
useful if you trusted the VPN more than your ISP
Even if you don’t, it’s good to compartmentalize: your ISP sees some of your data (mainly, your ID) and the VPN sees other parts (mainly, the IP addresses you access). Even if both are malicious, each has less data than the ISP would have if you didn’t use VPN.
One HUGE downfall of VPNs is they usually have a user-id / password that you use to gain access.
Except if you signed up without giving ID, where does this get the attacker ? It’s easy to give no ID to a VPN, all they care is that payment works.
Which starts:
You can very well decrease your anonymity by using VPN/SSH in addition to Tor. (Proxies are covered in an extra chapter below.) If you know what you are doing you can increase anonymity, security and privacy.
All you need to know is “run VPN first”. Then you have Tor over VPN, and VPN is protecting any non-Tor traffic your system does. Tor over VPN is a good configuration to use.
You label “Tor over VPN” as “useless and unnecessary”. But it’s not. VPN doesn’t help or hurt the Tor traffic. But in that config the VPN is protecting the non-Tor traffic your system does. And it does plenty, at unpredictable times: email, chat, updaters, services, etc.
Tor over VPN is a good and useful configuration. VPN is there for the non-Tor traffic.
Just use Tor!
If you mean “Tor browser”, then you’re not protecting the traffic of any other apps or services. VPN would do that.
If you mean “Tor network for all traffic”, then: onion is blocked more often than VPN, onion lower performance than VPN, and onion doesn’t handle UDP.
TOR is just a browser masking your IP address and a VPN protects your entire connection. If you are using Windows, keep the VPN running at all times.
If the VPN you are using sells you out, you’re cooked. Both are fine, but whoever controls entry and exit nodes of your computer owns you nonetheless.
To be ‘safe’, use a library computer with no CCTV cameras, boot from Tails Linux USB stick, run Kali Linux, do whatever you want, dump the USB in a dumpster, and leave. There, you will be ‘safe’ from the authorities.
It probably means “I’ve read other explanations here and I’m still confused, can I have a simpler explanation ?”
To me it just means to dumb it down for OP to understand better
Using Tor is not enough, there are ways they catch people even when they’re using Tor. They caught a guy at Harvard (I think) because he was the only one on the LAN using Tor at the time of a bomb threat sent through Tor. If you’re buying drugs online, maybe you can order safely through Tor, but then you have to pay somehow, and take delivery somehow.
But while you’re using Tor, maybe something else in your system will do normal traffic in the background. Maybe your email client, or a chat app, or some updater. You want that traffic protected by the VPN, don’t you ?
It just depends on your setup. VPN + Tor is a little more complicated than Tor alone, and if you screw it up, that might not be good. But that’s not the end of the story
For example, I almost always use a VPN. Sometimes I want to use Tor. If I’m supposed to disconnect from my VPN and then start using Tor, that’s actually creating a level of complication. It also creates a risk that I might forget that I’m not on my VPN, and then my ISP will be able to see all of my non-Tor traffic.
The general consensus is it’s better to not use a VPN with Tor.
it is impossible to accidentally put vpn after tor
VPN defeats this purpose by adding a permanent begin/end point
If you don’t use VPN, then your ISP is the “permanent begin/end point”. Little difference.
VPN over Tor is bad. Tor over VPN is fine, all the VPN sees is the Tor entrance node IP address.
you are half right
tor picks 2 nodes for the first hop and sticks with them for 120 days.
this is done so that an adversary who runs lots of tor nodes can deanonymise a subset of users sometimes rather than everyone sometimes (but less frequently).
if the vpn isn’t really relevant to this point but what others have said in this thread still stands. use a vpn with tor.