I was wondering if using a VPN service with TOR could be a detriment to security in anyway? I was thinking that using a VPN could be a good way to hind the fact that any connection to the TOR network was ever made from the ISP. I am aware that TOR encrypts the data being sent over the network so the ISP already has no idea what’s being accessed, but I was thinking that a VPN could make things slightly even more secure seeing that they would see where the VPN connected opposed to TOR. I know this is really relying on the VPN truly being logless and trusted, seeing that the VPN provider could easily have records of all the connections made to TOR, so this may only really be adding a slight extra step to someone trying to find out if any TOR connections where made. From what I can see this dosn’t seem like it would take away from the security TOR offers and could even add better security or at least make things slightly harder, but I’m not really sure. My big concern is that the VPN provider could some how see the unencrypted TOR data, but I have no idea if that could be possible.
Also, for extra clarity, I live in a country that doesn’t try to block or normally even monitor TOR traffic, and my VPN provider claims to be logless and doesn’t require personal information during signup and was paid for using Monero (a crypto currency).
Do not use a VPN as an anonymity solution. You can very well decrease your anonymity by using VPN in addition to Tor. “Using a VPN with Tor is not the obvious security gain that people make it out to be. Users may not lose any safety by adding a VPN, but they certainly aren’t gaining any.” — Matt Traudt.
Commercial VPNs are in business for one reason: financial profit—profits come first.
Not an expert at all. This question is asked a lot.
r/tor wiki has good info.
Tor does NOT encrypt data.
Tor provided anonymity but not privacy.
Exit nodes can see and log your traffic and destination if they wish.
I recall that using a VPN is not recommended with Tor by the EFF because of the need to trust the vpn and because their logs may allow traffic correlation. Using a vpn will avoid your ISP knowing that you are using Tor.
It’s importantly to add here that Tor isn’t designed to hide you are using Tor from an active adversary. Bridges let you “hide” that you are using Tor from a censorship box (for example government run firewalls) however if someone is manually analyzing your traffic they’ll figure out you are using Tor and could take steps to make using it harder and just record you are using Tor at a certain time and date.
I use a bridge (run on a VPS at a low profile data-center in some other country - that’s all we’ll say here) since my university blocks direct access to Tor. They probably know I’m using Tor if they look at my traffic but don’t have an easy way to identify which traffic is my bridge traffic in order to block it. I can easily order more IPv4s and generate new bridge keys so it’d be playing wack-a-mole.
Again it depends on threat models. I don’t want my university to have a log of every website I visit. That said I can’t stop them from knowing when I use the network nor can I hide the fact I use Tor if they specifically choose to target me or Tor/VPN users.
Is driving with windshield wipers on a good idea? Sure - when it’s raining. Will it hurt to run windshield wipers when it’s not raining? No, but it still pretty fucking stupid. Same analogy for your question about VPN with Tor.
I use it extra layer of protection. Look on deepdotweb they recommend you do it. It keeps your ISP from knowing every time you use to You could also use a bridge for that.
Thanks for the reply and links! Having sources to look over is very much beneficial. From what I’ve read, it looks like the use of a VPN doesn’t really contribute much in terms of protecting you from others seeing the use of the TOR network, and may even be pretty dangerous.
You’re right of course - just to clarify though, and I realise you know this, Tor only does NOT encrypt data once it’s passed through the tor network to an outside resource. Once it re-enters Tor it’s obviously encrypted again back to the users browser.
Tor does not encrypt data that will be handed to your endpoint - it DOES encrypt data travelling between those two states.
HTTPS and similar is encrypted from your client (browser) to the receiving server, Tor doesn’t change that.
Just to not give anyone the impression that there is no encryption involved.
Tor does NOT encrypt data. Tor provided anonymity but not privacy. Exit nodes can see and log your traffic and destination if they wish.
That’s exactly what Tor does - encrypts data to exit node. “Privacy” is not something Tor or any program can provide, anymore than antivirus programs provide “security”. Of course the exit node can inspect traffic which isn’t encrypted - this isn’t a Tor limitation, it’s a property of Internet routing. No VPN is going to help with the aforementioned problem - only end-to-end encryption with SSL, for example, will.
Going to add here that connecting to a VPN over Tor or vice-verssa doesn’t improve anonymity (it arguably harms it, especially in scenario one, scenario two is under debate) nor privacy. Just use the HTTPS version of the websites you connect to. The majority of websites support HTTPS so malicious Tor exits aren’t as big of an issue as they used to be.
