Why you should NOT use a VPN with Tor

Isn’t there some benefit in using a VPN to connect to your initial Tor node?

It could for example allow you to essentially jurisdiction shop, and choose an initial location that may have favourable privacy laws?

Its is very uncommon to not have any functional bridges, especially with the meek azure bridges, which make it look like your connecting to microsoft from the outside.

Why you should NOT use a VPN with Tor see this shilu

1 Like

As an example, in some jobs, you can only connect with a bridge to 443 port, and even those bridges don´t work well always. But using the VPN you can connect directly to Tor.

There are secret bridges that can use different ports.

I mean that some restrictive proxy/firewalls in schools and other public “jobs” they only let you to connect to port 443.

then meek bridges should work, they use normal https

thanks, that’s an interesting article that I read yesterday, when you shared it.

The Amazon and Microsoft bridges are an amazing idea.

However, I still like the idea of using the VPN as a second layer of protection by only allowing the correlation of the Tor usage to the VPN IP.

I understand that the rebuttal in the article is a good one, in that most popular VPNs are probably already compromised, or able to be watched, but I don’t see why I shouldn’t at least try and make it harder on the bastards :stuck_out_tongue:

What do you think?

Seriously, I even tried everything and nothing… only sometimes it worked.

Have you tried the non standard bridges which tor browser doesnt ship?

I tried sending an email to Tor and using those who sent me, and sometimes they worked (port 443 only). Now I use the VPN or VPN+Tor

You could try some more, bridges are always an arms race, but in general, users should not use a vpn unless there is really no single other option

I don´t think so. I think VPN,s are also a good tool in many ways. But the problem is to choose the right VPN company and take some precautions. But for privacy reasons Tor is the first choice.

5 Likes

It is definitely nice that the configs are taken care of for you in the Tor browser. The only thing I would say is that it might be worth making the configs yourself in Firefox so one can learn about privacy and security first-hand. Spending the time configuring your browser (even it its just using the same configurations that Tor uses in Firefox) teaches you quite a bit, especially is you look up what each one of those about:config tweaks do as you set them (using Tor, of course). I’m a big fan of learning about what goes on behind the scenes… With that said, I agree that using Tor is by far the best move in almost every use-case.

1 Like

In doing that, you are committing to maintaining it too, where tor browser will update everything for you. Great if you have the time to commit, but less safe long term for most people.

1 Like

Yep, also don’t forget that there is a major fuck up potentional.

3 Likes

That’s true. The hands-on approach might not work in particular use-cases. And it’s also true that it does require a time commitment. But if possible, one should try to understand what’s going on behind the simple buttons we press for two reasons that I can think of, at least:

  1. We have to ask ourselves: Are we sure that the tech is doing what they say it’s supposed to be doing? I think it would be foolish to assume that a piece of software is doing what you want it to do without testing it. If one spends the time getting to know the tool and how it works, there’s greater peace of mind when you absolutely need to know that it is working.

  2. Everyone’s situation is different. There’s always the tension between anonymity/security and convenience. The more anonymity/security, the less convenient or easy to use a tool becomes and vice versa. Understanding what’s going on behind the scenes and being able to maintain your own anon/sec tools is a huge benefit if you want to pivot on that scale depending on the use case.

The “fuck up potential” is definitely there. No doubt. So, testing and learning should take place in a sandboxed environment. But when out in the wild wild web, use what has been known to work, which leaves us with Tor and/or a reputable VPN.

2 Likes

But never both together.

1 Like

Yay my first post. Nothing wrong with connecting to Tor through a VPN connection if it fits your situation. The privacy use case being - you want to prevent your ISP from easily knowing you’re connecting to Tor. If your situation is different, adjust accordingly.

3 Likes