[deleted]
- Edited
r/TorwithVPN • u/carrotcypher • Nov 03 '21
You're here because you wanted to use Tor with VPN. Read here.
Which VPNs would you recommend?
[deleted] So what is it exactly that makes things worse in the scenario I described above?
[deleted]
DeletedUser115
TorPlusVPN TorProject
You -> VPN/SSH -> Tor
You can route Tor through VPN/SSH services. That might prevent your ISP etc from seeing that you're using Tor (VPN/SSH Fingerprinting below. On one hand, VPNs are more popular than Tor, so you won't stand out as much, on the other hand, in some countries replacing an encrypted Tor connection with an encrypted VPN or SSH connection, will be suspicious as well. SSH tunnels are not so popular.
Once the VPN client has connected, the VPN tunnel will be the machine's default Internet connection, and TBB (Tor Browser Bundle) (or Tor client) will route through it.
This can be a fine idea, assuming your VPN/SSH provider's network is in fact sufficiently safer than your own network.
Another advantage here is that it prevents Tor from seeing who you are behind the VPN/SSH. So if somebody does manage to break Tor and learn the IP address your traffic is coming from, but your VPN/SSH was actually following through on their promises (they won't watch, they won't remember, and they will somehow magically make it so nobody else is watching either), then you'll be better off.
You -> Tor -> VPN/SSH
You can also route VPN/SSH services through Tor. That hides and secures your Internet activity from Tor exit nodes. Although you are exposed to VPN/SSH exit nodes, you at least get to choose them. If you're using VPN/SSHs in this way, you'll want to pay for them anonymously (cash in the mail [beware of your fingerprint and printer fingerprint], Liberty Reserve, well-laundered Bitcoin, etc).
However, you can't readily do this without using virtual machines. And you'll need to use TCP mode for the VPNs (to route through Tor). In our experience, establishing VPN connections through Tor is chancy, and requires much tweaking.
Even if you pay for them anonymously, you're making a bottleneck where all your traffic goes -- the VPN/SSH can build a profile of everything you do, and over time that will probably be really dangerous.
You -> your own (local) VPN server -> Tor
This is different from above. You do not have to pay a VPN provider here as you host your own local VPN server. This won't protect you from your ISP of seeing you connect to Tor and this also won't protect you from spying Tor exit servers.
This is done to enforce, that all your traffic routes through Tor without any leaks. Further read: TorVPN. If you want this, it may unnecessary to use VPN, a simple Tor-Gateway may be easier, for example Whonix.
[deleted] Thanks for taking the time to repost. There is no compelling argument on how adding a VPN (paid anonymously) after Tor makes things worse.
[deleted]
- Edited
DeletedUser115 Indeed it is, but in there and my own experience, establishing a VPN connections through Tor is chancy, and requires much tweaking. But if you pay for them anonymously, you're making a bottleneck where all your traffic goes -- so the VPN can technically build a profile of everything you do, and over time that will probably be really dangerous IMO.
- Edited
[deleted] I see, this makes some sense. Of cause you won't want to use the same VPN server/account for everything you do. I still don't see a reason not to use VPN after Tor in certain cases like accessing a website that blocks Tor. You certainly don't want to mix different activities on the same VPN (with Tor or not).
I would recommend being cautious and skeptical of anyone who pushes those commercial VPNs so hard. In privacy terms VPNs are privacy by promise and not really by design. They are a pretty dangerous thing to normalise.
- Edited
On topic, paid Proton plan with a lot of privacy & security features. The app has no trackers indeed some permissions what can be changed in the menu.
Off topic
Tor is nice, but need to keep focused what you do and where you go there with the right settings.
Faster, more private and secure is Lokinet the way to go!
- Edited
csis01
Yeah that was not the best example. But generally I use VPN not to hide my traffic from ISP, rather to hide my IP from all websites and companies. There is no reason for them to know my IP. the IP gives away your home address essentially and is a significant part of your identity. Yeah the bank has that, but if I can keep my IP from them too, all the better. So, using the VPN is not always about being fully anonymous. Having your IP logged by every website you go to (most of which run google analytics) is... well, you know.
I need the VPN for a few tasks that I really need to hide my IP for (can't be done through TOR). And since I already have the VPN, why not just hide your IP everywhere you can. Its a good practice.
A good example is simply watching youtube political videos wiithout them knowing your IP address. (assuming you already eliminated the fingerprint)
12 days later
- Edited
I just found out: on linux you can't use Portmaster Safing AND Mullvad VPN apps at the same time. They conflict. On windows its fine.
Proton vpn app works.
7 months later
Mullvad, IVPN and ProtonVPN have been mentioned.
Does anyone know if Windscribe and OVPN are trustworthy?
[deleted]
DeletedUser28 have you checked out Tom Spark's VPNtierList? He will cater more than sufficiently for your VPN needs and the services you mentioned he reviews several times. That being said, I have gone with Proton.
16 days later
I find that Windscribe is the nicest to use on Linux, and it's browser add-ons seem to do a lot for fingerprinting if you go into the settings.
Something important is they do TCP which means you can run it on top of tor protecting you from compromised exit nodes.
They also accept BTC so you can make it so they don't know who you are.
Finally they don't monitor log ins so you can give away the log in details so you can give that extra privacy to friends and family.
Olive They also accept BTC so you can make it so they don't know who you are.
XMR even
[deleted]
i use Proton VPN. it's good and perfect
DeletedUser28 Does anyone know if Windscribe and OVPN are trustworthy?
My only problem with OVPN is that it doesn't come with an open source client, so I'd take one of the others at any time. Mullvad and IVPN are my favorites because they adapt new things quite early, are focused on VPN only (and recently Mullvad Browser but that's fantastic), have easy XMR payment and don't require a mail address for registration.
[deleted] have you checked out Tom Spark's VPNtierList
I don't consider him credible as he's always been very biased towards TorGuard and uses lots of affiliate links which coincidentally are also his best rated VPNs. Recommending NordVPN, Surfshark and ExpressVPN are big red flags in my book and I saw him once making false claims against Mullvad (pretending they don't support Split tunneling when they clearly did on all clients). He also hates IVPN because he gets called out on his bias by them.
I think all we need to do is pick one of the top 4 privacy VPNs (Mullvad, IVPN, ProtonVPN and Windscribe) depending on our threat model, local speed and stability (or just test them all for a month and take the one that works best).
5 months later
I've been using Windscribe for a while and found it to be quite reliable. They offer a good mix of features and have a decent free tier.
- Edited
Older thread but info still applies. Mullvad. It's not free but only 5-6 bucks a month for 5* devices. They do not have any of my info as I pay with Bitcoin and they do not ask for, nor want your private info. I use it directly on my router which covers every internet connected device on my network while only counting as 1 device, the other 4 devices are mobile phones and laptop when off my network.