Using Tor with VPN - comprehension question


6 months ago
Hi all,

i refer to an explanation from the homepage of the Linux Distribution Tails:


Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).

Similarly, we don't want to support VPNs as a replacement for Tor since that provides terrible anonymity and hence isn't compatible with Tails' goal.


I'm not a security expert, but I can't unterstand the argumentation. Let's assume, I use a VPN to hide my IP. I trust these provider and he is doing no logging or something like that. So I connect to this VPN and use the Tor-Browserbundle in example. Why is this a security issue? Without an VPN my ISP sees that i connect to Tor. Now my ISP sees that i connect to a VPN and the VPN-Provider sees that i'm connecting to Tor. I don't get the problem. I can only see advantages in this (again assuming I tust this VPN). In Example i would be deanonymized (no matter if it's technicaly possible or not) the Attacker could only see the VPN before Tor and not my "real" ip.

Tails says somthing about a permanent Entry- or Exit node. But why? the VPN isn't part of Tor. So it's not an Entrynode or is it?

I don't know if i'm getting something wrong. I hope someone can clarify it.

Thanks!

Greeting...

6 months ago
If you trust your VPN provider you don't need Tor at all.

6 months ago


Tails says somthing about a permanent Entry- or Exit node. But why? the VPN isn't part of Tor. So it's not an Entrynode or is it?

"ManInTheMiddle"

This is very good question.

Some threats are described here: https://blog.torproject.org/blog/improv ... parameters

Permanent entry guard is a real problem, but I also don't understand how 'VPN before Tor' introduce it.

The only issue I can see is that your traffic comes unencrypted between Tor Exit Node and target website.


- VPN before Tor is used to hide Tor from your ISP.
- VPN after Tor is used to hide Tor from target webside, and also ensure Tor Exit Node doesn't modify or listen to your traffic.

2 months ago
Bingo on that - the use of a VPN should be just the same as using your own ISP. The only difference is an added encrypted hop, with TOR tunneling through is and out from there to the TOR network.

And Also bingo on the fact that the real security problem is the fact that TOR exits to the unencrypted Internet where it can be seen.

Reply

You are not logged in. Login or register to reply on this thread.