Yes, you should connect to Tor via a VPN
Summary
TLDREl video aborda la polémica sobre si utilizar un VPN antes de conectarse a Tor, argumentando a favor de esta práctica. Se desmiente la idea de que un VPN y Tor juntos son innecesarios o perjudiciales, y se explica que conectarse a un VPN antes de Tor puede proporcionar ventajas significativas en términos de privacidad y seguridad. El contenido destaca que, en la mayoría de los casos, la configuración VPN+Tor no hace que el usuario se destaque negativamente, y ofrece plausibles argumentos para aquellos que desean ocultar su uso de Tor a proveedores de servicios de internet o administradores de red. Además, se abordan errores comunes y se proporciona orientación sobre cómo utilizar un VPN con Tor de manera adecuada, subrayando la importancia de la confianza en el proveedor de VPN y la utilización de HTTPS para proteger la privacidad en línea.
Takeaways
- 🔒 Utilizar un VPN antes de conectarse a Tor puede ser una buena idea, especialmente si te preocupa la privacidad y la seguridad de tu conexión.
- 🌐 El proyecto Tor reconoce los beneficios de usar un VPN para no destacar tanto en la red, aunque no lo recomiende activamente.
- ❌ Una de las confusiones es que Tor nunca recomienda el uso de un VPN o puente de Tor, pero en la realidad, usar un VPN con Tor proporciona ventajas legítimas.
- 🚫 El uso de Tor es observable por tu red local, lo que puede representar un riesgo real para muchas personas.
- 🏛️ En el caso de Harvard, un administrador de red deanonimizó a un usuario de Tor basado en los metadatos del tráfico, demostrando que los administradores de red o el ISP pueden representar una amenaza.
- 🎭 Muchos escenarios en los que las personas podrían querer ocultar su uso de Tor no son relacionados con el gobierno, como el caso de un denunciante utilizando Tor en la red de su empleador.
- 📡 Al usar un VPN antes de Tor, tu tráfico se mezcla mejor con el tráfico de usuario de VPN común, proporcionándote un nivel de denegación plausible al ocultar el hecho de que estás conectando a Tor desde tu ISP.
- 🔍 Los puentes de Tor son efectivos para eludir la censura en el momento, pero no para ocultar el uso de Tor en el análisis de la red histórica.
- 🚨 No existe evidencia de que las agencias como Interpol puedan actuar como adversarios globales pasivos en el mundo real, lo que implica que la configuración VPN+Tor no los expone más que el uso de Tor solo.
- 🛡️ La conexión a Tor a través de un VPN ofrece una mejor denegación plausible, ya que tu ISP no captura todos los datos de paquetes y los almacena para siempre.
- ✅ Mi consejo es conectarte primero a tu VPN y luego a Tor a través de ese VPN, lo que te proporciona una capa adicional de privacidad frente a tu ISP.
Q & A
¿Por qué podría ser una buena idea usar un VPN antes de conectarse a Tor?
-Usar un VPN antes de Tor puede proporcionar ventajas legítimas, como hacer que el tráfico sea menos sospechoso y proporcionar una cierta plausibilidad de negación al ocultar el hecho de que se está conectando a Tor desde el ISP.
¿Por qué el proyecto Tor reconoce los beneficios de usar un VPN?
-El proyecto Tor reconoce que usar un VPN puede ayudar a que un usuario no se destaque en la red, simplificando el consejo y evitando que Tor sea visto como una red sospechosa.
¿Cuáles son las dos situaciones que Mental Outlaw menciona donde las personas podrían necesitar ocultar su uso de Tor a su ISP?
-Mental Outlaw menciona a personas que son criminales y a personas en países que bloquean Tor como las dos situaciones donde podrían necesitar ocultar su uso de Tor.
¿Por qué se podría considerar peligroso que un administrador de red o un ISP pueda observar el uso de Tor?
-Un administrador de red o un ISP que pueda observar el uso de Tor podría representar una amenaza similar a la de un ente global pasivo, pudiendo deanonymizar a un usuario basado en los metadatos del tráfico en la red.
¿Cómo es que el uso de Tor puede no proporcionar la anonimato completo que muchas personas creen?
-El uso de Tor es observable en una red local, lo que representa un riesgo real para muchas personas, y el hecho de que el tráfico de Tor sea modificado o monitoreado por nodos de salida maliciosos también puede llevar a la deanonimización.
¿Por qué se recomienda en algunos casos usar un puente obfuscado (bridge) de Tor junto con un VPN?
-Un puente obfuscado puede ayudar a ocultar la huella del tráfico y a proteger contra el análisis de tráfico, ofreciendo una capa adicional de privacidad incluso si un adversario obtiene visibilidad en el túnel VPN.
¿Cuál es la configuración recomendada para conectarse a un VPN y luego a Tor?
-La configuración recomendada es conectarse primero a su VPN y luego conectarse a Tor a través de ese VPN, lo que permite que el tráfico se mezcle con el tráfico de otros usuarios de VPN y brinde una mejor plausibilidad de negación.
¿Por qué no se recomienda conectarse a un VPN a través de la red de Tor?
-Conectar a un VPN a través de Tor elimina la ventaja de que Tor cambie frecuentemente la ruta del circuito a través de la red, lo que drásticamente perjudica la anonimato del usuario.
¿Cómo puede un usuario estar expuesto al riesgo de deanonimización si su tráfico Tor no está cifrado?
-Si el tráfico no está cifrado, como el tráfico HTTP plano, puede ser modificado por un nodo de salida malicioso de Tor y puede contener información personal que pueda llevar a la deanonimización del usuario.
¿Por qué es importante siempre usar HTTPS al navegar sobre Tor?
-Es importante usar HTTPS para proteger el tráfico de ser modificado o monitoreado por nodos de salida de Tor, lo que podría exponer información personal y llevar a la deanonimización del usuario.
¿Cómo puede un usuario estar más expuesto al análisis de tráfico si utiliza un VPN antes de Tor?
-El uso de un VPN antes de Tor no aumentará la huella del tráfico, pero si el ISP o el administrador de red puede detectar el tráfico de Tor a través del túnel VPN, podría requerir más recursos para intentar deanonimizar al usuario.
¿Qué son algunos de los mitos comunes que se desacreditan en el video sobre el uso de un VPN con Tor?
-Algunos mitos desacreditados incluyen la idea de que usar un VPN con Tor hace que el tráfico sea más fácil de detectar, que se pierde la ventaja de Tor al usar un VPN, y que desactivar el VPN antes de conectarse a Tor es necesario, lo cual no es cierto.
Outlines
🔒 VPN antes de Tor: ¿Por qué y cómo?
El video discute si se debe usar un VPN antes de conectarse a Tor, con la conclusión de que sí, probablemente debería hacerlo. Se aborda la crítica de Mental Outlaw sobre el uso de VPN con Tor, argumentando que existen escenarios donde ocultar el uso de Tor es crucial, y que un VPN puede proporcionar ventaja adicional. Además, se aclara que Privacy Guides no tiene afiliación con proveedores de VPN, y que su enfoque es basado en evidencia y transparencia.
🚧 VPN y Tor: Aclaraciones y Consideraciones
Se abordan malentendidos sobre el uso de un VPN con Tor, como la idea de que un VPN hace que el tráfico sea más sospechoso o que los criminales son los principales beneficiarios de la privacidad. Se argumenta que el uso de un VPN antes de Tor puede ser beneficioso para evitar la censura y para obtener una denegación plausible ante posibles análisis de tráfico por parte de ISP o administradores de red.
🌐 Adversarios Globales y el Uso de VPN con Tor
Se desmiente la afirmación de que usar un VPN para conectarse a Tor hará que un usuario sea más visible para entidades internacionales como Interpol. Se aclara que no hay evidencia de que tales entidades puedan actuar como Adversarios Globales Pasivos, y que en el peor de los casos, un usuario no estaría peor con un VPN+Tor que solo con Tor.
🛡️ Protegiendo tu Tráfico con VPN y Tor
Se discute la posibilidad de que un ISP o administrador de red detecte el uso de Tor a través de un VPN a través de técnicas de huella dactilarización de tráfico. Se sugiere el uso de un transporte plúggable (puente) para aumentar la protección contra la huella dactilarización. Además, se destaca que el uso de un VPN proporciona una mejor denegación plausible que el uso de Tor solo.
🏠 Uso de VPN con Tor: Consejos y Precauciones
Se proporciona consejo sobre el uso de un VPN con Tor, destacando que si bien en algunos países se puede conectar directamente a Tor sin preocupación, en otros casos, el uso de un VPN antes de Tor es altamente recomendado. Se aclaran algunos mitos comunes sobre la combinación de VPN y Tor, y se ofrecen recomendaciones para usarlos de manera segura y efectiva.
Mindmap
Keywords
💡VPN
💡Tor
💡Privacidad
💡Seguridad en línea
💡Denegación plausible
💡ISP
💡Análisis de tráfico
💡Tor Bridges
💡Censura en Internet
💡Privacidad Guides
💡Threat Model
Highlights
Probablemente sí, deberías usar un VPN antes de conectarte a Tor.
El proyecto Tor reconoce los beneficios de usar un VPN para ser menos显眼 (conspicuous) en tu red.
Usar un VPN con Tor ofrece ventajas legítimas que usar Tor solo no ofrece.
Usar una configuración VPN+Tor es, en el peor de los casos, solo regresar al "punto de partida" y aún se benefician de las otras protecciones que proporciona Tor.
Hay muchas situaciones en el mundo real donde ocultar tu uso de Tor de tu ISP o administrador de red es deseable, incluso sin una motivación gubernamental.
Los administradores de red o ISP pueden representar la misma amenaza que el uso de Tor, como demuestra el caso de un usuario de Tor anonimizado por Harvard.
El uso de Tor es observable en tu red local, lo que representa un riesgo real para muchas personas.
La mayoría de la literatura en línea sobre Tor sugiere que conectarse a Tor te hace completamente anónimo, pero eso no es el caso en la realidad.
Usar un VPN con Tor no es un consejo para eludir la censura en países que también bloquean VPNs.
Los puentes (bridges) de Tor son decentes para eludir la censura, pero no ofrecen protección contra el análisis de tráfico histórico.
Si bien los puentes de Tor pueden ser una buena opción en ciertos casos, es importante tener en cuenta sus limitaciones.
No hay evidencia de que las agencias como Interpol puedan actuar como adversarios globales pasivos (GPA) en el mundo real.
Tor y un VPN no protegen contra un adversario global pasivo, ya que la seguridad de Tor depende de la no existencia de tal adversario.
La conexión a Tor a través de un VPN no te hace destacar más en tu red, a menos que tu proveedor de VPN esté recopilando registros o la agencia de aplicación de la ley ya esté monitoreando ese tráfico.
El análisis del tráfico, como el dedo impresionado de tráfico (Traffic Fingerprinting), no es un riesgo realista en escenarios del mundo real según expertos reputados.
Si te preocupa el dedo impresionado de tráfico, siempre tienes la opción de usar un VPN con un puente obfuscador (pluggable transport) para proteger aún más tu tráfico.
Usar un VPN antes de Tor te proporciona una mejor denegación plausible y te ayuda a no destacar en tu red.
Si vives en un país libre y no te preocupa que tu ISP sepa que usas Tor, puedes conectarte directamente a Tor sin un VPN.
Si tu modelo de amenaza incluye a un adversario capaz de obtener información de tu ISP o si incluyes a tu ISP o administradores de red locales, deberías conectarte a Tor a través de un VPN.
Transcripts
Time for my hot take of the month: Should you use a VPN before connecting to Tor?
Probably yes, actually!
A Privacy Guides community member recently shared a video with me from Mental Outlaw
titled “Stop Using Tor With VPNs”, and serendipitously, I happened to be looking
into this exact topic at the time for a big rewrite of our Tor-related recommendations
at Privacy Guides.org.
Mental Outlaw is a pretty big name in the Privacy YouTubers space, and he makes some
decent points in his video, but I think he misses some important nuance when it comes
to who needs to be using Tor safely and where they’re doing so, and draws the wrong conclusion
about the topic as a whole.
So, I want to present my counter-argument to his claims, and then present more information
about why using a VPN before connecting to Tor is a better idea than many seem to believe.
This is not an attack on Mental Outlaw’s character or his other content, which I haven’t
watched, and I of course don’t believe his video was published with malicious intent,
I just don’t think he adequately addressed the topic here.
Before we get started, my channel’s still a bit new here so I’ll share a little about
myself.
I’m the founder and a team contributor to privacyguides.org, an open-source collaborative
resource on privacy and security, and an online community where people can share advice and
learn more about privacy-related concepts.
The content I’ll be presenting in this video today is mainly from my research into this
topic as part of a rewrite of a large section of our website about Tor, and I felt this
was important to note, because a common criticism you’ll hear when the idea of using a VPN
with Tor is being discussed is that many resources on the topic come from people or channels
who are closely affiliated with VPN providers themselves.
I think it’s a mistake to dismiss arguments you see online solely based on the affiliation
of the authors rather than the content of their argument, but regardless of that I want
to make it clear that I and Privacy Guides are not and have never been affiliated with
any VPN providers.
Or with any of the providers, tools, and services we recommend on our website for that matter.
Privacy Guides is a non-profit, volunteer-driven organization that operates on an evidence-based,
transparency-focused approach, and we’d never have a vested interest in recommending
one service over another outside of a genuine belief that such a service is better for your
privacy and security.
With that out of the way, it is still our shared opinion that using a VPN is an important
part of improving your privacy and security posture online, and that doesn’t change
when you use Tor.
I’ll get into more about all that later on.
The first misconception I see a lot, including in Mental Outlaw’s video, is that Tor never
recommends the use of a VPN or anything other than Tor and Tor bridges.
The reality is that Tor Project themselves do acknowledge the benefits of using a VPN
to stand out less on your network.
There are probably two reasons Tor doesn’t proactively recommend such a solution, it
makes their current advice much simpler, and in an ideal world there wouldn’t be an issue
with just using Tor, and Tor wouldn’t be seen as a suspicious network, so of course
Tor would like to advocate for such a solution.
These things don’t change the fact that today, right now in the real world, using
a VPN with Tor provides legitimate advantages that using Tor alone does not, and I think
those advantages are worth discussing.
The other factor here is that even if the benefits of using a VPN before Tor are negated,
you’ll virtually never be worse off with a VPN+Tor configuration like I’m suggesting
here.
At worst you’ll merely be “back to square 1” and still benefitting from the other
protections that Tor provides.
I’ll get into more about why this is the case later on.
The second misconception, or wrong assumption Mental Outlaw makes in his video, is that
there are very few scenarios in which people might need to hide their Tor usage from their
ISP, he calls out two such cases: people who are criminals, and people in countries which
block Tor.
Ignoring the fact that these two scenarios are very common among vulnerable populations
like political activists and journalists around the world, I believe that there are plenty
of other real world situations where you’d want to hide your Tor usage from your ISP
or network administrator, which are not government-related at all!
Consider the fact that Harvard network administrators were able to deanonymize a Tor user based
on his traffic metadata on the University’s network.
Yes, this was a criminal case, but the fact that this occurred in the first place should
demonstrate to you that a network administrator or your ISP can pose the same exact threat
in any scenario!
If Harvard can use this data to assist the FBI, you bet they (and anyone else with network
access) can also do it for whatever reason they’d like!
Imagine a whistleblower connecting to Tor on their employer’s network to post something
about the company they work for, for example.
A lot of online literature about Tor tends to suggest that merely connecting to Tor makes
you completely anonymous, but of course this isn’t the case in reality.
The fact that your Tor use is observable by your local network poses a real risk to many
people.
—
Let’s take an aside here and talk about criminals for a second.
When talking about privacy and security, we tend to reference a lot of criminal news stories
and court cases in our research.
I want to explain why this is the case and why you shouldn’t misconstrue this advice
and privacy advice in general as being geared towards defending criminals.
First off, it’s simply more newsworthy when criminals fail at privacy, and court cases
are well-documented, so there are simply more real-world examples to point to when explaining
privacy failures.
This does not mean that criminals are the only people who need stronger privacy protections,
it’s just that when the average person’s privacy protections are broken the impact
isn’t necessarily shared with the rest of the world.
It does not mean that the impact in non-criminal real-world situations doesn’t exist.
Secondly, what’s lawful in one country can be criminal in another, and there are a lot
of gray areas where it is almost certainly morally acceptable and even encouraged to
break some laws in especially repressive countries, so the knowledge on how to do so is still
fairly important on a societal level.
So basically despite all this theoretical talk about “evading law enforcement,”
this advice isn’t intended for actual criminals to evade law enforcement.
I want you to use these examples and think about ways in which they might apply to your
regular, every-day life, and I think you’ll find that it’s more common than you’d
think.
Back to the video!
—
I’ll cover the points he does make about those two scenarios first though.
When it comes to evading censorship we’re in agreement.
Using a VPN with Tor is not censorship circumvention advice for people in countries which block
VPNs as well.
The reason I do generally recommend using a VPN before Tor is to make your traffic blend
in better with commonplace VPN user traffic, and provide you with some level of plausible
deniability by obscuring the fact that you’re connecting to Tor from your ISP.
Connecting to a VPN is almost always less suspicious, because commercial VPN providers
are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions,
even in countries with heavy internet restrictions.
However, I do want to make an important distinction between blocking Tor bridges, and identifying
Tor bridges here, because Mental Outlaw at least implies that if you are able to find
a bridge which is not blocked, your connection will be safe.
In reality, there is a danger this could pose to you if the fact that you’re using Tor
is discovered in the future poses a risk within your threat model.
Let me explain:
Bridges are fairly decent at circumventing censorship, because they are unpublished and
make efforts to obfuscate the fact that they are indeed Tor bridges.
However, these are only transient protections because Tor bridges are virtually always eventually
identified and blocked.
This fact is very bad for people who want to hide past Tor usage from their ISP, which
is almost certainly logging basic metadata like IP addresses and connection times indefinitely.
Let me give you two examples:
Number 1: You connect to Tor via a bridge, and your ISP doesn’t detect it because they
are not doing sophisticated analysis of your traffic, so things are working as intended.
4 months go by, and the IP of your bridge has been made public (as they almost inevitably
are).
Your ISP wants to identify Tor users 4 months ago, and with their limited logging they can
see that you connected to an IP address which was later revealed to be a Tor bridge.
You have virtually no excuse to be making such a connection, so the ISP can say with
very high confidence that you were a Tor user at that time.
Number 2: You connect to Tor via a VPN, and this works fine.
4 months later your ISP again wants to identify Tor users 4 months ago.
Their logs almost certainly can identify your traffic 4 months ago, but all they would likely
be able to see is that you connected to a VPN’s IP address.
Because your ISP almost certainly is not capturing all packet-level data and storing it forever,
they have no way of performing advanced traffic analysis techniques after the fact to determine
what you connected to with that VPN, and you could have plausible deniability.
Therefore, bridges are only good at circumventing censorship in the moment, but not from hiding
Tor usage in historical network analysis.
Of course, this doesn’t protect you if they perform advanced traffic analysis in real
time and are able to determine what you are doing with your VPN through some fingerprinting
tactic, as Mental Outlaw does mention in his video as well.
And this is not advice against using Tor bridges, you should just be aware of this limitation.
In some cases bridges may be your only option (if all VPN providers are blocked, for instance),
so you can still use them in those circumstances with this limitation in mind.
The other thing you can do if very advanced traffic fingerprinting is a concern is use
a VPN in conjunction with an obfuscating Tor bridge, that way you are still protected by
the pluggable transport's obfuscation techniques even if an adversary gains some level of visibility
into your VPN tunnel.
I’ll talk more about this later in the video.
The last thing I’ll point out in regard to this scenario is that in the real world,
there actually are plenty of real-world network censors who do block Tor and don’t block
VPNs, so it’s not like a circumstance where a VPN is a valid censorship circumvention
technique is inconceivable.
I would still suggest that people try to use a reputable VPN to bypass censorship, and
explore other options if that isn’t feasible on your specific network.
—
Alright, now let’s respond to his arguments regarding criminals.
Of course we can both agree that opsec failures are much more likely to be the reason criminals
get caught rather than network analysis, I don’t have much to add there.
However, then he makes the argument that using a VPN to connect to Tor is going to make you
stand out more on your network, and this is where I disagree.
His first claim is that international entities like Interpol are Global Passive Adversaries.
He doesn’t use that term exactly, but he describes them as if they are.
For context, a “Global Passive Adversary” (GPA) is an entity which can monitor the network
traffic of every Tor node, every VPN, and every ISP.
There’s no evidence to suggest anybody, including law enforcement agencies like Interpol,
have the capability to actually act as global passive adversaries in the real world.
Merely having global jurisdiction doesn’t imply that your organization has on-demand
global access to every single ISP on Earth, which would be required to perform the analysis
he’s suggesting.
An investigative agency would have to coordinate with every single ISP on the chain separately,
and there are plenty of situations where that would be an impossible task.
However, let’s give the benefit of the doubt for a second and look at a scenario where
a global passive adversary does exist and you’re worried about defending against them.
In that scenario, the facts are very clear: Tor does not protect you, using Tor with a
VPN does not protect you, you are not protected against global passive adversaries in any
scenario using Tor.
This is very clearly defined in Tor’s threat model, and the security of Tor does hinge
on the idea that such an adversary does not exist.
So whether agencies like Interpol are able to act as global passive adversaries is actually
irrelevant to this discussion in the first place.
Let’s move on assuming that a global passive adversary doesn’t exist though, and think
about how this would work if an international agency like Interpol was conducting an investigation
after the fact: The ability for a law enforcement agent to determine that a VPN user connected
to Tor (and thus, appear more suspicious according to Mental Outlaw) hinges on either your VPN
collecting logs, or the law enforcement agency to already be monitoring traffic from that
VPN.
In the first case (best-case), this is avoided by virtue of the fact that your VPN provider
isn’t collecting logs.
Maybe a shady VPN provider will be collecting logs secretly, but I am reasonably confident
that the VPN providers we recommend at Privacy Guides are not, and the entire point of using
them in the first place is that you trust them to not log more than you trust your ISP
to not log.
However, for the sake of the argument let’s pretend your VPN provider is secretly logging.
Then it becomes the same situation as the second case:
In our second, worst-case scenario, the agency already has some sort of in with your VPN
provider and is logging all that traffic.
That means they can likely see you’re using a VPN to connect to Tor, oh no!
However, they could just as likely do this to your regular ISP too if you don’t use
a VPN!
In this scenario, all this means is that you’re back to square one, and they know you connected
to Tor but not what you connected to (because Tor obfuscates this information, of course).
So, worst-case scenario you’re in the same place as you were without using a VPN, you’re
not worse off than if you had just connected to Tor.
Then he claims that connecting to Tor via a VPN will make you stick out like a sore
thumb, and that most Tor users connect directly to Tor.
However, this hinges on either our worst-case scenario from earlier being true, or the—frankly
absurd—idea he poses that they can tell that you’re connecting to Tor via that VPN
because they’ve broken the encrypted tunnel and can read your traffic.
This scenario is unrealistic, but we can cover some possibilities here:
The first way your ISP or network admin may be able to determine you’re connecting to
Tor through your encrypted VPN tunnel is through analysis called Traffic Fingerprinting, perhaps
the most realistic way to detect Tor usage inside a VPN.
This isn’t to say that it’s realistic at all though!
Lots of research is done into traffic fingerprinting, and many reputable experts including Tor Project
themselves don’t believe that it is a realistic threat in real-world scenarios, because the
research on this subject is often conducted in highly controlled, perfect environments
that don’t correspond to actual traffic.
If you are still concerned about the possibility of traffic fingerprinting methods being used
to detect that you’re using Tor through your VPN provider however, you again always
have the option to use a VPN in addition to a pluggable transport (bridge) to obfuscate
your traffic’s fingerprint further.
That way you are still protected by the pluggable transport's obfuscation techniques even if
an adversary gains some level of visibility into your VPN tunnel.
And as an aside, if you do decide to go this route, I’d recommend connecting to an obfs4
bridge behind your VPN for optimal fingerprinting protection, rather than meek or Snowflake.
The second way they could determine you’re using Tor through a VPN is the scenario we
talked about earlier where your VPN provider is compromised or provides such logs to your
adversary.
As I explained earlier, this scenario is both unlikely and not going to provide much information
to law enforcement because they still need to take the additional step of determining
what your Tor traffic actually was.
That being said, it’s still a potentially valid argument that if all of this occurs,
it will make your traffic potentially more valuable to decrypt and therefore law enforcement
might spend additional resources on decrypting your Tor traffic after they determined that
you made the initial connection through a VPN.
I still don’t agree this is a realistic concern for two reasons:
First, Many people connect to Tor via a VPN already for various reasons, I don’t think
you will stand out significantly more from other Tor users even if you do use a VPN in
addition to Tor, as he posits, based on this factor alone.
Second, Even if they do put extra effort into decrypting your traffic, this is still a very
challenging task to complete.
There’s no evidence to suggest that determining what you connected to via Tor with traffic
analysis during investigations like this is even possible, so in our worst-case scenario,
investigators are still posed with a virtually impossible task anyways.
Let’s step back from all of these theories for a second anyways.
You know what else makes you stick out on your network?
Using Tor!
Tor is very easy to identify on your local network if you connect to it directly, and
using a bridge doesn’t change that by the way.
And unlike a commercial VPN provider, most network monitors unfortunately interpret Tor
connections as people who are likely trying to evade authorities, that is just the reality
of the situation.
In a perfect world, Tor would be seen by authorities as a tool with many uses, like how VPNs are
viewed, thanks to the incessant marketing of VPNs as a tool to do mundane things like
stream videos.
Using a real VPN provides you with better plausible deniability along the lines of “I
was just using it to watch Netflix” that Tor simply doesn’t at this time.
The ultimate point I’m trying to make with my VPN before Tor recommendation is that such
a configuration only provides you with additional privacy protections from your ISP, with the
understanding that you all should in theory trust your VPN provider over your ISP anyways.
Therefore, any of the potential risks of using a VPN before Tor are basically irrelevant
anyways, because we’ve already established that the risks of your ISP having that knowledge
are almost certainly higher.
If you want more information about that topic, I would suggest reading the VPN overview articles
on Privacy Guides.org.
—
Alright, we’re at the point where I want to share with you my actual advice on this
topic.
If you live in a free country, are accessing mundane content via Tor, and you aren't worried
about your ISP or local network administrators having the knowledge that you're using Tor,
you can likely connect to Tor directly via standard means like Tor Browser without worry
and without using a VPN.
This is helpful on a large scale, because it helps de-stigmatize Tor usage for other
users, and gets us closer to the perfect ideal world Tor envisions that we talked about earlier.
However, if you already use a trusted VPN provider, or if your threat model includes
an adversary which is capable of extracting information from your ISP, or your adversaries
include your local ISP itself, or any local network administrators before your ISP, then
I think you should almost certainly connect to Tor through a VPN.
—
Let’s quick run through a few common misconceptions:
#1: Using a VPN with Tor makes you stand out more because you’re sending your traffic
through “4 hops” - This doesn’t make sense because of how Tor is designed.
If you could stand out on the Tor network based on what your network configuration looks
like before the Tor connection, this would obviously defeat the purpose of Tor in the
first place, because you could be fingerprintable based on your ISP’s configuration.
Using a VPN before Tor should not increase your fingerprintability to either the destination
or to Tor relays.
#2: Similarly, another one is that using a VPN with Tor gives you a “permanent entry
mode” - This misunderstands the role that a VPN plays in this situation.
Your VPN is replacing your ISP, not any Tor nodes.
The reality is that things on your network before your Tor entry node can’t be detected
and fingerprinted by observers on the Tor network or at your destination.
This is basically the same thing as #1, but I just want to reiterate here that as long
as your last three connections are through the Tor network, you’re not losing any benefits
of the Tor network by using a VPN too.
#3: Is that need to disable the VPN you already use before connecting to Tor.
This is basically the crux of what we’ve been talking about throughout this video,
but I want it to be clear that if you use a VPN already, there is no reason to disable
it before connecting to Tor.
Many online resources take the guidance about using a VPN with Tor too far and claim that
it’s actively dangerous to do this, and there are no situations where a VPN and Tor
can be combined.
This isn’t true when you’re connecting to that VPN before Tor, and disconnecting
from your VPN just to connect to Tor will only serve to make your network traffic more
suspicious, and potentially cause other things on your system which were previously protected
by your VPN to leak information.
There is no added danger to keeping your VPN connection enabled at all times.
—
Alrighty!
Now that all of this is finally out of the way, let me talk to you about using a VPN
with Tor properly.
To be absolutely clear, the configuration I’m recommending is that you connect to
your VPN first, and then connect to Tor through that VPN.
Some VPN providers and other online resources occasionally recommend the other way around,
making a connection to your VPN through the Tor network.
This is commonly recommended to circumvent things like websites blocking Tor exit node
IP addresses, however, this is extremely ill advised.
Normally, Tor frequently changes your circuit path through the network.
When you choose a permanent destination VPN (connecting to a VPN server after Tor), you're
eliminating this advantage and drastically harming your anonymity.
It’s difficult to set up a bad configuration like this accidentally, because it usually
involves you making deliberate changes to your proxy settings in Tor Browser, or or
setting up custom proxy settings inside your VPN client which routes your VPN traffic through
the Tor Browser.
As long as you avoid these non-default configurations, you're probably fine, but you can always double-check
by visiting Tor’s IP check website in Tor Browser.
—
I hope we’ve established the reasons why I think it makes sense for most people to
use a VPN alongside Tor.
I just want to leave you with a few final notes:
- Tor never protects you from exposing yourself by mistake, such as if you share too much
information about your real identity.
- Tor exit nodes can modify unencrypted traffic which passes through them.
This means traffic which is not encrypted, such as plain HTTP traffic, can be changed
by a malicious exit node.
Never download files from an unencrypted http:// website over Tor, and ensure your browser
is set to always upgrade HTTP traffic to HTTPS.
- Tor exit nodes can also monitor traffic that passes through them.
Unencrypted traffic which contains personally identifiable information can deanonymize you
to that exit node.
Again, we recommend only using HTTPS over Tor.
If you want to learn more about improving your privacy and security habits overall,
again I suggest reading through the knowledge base at privacyguides.org.
Finally, thank you for being interested enough in your personal privacy to watch through
this video, I hope to post more content on this topic in the future, so get subscribed
so you don’t miss out.
And please share this video with others who don’t understand the implications of using
a VPN before Tor, I hope that this content is able to spur further discussion about this
topic.
Be sure to leave a comment if you have anything to add or ask, or consider joining the Privacy
Guides forum, a great place to get perspectives from many different sources.
I’ll see you all in my next video!
関連動画をさらに表示
Como CONFIGURAR IPSEC VPN Server y Cliente | Tutorial paso a paso
What to Look for in a Secure Privacy Focused Messaging App
Tutorial - Como configurar una red VPN en Windows 10
Privacidad en Internet: 5 trucos para que no te espíen
Nvidia goes Open Source, Cosmic update, attack bypasses VPN: Linux & Open Source News
Cómo proteger tu privacidad en internet: consejos básicos | Kaspersky
5.0 / 5 (0 votes)