Yes, you should connect to Tor via a VPN

00:01

Time for my hot take of the month: Should you use a VPN before connecting to Tor?

00:06

Probably yes, actually!

00:07

A Privacy Guides community member recently shared a video with me from Mental Outlaw

00:11

titled “Stop Using Tor With VPNs”, and serendipitously, I happened to be looking

00:16

into this exact topic at the time for a big rewrite of our Tor-related recommendations

00:21

at Privacy Guides.org.

00:22

Mental Outlaw is a pretty big name in the Privacy YouTubers space, and he makes some

00:26

decent points in his video, but I think he misses some important nuance when it comes

00:31

to who needs to be using Tor safely and where they’re doing so, and draws the wrong conclusion

00:35

about the topic as a whole.

00:37

So, I want to present my counter-argument to his claims, and then present more information

00:42

about why using a VPN before connecting to Tor is a better idea than many seem to believe.

00:47

This is not an attack on Mental Outlaw’s character or his other content, which I haven’t

00:48

watched, and I of course don’t believe his video was published with malicious intent,

00:49

I just don’t think he adequately addressed the topic here.

00:50

Before we get started, my channel’s still a bit new here so I’ll share a little about

00:51

myself.

00:52

I’m the founder and a team contributor to privacyguides.org, an open-source collaborative

00:57

resource on privacy and security, and an online community where people can share advice and

01:02

learn more about privacy-related concepts.

01:04

The content I’ll be presenting in this video today is mainly from my research into this

01:08

topic as part of a rewrite of a large section of our website about Tor, and I felt this

01:13

was important to note, because a common criticism you’ll hear when the idea of using a VPN

01:18

with Tor is being discussed is that many resources on the topic come from people or channels

01:23

who are closely affiliated with VPN providers themselves.

01:26

I think it’s a mistake to dismiss arguments you see online solely based on the affiliation

01:30

of the authors rather than the content of their argument, but regardless of that I want

01:34

to make it clear that I and Privacy Guides are not and have never been affiliated with

01:40

any VPN providers.

01:41

Or with any of the providers, tools, and services we recommend on our website for that matter.

01:46

Privacy Guides is a non-profit, volunteer-driven organization that operates on an evidence-based,

01:51

transparency-focused approach, and we’d never have a vested interest in recommending

01:55

one service over another outside of a genuine belief that such a service is better for your

01:59

privacy and security.

02:01

With that out of the way, it is still our shared opinion that using a VPN is an important

02:06

part of improving your privacy and security posture online, and that doesn’t change

02:11

when you use Tor.

02:12

I’ll get into more about all that later on.

02:14

The first misconception I see a lot, including in Mental Outlaw’s video, is that Tor never

02:20

recommends the use of a VPN or anything other than Tor and Tor bridges.

02:24

The reality is that Tor Project themselves do acknowledge the benefits of using a VPN

02:29

to stand out less on your network.

02:30

There are probably two reasons Tor doesn’t proactively recommend such a solution, it

02:35

makes their current advice much simpler, and in an ideal world there wouldn’t be an issue

02:41

with just using Tor, and Tor wouldn’t be seen as a suspicious network, so of course

02:46

Tor would like to advocate for such a solution.

02:49

These things don’t change the fact that today, right now in the real world, using

02:52

a VPN with Tor provides legitimate advantages that using Tor alone does not, and I think

02:58

those advantages are worth discussing.

03:00

The other factor here is that even if the benefits of using a VPN before Tor are negated,

03:06

you’ll virtually never be worse off with a VPN+Tor configuration like I’m suggesting

03:12

here.

03:13

At worst you’ll merely be “back to square 1” and still benefitting from the other

03:17

protections that Tor provides.

03:18

I’ll get into more about why this is the case later on.

03:21

The second misconception, or wrong assumption Mental Outlaw makes in his video, is that

03:27

there are very few scenarios in which people might need to hide their Tor usage from their

03:31

ISP, he calls out two such cases: people who are criminals, and people in countries which

03:37

block Tor.

03:39

Ignoring the fact that these two scenarios are very common among vulnerable populations

03:44

like political activists and journalists around the world, I believe that there are plenty

03:49

of other real world situations where you’d want to hide your Tor usage from your ISP

03:53

or network administrator, which are not government-related at all!

03:57

Consider the fact that Harvard network administrators were able to deanonymize a Tor user based

04:02

on his traffic metadata on the University’s network.

04:05

Yes, this was a criminal case, but the fact that this occurred in the first place should

04:10

demonstrate to you that a network administrator or your ISP can pose the same exact threat

04:15

in any scenario!

04:17

If Harvard can use this data to assist the FBI, you bet they (and anyone else with network

04:22

access) can also do it for whatever reason they’d like!

04:25

Imagine a whistleblower connecting to Tor on their employer’s network to post something

04:26

about the company they work for, for example.

04:27

A lot of online literature about Tor tends to suggest that merely connecting to Tor makes

04:30

you completely anonymous, but of course this isn’t the case in reality.

04:35

The fact that your Tor use is observable by your local network poses a real risk to many

04:40

people.

04:41

—

04:42

Let’s take an aside here and talk about criminals for a second.

04:44

When talking about privacy and security, we tend to reference a lot of criminal news stories

04:48

and court cases in our research.

04:50

I want to explain why this is the case and why you shouldn’t misconstrue this advice

04:55

and privacy advice in general as being geared towards defending criminals.

04:59

First off, it’s simply more newsworthy when criminals fail at privacy, and court cases

05:03

are well-documented, so there are simply more real-world examples to point to when explaining

05:10

privacy failures.

05:12

This does not mean that criminals are the only people who need stronger privacy protections,

05:16

it’s just that when the average person’s privacy protections are broken the impact

05:21

isn’t necessarily shared with the rest of the world.

05:24

It does not mean that the impact in non-criminal real-world situations doesn’t exist.

05:30

Secondly, what’s lawful in one country can be criminal in another, and there are a lot

05:34

of gray areas where it is almost certainly morally acceptable and even encouraged to

05:39

break some laws in especially repressive countries, so the knowledge on how to do so is still

05:44

fairly important on a societal level.

05:46

So basically despite all this theoretical talk about “evading law enforcement,”

05:51

this advice isn’t intended for actual criminals to evade law enforcement.

05:55

I want you to use these examples and think about ways in which they might apply to your

05:59

regular, every-day life, and I think you’ll find that it’s more common than you’d

06:06

think.

06:07

Back to the video!

06:08

—

06:09

I’ll cover the points he does make about those two scenarios first though.

06:12

When it comes to evading censorship we’re in agreement.

06:15

Using a VPN with Tor is not censorship circumvention advice for people in countries which block

06:21

VPNs as well.

06:22

The reason I do generally recommend using a VPN before Tor is to make your traffic blend

06:27

in better with commonplace VPN user traffic, and provide you with some level of plausible

06:32

deniability by obscuring the fact that you’re connecting to Tor from your ISP.

06:37

Connecting to a VPN is almost always less suspicious, because commercial VPN providers

06:42

are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions,

06:49

even in countries with heavy internet restrictions.

06:51

However, I do want to make an important distinction between blocking Tor bridges, and identifying

06:58

Tor bridges here, because Mental Outlaw at least implies that if you are able to find

07:02

a bridge which is not blocked, your connection will be safe.

07:06

In reality, there is a danger this could pose to you if the fact that you’re using Tor

07:10

is discovered in the future poses a risk within your threat model.

07:13

Let me explain:

07:15

Bridges are fairly decent at circumventing censorship, because they are unpublished and

07:22

make efforts to obfuscate the fact that they are indeed Tor bridges.

07:27

However, these are only transient protections because Tor bridges are virtually always eventually

07:32

identified and blocked.

07:34

This fact is very bad for people who want to hide past Tor usage from their ISP, which

07:39

is almost certainly logging basic metadata like IP addresses and connection times indefinitely.

07:46

Let me give you two examples:

07:50

Number 1: You connect to Tor via a bridge, and your ISP doesn’t detect it because they

07:56

are not doing sophisticated analysis of your traffic, so things are working as intended.

08:03

4 months go by, and the IP of your bridge has been made public (as they almost inevitably

08:11

are).

08:12

Your ISP wants to identify Tor users 4 months ago, and with their limited logging they can

08:21

see that you connected to an IP address which was later revealed to be a Tor bridge.

08:27

You have virtually no excuse to be making such a connection, so the ISP can say with

08:34

very high confidence that you were a Tor user at that time.

08:38

Number 2: You connect to Tor via a VPN, and this works fine.

08:43

4 months later your ISP again wants to identify Tor users 4 months ago.

08:49

Their logs almost certainly can identify your traffic 4 months ago, but all they would likely

08:54

be able to see is that you connected to a VPN’s IP address.

08:58

Because your ISP almost certainly is not capturing all packet-level data and storing it forever,

09:03

they have no way of performing advanced traffic analysis techniques after the fact to determine

09:08

what you connected to with that VPN, and you could have plausible deniability.

09:13

Therefore, bridges are only good at circumventing censorship in the moment, but not from hiding

09:20

Tor usage in historical network analysis.

09:23

Of course, this doesn’t protect you if they perform advanced traffic analysis in real

09:27

time and are able to determine what you are doing with your VPN through some fingerprinting

09:33

tactic, as Mental Outlaw does mention in his video as well.

09:38

And this is not advice against using Tor bridges, you should just be aware of this limitation.

09:44

In some cases bridges may be your only option (if all VPN providers are blocked, for instance),

09:49

so you can still use them in those circumstances with this limitation in mind.

09:57

The other thing you can do if very advanced traffic fingerprinting is a concern is use

10:02

a VPN in conjunction with an obfuscating Tor bridge, that way you are still protected by

10:07

the pluggable transport's obfuscation techniques even if an adversary gains some level of visibility

10:13

into your VPN tunnel.

10:14

I’ll talk more about this later in the video.

10:17

The last thing I’ll point out in regard to this scenario is that in the real world,

10:21

there actually are plenty of real-world network censors who do block Tor and don’t block

10:26

VPNs, so it’s not like a circumstance where a VPN is a valid censorship circumvention

10:30

technique is inconceivable.

10:33

I would still suggest that people try to use a reputable VPN to bypass censorship, and

10:38

explore other options if that isn’t feasible on your specific network.

10:42

—

10:43

Alright, now let’s respond to his arguments regarding criminals.

10:46

Of course we can both agree that opsec failures are much more likely to be the reason criminals

10:50

get caught rather than network analysis, I don’t have much to add there.

10:54

However, then he makes the argument that using a VPN to connect to Tor is going to make you

11:01

stand out more on your network, and this is where I disagree.

11:06

His first claim is that international entities like Interpol are Global Passive Adversaries.

11:11

He doesn’t use that term exactly, but he describes them as if they are.

11:16

For context, a “Global Passive Adversary” (GPA) is an entity which can monitor the network

11:21

traffic of every Tor node, every VPN, and every ISP.

11:25

There’s no evidence to suggest anybody, including law enforcement agencies like Interpol,

11:31

have the capability to actually act as global passive adversaries in the real world.

11:36

Merely having global jurisdiction doesn’t imply that your organization has on-demand

11:41

global access to every single ISP on Earth, which would be required to perform the analysis

11:47

he’s suggesting.

11:48

An investigative agency would have to coordinate with every single ISP on the chain separately,

11:53

and there are plenty of situations where that would be an impossible task.

11:57

However, let’s give the benefit of the doubt for a second and look at a scenario where

12:01

a global passive adversary does exist and you’re worried about defending against them.

12:05

In that scenario, the facts are very clear: Tor does not protect you, using Tor with a

12:11

VPN does not protect you, you are not protected against global passive adversaries in any

12:16

scenario using Tor.

12:18

This is very clearly defined in Tor’s threat model, and the security of Tor does hinge

12:24

on the idea that such an adversary does not exist.

12:28

So whether agencies like Interpol are able to act as global passive adversaries is actually

12:33

irrelevant to this discussion in the first place.

12:38

Let’s move on assuming that a global passive adversary doesn’t exist though, and think

12:42

about how this would work if an international agency like Interpol was conducting an investigation

12:48

after the fact: The ability for a law enforcement agent to determine that a VPN user connected

12:53

to Tor (and thus, appear more suspicious according to Mental Outlaw) hinges on either your VPN

13:00

collecting logs, or the law enforcement agency to already be monitoring traffic from that

13:04

VPN.

13:05

In the first case (best-case), this is avoided by virtue of the fact that your VPN provider

13:11

isn’t collecting logs.

13:14

Maybe a shady VPN provider will be collecting logs secretly, but I am reasonably confident

13:19

that the VPN providers we recommend at Privacy Guides are not, and the entire point of using

13:25

them in the first place is that you trust them to not log more than you trust your ISP

13:30

to not log.

13:31

However, for the sake of the argument let’s pretend your VPN provider is secretly logging.

13:37

Then it becomes the same situation as the second case:

13:41

In our second, worst-case scenario, the agency already has some sort of in with your VPN

13:47

provider and is logging all that traffic.

13:51

That means they can likely see you’re using a VPN to connect to Tor, oh no!

13:55

However, they could just as likely do this to your regular ISP too if you don’t use

13:59

a VPN!

14:00

In this scenario, all this means is that you’re back to square one, and they know you connected

14:05

to Tor but not what you connected to (because Tor obfuscates this information, of course).

14:11

So, worst-case scenario you’re in the same place as you were without using a VPN, you’re

14:16

not worse off than if you had just connected to Tor.

14:19

Then he claims that connecting to Tor via a VPN will make you stick out like a sore

14:23

thumb, and that most Tor users connect directly to Tor.

14:27

However, this hinges on either our worst-case scenario from earlier being true, or the—frankly

14:33

absurd—idea he poses that they can tell that you’re connecting to Tor via that VPN

14:39

because they’ve broken the encrypted tunnel and can read your traffic.

14:42

This scenario is unrealistic, but we can cover some possibilities here:

14:49

The first way your ISP or network admin may be able to determine you’re connecting to

14:53

Tor through your encrypted VPN tunnel is through analysis called Traffic Fingerprinting, perhaps

14:59

the most realistic way to detect Tor usage inside a VPN.

15:03

This isn’t to say that it’s realistic at all though!

15:05

Lots of research is done into traffic fingerprinting, and many reputable experts including Tor Project

15:10

themselves don’t believe that it is a realistic threat in real-world scenarios, because the

15:15

research on this subject is often conducted in highly controlled, perfect environments

15:20

that don’t correspond to actual traffic.

15:25

If you are still concerned about the possibility of traffic fingerprinting methods being used

15:29

to detect that you’re using Tor through your VPN provider however, you again always

15:32

have the option to use a VPN in addition to a pluggable transport (bridge) to obfuscate

15:39

your traffic’s fingerprint further.

15:41

That way you are still protected by the pluggable transport's obfuscation techniques even if

15:46

an adversary gains some level of visibility into your VPN tunnel.

15:50

And as an aside, if you do decide to go this route, I’d recommend connecting to an obfs4

15:55

bridge behind your VPN for optimal fingerprinting protection, rather than meek or Snowflake.

16:01

The second way they could determine you’re using Tor through a VPN is the scenario we

16:05

talked about earlier where your VPN provider is compromised or provides such logs to your

16:09

adversary.

16:10

As I explained earlier, this scenario is both unlikely and not going to provide much information

16:14

to law enforcement because they still need to take the additional step of determining

16:18

what your Tor traffic actually was.

16:21

That being said, it’s still a potentially valid argument that if all of this occurs,

16:25

it will make your traffic potentially more valuable to decrypt and therefore law enforcement

16:30

might spend additional resources on decrypting your Tor traffic after they determined that

16:35

you made the initial connection through a VPN.

16:37

I still don’t agree this is a realistic concern for two reasons:

16:40

First, Many people connect to Tor via a VPN already for various reasons, I don’t think

16:46

you will stand out significantly more from other Tor users even if you do use a VPN in

16:51

addition to Tor, as he posits, based on this factor alone.

16:55

Second, Even if they do put extra effort into decrypting your traffic, this is still a very

16:59

challenging task to complete.

17:01

There’s no evidence to suggest that determining what you connected to via Tor with traffic

17:05

analysis during investigations like this is even possible, so in our worst-case scenario,

17:12

investigators are still posed with a virtually impossible task anyways.

17:16

Let’s step back from all of these theories for a second anyways.

17:20

You know what else makes you stick out on your network?

17:24

Using Tor!

17:25

Tor is very easy to identify on your local network if you connect to it directly, and

17:30

using a bridge doesn’t change that by the way.

17:32

And unlike a commercial VPN provider, most network monitors unfortunately interpret Tor

17:37

connections as people who are likely trying to evade authorities, that is just the reality

17:42

of the situation.

17:43

In a perfect world, Tor would be seen by authorities as a tool with many uses, like how VPNs are

17:49

viewed, thanks to the incessant marketing of VPNs as a tool to do mundane things like

17:53

stream videos.

17:56

Using a real VPN provides you with better plausible deniability along the lines of “I

18:00

was just using it to watch Netflix” that Tor simply doesn’t at this time.

18:06

The ultimate point I’m trying to make with my VPN before Tor recommendation is that such

18:10

a configuration only provides you with additional privacy protections from your ISP, with the

18:15

understanding that you all should in theory trust your VPN provider over your ISP anyways.

18:21

Therefore, any of the potential risks of using a VPN before Tor are basically irrelevant

18:26

anyways, because we’ve already established that the risks of your ISP having that knowledge

18:30

are almost certainly higher.

18:32

If you want more information about that topic, I would suggest reading the VPN overview articles

18:39

on Privacy Guides.org.

18:41

—

18:42

Alright, we’re at the point where I want to share with you my actual advice on this

18:45

topic.

18:48

If you live in a free country, are accessing mundane content via Tor, and you aren't worried

18:54

about your ISP or local network administrators having the knowledge that you're using Tor,

18:58

you can likely connect to Tor directly via standard means like Tor Browser without worry

19:03

and without using a VPN.

19:06

This is helpful on a large scale, because it helps de-stigmatize Tor usage for other

19:10

users, and gets us closer to the perfect ideal world Tor envisions that we talked about earlier.

19:17

However, if you already use a trusted VPN provider, or if your threat model includes

19:22

an adversary which is capable of extracting information from your ISP, or your adversaries

19:27

include your local ISP itself, or any local network administrators before your ISP, then

19:33

I think you should almost certainly connect to Tor through a VPN.

19:35

—

19:36

Let’s quick run through a few common misconceptions:

19:39

#1: Using a VPN with Tor makes you stand out more because you’re sending your traffic

19:43

through “4 hops” - This doesn’t make sense because of how Tor is designed.

19:51

If you could stand out on the Tor network based on what your network configuration looks

19:54

like before the Tor connection, this would obviously defeat the purpose of Tor in the

19:59

first place, because you could be fingerprintable based on your ISP’s configuration.

20:04

Using a VPN before Tor should not increase your fingerprintability to either the destination

20:10

or to Tor relays.

20:12

#2: Similarly, another one is that using a VPN with Tor gives you a “permanent entry

20:18

mode” - This misunderstands the role that a VPN plays in this situation.

20:23

Your VPN is replacing your ISP, not any Tor nodes.

20:28

The reality is that things on your network before your Tor entry node can’t be detected

20:33

and fingerprinted by observers on the Tor network or at your destination.

20:37

This is basically the same thing as #1, but I just want to reiterate here that as long

20:41

as your last three connections are through the Tor network, you’re not losing any benefits

20:46

of the Tor network by using a VPN too.

20:48

#3: Is that need to disable the VPN you already use before connecting to Tor.

20:54

This is basically the crux of what we’ve been talking about throughout this video,

20:57

but I want it to be clear that if you use a VPN already, there is no reason to disable

21:02

it before connecting to Tor.

21:04

Many online resources take the guidance about using a VPN with Tor too far and claim that

21:09

it’s actively dangerous to do this, and there are no situations where a VPN and Tor

21:13

can be combined.

21:15

This isn’t true when you’re connecting to that VPN before Tor, and disconnecting

21:20

from your VPN just to connect to Tor will only serve to make your network traffic more

21:24

suspicious, and potentially cause other things on your system which were previously protected

21:29

by your VPN to leak information.

21:32

There is no added danger to keeping your VPN connection enabled at all times.

21:37

—

21:38

Alrighty!

21:39

Now that all of this is finally out of the way, let me talk to you about using a VPN

21:43

with Tor properly.

21:44

To be absolutely clear, the configuration I’m recommending is that you connect to

21:49

your VPN first, and then connect to Tor through that VPN.

21:54

Some VPN providers and other online resources occasionally recommend the other way around,

21:59

making a connection to your VPN through the Tor network.

22:02

This is commonly recommended to circumvent things like websites blocking Tor exit node

22:07

IP addresses, however, this is extremely ill advised.

22:11

Normally, Tor frequently changes your circuit path through the network.

22:15

When you choose a permanent destination VPN (connecting to a VPN server after Tor), you're

22:21

eliminating this advantage and drastically harming your anonymity.

22:25

It’s difficult to set up a bad configuration like this accidentally, because it usually

22:32

involves you making deliberate changes to your proxy settings in Tor Browser, or or

22:36

setting up custom proxy settings inside your VPN client which routes your VPN traffic through

22:41

the Tor Browser.

22:42

As long as you avoid these non-default configurations, you're probably fine, but you can always double-check

22:47

by visiting Tor’s IP check website in Tor Browser.

22:53

—

22:54

I hope we’ve established the reasons why I think it makes sense for most people to

22:56

use a VPN alongside Tor.

22:58

I just want to leave you with a few final notes:

23:02

- Tor never protects you from exposing yourself by mistake, such as if you share too much

23:06

information about your real identity.

23:29

- Tor exit nodes can modify unencrypted traffic which passes through them.

23:34

This means traffic which is not encrypted, such as plain HTTP traffic, can be changed

23:39

by a malicious exit node.

23:54

Never download files from an unencrypted http:// website over Tor, and ensure your browser

24:00

is set to always upgrade HTTP traffic to HTTPS.

24:05

- Tor exit nodes can also monitor traffic that passes through them.

24:09

Unencrypted traffic which contains personally identifiable information can deanonymize you

24:15

to that exit node.

24:17

Again, we recommend only using HTTPS over Tor.

24:25

If you want to learn more about improving your privacy and security habits overall,

24:29

again I suggest reading through the knowledge base at privacyguides.org.

24:32

Finally, thank you for being interested enough in your personal privacy to watch through

24:36

this video, I hope to post more content on this topic in the future, so get subscribed

24:41

so you don’t miss out.

24:42

And please share this video with others who don’t understand the implications of using

24:46

a VPN before Tor, I hope that this content is able to spur further discussion about this

24:51

topic.

24:52

Be sure to leave a comment if you have anything to add or ask, or consider joining the Privacy

24:56

Guides forum, a great place to get perspectives from many different sources.

25:00

I’ll see you all in my next video!