Why do Tor experts discourage using Tor and a VPN at the same time? Is it because of the network fingerprint, latency, or that there is no point to it?
3
-
This question is likely to be answered with opinions rather than facts and citations. It should be updated so it will lead to fact-based answers.– Romeo NinovCommented Mar 2 at 7:46
-
@RomeoNinov I initially thought the same - however this is actually a bad question. It incorrectly or naively assumes Tor experts discourage using tor and a VPN at the same time. In fact, this iis nuanced, but can be authoritatively answered!– davidgoCommented Mar 2 at 7:49
-
@davidgo, the question is very unclear and OP show no research about the subject. So my opinion is question expect opinion based answer.– Romeo NinovCommented Mar 2 at 8:19
Add a comment
|
1 Answer
I believe your premise is wrong. In the logical case of using TOR over a VPN (ie connect a VPN, then connect to TOR through the VPN) -
https://support.torproject.org/faq/faq-5/ links to https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN (ie its authorative) which has a lot more nuance and states (bolding mine):
You can very well decrease your anonymity by using VPN/SSH in addition to Tor. (Proxies are covered in an extra chapter below.) If you know what you are doing you can increase anonymity, security and privacy.
Most VPN/SSH provider log, there is a money trail, if you can't pay really anonymously. (An adversary is always going to probe the weakest link first...). A VPN/SSH acts either as a permanent entry or as a permanent exit node. This can introduce new risks while solving others.
Who's your adversary? Against a global adversary with unlimited resources more hops make passive attacks (slightly) harder but active attacks easier as you are providing more attack surface and send out more data that can be used. Against colluding Tor nodes you are safer, against blackhat hackers who target Tor client code you are safer (especially if Tor and VPN run on two different systems). If the VPN/SSH server is adversary controlled you weaken the protection provided by Tor. If the server is trustworthy you can increase the anonymity and/or privacy (depending on set up) provided by Tor. VPN/SSH can also be used to circumvent Tor censorship (on your end by the ISP or on the service end by blocking known tor exits).
In other words the risks change, but it could be beneficial if you know what you are doing - I guess the question is do you trust your VPN or the TOR entry nodes more, and how well do you understand what VPN's, TOR and your routing stack does?
Apparently, it is possible to run a VPN over TOR - this would not be a good idea in most cases - because this would slow down your connection while quite possibly bringing more scrutiny to your traffic and giving you very little - if any benefit from using Tor. There are a few niche cases this might be useful to get around firewalls, but by-and-large is a bad idea.
-
What is the difference between the times when it decreases your a/s/p and the times when it increases it? Commented Mar 2 at 19:20
-
Ot depends on the threat vector - and a lot of it is theoretical anyway- and I'm not qualified to answer this (but have some understanding) - nor (based on your question) you to understand it. It would require a co-ordinated government level and realistically you would be screwed either way.– davidgoCommented Mar 3 at 6:24