On 09/29/2018 09:29 AM, panoramix.druida wrote: > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > El sábado, 29 de septiembre de 2018 11:58, J B <jb.1234a...@gmail.com> > escribió: > >> Hi, >> Could you please explain in what sequence the two should be activated and >> why >> (which setup is secure) ? >> TB -- VPN or web proxy >> or >> VPN or web proxy -- TB > > I am playing with QubeOS and I try Tor -> VPN (with Bitmask) and I found this > useful for not having captchas everywhere as it does happend with Tor alone. > I try this thanks to this talk: https://www.youtube.com/watch?v=f4U8YbXKwog
True. But this is the most dangerous way to combine Tor and VPNs. If you connect first through a VPN (yours or a commercial service) and then to Tor, the VPN becomes like your ISP. It encrypts and obscures your traffic. So your ISP can't easily tell that you connect with Tor, or what you otherwise connect with directly. But your VPN provider _does_ know all that. Also, some argue that VPN services are more likely malicious than ISPs, and so potentially compromise your Tor use. But others (including Mirimir) argue that ISPs are more readily compromised by local adversaries, so using VPN services increases security and privacy for Tor use. Also, if you connect to Tor through a VPN, entry guards can't easily know your ISP-assigned IP address. So malicious entry guards (or those who had compromised them) would need to get that information from your VPN provider. That would have provided some protection against CMU's relay-early exploit, which pwned many .onion services and users. However, connecting first to Tor, and then through Tor circuits to a VPN, is _far_ more dangerous. Bottom line, you throw away all of the anonymity that Tor can provide. That's because your VPN provider may know who you are. Perhaps because you paid them in some traceable way. Or perhaps because you accidentally connected directly, and not through Tor, revealing your ISP-assigned IP address to them. However, if you're careful, you can use VPNs through Tor to 1) avoid Tor-specific CAPTCHAs, 2) route UDP traffic, and 3) use online services that generally don't work well with Tor alone. <SNIP> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
