[tor-talk] Tor to VPN to Internet = Bad. Why?

Phillip equusaustralus at gmail.com
Wed Apr 25 23:13:01 UTC 2012

It's possible to sign up for VPNs anonymously, as well as finding VPN
providers that keep no logs. Mullvad is a good example of one which you
can sign up for using bitcoin or even cash in the mail. Here's a list of
some more privacay-aware VPNs:


Otherwise, I think it would be a better idea to run your whole
connection through a VPN first, then connect to Tor. That way your ISP
has absolutely no idea what's going on on your connection, plus you have
the additional benefit of obscuring your location.

With a good anonymous VPN + Tor, performance wouldn't be degraded much
at all, and you get double the privacy and security ;)

> I think in some cases where Tor is blocked, connecting to a VPN through Tor
> may be useful. The problem of course is signing up for the VPN anonymously,
> but this can be achieved with Bitcoin, to an arbitrarily high level of
> security, although at present it's still kind of inconvenient a level of
> mixing that would be just as anonymous as Tor.
> On Wed, Apr 25, 2012 at 12:27 PM, Ondrej Mikle <ondrej.mikle at gmail.com>wrote:
>> On 04/25/2012 04:06 PM, Low-Key² wrote:
>>> Recently, I'd come across some chatter that suggested that connecting to
>> a VPN via TOR was not a good idea and, rather, the better idea was to
>> connect to a VPN that then used Tor.  I've not found any articles on the
>> net that really discuss this issue.  My concern stems from more of a
>> curiosity due to an encrypted private web proxy I used to run for foreign
>> activists.  While the proxy would have appeared entirely benign to anyone
>> in their regime, a number used Tor to connect to it. My larger question is,
>> if there is a security concern for using Tor to connect to a VPN which then
>> connects to the internet, would the same concerns apply to people who use
>> Tor to connect to an encrypted web proxy?  Thanks in advance for any
>> replies.
>> I think the main issue is that user needs to authenthicate to the VPN, so
>> no
>> matter where they came from via Tor, they are identifiable. That is true
>> even if
>> the credentials are shared, in that case it's known that the individual
>> connecting via the VPN must be from a small group.
>> On the other hand, if your goal is to hide location instead of identity
>> from the
>> VPN, connecting via Tor _might_ do the trick. I'm saying _might_, since
>> some
>> data inside the protocols transmitted over the VPN could contain your real
>> IP or
>> other identifying information (depends on the protocol(s) used inside VPN).
>> In the case of the encrypted proxy the attacker might know that it's some
>> group
>> of people you gave access credentials to. So it depends on what the
>> attacker can
>> learn - e.g. the attacker will retrieve your name from whois and might
>> attempt
>> to find out from your communication which individuals belong to that group
>> or
>> attempt to compromise the proxy and view logs.
>> Ondrej
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list