[tor-talk] Tor plus VPN (was re: Hi all!)

Roger Dingledine arma at mit.edu
Sun Jan 22 05:26:22 UTC 2012

On Sun, Jan 22, 2012 at 06:06:47AM +0100, Martin Hubbard wrote:
> On 01/21/12 at 03:44 PM, Christopher J. Walters wrote:
>  > 2. What is the best way to use a VPN with Tor to increase anonymity?
>  You're not going to get better anonymity by using VPNs with
>Tor. Anonymity is what Tor does very well, far better than any commercial
>VPN arrangement. With VPNs, there are potentially always logs that lead
>back to you. You can make the trails hard to follow, by nesting VPNs from
>multiple providers and paying anonymously, but you can't eliminate them.
>  You can use VPNs with Tor in two ways. You can route Tor through
>VPN services. That prevents your ISP etc from seeing that you're using

Another advantage here is that it prevents Tor from seeing who you are
behind the VPN. So if somebody does manage to break Tor and learn the IP
address your traffic is coming from, but your VPN was actually following
through on their promises (they won't watch, they won't remember, and
they will somehow magically make it so nobody else is watching either),
then you'll be better off.

> Generally, VPNs are more popular than Tor, so you won't stand out
>as much. Once the VPN client has connected, the VPN tunnel will be the
>machine's default Internet connection, and the Tor Browser Bundle will
>route through it.

>  You can also route VPN services through Tor. That hides and secures
>your Internet activity from Tor exit nodes. Although you are exposed to
>VPN exit nodes, you at least get to choose them. If you're using VPNs
>in this way, you'll want to pay for them anonymously (cash in the mail,
>Liberty Reserve, well-laundered Bitcoin, etc). However, you can't readily
>do this without using virtual machines. And you'll need to use TCP mode
>for the VPNs (to route through Tor). In our experience, establishing
>VPN connections through Tor is chancy, and requires much tweaking.

Even if you pay for them anonymously, you're making a bottleneck where
all your traffic goes -- the VPN can build a profile of everything you
do, and over time that will probably be really dangerous.

In short, I think "You -> VPN provider -> Tor network" can be a fine idea,
assuming your VPN provider's network is in fact sufficiently safer than
your own network; but "You -> Tor network -> VPN provider" is generally
a really poor plan.


More information about the tor-talk mailing list