[tor-talk] Using VPN less safe?

[Mirimir]

On 01/24/2016 09:38 AM, Roger Dingledine wrote:
> On Sun, Jan 24, 2016 at 11:04:30AM +0000, Oskar Wendel wrote:
>> Attacker could easily tap into major VPN providers traffic and try to 
>> correlate their traffic with hidden service traffic. And there are fewer 
>> VPN providers than Tor entry guards (and much less than home connections 
>> around the globe).
>>
>> Does it mean that routing Tor through a commercial VPN could actually 
>> lower the security, compared to routing Tor directly through a home 
>> connection?
> 
> Yes, I think this is correct.
> 
> It's a tradeoff -- if somebody somehow breaks the anonymity of your Tor
> circuit, it's nice to have another layer behind that. But if somebody
> guesses that you're using a particular VPN, or you pick a VPN that they're
> already monitoring for other reasons, then you basically let them see the
> beginning of your circuit when otherwise they might not have been able to.

The same is true if someone guesses the user's ISP. Or if they're
already monitoring that ISP. Also, I can chain multiple VPN services. So
the VPN exit that hits the entry guard isn't directly associated with
me. Bottom line, I'd rather have those extra layers, even if some of
them attract attention. And revealing Tor use to my ISP would attract
even more attention.

> In a sense you're selecting your VPN to be your guard. If there were
> one super-popular guard in the Tor network, and people used it forever
> rather than doing normal guard rotation, seems to me it would become an
> appealing point for surveillance.

Maybe so, "in a sense". But I'm still using a Tor entry guard.

> Also, this issue is pretty much the same whether you're visiting onion
> sites or other domains.
> 
> --Roger
>