Before I start with my queries, I am from a place where whistleblowers are slaughtered. I am not a whistleblower in the real sense but I contribute of the little what I can to the cause. Here is why I was thinking to use vpn+tor. Now any mla/city or zone wise politician here, can get whatever info they want from the ISP in seconds. If a vpn the office and servers of which are situated outside country, then it will be hard for them to get the info from them. Maybe real hard because the adversary here won’t be the national government, we are just trying to expose corruption on a state level. Now in some of the threads here, I read people mentioning about money trail associated with the vpn. What if a free version is used? A vpn will log, whether the user is a free user or is paying, period. Like it is mentioned in this thread Tor + VPN - #5 by ArmadilloThis is a bit devil-you-know vs devil-you-don’t-know, both the isp and the vpn are the devils, but the latter will be hard to get hold by the corrupt politicians. Now regarding the links that I posted above, is there any serious threat if a vpn is activated before using tor?
Second I have noted that if a vpn like Keepsolid is started before connecting tor, tor never connects but it works fine with other vpn’s like speedify etc. Why is this so?
Lastly, say you are on an internet connection via wifi which has intermittent drops in connection and you are connected via vpn+tor or directly to tor without a vpn. Is there a chance in either of the cases that the real ip address will be exposed to a website like say protonmail? The vpn here is a freemium so it won’t have a kill switch in case the connection breaks.
Firstly, don’t use a free VPN as they often do log and are by far the least trustworthy.
For avoidance of money trails you could select a VPN provider which accepts Bitcoin or Monero crypto currency. Some providers also accept physical cash payments via mail.
Adding a VPN doesn’t increase any risks provided that you choose a legitimate one, research which VPN providers have been taken to court and what was their outcomes.
The inability to connect without VPN likely means your ISP already looks for Tor users and blocks the connection.
Most VPN clients have a built in kill switch so if internet drops it will just stop any data coming or going until a VPN connection is reestablished, nothing will leak.
Thanks for replying. Of the little what I know they all log and they log all users, whether free or paid
I have a subscription of Keepsolid vpn but Tor never connects if it is activated first, Tor over VPN that is. So, I tried some other free vpns and tor was able to connect if these free vpn’s were activated first. I can connect without vpn to Tor, it is just that I wanted to connect tor over vpn. Two questions-
Like I mentioned in the original post, both the isp and vpn(free or paid) are the devils here. As it might be hard, I am not sure here, for the concerned to get hold of the vpn so I wanted to use tor over vpn. Yes they will log but it might be better than just calling the isp and saying hey I am abcd politician hand me over the logs and everything of user A. Why is that tor over vpn is possible with some vpn’s and not with the others?
The free vpns, with which tor over vpn seems to be possible here, do not have a kill switch in case the internet drops. I just checked, no free vpn is providing this facility. Now say one is connected in tor over free vpn mode (ignore the logs for a second) and the internet breaks, now as there is no kill switch so will this leak one’s ip to the websites being browsed in Tor? Is Tor having any countermeasure to prevent this?
Thanks for replying. The only and the only rationale for me for using a vpn is because whistleblowers are slaughtered here and it is so easy for them to get anything that they want from the isp’s. Sure the vpn’s log too and they cannot be trusted either, but a vpn as it is in some other country will involve other jurisdictions. Wouldn’t this be a good reason to use a vpn? Or is there some serious security flaw that I am missing if a vpn is used along with tor?
I am not saying that vpn+tor will increase protection, just asking from the pov that getting details from the vpn will require additional time and effort.
Adding to the above post, can’t edit it as it is not yet approved by moderators
If there is any major security flaw if Tor over vpn is used then please please enlighten me.
This is a common misconception about VPNs. All provider can log but that doesn’t mean they necessarily all do. It has been proven in the past through court.
VPN provider OVPN has emerged victorious from legal action initiated by movie companies hoping to get closer to the operators of The Pirate Bay. After a back-and-forth process, the court agreed with OVPN’s claims that as no-logging provider, it had no useful data to hand over.
Thanks for replying and for sharing this. Can you please help with the other question as mentioned here?
A question from one of my friends, say Tor is being used in Windows or Mac, both these operating systems are engaged in telemetry data sharing in the background. Is there a chance that they share anything about the websites being visited in Tor to MS and Apple respectively or to the ISP?
Some VPNs products may block or stop Tor to connect. You should contact your VPN provider and ask their support about that.
Using Tor with bridges and pluggable transports (PTs) would be best. Some VPNs’ entry points are publicly listed, and in some regions, they are well-known to censors. While using Tor bridges with PTs, your traffic won’t look like “Tor traffic”.
Thanks for replying @gus I have read every comment and thread here, including the links posted by you, about this topic and I understand that there is no gain if tor over vpn is used.
The only only rationale for using a vpn here is because it is so easy for them to get anything that they want from the isp’s. Sure the vpn’s log too and they cannot be trusted either, but a vpn as it is in some other country will involve other jurisdictions. Wouldn’t this be a good reason to use a vpn? Or is there some serious security flaw that I am missing if a vpn is used along with tor? Tor is not blocked by any ISP here.
The free vpns, with which tor over vpn seems to be possible here, do not provide a kill switch in case the internet drops. Now say one is connected in tor over free vpn mode (ignore the logs for a second) and the internet breaks, now as there is no kill switch so will this leak one’s ip to the websites being browsed in Tor? Is Tor having any countermeasure to prevent this?
The same applies for Tor bridge: it also involves other jurisdictions. In addition to that, while using a bridge, your traffic is obfuscated – your ISP won’t know that you’re using Tor – and encrypted using onion routing - What protections does Tor provide? | Tor Project | Support.
But while using a VPN, you’re routing your traffic to another entity that you won’t know if they are good or bad guys. They can promise xyz (“no logs”, “military-grade encryption”, “bullet proof” and many other marketing terms), but how can you verify their claims?
Thanks for replying again @gus Will surely be going with the bridges from now on. Please understand that I do not trust the vpns like I have mentioned in the earlier comment, both the isp and the vpn are the devils here. Request you to read my queries again-
The only rationale for using a vpn here is because it is so easy for them to get anything that they want from the isp’s. Sure the vpn’s log too and they cannot be trusted either, but a vpn as it is in some other country will involve other jurisdictions. Wouldn’t this be a good reason to use a vpn? Or is there some serious security flaw that I am missing if a vpn is used along with tor?
The free vpns, with which tor over vpn seems to be possible here, do not provide a kill switch in case the internet drops. Now say one is connected in tor over free vpn mode (ignore the logs for a second) and the internet breaks, now as there is no kill switch so will this leak one’s ip to the websites being browsed in Tor? Is Tor having any countermeasure to prevent this?