Viewing a single comment thread. View all comments

autonomous_hippopotamus wrote

agree with most of this

however, on the VPN point, while yes a VPN isn't necessary, many people say a VPN is helpful to either secure your information from the tor exit node, that using tor sources ones information from the VPN provider.

Do you know of any research that's been conducted that sheds some light on this issue?


sudo wrote

This is the first I've heard of this issue. If I may say so, that concern makes very little sense. Just exactly what information is being leaked to the exit node that using a VPN would help protect? As far as I understand it, the only information that an exit node can get about you is from any unencrypted traffic you send through it. If you encrypt everything (like by using https), then it will have no idea who you are, or what you're browsing. I fail to see how using a VPN would help in this matter.

Can you point me to where you found this argument? There could be something that I'm missing, but as of now, this still sounds like a VPN company spreading misinformation in order to stay in business.


autonomous_hippopotamus wrote

tldr: i think you are right that if you use https/ssl you should be safe from malicious nodes, though one thing i've heard speculated somewhere is since the feds probably host quite a few exit nodes they can launch deanonymizing attacks on particular hidden services... It seems there are arguments to be made that using tor with vpn has some marginal benefit, tho this is controversial, but it may be this is a myth propagated by vpn providers like you say.

I can't say where i heard these arguments the first time, but i see it pretty often, the longer comment by a user named Roya on Stack Exchange summarized it pretty well.

The one, less contentious benefit of using tor with a VPN is the ability to hide your Tor usage from your ISP while also hiding your online activity from the VPN. As argued by this Deep Dot Web article.

If you choose to use TOR over a VPN, the benefits are that you would be again, hiding from your ISP the fact that you are using TOR. Also, your VPN would only be able to see that you are connecting to TOR nodes and that you are sending encrypted data. The VPN would not be able to see what data you are sending over TOR unless they decrypted it, because remember, all information relayed over TOR is encrypted.

But then, you can get around the problem of hiding your traffick form the VPN by not using a vpn at all.

This article from the Tin Hat (also from 2014) makes a more explicit argument about hiding your traffic from a malicious exit node, but they don't go in depth.

But then, i should point out both Deep Dot Web and the Tin Hat contain advertisements for VPN providers on their page. So you might be right that it's bullshit.