Viewing a single comment thread. View all comments

autonomous_hippopotamus wrote

tldr: i think you are right that if you use https/ssl you should be safe from malicious nodes, though one thing i've heard speculated somewhere is since the feds probably host quite a few exit nodes they can launch deanonymizing attacks on particular hidden services... It seems there are arguments to be made that using tor with vpn has some marginal benefit, tho this is controversial, but it may be this is a myth propagated by vpn providers like you say.


I can't say where i heard these arguments the first time, but i see it pretty often, the longer comment by a user named Roya on Stack Exchange summarized it pretty well.

The one, less contentious benefit of using tor with a VPN is the ability to hide your Tor usage from your ISP while also hiding your online activity from the VPN. As argued by this Deep Dot Web article.

If you choose to use TOR over a VPN, the benefits are that you would be again, hiding from your ISP the fact that you are using TOR. Also, your VPN would only be able to see that you are connecting to TOR nodes and that you are sending encrypted data. The VPN would not be able to see what data you are sending over TOR unless they decrypted it, because remember, all information relayed over TOR is encrypted.

But then, you can get around the problem of hiding your traffick form the VPN by not using a vpn at all.

This article from the Tin Hat (also from 2014) makes a more explicit argument about hiding your traffic from a malicious exit node, but they don't go in depth.

But then, i should point out both Deep Dot Web and the Tin Hat contain advertisements for VPN providers on their page. So you might be right that it's bullshit.

1