I use Tor browser and I really like it, even though I don’t need it for vital reasons or to bypass censorship. I use Tor only because I value privacy. This is to say that any possible leak is not necessarily a dramatic event in my personal case, but obviously I would not want to make this wonderful tool useless.
I have two VPN servers (wireguard) under my fully control:
Server “A” at my home. Static IP and reverse-DNS for this connection.
Server “B” at a friend’s house. Simple connection with dynamic IP.
I could leave the VPN tunnel I use most of the time (server B) to use the Tor browser. This way I would simply use my home connection (with static IP and reverse-DNS). But what happens if I forget to do it and I use the Tor browser while connected to server B (the VPN server at my friend’s house)? It is ok? It is more/less secure?
I also use torsocks with terminal commands that run automatically all the time. This means:
the convenient and easiest solution is “my” VPN at my friend’s house + Tor
or I should give up my scripts with torsocks that run all the time and carefully leave the tunnel before using the Tor browser
or I should give up the VPN tunnel, that I like too: the VPN is obviously faster than Tor and Tor is not the best idea when I have to log in somewhere…
So what is most appropriate in my case? And why?
Thanks!
What you’re asking is too technical for me. Nevertheless, I’m looking forward to reading others’ replies.
I run a VPN on my pc and iPhone. Im posting this reply using my iPhone over my home WiFi while connected to one of the VPN’s Tor servers. I love how that works.
I asked since the Tor project don’t recommend using a VPN with Tor unless you’re an advanced user who knows how to configure both in a way that doesn’t compromise your privacy.
Since, in my setup, I have a use case for Tor and a use case for my own VPN, I would figure out what I risk this way:
My house —> My VPN elsewhere —> Tor
This was is the default in my setup and is very convenient. And I don’t have to think every moment about whether I’m connected to the VPN tunnel or not, before connecting to the Tor network.
My PC automatically connects to the VPN, which I need.
Example of programs that automatically start, run all the time, and download updates via Tor (torsocks): an open source RSS/Atom feed reader.
I often also use the Tor browser, except when I have to log in on some website with my identity. I don’t have to fear being persecuted for political/religious opinions or for my sexuality and I’m not even a journalist: I use Tor solely for privacy reasons.
The VPN server (wireguard) is under my control and it is installed on a Raspberry Pi, behind the router firewall. I have a firewall on the Raspberry too. I update this server constantly. Dynamic IP here…At my house I have a static IP and reverse-DNS instead.
Okay, after reading through this thread multiple times, I have a better answer for you.
Your two use cases are to use a VPN and Tor, but the root issue is that the two activities are centralized together on your client. Therefore, a more sensible approach is to separate the two activities to prevent any confusion regarding configuration and purpose. For example, you can use server B for general privacy with strong performance, but when you want to use Tor, use Tails on a USB drive for that explicit purpose instead, or Qubes-Whonix, etc.
I put it this way when people ask about VPN + Tor. Who do you trust.
If you have VPN → Tor → Website, you are hiding the fact that you are on Tor from your ISP but you are not hiding it from whoever is hosting your VPN. Why do you trust them more than your ISP? They may say “We don’t keep logs” but all you can do is take them at their word.
If you have Tor → VPN → Website, you are at least hiding the fact you are using Tor from the website, but you are then you are showing your VPN what websites you are going to. It’s just scrambling the trust.
Personally, for my thread model, I trust the Tor network but I know that I can’t access a lot of website using it. I use a paid VPN for streaming services that are geoblocked. I also have a personal openvpn instance running on a VPS. This is for foreign banking which blocks Tor, commercial VPN providers, and my local ISP.
It’s not a one size fits all solution but it is tailor made for me. We can’s tell you what will work best for you. Only you can do that.