For privacy and anonymity, I hear that you want to start a VPN, then start Tor. This can be dione fairly easily on Parrot Linux. On the other hand, Tails is recommended by Eric Snowden, but the Tails developers advise NOT using a VPN with Tails. Your thoughts, please?
Many of the “gurus” who talk about things like this are self-claimed experts. I saw a class on Udemy for the darknet where someone said this very thing. I used to be a darknet vendor (I gave a defcon 30 talk about darknet opsec, it’s on youtube). I can tell you that getting a VPN connected to tor adds another link in the chain that is not only unnecessary but also a liability.
It does not make you “safer”.
The people telling you this have no vested interest in seeing you safe, or care if you do.
The Tor dev’s know what they are talking about. I can confirm from the discovery that I got from the department of homeland security that they knew nothing about me, all I used was Tor.
This is sort of an oversimplication @SamBent . Not everyone is looking to do DarkNet stuff…
There are usages where VPN over Tor or Tor over VPN (two different setups with two different risk profiles) might be beneficial.
1- Here is a forum post by Paul Syverson, one of the original developers of onion routing and a senior scientist at the naval research lab briefly explaining the usage of these scenarios:
2- Here is even more information about the potential combinations from the torproject wiki:
Thanks very much, SamBent. Much appreciated! I will check out your YouTube video.
I recommend reading this post:
And the Tor Project Support faq:
Generally speaking, we don’t recommend using a VPN with Tor unless you’re an advanced user who knows how to configure both in a way that doesn’t compromise your privacy.
You can find more detailed information about Tor + VPN at our wiki.
Thanks very much, Gus!
Thanks very much, Ronin!
Thank you for your reply @RoninNakomoto , that said individuals that are active on the Darknet are one of the ones that have by far many more federal resources aimed against them than those that are doing it occasionally, or for any other purpose.
Sometimes things are simple. The first link that you cite is from back from 7 years ago. Obviously, as time goes on things change greatly. OP is asking about using a pentesting distro, so putting the use case together is not exactly rocket science.
As for your second link, it seems to verify exactly what I said in my post.
in Tor Project Forum0
I am not debating that “everyone wants to use tor for the darknet” or that “no other use cases exist”, I never said either of those things, I simply explained my use case… I am only repeating what the dev’s have said (and the link that you sent) state: Using tor with a VPN, is not a good idea as it has the potential for you to risk exposure.
Thank you, SamBent. Sorry if I caused some confusion, but I was not interested in pentesting, but just online anonymity and privacy: I only mentioned Parrot OS because I saw a demonstration of Tor over VPN on Parrot OS on a Youtube video. Thanks again.
The only thing that will make you super anonymous with the tor + vpn combo is if you download torrents (because tor doesn’t support torrents). And anyway there is an app that allows you to do this without needing a vpn and only on tor (it’s called Tribler), so it’s not really useful to use tor + vpn. It’s better to use tails especially since it automatically anonymizes mac addresses.
Thanks very much, Veritax.
VPN+TOR is a bit dangerous if you use third party stuff, now using domestic VPN+TOR at home you could be fine.
TOR alone is already good enough and cover basics things but need some restarts sometimes.
Thank you, Red0Bear.