[email protected]: > I was under the impression that using a VPN service would provide a > certain level of anonymity because it masks your true IP and sends > traffic through an encrypted tunnel.
If combining a VPN/proxy/ssh with Tor improves anonymity, privacy and security or not is a controversially discussed topic. There is a page dedicated on that topic collecting all the pro and contra arguments: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN (Mostly written by me.) In conclusion, I'd say the answer depends on your assumption and threat model. > So while a listener would know you > were connecting to a VPN, the traffic on the other end could have come > from anyone. Is that incorrect? If you mean by listener = ISP, and if you mean a Pre-Tor-VPN (user -> VPN -> Tor -> destination), it's correct. I am very skeptical if VPN's or SSH's are even able to hide the fact you're using Tor, see VPN/SSH Fingerprinting: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#VPNSSHFingerprinting > Perhaps this question is out of scope, > but I am curious if third party VPN services truly accomplish what they > claim. Leaving protocol leaks (browser fingerprinting aside), a single VPN provider provides nothing more than weak anonymity by policy. On the other hand, Tor provides anonymity by design. > that Tor is good for masking location, but that > the endpoints could listen to all your traffic. VPN servers used as post-Tor-VPN (user -> Tor -> VPN -> destination webserver) can also listen to plaintext traffic. Shifting trust from a Tor exit to a VPN and therefore giving up stream isolation and introducing a permanent exit node is imho a bad idea. _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
