2

I saw many posts here saying that Tor over VPN is different from VPN over Tor, and one is better than other, but I was unable to find any explanation over it. There were some speculations that you should not reroute all your data through Tor as the last node will be able to read decrypted data. So using an "encrypted VPN service" and then routing all your data through Tor, will the exit node be able to see the data then as well?

I want to use tools like anonsurf (or other similar tools) to reroute my connection through Tor but many posts suggested that rerouting connection through Tor is not a good idea as the exit node will be able to see my decrypted data. So I am looking for a service where I can reroute my connection through Tor while making all connections encrypted.

forest
  • 64,616
  • 20
  • 206
  • 257
Sourav Singh
  • 23
  • 4
  • User -- VPN -- Tor | User -- Tor -- VPN. Both of them are unnecessary. – defalt Sep 07 '21 at 06:42
  • If the exit node of the VPN is on the other side of Tor, then Tor can't see the plain traffic... – schroeder Sep 07 '21 at 08:13
  • 1
    The question you linked to was concerned about *anonymity* not *encryption*. Please make sure that you keep those ideas separate in your mind. – schroeder Sep 07 '21 at 08:16
  • @schroeder Yeah but how can i ensure that it is on other side? .And yes i will try to present those ideas separate but i was looking for a solution that is anonymous and encrypted so if there is solution to implement in Linux that you can suggest? – Sourav Singh Sep 07 '21 at 08:26

1 Answers1

4

If you want encryption (for the confidentiality of communications), use HTTPS (and DNS over TLS or HTTPS), because unlike with Tor and VPNs, it encrypts all data between your computer and the web servers.

If you want to hide the IP address of your computer or home network from the web servers, you can use Tor or VPNs.

If you want to hide the IP address and domain name of the web servers from your ISP, you can use Tor or VPNs.

If you want anonymity, to the point that you trust neither Tor nor VPNs and want to use both, you need to force yourself to use a strict operational security methodology. Proxies (Tor and VPNs) will only be a small part of the overall solution. Your IP address is just one personal identifier among many. Hiding it is not enough to ensure your anonymity.

Whether you choose Tor or VPNs, the exit node will know which server is contacted. If the exit node is from the VPN provider, the provider can be able to link the connections to your account. If the exit node is from Tor, the connection cannot be traced back.

Also, when using proxies, you flag your connections as "I have something to hide" and you attract attention to them. Your connections are more likely to be monitored by intelligence agencies, or denied by content delivery networks (CDN).

This interactive web page explains how HTTPS and Tor work together, and who can see which piece of information. In this page, you can substitute "Tor" by "VPN" if you keep in mind that unlike Tor, a VPN is able to link the entry-node to the exit-node, and link the communications to your account.

Using VPNs and Tor together does not improve the "anonymity" over just using Tor. By doing so, you get the worst of both, not the best.

In conclusion, if you ponder how to use both Tor and a VPN, I would personally recommend that you use only Tor.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42