Hey, folks! Please, tell me what you think about Tornet + VPN combination. To be exact in-browser VPN extention. If you connect to TOR proxy first and then connect to VPN you don’t expose your real IP to a VPN-provider and conceal the fact you’re using TOR (to prevent captchas on sites etc ). This way you could use any VPN (even free tear propriety) Am i right?
First off, I would be careful around browser-based VPNs, especially free ones. If it’s in the browser it’s often just a proxy (as opposed to wireguard or openvpn), which is potentially bad for normal functionality or privacy. Also, if it’s a free service then it almost certainly collects your data itself, and won’t necessarily be allowed by sites either.
That being said, there are two ways to layer the two type of tunnels:
Connecting to the VPN first is relatively common. This means that your ISP can’t see you connecting to Tor. Furthermore, VPNs are designed to tunnel your entire system, while Tor generally is not. Thus, you can have some traffic that is merely VPN protected and some that runs through the Tor network as well. In this situation my ISP knows which VPN provider I use, my VPN provider knows (1) my identity and (2) my network activity outside of Tor, and sites that I visit can only see that I use Tor.
The other direction is to connect first to Tor, and tunnel the VPN connection through there. This is very much not intended: Tor only tunnels TCP, while most VPN protocols use UDP (only, or more efficiently). The reason is that it’s actually quite difficult to hide your identity from your VPN provider. If the VPN is the innermost tunnel, then that means that it has access to all your network traffic. I’ll assume that all of it is encrypted with TLS (but be careful because a single error is bad). Then, the VPN only knows which domains you visit, how long, how much data, and at what times. This is still quite significant. Then there’s the issue of payment. If you choose a free service, it almost certainly means it’s selling your data. I will say that this is better than most other uses for free VPNs, but it’s still pretty sketchy. If you’re paying, then you need one which accepts payments in monero (or zcash or another private cryptocurrency) or cash by mail.
Overall, Tor over VPN is relatively normal. I use this configuration regularly. VPN over Tor is highly unusual, and you should consider if you need it. If you need a recommendation for a VPN though, Mullvad supports both monero and cash by mail (sweden), and is generally a good all around VPN (as long as you don’t need port forwarding). One final thing to note: If for some reason you want to use a VPN on both sides, do not use the same VPN, even with separate accounts. Probably, they won’t check, but at that point you might as well just use straight Mullvad VPN.
I’ve read somewhere that adding too much complexity just lights a beacon your way, like “look at this guy with shitty latency using all these weird ports, he must be up to something”.
However, OP just seems to want to use Tor without falling into Captcha Hell.
Appreciate your comment!
Yeah, it makes sense. I’m probably yet not educated enough to understand what happens under the hood when i use this and that. But i’m glad that there are people that can advise me :)
I think a browser extension would only route through the VPN for traffic within that browser.
It’s easy to test - with the extension running, check your IP in two browsers (or, better yet, from the terminal)
Appreciate your answer!
Yes, it surely would. It’s what i wanted. I intended to route Tor proxy through a VPN to conceal the fact it’s Tor from websites and at the same time to conceal my real web fingerprint from a VPN provider. From my experience most of mainstream services and platforms let you in with VPN more often than with Tor. Btw with Tornet terminal tool for Linux browsing feels more than pleasantly. I haven’t noticed any severe reduces of speed.
But it still has a weak point - ISP sees TOR connections and may flag you. I would like to try more advanced approach in the future but it requires expertise in self-hosting.
I feel like you’d need to use this in like, a Whonix VM to be confident no UDP packets are leaking and no hardware/OS info gathered by the presumably malicious browser extension.
Thank you for the advice!
Whonix is great! Gotta try it one day :)
I have a feeling you’re on to something, but also feel this might be needed for a niche use case.
And like another comment pointed out, in-browser extensions obviously only impact the browser. But like you said you’ll be using it to prevent sites from knowing you’re using tor so that should be alright.
I like this idea for using “free” or suspicious VPNs. But all this routing would totally slow down the connection, especially on the already limited free vpn connections.
Excellent! Thank you so much for such a comprehensive answer.
I appreciate that you broke it down for me and mentioned few other nuances worth considering. If i understood it correctly, this combination (in this particular order) is not so reasonable because a VPN would still see what i’m doing and i just would be trading off my traffic data for option to hide Tor from sites i visit (in case if i use a “free” VPN). Unfortunately my network managing skills are very limited. Ideally one day i’d like to set up something like: own proxy 1 (or VPN) - Tor - own proxy 2 (or VPN). This way i could eliminate ISP snooping and make entry and exit proxies unfamiliar with each other.
Thank you for shearing your opinion!
I tried it because i felt like it makes sense and decided to ask what people think about it. Browsing with Tornet terminal tool for Linux feels more than pleasantly. Also I was surprised when i found out that many websites let me in after captchas or don’t inspect my connection at all. But i have not tried it with VPN on top for extensive session.
