I know that the most popular question is about TOR + VPN and it’s get the 1k answer about it, BUT i received an email from ExpressVPN which says about “more ways to protect your privacy”, so is it just ad or truth?
ExpressVPN are notorious and will tell you anything to get you to buy from them. This is just an ad, never take privacy advice from this company.
At this point it wouldn’t surprise me if ExpressVPN was trying to unmask tor users by trying to deanonymize traffic sent across it’s infrastructure.
I think that there are a few reputable VPN’s but expressVPN is not really that decent, cause they would do whatever it takes to get you to use and buy their service, but I recommend mullvadVPN or IVPN. And VPN usage with tor is not really necessary, but with the right VPN I think it could probably add an extra layer if they are trustworthy and keep no logs and pay with no id or credit card.
VPN:
- casual speed
- hides traffic from you ISP and hides location, ip etc from websites you visit
- some big sites can blacklist known vpn server but all in all there aren’t many services which do this (ProtonVPN experience)
but the server belongs to some country and has to obey its laws, whether it’s ProtonVPN, NordVPN, HideMyIP etc.
some just obey, some give out more information than needed, but in general they all need to and will obey if a court order arrives.
The difference is the country the server is based, ProtonVPN for example is a swiss company and has also swiss server, which means Swiss law applies. And switzerland has some pretty good privacy laws in comparison to US or UK laws for example.
TOR:
- low to very low speed
- anonymizes your whole traffic ( the website will only see the data you send to them, but has no clue who you are ^1)
- a lot of services block connections coming from the tor network, but you could bypass that by connecting to a VPN from TOR)
the tor network can’t receive a court order, but there are ways to de-anonymize you anyways
^1 this is only true if you got everything else correct, for example dedicated devices, TailsOS or Qubes OS, online behaviour, offline behaviour, data you send consciously, data you send unconsciously and so on, there is so much more to do than just connecting to tor or a vpn to be completely anonym like a hollywood hacker or whatever
This is an interesting guide to become anonym: https://anonymousplanet.org/
Ok, thank you. So i guess most of the companies have similar sales policies, or u can recommend someone?
lmao ok thank u for this
w/o jokes, in the abstract, if i ever need to be like a anonymous from default USA movie about hacker in TOR, what should i use? Only TOR? or VPN Router? Or 100 bridges around the world? your software/hardware setup for being uncaught like a France climate activist
Heck, I didn’t even think of that, that’d be really clever for them to do. Don’t need to break/attack tor if you just have your users reveal themseleves after going through the anonymization network.
Seems like i should have big brain and deep knowledge in communication technology to test every VPN service, too much opinion everywhere. But thank you for advice
Two providers that are generally considered reputable are ProtonVPN and Mullvad.
choose a country that is not a member of the 5/9/14 eyes and see what vpns they offer, then read reviews on it
The answer completely depends on your threat model.
VPN = Hides your traffic from your ISP (only) and can give you different geographic exit points.
Tor = obfuscates the connection between host and website. Malicious guards/exits and middle-hops give an adversary a chance at deanonymizing a user.
As a practical example I like to use Independent Journalist in UK (not the censorship country everyone jumps to).
1) Recognize that your behavior on the global network can be aggregated to build a pattern to identify you. AI/ML tools are really good at that.
2) Understand that a VPN provides a clearnet hop but anything crossing that hardware could be compromised -- most simply by a court order/subpoena. [see ProtonVPN releases data by court order]
3) State actors can compromise your host if you've got something juicy to report.
4) Tor only provides hard anonymity as long as your traffic is within the onion circuits. As soon as you exit to a clearnet address your HTTPS traffic is no more or less secure than using a regular computer connection. (maybe a little more secure)
5) If you NEED anonymity: "Thou shall not connect to personal accounts from the same host."
OPSEC segregation is really important if you need to be anonymous. Best tools I’ve seen people recommend are TailsOS & QubesOS. Having tried both I’d say Tails is a little quicker for short-burst traffic (OnionShare, etc.). Your regular internet traffic (banking, social media, etc) should not be done from your TailsOS instance. Anytime you connect to a KYC/AML site you run the risk of being fingerprinted, tracked, and located. Dump anything Microsoft/Apple/Google/Amazon/Facebook – period; they’re all listening all the time no matter what. Get yourself a clean de-googled smartphone and choose a E2E messaging/calls app. Apply the same principles of zero-trust to your smartphone.
Using this example my setup might look something like this:
Base hardware: laptop running LUKS encrypted Debian + TailsOS with persistent storage. Pixel w/GrapheneOS and Keepass, Signal, Briar, Orbot in full-VPN mode, Ripple. No biometrics.
It’s a real possibility imho. Tor recently kicked a staggering # of suspicious/malicious relays. This is a good write up on what’s happening.
No, really, expressVPN is bad - they got caught in a big spy scandal recently and really should not be trusted.
Mullvad and Nord are the most trusted these days
thank u for ur opinion, u help me a lot
And protonvpn has fallen in disgrace because they gave informations to France about an activist
Proton recently had to give up it’s customer to Swiss authorities. Mullvad seems reputable for now, but Sweden is part of the 14 eyes
ok, thank u for advice