As far as I know, ISPs can see if you are using VPN and/or Tor. And I am pretty sure most people in my country don’t use VPNs and Tor (damn people here buy $1 Windows 10 CDs, we’re a poor country, and also most people just don’t care about internet privacy). So if I’m like the only person in my area who’s using Tor and VPN simultaneously, isn’t it still possible to track me down? Because my ISP can see that I’m using VPN and Tor, and they know my address.
P.S: Just curious, not doing anything illegal or whatever.
If you are using Tor in conjunction with a VPN (Tor inside a VPN tunnel) it is very difficult to determine if you are using Tor
Either way, Tor isn’t illegal to use, your traffic is fully encrypted and no one has yet broken AES 256 which is what most vpn providers and Tor uses
Anyways, you COULD daisy chain a proxy along with Tor/VPN to make everything look like regular web traffic
Either a SOCKS5 proxy or HTTP
Also, some vpn providers offer obfuscation, which will attempt to disguise VPN traffic as regular HTTPS
>poor country
>government that cares about that
> not doing anything illegal
your safe pal, I would say no
You can be tracked by your unique mac address and or other unique hardware identifiers. That’s why cookies are bad, which is probably over simplification of tracking capabilities government’s and their agency’s have available, but it’s what I got…
A VPN and using TOR simply adds a layer of complexity for average hackers and some automated data collection has to view your surfing habits. To keep someone from tracking you down you need to do a lot more than vpn and tor…
I was told to never use VPN and TOR together, as it gives a broader attack range for an adversary. It’s safe to use either or, but both together makes it less safe.
I used brave browser at my work place and most of the sites didn’t open because my firewall blocked it all. I approached IT to know what is the matter. They said they came to know that I am using a VPN and that’s why they were forced to block the access! OMG, if this is the case what is the point on the whole VPN thing?
Stop using a VPN. They suck. There’s a good chance that your ISP probably doesn’t care about whether you use Tor, but you may want to connect via a bridge just to be safe.
That’s pretty much all you need.
The only thing they’ll see if you’re connected through a vpn is just that you’re connected to that certain ip / vpn service (most vpns also use encryption). They would need to track down the vpn provider to see what you were doing if that provider keeps logs. That vpn provider may also decline without a warrant as well.
Your logic is right. TOR or a VPN are just encrypting you’re traffic as it goes over the network. It means that someone between your computer and the website server you are visiting can’t see the communication. They wouldn’t know what website you are viewing. Anyone on the network can tell you are using a VPN or TOR though.
I experimented with this and got to the result that not all vpns are tracked. If you are sending some data in tunnel and some not then it’s very hard to even seperate them. There are obfuscated vpns and other stuff.
AES 256 which is what most vpn providers and Tor uses
Actually… Tor uses TLS so it supports/uses many different ciphers
You can be tracked by your unique mac address and or other unique hardware identifiers. That’s why cookies are bad,
Cookies and hardware identifiers are kinda a lot different. Cookies are a web thing, whereas hardware identifiers such as mac address are a… hardware thing, which your wifi/ethernet broadcasts all the time. You don’t need cookies to be on the internet, but you do need a mac address.
A VPN and using TOR simply adds a layer of complexity for average hackers and some automated data collection has to view your surfing habits.
And for the NSA back in 2011.
To keep someone from tracking you down you need to do a lot more than vpn and tor…
Depends on who you are, who you are up against, what you are trying to do and other factors. Using Tor alone may be enough for some, but not for others.
There is a good quote: “Anonymity loves company”, that is people have to hide in a crowd of other people, just using Tor may not be enough, or even worse than not using it. For OP, being the only user of Tor would (possibly) be suspicious, therefore they should use bridges with pluggable transports (in OPs case I would say meek) or a VPN (although as OP notes, that may also not works since few others use a VPN).
Your last line is perfect. Spot on
As a cyber security researcher I disagree with Tor / Guardian on that point
(Both projects recommend using just Tor or just vpn but not together)
If you’re browsing a darknet, probably a VPN is overkill at the least and possibly less secure
For clearnet though, many ISPs and mobile carriers are flagging Tor traffic, blocking it outright or restricting it in various ways
Adding additional encryption, more server hops plus concealing Tor usage doesn’t in any way seem to be a negative
I don’t understand this. I’d be cautious about blindly repeating unverified advice, especially when it relates to security.
Very simple break down here so won’t be surprised if I get corrected or down voted but…
You still connect to a set of IP addresses tied to your vpn provider so it or a government entity can see you are using a vpn what those groups cannot see, or gain access to if it’s a no log vpn, is what you are doing over that connection. All those entities see is vpn traffic which can and frequently is black listed on corporate networks, since you should be working not surfing on their resource…
Use an obfuscated VPN connection or else SOCKS5 with VPN
may be they think you might share something and from their point of you why do you need VPN, if the moral policy is not allowing you to browse them?
There are ways to bypass that. You just have to be savvy enough.