[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Increasing anonymity with VPN? Or not?


#1

I already read Manual about VPN and I understand basics. VPN->TOR (anonymous from ISP) TOR->VPN (anonymous from the internet).

I’m not really trying to hide from anybody specific. My ISP is not after me. Internet is not looking for me. I just want more anonymity on the internet. What would you choose? VPN->TOR or TOR->VPN. And will it really help increase anonymity while using Whonix? Let’s consider, that I will pay in Bitcoin for VPN. I will not tell my real name to VPN provider.

(+) I see VPN as an extra part in the network between me and the internet, that has to be broken. So added anonymity.
(-) VPN is static part of network (all my connections are going everytime through this point). Does it decrease my anonymity?

Let’s say I’m Snowden. Would I use VPN? Would I use it before TOR? Would I use it after TOR?


#2

Hi @oxvxyjoq

Using a VPN can hide your Tor traffic from your ISP ( unless your ISP uses DPI ) . It does not give you anonymity from your ISP.

Using a VPN->Tor may be useful if you trust your VPN more than the network you are using. Think public WiFi.

The only time I ( personally) would use VPN->Tor is if the site I want to access blocks Tor or I want to Tunnel UDP over Tor so I can use Ethereum

See also Tor Plus VPN. This is a must read if using VPNs.

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

NO, If anything it will decrease your anonymity.

Consider this. Your VPN provider will know ( if using VPN->Tor ) the ip address from which you are connecting your client from. If you are always connecting from your home network it could be used to identify you.

No, VPNs do not increase anonymity

Correct

Only he can answer that. I think all the information you need to make an informed decision can be found in the Whonix Documentation and the Whonix forum by using the search engine at the top right hand corner of your screen. Search keyword “VPN”


#3

0brand:

Thank you for your answer!

I’m not going to use Ethereum or any other software, that requires VPN.
In that case you don’t recommend VPN at all, right?

I have created bootable live version of Xubuntu. And I’m running Workstation&Gateway through VirtualBox on this system.

Do you recommend (is it recommended) doing any changes to this setup? You already ruled out VPN. Is there anything else I should use for extra anonymity? Is there any extra possible step?

As you can tell, I’m a little bit paranoid about my anonymity on the internet. I’m not worried about security. I’m not so interesting, that somebody would make targeted attack at me. But I would like to be as anonymous as I can be.

Thank you again!


#4

Also, I went through links, that you posted. But I don’t really know, what I’m looking for… . That’s why I’m asking more experienced users. Once they recommend something I’m able to make it work and navigate through Manual on my own.


#5

When i mentioned Ethereum I am referring to:

User->Tor->VPN->Internet

There are use cases other Ethereum for chaining a VPN after Tor. For instance some web sites block Tor users. A workaround would be to use the above chain. All I am saying is this is an option that you could use but you need to make sure you do:

  • Use anonymous email if your provider requires a email address for registration.
  • Use the email address for this specific VPN registration and nothing else
  • Use a pseudonymous payment method. https://whonix.org/wiki/Money
  • Use Tor when signing up for VPN
  • Use this VPN in this chain configuration only. Do not use these VPN credentials for User->VPN->Tor->Internet. If you do your VPN service provider will know the ip address from where your client connected from.

Some things you need to keep in mind if you do choose to use a VPN:

  • Your VPN service provider can see your clearnet traffic regardless of how you chain them. [1] See below for exception
  • Your VPN service provider can see the ip address from which your client is logged in from if using: User->VPN->Tor->Internet

I’m not an expert but I know Ubuntu is not known for respecting users privacy. I don’t know if it would really matter since your using a live version.

Your setup sound OK to me. As long as you use Whonix I think you will be alright. The best advice I could give you would be to read through the entire Whonix documentation. There is a lot of information on anonymity in there.

Me Too! :grinning:

You should be. If Whonix was not secure it could be more easily exploited. Then It would increase the risk of de-anonymization.

Unfortunately it just takes time.There a lot of documentation (and forum threads). The way I learn is by reading the documentation and going through and reading the different threads on the Forum. A lot of the discussions on the forums tie in together. You have to learn about many different thing to really understand what you should and shouldn’t do ( for anonymity ).

Also remember that most of the info I’m giving you comes from memory. That info is scattered throughout the docs and forum threads. I try to add links when I can but I don’t always have the time or can’t recall the exact page I’m quoting info from.

[1] Your VPN provider will only see your Tor traffic if you configure you VPN inside Whonix-Gateway


#6

0brand, thank you for very detailed answers!

I decided against VPN. As there seems to be anonymity risks. Especially when configured by inexperienced user like me.

Thank you again for your time and shared expertise. I really appreciate time you put into writing these excellent answers.


#7

#8

HI @pvtnwmkn

There is something I failed to mention. You have to make sure you install the security patches when they become available. This applies to you host ( Xubuntu ) as well as Whonix gateway and workstation. Although malicious code would not be persistent it could be a problem for your current session.

I understand this could be time consuming but it is very important.


#9

I’m using this one redacted and provider guaranties my security and anonymity.


#10

You know they are not logging users activity, how? Do you know the providers personally? This is just an empty promise in an attempt to encourage users to sign up.

BTW

VPNs are not anonymous so how can your VPN provider make that claim?