"User-VPN-Tor-Internet" means VPN can watch you??

bcdg · October 4, 2019, 10:36am

www. whonix. org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#cite_note-all-traffic-1

As explained here:

To decide the best configuration in your circumstances, consider:

Is it necessary to hide all traffic from the ISP? [[1]]Then install the VPN on the host.
> * Should the VPN provider be able to see all traffic ? [[1]]Then install the VPN on the host.

Should the VPN provider be limited to seeing Tor traffic , but not clearnet traffic ? Then install the VPN on Whonix-Gateway ™.

How can VPN see your all traffic (as decrypted)?

Isnt connection between user and 1st tor node encrypted in a way that is designed for being secure towards “man-in-the-middle”?

If tor is not designed for being secure towards “man-in-the-middle” then how can Tor hide traffic from your ISP?

Patrick · October 4, 2019, 10:50am

user -> VPN -> Tor -> destination:

VPN can see you are using Tor but not the contents of the Tor traffic.

Tor traffic means just encrypted (by Tor default) connection to the Tor network. Doesn’t mean someone can trivially decrypt it.

bcdg · October 4, 2019, 11:19am

Then the sentence

Should the VPN provider be able to see “all traffic” ? [[1]]Then install the VPN on the host.

has to be changed.

Patrick · October 4, 2019, 11:21am

This sounds correct.

All traffic does not imply “can decrypt encrypted traffic”.
Traffic can include both, encrypted and unencrypted traffic.