I realize this is not necessarily a Qubes/Whonix question but I figured close enough? Anyway, I prefer a VPN for a few reasons and sometimes prefer TOR on top of that. What I am unclear about is, from the TOR end, am I being compromised if I connect from sys-net (sys-firewall? sorry, still learning Qubes) to VPN to clearnet and then use the same VPN provider to connect from whonix-gw (i think that is right? whonix’s equiv to sys-firewall?) VPN to TOR (to clearnet i guess)… am admittedly a bit hazy about the whonix or VPN first part.
I guess that my VPN can see that it is me connecting to clearnet, and then to the TOR network but apart from that any other issues? (or maybe not even the VPN can see? doubt it but would love to be wrong).
Thanks in advance!!
As you’ve described:
Your choices for connecting to internet without Tor:
A. user → isp → internet
B. user → isp → vpn1 → internet
Your choices for connecting to internet via Tor:
- user → isp → Tor → internet
- user → isp → vpn1 → Tor → internet
- user → isp → vpn2 → Tor → internet
IIUC the question is if you choose Option B, then do Option 2, … actually, not sure what the question is…
If you do Option B then Option 2, then vpn1 will see your clearnet destinations as well as your connections to Tor entry guards. Is that bad? That’s up to you, your vpn, your government, and your adversaries…
If you do Option A then Option 1, then your ISP will see the same information. So who do you trust?
If you do Option B then Option 3, then vpn1 will see your clearnet destinations, vpn2 will see your Tor connections, and your isp will see connections to vpn1 & vpn2.
Thanks so much for the reply. I guess my lack of understanding (or shall we say newness) made my post a bit ambiguous.
A bit more background I guess. I had wanted to use a VPN for two reasons that I think are valid (ie a VPN would solve) .
- It would make my unencrypted connections in public places (say coffee shops) more secure (assuming I trust the VPN provider I guess)
- It would hide from my ISP and wherever I am connecting from that I am using Tor as there is a rumor around here that my ISP is not TOR friendly. That is my Tor connection would be “piped” through the VPN and then come out of a VPN server into the TOR network etc (possibly flawed reasoning?)
While I am at it, another related question (hope its not bad etiquette) if I use the same VPN provider on two different computers Qubes (regularVM & whonix) and a win10 box how much am I compromising myself? esp if I am hoping to “pipe” my whonix/TOR connection through the VPN to hide the fact I am using TOR from my ISP or the connection point (coffee shop)?
Thanks again (very much) in advance!
You may want to read this:
I depends on what you mean by compromising and your adversary.
Win10 is not a good choice when it comes to Privacy, but your ISP shouldn’t be able to know that your using Tor when your using a VPN (if your careful that nothing leaks)
Hope it helps
1 Like
@Gaiko This should answer your questions about who can see what.
Generally speaking, using a VPN just displaces your ISP - it gives the VPN the information about your connections that your ISP had previously. Also, if your ISP is not Tor-friendly, the ISP may also dislike VPN usage. (It’s trivial to identify VPN connections and/or vpn protocols).
1 Like
Thank you both for the links and feedback. Regarding Win10, I def don’t use it with much expectation of privacy, i just use the VPN to keep the amount of info my ISP has about me to a min. I was curious about if I use the same VPN for two diff computers would that make me easier to track by anyone other than the VPN company (I assume).
That TOR diag makes it quite clear, or the path that is, thanks for that. I don’t know if the ISP dislikes VPNs but I am going on the hope that they dislike them less, plus if I wanted to run my Qubes/whonix box as a relay I wouldn’t want run into any issues like the seattle guy did Couple Endures Surprise Early Morning Meeting With Seattle Police For Tor Server, 4Chan Involved
Cheers