Should You Use a VPN with Tor? (Well, No.)

vpn-graphic-100022486-orig

This seems to be a very frequently asked question, and on many sites, people will tell you that you should use a VPN with Tor, for “extra protection.”

Based on my research, however, I disagree – and this seems to be an unpopular opinion. One reference I’d like to cite is a blog post by Matt Traudt, a.k.a. system33-, who is someone I respect with regard to Tor. The post in question is VPN + Tor: Not Necessarily a Net Gain.

One of the points he brings up here is the following:

Tor is trustless, a VPN is trusted. Users don’t have to trust every Tor relay that they use in order to stay safe with Tor. As long as the right ones aren’t compromised, working together, or otherwise malicious, the user stays protected.

This is the main problem with insisting on combining Tor and a VPN. VPNs can keep logs of your activity online (though some claim not to), whereas Tor does not.

However, using a VPN can hide your Tor usage from your ISP, especially if said ISP is suspicious of Tor.

The Tin Hat, on their post Tor And VPN – Using Both for Added Security, also makes the point that “Where this setup fails is at hiding your traffic from a malicious Tor exit node. Because the traffic goes through the VPN, and then to the Tor network, exit nodes can still watch your traffic unencrypted.”

My preference, personally, is to use a Linux distribution with Tor, like Tails or Qubes, or for the more advanced, Arch Linux or Manjaro Linux. These, of course, take time to learn and won’t do everything for you, but they are designed for security. While this doesn’t mean they are vulnerability-free, they can improve your protection, particularly if you understand their ins and outs.

Don’t get me wrong – Unix-like OS’s are not invincible – see Sophos: Don’t believe these four myths about Linux security, but depending on the situation, it’s preferable to using an OS like Windows.

Oddly enough, I haven’t “contracted” any malware via the dark web – at least not to my knowledge. This has happened more often on the clearnet, ironically. Maybe it’s because I don’t download mysterious files or install programs that I find randomly on networks like Tor.

I’m paranoid that way.

What about you, readers? What OS’s do you prefer to use (specifically in combination with Tor, I2P, Freenet, etc.)?

In the meantime, enjoy your dark web adventures, my friends – and please research any VPN or other “privacy” software before trusting it blindly.

16199cffb76fff8c74ad6dd8eac6afab

 

Advertisements

I’m Sorry Dave. I’m Windows 10.

windows10_HAL

All right, I’m exaggerating just a bit, but there has been a lot of paranoia (including mine, I admit) based around the Windows 10 update and its “spying” capabilities.

Part of the reason I’ve started using live operating systems like Whonix, Ubuntu, and Tails was my partial frustration over the Windows 10 OS.  Nonetheless, I think at least some of the concerns are overblown (in spite of how I may have made it sound in previous posts).

Actually, my frustrations weren’t initially over the privacy aspects, but more over some of the glitches present in the system (at least, I assume they’re glitches).  For example, if you’re watching a YouTube video, and you try to maximize the video, it will often just “disappear magically,” so to speak.  You’ll still hear the audio in the background, but the video itself won’t be visible (unfortunately, I don’t know the technical terms for why this happens – feel free to fill me in).  I’d never had this problem on any previous OS’s I’d used, so I’m inclined to believe this is a glitch.

Don’t get me wrong; I don’t entirely hate the operating system – it is much faster than the previous OS I had, and I’ve basically gotten the hang of it, but I’m leaning more toward Linux now that I’m getting into coding, etc.  I’m saving up for an entirely new system, but in the meantime, the live operating systems will have to do.

As for the privacy concerns, Windows 10 is customizable up to a point.  In its privacy options, you can opt to turn off the setting “Let apps use my advertising ID for experiences across apps.”  You can also opt to turn off the setting “Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use.”  Nonetheless, this doesn’t account for everything.

Windows10_privacy.png

According to privacytools.io – encryption against global mass surveillance, some of the issues with Windows 10 are that:

  • Data syncing is enabled by default, such as browsing history and open websites, and WiFi hotspot names and passwords
  • Your device is tagged by default with a unique advertising ID (in order to send you personalized ads)
  • Cortana can collect any of your data, including: keystrokes, searches, calendar data, music you listen to, credit card data, etc.
  • Microsoft can collect any of your personal data, including your identity, passwords, interests, relationships, etc.

Even if you turn all these options off, you’re still sending data to Microsoft.  (Although if you’re really paranoid about it, check out Windows 10 Spying: Prevent Windows 10 Spying with 6 privacy tools.)

In spite of this, let me just play devil’s advocate here for a second – I don’t know how much of this is being overblown, because a lot of apps these days do collect personal information about you (Facebook, anyone?).  Nonetheless, if such things concern you further, there are other steps you can take.

 

 

Win-10-clippit

I’m sorry, I just couldn’t resist!  As a matter of fact, the more I became aware of the privacy issues surrounding Windows 10, the more I was tempted to install some kind of software that could (in theory) override the security flaws, if possible.

I think my next experiment with privacy software will be W10Privacy, which aims to override many of the intrusional issues present in Windows 10.  I have yet to try it out, but it sounds good, in theory.

Though the fact that I’ve been using Whonix and other live operating systems also seems to fulfill that need pretty well, I’m still getting the hang of those too.

What do you think, folks? Is Windows 10 the enemy?  What’s a better option?

(Don’t tell Cortana I said any of this, by the way.)

cortana