On Fri, Jan 30, 2015 at 10:05:46AM +0000, Squeak wrote: > Hello, > > Relative newbie here, and I was wondering if someone could help me with > something please. I keep seeing people describing connections to the Tor > and is VPN connections in the following two ways: > > Tor -> VPN > VPN -> Tor
As with all security, it depends on your goals, what you want to protect, and from whom. I have used Tor in both ways for various reasons. Tor -> VPN Some possible examples of what this is good for. You might want to use this if you want to hide your current network location but you need to log into a VPN to access certain services available only via the VPN, or if the VPN is associate with you (e.g. run by your employer) and you don't want the local ISP to see you log into the VPN. Since you log into the VPN, everything you do there can be tied to your account. If you are concerned that your activity "leaving" the VPN can be tied to you by someone who might compromise the VPN in some way, then anything the VPN knows about you from that account will be potentially vulnerable to this. If this is not something you are worried about or a risk you consider unlikely or not bad enough should it happen, then you might use this configuration. VPN -> Tor You might not have a choice: your computer is currently configured to direct all connections via the VPN, and you want to use Tor to either hide your destinations from the VPN or to hide that you are using that VPN from your destinations or you may want to access something at a .onion address or.... Or you may have a choice and some reason to use Tor, but you are in a location that blocks the public Tor relays. You could also use bridges, but you know the VPN is not blocked and this is more convenient or it better fits your trust/threat concerns than a bridge would. Or you may know the location of access to the VPN and you are happy to have your access to the VPN visible to the local ISP, but you don't want it to see you accessing the Tor network or possibly unexpected destinations such as a bridge. I have certainly not given all the reasons for using either configuration, nor have I spelled out all the risks from every possible adversary. But I hope this helps. aloha, Paul -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
