[tor-talk] Using VPN less safe?

Roger Dingledine arma at mit.edu
Sun Jan 24 16:38:41 UTC 2016


On Sun, Jan 24, 2016 at 11:04:30AM +0000, Oskar Wendel wrote:
> Attacker could easily tap into major VPN providers traffic and try to 
> correlate their traffic with hidden service traffic. And there are fewer 
> VPN providers than Tor entry guards (and much less than home connections 
> around the globe).
> 
> Does it mean that routing Tor through a commercial VPN could actually 
> lower the security, compared to routing Tor directly through a home 
> connection?

Yes, I think this is correct.

It's a tradeoff -- if somebody somehow breaks the anonymity of your Tor
circuit, it's nice to have another layer behind that. But if somebody
guesses that you're using a particular VPN, or you pick a VPN that they're
already monitoring for other reasons, then you basically let them see the
beginning of your circuit when otherwise they might not have been able to.

In a sense you're selecting your VPN to be your guard. If there were
one super-popular guard in the Tor network, and people used it forever
rather than doing normal guard rotation, seems to me it would become an
appealing point for surveillance.

Also, this issue is pretty much the same whether you're visiting onion
sites or other domains.

--Roger



More information about the tor-talk mailing list