http://www.reddit.com/r/IAmA/comments/2ii1il/we_are_darknet_solutions_we_build_host_darknet/
This was a post he made and it made me think.
////////////////////////////// Security researcher here. Just going to expand on what you mentioned about VPNs to make sure people do this correctly. A VPN provides privacy and Tor provides anonymity. Privacy protects the data you're transmitting, anonymity protects you and your identity. The point of using a VPN and Tor together is to strengthen privacy when you're using Tor on the regular internet. In order to browse the regular internet through tor you use one of a very limited number of "exit nodes" which will route your Tor traffic to and from the internet. Once the exit node processes your traffic it is no longer made private by the systems Tor has built in. So when you "Tor" to the regular internet your data is no longer private unless you're using SSL/TLS or some other end to end encryption e.g. said VPN. You connect to the VPN and have a private tunnel through which your data continues to be encrypted. The exit node strips off the Tor encryption and gets more encrypted data bound for your VPN provider. The idea is that the VPN provider is more trustworthy than the volunteer runand guaranteed to be surveilled exit nodes. If you're going to combine a VPN and Tor together, you must make sure you connect to Tor first and then the VPN. Otherwise the VPN is just a connection between you and the "entrance" of the Tor network. This defeats the purpose and your traffic will be sniffed, saved, and logged by an intelligence agency that resides in the same country as the exit node. tl;dr: Tor to VPN is OK but VPN to Tor is BAD. Also pay for your VPN in tumbled (essentially laundered) Bitcoins. All the Russian based "untrackable" exchange providers are monitored by the FSB (direct descendant of the KGB) and probably the NSA anyway. ////////////////////////////
Can anyone back this up or claify?
It kind of defeats the purpose for me. I got a vpn becuase i didnt want my isp seeing i use tor. but if you connect to tor before the vpn they will see this, and vice versa your traffic will not be encrypted or something.
what do you guys think?
I say no way.
1) How do you force your VPN to run through Tor safely?
2) Your VPN client software (PPTP, OpenVPN etc) can and will leak local route and IP details of your REAL endpoint to the other end of the VPN - bad!
VPNs are only useful for hiding the fact that you're running Tor from your ISP or for protecting traffic where you don't care if somebody knows who you're talking to but do care if somebody knows WHAT you're saying.
Not sure if this guy means well or not but it's bad advice as a whole. Yes exit nodes can sniff your traffic, this is true which is why browsing to anything other than SSL protected sites is more risky through Tor from a privacy perspective.