HarborFront

Level 54
Verified
Content Creator
Simply put

TOR takes 3 hops, uses FF browser with HTTPS Everywhere, makes all TOR users look the same so difficult to identify the user. Note that TOR browser is also subject to exit node attacks, browser fingerprinting etc

Right and different VPN providers, pays by cash, takes 3 hops, uses bare-boned Ungoogled Chromium with HTTPS Everywhere, equally subject to browser fingerprinting as TOR. The only disadvantage I see is that this method lacks the ability to make the users look all the same as not all users would do the same like using paid different VPN providers, use Ungoogled Chromium browser etc

IMO it's more difficult to hack different VPN providers (especially those you paid in cash and cannot be tied back to you) than hacking private TOR node hosters because they usually use free public DNS services like OpenDNS, Google DNS etc which can be easily traced back to them.
 

Cortex

Level 24
Verified
TOR can be incredibly slow & beyond, on a personal basis I don't trust TOR at all, I used to use it but removed it after doing more research & wont use it again - I use IVPN as my VPN & Windscribe on my TV for obvious reasons, the argument for & against a VPN I imagine will go on until time ends (or longer) but I do believe a bad VPN is far worse than none at all -- My ISP is pretty good & I've gone years without a VPN but pretty happy with the one I use now.
 

MegenM

Level 2
A VPN can be used for any number of reasons. You can use it for pro privacy, bypass copyright laws, country restrictions. All are acceptable.


What's not great are those using these service to intentionally cause harm against others.

Yes, I totally agree :)
 

SpiderWeb

Level 4
You can technically build your own onion if you have 3 lifetime VPNs you paid anonymously, a programmable router, a computer and Chrome/Firefox with VPN proxy extension:

Desktop
1st VPN provider: Router (masks your computer)
2nd VPN provider: Desktop (masks the VPN connected to your computer)
3rd VPN provider: Browser extension/proxy (masks content passing through VPN 1 & 2)
Internet

I don't agree with The Hated One that Tor should be used for 90% of browsing. Most people are logged into some services and use autofill and rely on Cookies and stream music. The moment you log into your email, Google, Yahoo, social media you are deanonymized not just because of your credentials but also the browsing pattern can identify you and it quickly becomes just a triple-hop VPN with very dangerous exit nodes. Tor should be used like incognito browser. Use it once to search for something then close it and return to your regular browser. The more time you spend on Tor the easier it is to identify you.

VPNs have a single point of failure and that is that you trust the VPN provider but there are many, so the risk is spread thin. Nobody has time to snoop on NordVPN, ExpressVPN, Mullvad, Windscribe, ProtonVPN at the same time.
 

HarborFront

Level 54
Verified
Content Creator
You can technically build your own onion if you have 3 lifetime VPNs you paid anonymously, a programmable router, a computer and Chrome/Firefox with VPN proxy extension:

Desktop
1st VPN provider: Router (masks your computer)
2nd VPN provider: Desktop (masks the VPN connected to your computer)
3rd VPN provider: Browser extension/proxy (masks content passing through VPN 1 & 2)
Internet

I don't agree with The Hated One that Tor should be used for 90% of browsing. Most people are logged into some services and use autofill and rely on Cookies and stream music. The moment you log into your email, Google, Yahoo, social media you are deanonymized not just because of your credentials but also the browsing pattern can identify you and it quickly becomes just a triple-hop VPN with very dangerous exit nodes. Tor should be used like incognito browser. Use it once to search for something then close it and return to your regular browser. The more time you spend on Tor the easier it is to identify you.

VPNs have a single point of failure and that is that you trust the VPN provider but there are many, so the risk is spread thin. Nobody has time to snoop on NordVPN, ExpressVPN, Mullvad, Windscribe, ProtonVPN at the same time.
It's no point having a paid VPN provider and only uses its browser extension/proxy to only protect the browser. If I have 3 different paid VPN providers I would do as below

1) Router - VPN1
2) Main desktop - VPN2
3) Virtual Machine - VPN3

Not only your browsers are protected but all your apps in the main desktop and virtual machine too. The VPN flow is as such

VPN1 (router) ==> VPN2 (main desktop) ==> VPN3 (virtual machine) ==> internet

Running a virtual machine also isolates the main OS from being fingerprinted
 
Last edited:

Jan Willy

Level 4
It's no point having a paid VPN provider and only uses its browser extension/proxy to only protect the browser. If I have 3 different paid VPN providers I would do as below

1) Router - VPN1
2) Main desktop - VPN2
3) Virtual Machine - VPN3

Not only your browsers are protected but all your apps in the main desktop and virtual machine too. The VPN flow is as such

VPN1 (router) ==> VPN2 (main desktop) ==> VPN3 (virtual machine) ==> internet

Running a virtual machine also isolates the main OS from being fingerprinted
Interesting, but what about the browsing speed?
 

Jan Willy

Level 4
If TLS is so secure, how do the hackers manage to stay alive?
I think this only applies to TLS v1.3.TLS v1.2 and earlier versions were subject to misconfigurations that left websites vulnerable. TLS 1.3 is much simpler to administer and more restrictive, hence eliminating errors.
Edit:
To be safe enough are for instance in MS-Edge since version 84 the protocols TLS v1.0 and TLS v1.1 by default disabled.
 
Last edited:

security123

Level 27
Verified
If TLS is so secure, how do the hackers manage to stay alive?
Wrong/ weak configured and/ or not up2date server and server software.

Most security risks are not because of zero days but not patched systems. Zero days are only used for important attacks.

Anyway you should read about TLS (in past it was called SSL) and about encryption itself to get more insight knowledge.
 
Top