Clarification of Tor+VPN recommendations

I generally agree with the “Tor over VPN” recommendation and the recommendation against “VPN over Tor”, which was added to Privacy Guides in November 2023:

You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing Tor as normal, through Tor Browser for example. This creates a connection chain like:

• You → VPN → Tor → Internet

[…]

Do not configure your connection in a way which resembles any of the following:

• You → Tor → VPN → Internet
• You → VPN → Tor → VPN → Internet
• Any other configuration

[1] Tor Overview - Privacy Guides
[2] Clarify Tor's weaknesses with respect to observability - #4 by jonah

However, there are a few cases when VPN may be impractical or undesirable to use even when Tor is available, and I also have a question about the “VPN over Tor” case:

1. Does the recommendation extend to Tor users who have not set up a VPN to immediately set up a VPN? How strong is the recommendation?
2. Connecting to a VPN while moving around, whether constantly or intermittently, may allow the VPN provider to track the user’s location (IP address). Does the recommendation assume the user is stationary or not concerned about location tracking by the VPN provider?
3. If the user’s VPN connection is unreliable, for example it drops occasionally, how strongly against dropping the VPN is the recommendation?
4. Should Tails users use Tor without a VPN, or should they modify Tails configuration to achieve “Tor over VPN”? If so, how?
5. To connect to a service that blocks Tor, is it fine for the user to use “VPN over Tor” once and then disconnect (so there is no persistent Tor circuit)?

Aside: If the user is doing some non-Tor stuff while the VPN is connected and then the VPN connection drops, unless there is an effective VPN kill switch or firewall, all non-Tor traffic after the VPN connection drop will leak in the clear… but this is a general VPN problem not specific to “Tor+VPN”.

Does the recommendation extend to Tor users who have not set up a VPN to immediately set up a VPN? How strong is the recommendation?

You do not need to use a VPN to use Tor, unless the very fact of using Tor could land you in hot waters.

Connecting to a VPN while moving around, whether constantly or intermittently, may allow the VPN provider to track the user’s location (IP address). Does the recommendation assume the user is stationary or not concerned about location tracking by the VPN provider?

The VPN provider always has your IP address, so whether you’re moving around or staying in the same place is irrelevant. If the VPN provider receives a warrant, they logged your IP address, and they comply with the warrant, then your identity is compromised. All that a government adversary would have to do, assuming that is your threat, is to request data on your IP address at the precise time the VPN was accessed. Do not rely on the VPN provider’s “no-log” policy.

If you are exclusively using public Wi-Fi with the VPN, then it becomes a bit more difficult to figure out who you are, but I wouldn’t bet on it. Assuming the VPN provider logs your IP address and usage, then it’s easy to tell when you accessed the VPN and from what location based on the IP address.

If the user’s VPN connection is unreliable, for example it drops occasionally, how strongly against dropping the VPN is the recommendation?

If the TOR network is faster and more reliable than your VPN, then that’s an issue with the VPN provider. That said, it doesn’t really matter unless you have to hide your Tor usage, for example from an authoritarian regime. In this case, just use a bridge.

Should Tails users use Tor without a VPN, or should they modify Tails configuration to achieve “Tor over VPN”? If so, how?

Same answer as to question 3).

To connect to a service that blocks Tor, is it fine for the user to use “VPN over Tor” once and then disconnect (so there is no persistent Tor circuit)?

VPN over Tor is generally never recommended. There is one exception to this, which is to use Tor and an anonymous payment method to purchase the VPN subscription and to exclusively use the VPN subscription over Tor. However, since you are using the same VPN subscription, the more you use it, the more traceable you become. Keep in mind this approach only applies to a very limited number of use cases.

My advice on all of the above is to not overcomplicate and overthink things. Using Tor over a VPN is not a requirement for anonymity. If it gives you peace of mind, then go for it, but it’s not necessary in most cases. As mentioned above, the only time you may want to consider using a VPN or a bridge is if you need to hide the very fact that you are using Tor from an adversary or the Tor connection is being blocked.

Lastly, any digital identities you create over Tor should only be accessed using Tor. The same applies to any identities created via a VPN. Do not make the mistake of mixing the two. Whether you use Tor over a VPN or just Tor doesn’t really matter. Using a VPN over Tor is risky and the VPN should be strictly and exclusively used for this purpose, otherwise you compromise your identity.

Acccording to this section in their FAQ, there is currently no way to do this. It is under consideration though.

Thank you for your replies @Satoshi and @Redoomed.

Maybe I need to clarify my question: I’m asking how should Privacy Guide’s recommendations be refined (if at all). As a long-time Tor and VPN user, I ask these questions not for a Tor 101 or VPN 101.

Indeed, it is true that the VPN provider will have location (IP address) information about where their users connect from, regardless of whether those users are stationary or move around. I guess I was just concerned about being tracked while moving around at the time of writing.

However, I think the point has some merit of being mentioned, because many people do use a VPN from a stationary location but move around from time to time (ranging from occasional to frequent). Maybe many VPN users are unaware that their location can be tracked. Further, assuming people don’t do things that are too spicy from their home or workplace, activities while moving around may potentially be more sensitive.

It’s definitely better to do that than to use a VPN that can tied to your identity.

My original question was meant to address the strength of the Privacy Guides recommendation against “VPN over Tor”: To connect to a service that blocks Tor, is it fine for the user to use “VPN over Tor” once and then disconnect (so there is no persistent Tor circuit)?

It’s something I recommend against, but VPN use in Tails is 100% achievable, and I’d be very surprised if the power of root could not achieve “Tor over VPN”. With that in mind, how strongly does Privacy Guides recommend “Tor over VPN” when someone is using Tails?