I’m trying to follow this tutorial on how to TOR → VPN → Net using the InviZible app, but it requires a VPN client that offers a “proxy option”. I’m not sure what exactly that is.
They suggest a client in the tutorial, but said client doesn’t allow you to choose your own servers, which is a necessity for me since I plan on connecting to my own VPS.
Anyone know which app I should use?
This doesn’t answer your question, because I don’t think it would be ethical of me to actually answer your question:
We very strongly discourage combining Tor with a VPN in any other manner. Do not configure your connection in a way which resembles any of the following:
- You → Tor → VPN → Internet
- You → VPN → Tor → VPN → Internet
- Any other configuration
Some VPN providers and other publications will occasionally recommend these bad configurations to evade Tor bans (exit nodes being blocked by websites) in some places. Normally, Tor frequently changes your circuit path through the network. When you choose a permanent destination VPN (connecting to a VPN server after Tor), you’re eliminating this advantage and drastically harming your anonymity.
You → Tor → X
This is generally a really poor plan.
Some people do this to evade Tor bans in many places. (When Tor exit nodes are blacklisted by the remote server.)
(Read first for understanding: How often does Tor change its paths?.)
Normally Tor switches frequently its path through the network. When you choose a permanent destination X, you give away this advantage, which may have serious repercussions for your anonymity.
Even if you pay for them anonymously, you’re making a bottleneck where all your traffic goes – the VPN/SSH can build a profile of everything you do, and over time that will probably be really dangerous.
Yes, I’m aware that more hops =/= more privacy.
I want to do this because I want to avoid being harassed by captchas. I plan on signing onto the services I use anyways, so anonymity was never a benefit I would get anyways.
Yes, so why would you not just use a VPN on its own in this case?
What VPN server are you running on your VPS, WireGuard?
Yes, so why would you not just use a VPN on its own in this case?
It’s still more private than just using a VPN. When I said “anonymity was never a benefit” I meant that it would be easy to build a profile on me regardless, but using TOR still keeps me safe from getting IP log’d
What VPN server are you running on your VPS, WireGuard?
I got Wireguard running, but I’m not committed to it at all.
A big issue you will face is that the Tor network does not route UDP packets, and WireGuard does not have the option to use TCP instead of UDP.
That means if you stick with WireGuard, you need to run a separate program on both the server and client that encapsulates the UDP packets inside TCP (for example, something like GitHub - jonhoo/udp-over-tcp: A command-line tool for tunneling UDP datagrams over TCP., which I just found with a search and have never tested so YMMV).
Now you’re running WireGuard through a UDP-over-TCP program through the Tor network. This is a lot of moving parts you need to maintain and ensure nothing leaks.
This is not to mention the massive performance penalty of introducing TCP into your VPN connection. Because your internet browsing uses TCP, which WireGuard encapsulates in UDP packets, which the other program encapsulates in TCP packets, which gets sent over your Tor proxy. This is two(!!!) layers of TCP, which has massive overhead.
Alternatively, you could use a VPN server that is far shittier than WireGuard, like OpenVPN for example.
This is probably the “best” option for you here, because OpenVPN natively has a socks-proxy option you could set in your OpenVPN configuration file: Reference Manual For OpenVPN 2.4 | OpenVPN
--socks-proxy server [port] [authfile]
Connect to remote host through a Socks5 proxy at address server and port
port (default=1080). authfile (optional) is a file containing a username
and password on 2 lines, or "stdin" to prompt from console.
Whether this actually works depends on the client, and I have never tested this on Android, mainly because I think it is a bad idea, but the screenshots of the OpenVPN for Android client I’m seeing do have a HTTP proxy option, so will probably work for you:
Once again though (just like with WireGuard), this is a case of double TCP (aka TCP-over-TCP) and all the performance badness that entails.
But yes… it should be technically possible!
And after all of this, I still can not emphasize enough how little benefit this is actually providing you at the end of the day.
How did you purchase this VPS and how are you connecting to it to set it up, through Tor? Are you very confident that this VPS will never be tied to you in any way even through long time periods? This seems extremely unrealistic.
I just do not see how it can be worth giving up the security and performance of pure WireGuard when you also claim to not need the anonymity benefits of Tor. The set up you are asking for is mostly combining the worst aspects of all these technologies.
