Hi everyone,
I’m using GrapheneOS and I’m trying to understand the best practice for using Orbot/Tor and a regular VPN.
My main question is: what is the recommended way to use them?
For example:
-Should I use only Orbot when I want Tor?
-Should I use only a VPN for normal daily use?
-Is there any good reason to use both a VPN and Orbot together, or is that unnecessary / not recommended?
-If using both is possible, what is the correct order or setup?
-Since Android only allows one active VPN slot per profile, does that mean I should switch between:
—IVPN/Mullvad/WireGuard for normal traffic, and
—Orbot VPN mode when I specifically want traffic routed through Tor?
I’m also trying to avoid setup mistakes. For example, if Orbot is being used in VPN mode, should I enable:
-Always-on VPN
-Block connections without VPN
Or is there a better way to avoid leaks?
For browsing, is the best practice still to use Tor Browser directly, instead of routing another browser through Orbot?
Also, what is the safest and most reliable way to install and update Orbot on GrapheneOS?
Options I’m considering:
-Google Play with sandboxed Play Services
-Guardian Project F-Droid repo
-Obtainium / GitHub releases
-Direct APK from Orbot
I want to avoid random APK mirrors and make sure updates are authentic.
Finally, for VPN payment privacy: I currently use IVPN. Is paying with a credit card a real privacy issue, or only a problem if I’m trying to avoid linking my real identity to the VPN account? Would Mullvad, cash, voucher, or Monero be better for that threat model?
My goal is strong security and privacy, avoiding leaks, and following best practices on GrapheneOS.
Thanks.