Some question about encryption by using Tor or i2p over Vpn

hey by using following setup
1.) my computer → provider → VPN → Tor (onion routing)
2.) my computer → provider → VPN → i2p (garlic routing)

Tor and i2p use multiple layers of encryption. My question is which instance in both setups is the last one, who can see/decrypt the traffic and read it all clear?

As i understand the traffic between my computer and VPN is encrypted by VPN Tunnel and traffic between VPN and Tor or i2p is encrypted by tor or i2p encryption. In case of Tor the guardnode will be the last one who decrypt my traffic so he can view all traffic in clear no?
In case of i2p they use keys on every participant to decrypt its traffic layer by layer no? So my computer will be last instance for decrypting i2p traffic because vpn server doesnt own key to decrypt traffic because of not using i2p software no?
Thank you and sorry for bad english

In the knowledge base there is the answer to your first question.

1 Like

Ok what i found in this article is in case 1

From your ISP’s perspective, it looks like you’re accessing a VPN normally (with the associated cover that provides you). From your VPN’s perspective, they can see that you are connecting to the Tor network, but nothing about what websites you’re accessing.

My question is, why vpn cant see what website i visit, when traffic at guardnode is sent to you decrypted. Vpn server should be able to read it all in cleartext then no?

Whats with case 2? You → provider → Vpn → i2p?
Article missing?

That’s not correct, the traffic is not exiting the tor network so your vpn doesn’t see it.

Feel free to search the forum for i2p.

That’s not correct, the traffic is not exiting the tor network so your vpn doesn’t see it.

Where did you get this information from? Can you please link or quote the line containing this information?

Feel free to search the forum for i2p.

Alrdy done. There are 13 topics containing i2p. None of them explains what im looking for.

Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you’re trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.