Does someone know if the Tor project has any plan to make a VPN-like service/program that routes your entire internet traffic through the Tor network? I know there is a current project for Linux that sort of does the thing but it is not as powerful as a VPN and it is only available on Linux: Introducing oniux: Kernel-level Tor isolation for any Linux app | The Tor Project
1 Like
You can also look into SPN in Portmaster by Safing (now acquired by IVPN). That’s another option.
1 Like
Are most SPN servers operated entirely by Safing and IVPN? Because if so, then there’s no reason to prefer it over a traditional VPN. At least Tor is decentralized.
Connecting to a VPN → Tor could potentially mitigate IP leaks and trusting malicious Tor nodes but it won’t stop adversaries from identifying you. It’s a controversial topic for sure. Tor and Whonix recommend against it.
Android only, but should finally get some testing builds soon: Tor VPN Open Beta (#8) · Epics · Epics · The Tor Project · GitLab
1 Like
If you’re technical enough, you can spin up a node too. But not sure how that works and how they approve community nodes.
But I do know it’s possible and people have done it.
Privacy Guides currently recommends Orbot.
Orbot is a mobile application which routes traffic from any app on your device through the Tor network.
1 Like
What’s the difference between that and just using Orbot?
@Ganther
Orbot works but has 15 years of cruft.
Tor VPN is a completely modern app and uses Arti under the hood.
back to the OP, there aren’t really good solutions for this on the desktop
Orbot supports macOS, too. Privacy Guides just doesn’t mention it. I don’t know why it doesn’t make apps for Windows and Linux, though.
This can be as simple or as complex as you design it, but a VPN-like Tor can be achieved in a few steps:
- Install a Tor client configuring both “SocksPort” and “HTTPTunnelPort”. Privoxy may also be useful here. Ideally, the Tor client should be installed on a different computer or virtual machine than the one with the Web browser. Different IP addresses may simplify firewall rules.
- Configure the operating system and any non system proxy respecting applications to use the aforementioned “SocksPort” and/or “HTTPTunnelPort”.
- I use pfSense, but create two egress (LAN to WAN) firewall rules:
a) allow Tor traffic
b) block all traffic - In other words, if the first firewall rule did not allow the traffic to pass, block it. - Test whether the required applications can access the Internet.
This process alone will NOT make you anonymous, but it will keep your ISP, your fired VPN provider, and any talent-less hacks out of your business.
The open source community has given you all the building blocks you need. The only thing you have to do is assemble them. 