Join us 2025-09-12T21:00:00Z for This Week In Privacy #18, to catch up on the latest Privacy Guides updates and to discuss trending news in the privacy space.
During the livesteam we’ll answer viewer questions. If you have a question for us, please leave a comment in this forum thread or the YouTube chat.
Questions:
Thanks!
@JG
Tor VPN is just a modern reimplementation of Orbot using Arti officially by the Tor Project.
It is Android only.
yes.
You may see less if you use a traditional browser, but that is strongly not recommended.
People should be aware of any apps that may use plain HTTP, although Google has mandated HTTPS for a while now for Play Store inclusion.
Thanks for all the answers.
Yes I know. For now. But I am ssuming it is also coming for other OS’s?
I’m confused then. If using Tor VPN, should you still use the Tor browser? 
How’s that going to work? Am I missing something here?
–
Thanks again.
Tor Browser and other Tor over Tor apps will bypass it, same as Orbot, as long as the system Block connections without VPN setting isn’t enabled.
See the list here: app/src/main/java/org/torproject/vpn/ui/approuting/data/AppManager.kt · 0566c4478db50eea04457de7aab8f206307ae156 · The Tor Project / Applications / vpn · GitLab
In the past my DivestOS had a feature (based off of some Calyx patch) that allowed this to work for Orbot and Tor VPN even with that (essential) setting enabled.
Invizible is the only one that let’s those apps work even with the killswitch enabled due to how they handle traffic.
Thanks for the exposition.
I’m not quite sure of the best way to apply Tor VPN (or InviZible Pro) to application updates. I have a profile that keeps all my applications on my phone up-to-date by routing those requests and downloads through Tor. The major disadvantage is that this often results in failed requests or downloads timing out. Effectively, updates are delayed because some of these apps are hosted on not-so-Tor-friendly servers.
Doing this on a per-application basis (default in Tor VPN?) would be fine if each store only dealt with an individual app provider like GrapheneOS Apps. What I really want might be for each separate party to be contacted over a random circuit?
guys 
im not endorsing sam bent , just check the sources
How does a local based password manager compare to a cloud based manager? Something like Vaultwarden or KeepassXC? Does it make a difference if i were to use Keepass and backup to the cloud compared to something like Bitwarden? I am curious because there is a lot of conflicting information online. I have been self-hosting a couple of other services like Pihole and Miniflux.
I am not someone who is a person of interest. Just a normal person.
You mentioned earlier that configuring a VPN on a router can conceal Tor traffic. While the Tor Project generally advises against combining VPNs with Tor for typical users, Proton VPN offers a “one‑click” gateway into the Tor network. Over the years there’s been differing opinions of the merits and drawbacks of both “Tor over VPN” and “VPN over Tor.” I’d appreciate hearing both of your perspectives on the relative risks of each approach.
Do not use this.
Curious as to why, I see it has more benefits that it has downsides, outside of trusting proton ( or needing to trust the vpn provider in general) don’t see where the VPN → Tor → Site is not recommended [and for proton it is recommended to read their threat modeling blog before doing so: Understanding the VPN Threat Model - Proton VPN | Proton VPN]
in fact even tor project themselves doesn’t go fully against it in their wiki
TorPlusVPN · Wiki · Legacy / Trac · GitLab
It has zero circuit isolation.
If you want Tor, use Tor.
And if you want VPN > Tor, then use VPN > Tor.
Do not use any VPN that does the Tor on their end like Proton’s.
something’s not adding up, when did they specify they did tor on their end?
Proton literally used VPN > Tor method from what im researching, nothing specifies they do it their own way.
in fact:
At Proton VPN, we implement Tor over VPN, meaning your Internet traffic is encrypted all the way through the Tor network, and your true IP address is never revealed to your ISP or to any Tor nodes.
which implies VPN > Tor
Proton does VPN → Tor, but they do not give you an E2EE connection from your device to Tor, so their VPN is acting as a MITM that could read all traffic.
You have to be running the Tor client code on your device if you want to use Tor securely, otherwise you are indeed trusting Proton to run Tor “on their end.”
