Great minds think alike I guess, because I just saw an RTINGS post from just a bit ago today on my feed about this topic 
10 Likes
Thanks for the share! Iām here if anyone has questions on our article!
5 Likes
One area to improve is to warn the reader to be aware that when using Tor to NOT adopt these schemas below that are very clear in the PGās guides:
We very strongly discourage combining Tor with a VPN in any other manner. Do not configure your connection in a way which resembles any of the following:
You ā Tor ā VPN ā Internet
You ā VPN ā Tor ā VPN ā Internet
Recommended:
You ā VPN ā Tor ā Internet
2 Likes
Do they mention any Tor VPN combo on their site?
Another effective strategy is to use more than one browser. For example, you might rely on Mullvad or Firefox (with appropriate security settings) for everyday browsing and switch to Tor for more sensitive activities. Splitting your browsing this way reduces the amount of data any single browser reveals, giving most users a reasonable balance between privacy and usability.
While weāre handing out minor suggestions, I love this advice, but the specific example you give is a little bit impractical. When I advocate for a dual browser approach I like to point people in a direction more like:
| Browser 1 (set as OS Default) | Browser 2 |
|---|---|
| For any browsing you do on the web without authentication (doing searches, reading articles, etc.) | For websites you trust enough to have an account with, or otherwise interact with often (banking, social media) |
| Mullvad Browser (or Tor) | Brave (or Firefox) |
I think it is easier for people to conceptualize when they should use each browser in this scenario, compared to needing to judge whether a particular activity is āsensitiveā enough to warrant switching.
I also do not think a Mullvad Browser + Tor Browser dual-browser approach you present as an option makes a ton of sense, since the browsers have identical approaches/goals with respect to privacy, just different underlying networks. Iād probably just present Mullvad Browser and Tor Browser as basically the same in this context, and maybe you can do a future article on Tor vs. VPNs 
3 Likes
Iād say indirectly since the article is about the use of VPN + Browsers and then talk about using Tor without presenting ideal approaches for this combo. People can be very creative when trying to adopt good privacy.
Thatās for sure
One area to improve is to warn the reader to be aware that when using Tor to NOT adopt these schemas below that are very clear in the PGās guides
While weāre handing out minor suggestions, I love this advice, but the specific example you give is a little bit impractical.
Thank you both for the suggestions. Weāll make a quick update to the article. You both have good points.
I agree with @Cyber-Typhoon, as long as we talk about VPN and Tor in the same article, we should also state how to properly set it up.
1 Like
You got a good point here. We defaulted to the thinking where you need privacy when doing bad things, and pointed out the obvious, more anonym, browser to do bad things. Iām trying to stop thinking like that.
What you are proposing is the best way to think about this! Thanks!
and maybe you can do a future article on Tor vs. VPNs
Maybe! This article is already quite outside of what we normally do. Weāre normally supposed to be reviewing productsā¦ but we felt that browser fingerprinting needed more coverage, and people buying VPNs should know about this to make a (more) informed buying decision (ā¦and I guess PG had the same feeling!)
Weāve decided to directly link your guide on how to setup Tor correctly in our article, so hopefully people will see the Tor VS VPN use case directly here!
The updated article is now live!
2 Likes
Itās definitely tricky. I talked about exactly this problem a year or ago, I think in one of my videos: The most widely documented invasions of privacy and opsec failures are criminals failing to protect their privacy and getting caught, so we use those sources to draw a lot of knowledge about the theoretical capabilities of different adversaries as a result.
If you donāt recognize the simple sampling bias here though, itās very easy for people to fall into the āI have nothing to hideā trap and assume those adversaries arenāt after them as well. The truth is that privacy failures do impact real people significantly in their everyday lives, it just often happens in a less newsworthy way than e.g. catching a bad guy.
Thanks for the link, and your new recommendations section looks great 
4 Likes
itās very easy for people to fall into the āI have nothing to hideā trap [ā¦] it just often happens in a less newsworthy way than e.g. catching a bad guy.
I get that! Iām now defaulting to this video when trying to convince less techy people that privacy is important The Shady World of Surveillance Pricing (Ft. Lina Khan). People care when you start talking about money. Iād do love to see more videos on why privacy matters for āeverydayā people still. Thereās a bunch of them out already, but unless you already care about privacy, people are not āstumblingā on these videos and learning about it.
2 Likes
Very well-researched article, props to @sp_rtings!
Itās unfortunate that the Web and Browser specifications have gotten so complex that itās almost impossible to enumerate all the ways in which we can be fingerprintedā¦
Also unfortunate that a big part of avoiding fingerprinting is to blend in with whatever the most popular options are so itās a big disadvantage to new browsers+engines.
Will be a long fight, but not one that we can afford to give up on.
Hopefully something good comes out of Ladybird or Servo.
4 Likes