I generally agree that a VPN does what you say, and I add that VPN (unlike Tor) also tunnels UDP traffic. I also use a VPN. However, VPN users must put a lot of trust into their VPN provider. My comment is about the disproportionate attention that VPN receives as a commercial product shilled by many people with financial incentives, not because of or proportionate to the technology’s merits.
Sorry for taking your statement to make a point of my own, that Tor shouldn’t be discouraged simply for the fact it isn’t required by a threat model, something I often see. Your answer to the question “Why don’t you all use Tor Browser as default web browser and use Orbot on phone system wide??” seems fair enough, but I believe Tor’s downsides are overrated.
I agree, and while I never claimed to represent any average person, your point has revealed a flaw what I said. I don’t use the internet like mainstream people do because I think internet surveillance is despicable, so my internet use is more or less constrained to what Tor is good for. That said, I get most of what I want to do done with Tor, and there are people who say or imply “don’t use Tor” even for use cases where Tor is well suited, which is something I don’t understand.
I agree, Tor adoption (and privacy/security adoption) should be encouraged, but Tor maximalism has pros and cons. Tor works well for use cases like web browsing, downloading files and instant messaging, but it doesn’t provide the strongest anonymity and can’t tunnel UDP traffic. There are other anonymity technologies (I2P, Lokinet, Nym and several others) that do or may provide stronger anonymity, faster speed or UDP tunneling. VPN is great for use cases that Tor or any other anonymity technology cannot provide for.
Tor does plan on supporting UDP eventually, it is what the work on congestion control and conflux is laying the groundwork for, in addition to their direct benefits of increased performance and lower latency.
re normal people: Tor used to have a great section about this on their website: Who uses Tor?
Thanks for clarifying, no need to apologize, as much as I try not to, I’m often guilty of (unintentionally) doing the same thing.
I also use a VPN. However, VPN users must put a lot of trust into their VPN provider. My comment is about the disproportionate attention that VPN receives as a commercial product shilled by many people with financial incentives, not because of or proportionate to the technology’s merits.
That is a valid critique of the over-focus on VPNs, and the commercial ecosystem that pushes them (both the VPN companies, and the “content creators” heavily advertising them).
Personally, one of the reasons I do typically recommend VPNs over Tor for people concerned about suveillance capitalism is in part because they are commercial services. With a VPN, the people using the service are also the people financially sustaining the service. With Tor, the users consume a shared and limited resource (bandwidth), but don’t contribute to the sustainability of the network. For this reason and a few other smaller reasons, I typically don’t promote Tor outside of contexts where it is needed. That is my not-very-strict personal policy, I don’t think anyone is wrong for having a different point of view. I just don’t want to promote it to the type of user who will probably just use it to torrent and look at porn.
I don’t use the internet like mainstream people do because I think internet surveillance is despicable, so my internet use is more or less constrained to what Tor is good for.
That is a totally valid approach which I can respect.
I agree, Tor adoption (and privacy/security adoption) should be encouraged, but Tor maximalism has pros and cons.
Tor is slow, and your threat model won’t benefit massively if the only privacy respecting software you are using is Tor.
If you are using Tor Browser on Windows for example, Windows by default collects keystrokes for “Inking and typing suggestions”. So everything you type into Tor Browser is being collected, which is a massive blow to your privacy.
Tor is not unsafe, but not a silver bullet either. There can be zero days developed for the Tor Browser, but it is a much more anonymous experience than many other browsers.
I like Tor for what it is, but it isn’t for everyone/typical users and use cases. I appreciate that Privacy Guides separated Tor into a different part within the internet browsing section and an overview.
Cloudflare makes Tor very, very, very slow. Every time a new site is loading Cloudflare will check that you are a person. CAPTCHA is very slow. See this
Tho using Orbot with a normal browser is faster (like Mulch or Vivaldi). Also if you use it in the proxy mode, integrated for example, with Adguard (Adguard makes a very good integration of it). Invisible Pro is faster in my case, and have a lot of options.
Indeed, Tor is just one tool in the toolbox. I agree using Tor in Windows is strange.
“We must normalize it” is strong language for sure. Conversely, I see irony in this niche product argument. Tor is niche because people shy away from it, and it will stop being niche only if people use it.
That said, system-wide Tor is generally not recommended. A big downside is it prevents a lot of common internet uses like banking, gaming and video calls. However, provided it’s implemented properly, maybe system-wide Tor is a good choice for high-risk users who want to ensure they’re not sending any unprotected traffic. Some desktop operating systems like Qubes, Tails and Whonix support or enforce this.
If you mean the general public, because it is associated with the “deep/dark web”, where nefarious, illegal activity supposedly occurs. Personally I have no idea to the degree this stuff is true, but the whole dark web thing really contributes to fear mongering, even though Tor seems to be safer and more secure to use then regular browsers.
The reason this is considered a bad practice, and (IMO) Vivaldi is one of the worst examples, is the that the main point of Tor is to enable near anonymous browsing and communication. By choosing any other browser than the Tor Browser, you will already stand out, but by choosing Vivaldi, a browser that isn’t very popular with the privacy community, and doesn’t have especially strong privacy protections, and has a smaller userbase, you are placing yourself in an extremely small group of users who might be using Tor + Vivaldi (and that is without even considering the personalization you mentioned and browser fingerprinting. I’ve no way to verify, but it seems entirely plausible that at any given time you might be the only person, or one of a small few, on the Tor network using Vivaldi.
With Tor, unless you are a truly advanced user, sticking with the herd and following best practices (Use Tor Browser, Tails, or Whonix, don’t change settings you don’t understand, be cautious and skeptical), is really really strongly recommended.
