TOR vs VPN | WHICH TO USE

Source The Tin Hat ... lol https://thetinhat.com/tutorials/darknets/tor-vpn.html   TOR vs VPN | WHICH TO USE Tor & VPN described as often conflated -- but Tor & VPN are different -- which is more suitable depends on context Essentially: Tor:  for activists & 'secret squirrels' / not for video downloads [caution:  not bullet-proof] vs VPN:  for (not vital) everyday anonymity / good for downloads VPNs -- take connection -- encrypt connection -- pass connection through server -- contact goes via VPN server to connection site sought -- ie:  it provides encryption & diversion of your online traffic A.     -- what you are doing & who you are connecting with not visible     -- eg. public wifi:  those watching get jumbled info sent to random server     -- same applies to Internet Service Provider (ISP) B. -- site visited does not know your geolocation (privacy enhanced)     -- this permits by-passing geographic restrictions on services Note: * what you do through VPN is know by operator of the VPN * VPN services claim not to log activity  but this is only a representation that may be dishonoured * eg. if VPN provider is issued with a court order for info on your activities * VPN provider would likely find some way to link your activity back to you * So:  VPN = good for low risk situations * BUT not so good for anonymity against a state actor Tor Browser -- works differently -- instead of connecting directly to server -- your connection is encrypted, bounced around x3 servers ('relays' or 'nodes') -- before being decrypted & sent to destination -- FIRST SERVER - knows your location -- SECOND SERVER - only knows data from FIRST SERVER -- THIRD SERVER - only knows that data from SECOND SERVER -- anonymity is provided as the third server cannot know origin of data -- majority of Tor servers not 'malicious' (do not log activity) -- nearly impossible to associate end-data of chain to origin -- very effective / takes significant state actor effort to de-anonymise -- bonus:  encryption by Tor to prevent - eg. ISP from seeing your traffic -- caution:  decryption at last server ('exit relay')  = point of vulnerability -- it is at this point your data can be spied upon -- therefore regular HTTP unencrypted connection relay of data (a no-no) -- can be read in its entirety at the exit relay by the operator of the exit relay -- however, using an add-on like HTTPS-Everywhere -- equals safely encrypted data -- with HTTPS even malicious server could not de-anonymise     * unless content contains personal info (email, name, address, etc)   COMMENT: I'm confused.  If HTTPS is supposed to be an encryption add-on -- how can a malicious server de-anonymise if personal data is included -- if encryption is supposed to be in place? -- makes no sense to me:  that's not encryption TOR - HIGHER SECURITY PRIVACY BROWSING ANONYMITY vs SPEED -- much slower than VPN -- but far better re anonymity -- avoid watching videos or downloading torrents -- bad for entire network & extremely slow -- best for high level anonymity needs -- eg. high threat levels = law enforcement scenarios -- journalists dealing w. sensitive sources, whistleblowers, political activists -- those living under oppressive state surveillance etc [comment:  all of us under US empire mass surveillance oppression ... LOL] -- use Tor if adversary is "more dangerous than a DMCA complaint" (copyright) -- promises provided by VPN companies = not enough. Use Tor. -- *do not treat Tor as if it were bullet-proof -- with enough time, de-anonymization is possible by agencies such eg. NSA -- using Tor = best bet, unless you are an NSA high-value target -- using tor for low bandwidth static sites helps 'populate' the Tor traffic -- & providing cover for those who need Tor for vital reasons -- note:  Tor is only an ANONYMITY TOOL -- without operational security (see OPSEC), anonymity tools rendered useless -- watch bad habits - can reveal ID to the motivated adversary -- keep torrenting to VPN -- VPN - EVERYDAY BROWSING PRIVACY -- VPN good for low-risk/bandwidth-heavy purposes -- VPN's are good for VIDEOS & TORRENTS task OPSEC -- operational security https://grugq.github.io/ The Grugq -- teach operational security (OPSEC) -- ie good security habits http://grugq.tumblr.com/ Source:  The Tin Hat https://thetinhat.com/tutorials/darknets/tor-vpn.html