Why Is Tor Being Called A VPN in /e/?

Hello,

I’m using a OnePlus 5T I flashed the other day e-1.4-r-20220922220394-dev-dumpling.

When I saw The ‘Advanced Privacy’ listed in the phone and the words VPN, I thought /e/ had their own VPN servers and that this was an actual VPN.

When I tested my connection it shows a Tor Exit Node.

TOR is not a VPN

When I look in the Settings > Network & Internet > Advanced it says;

VPN
Advanced Privacy

When I tap on it, and the top it says VPN, when I tap the gear on the right it says in this window;

Version 1.2.0

Always-on VPN
Stay connected to VPN at all times

Block connections without VPN

Forget VPN

Why is TOR being marketed in these ROMS and phones you are selling as a VPN when it’s not?

It’s not being marketed as a VPN, it is marketed as a tool to hide your real IP address, there is a difference.

Let me make one thing here very clear, I’m not here to troll or cause problems, I’m only asking and sharing what I know, my background is in IT and on my levels of security, just like what this conversation is all about TOR vs VPN.

Maybe from a Legal point of view it’s not being marketed as a VPN, but the ROM’s show it listed as a VPN, that is what I’m referring to.

Every place that the word VPN is being used in the ROM settings, should be replaced by the word TOR instead.

TOR is not a VPN and this should be changed. I personally don’t understand how a business could sell phones with the words VPN listed in it, using TOR.

I was under the impression looking at this, when I first started using /e/ that they had their own VPN service, or were in business with a VPN service, etc…

All I know is, the country I live in, for a business to list this as a VPN inside the ROM settings this way could be looked at in a court of law as possible fraud.

I’m not saying /e/ is committing fraud, I’m the side of /e/ but someone like me, with a IT background, looking at all this, and someone leaving in the word VPN inside the ROMs, this should of never happened, this is a big mistake for a business.

On a side note, for some feedback, I’ve been involved in TOR and OpenVPN personally and professionally in IT 20 years. I don’t like TOR, it is not as safe, secure or private, when you do a VPN properly, and I emphasise the word ‘properly’.

TOR will never ever be able to compete with a properly implemented VPN!

TOR is for the poor man’s choice for a VPN, of course it’s better than nothing, but when you run a business like this, you should not use TOR, for all the problems associated with TOR.

Tor has funding that also includes US federal agencies! Rhetorically speaking, why would anyone want to get in business with a company that has funding from US federal agencies, makes zero sense, and this has been a rant over TOR, since TOR has been around.

Everyone knows, when you want real security and privacy, you stay away from government!

I’ve test my phone using TOR on it, most of the time, when testing the system update, it times out. The App Lounge will also rarely load, just sits there blank white, because TOR is to slow.

People today in the world of Tech want fast, TOR is not fast, and just for this reason alone makes it a very bad choice to implement into your business model. I’ve been around TOR since the day it was born, I even play around with it from time to time, and still to this day, it is very slow.

As an IT Tech of over 20 years in this industry of Privacy & Security, also on many platforms, Android, Windows, OSX, Unix, Linux, I would never ever recommend TOR to anyone that can afford to pay for a good VPN service. Of course there are a lot of bad VPN services and Honey Pots out there.

Privacy is one thing, Security is another, and TOR will never be as secure as a good VPN, and no one should ever compromise Security for Anonymity. TOR isn’t even about real Privacy, it doesn’t even provide good Privacy, it provides good Anonymity, that is all.

The saddest thing about this entire situation, here’s /e/ talking about Data & Privacy, using the TOR network, with TOR getting US Federal funding, and that TOR’s best strengths are only Anonymity, not Privacy, and certainly not Security.

I have taught in IT for over 20 years, that you should never give up your Privacy, Safety, or Security, just for Anonymity, and when you use TOR, that’s exactly what you are doing.

P.S. I actually like Wireguard the best, especially given how fast it is, but this is another story of discussion, but if this was my business, I’d look into a Wireguard solution.

Most VPNs that you see advertised are not being used as virtual private networks in the traditional sense of joining two secure internal networks through the medium of an insecure globally routable network either, they are being used as secure proxies. But no one seems to care about that naming.

As for funding, Tim Berners-Lee was government funded by working at CERN when he developed HTTP but you don’t see many people raving about that nugget. Europes privacy guard legislation, and laws regarding personally identifiable information make a hollow joke of your argument. It’s a libertarian view in my opinion. I’m more of a socialist.

I don’t have your domain knowledge or your experience regarding the technology, but I concur that Wireshark is a better VPN technology, if what you want is a VPN, which isn’t what /e/'s Advanced Network Privacy is doing, or what most people who are buying VPNs want.

I appreciate your reply Baggypants and I know about the issues of VPN, HTTP, you name it, the list goes on, when it comes to IT Security, I’ve seen many rants that never get attention.

But the facts are the facts!

TOR is only about Anonymity, even though the word ‘Privacy’ is of course intertwined in the description of the TOR service(s), but Privacy has never been, and at this point in time is not it’s strength, it’s always been about it providing better Anonomity.

TOR also has US Federal Agency funding.

The best way to descrbe those that might need TOR, are better suited to underdevloped countries, third world, nations like China, North Korea etc…

It’s an absolute fact, in the world of IT Security, if you want better Privacy/Security/Safety you use a VPN.

TOR compromises your privacy/security/data/ and safety greater than a VPN ever will!

@Manoj

This was not a post about the application, so you shouldn’t of moved it here. I posted this for all of those in charge of /e/ would of seen the post, where I placed it.

This post is about the Ethical Choice of /e/ choosing to use TOR and then labeling it as a VPN in the ROM settings.

I wanted those in charge of this project to see this.

I wasn’t here asking questions and having issues with any applications.

Would you please move it to a more appropriate place, where those in charge of these matters will please read this?

I don’t want this post getting lost off in a corner somewhere, this is a very serious matter.

THANKS

You are factually incorrect, Tor is more secure than just a “VPN”. Tor is a large network of nodes connected with each other, and as long as no one controls a large portion of the network, it is very hard if not impossible to trace back the connection to its origin.

So you are incorrect when you say that a “VPN” is more secure than Tor, it can never be. A “VPN” is just a tool to connect two networks together and your privacy is entirely in the hands of whoever is operating it, which is a far cry from the decentralized nature of Tor.

You are free to file a bug report but honestly it’s just a trivial thing, keep in mind that a “VPN” is not a privacy tool, it’s just a way to create a virtual private network which comprises of different physical networks.

It is a different story that most proxy companies these days opt to provide their services via a pseudo-VPN. I’m saying pseudo because they don’t actually connect any of their network to it, they only redirect your outbound connections from their side.

So it could be argued that even “VPN” is not the right term to use here. But what difference does it make? People use that word to describe anything which proxies their connections, you can find many “VPN” browser extensions which do nothing but apply a SOCKS or HTTP proxy to the browser.

If you want to bring it to the attention of the developers, raise it on Gitlab. This guide will help you understand how to raise issues. This is the forum and for users to discuss. Posts if important will get a response from other users and do not get lost.

In the hands of whoever is operating it, and rhetorically speaking of, who are the greater more secure hands operating TOR.

By saying what you did, this clearly shows, you have very little understanding between Tor’s decentralized network and a VPN’s network.

FACT: Tor provides better anonymity, not privacy, not security.

I’m not here to debate the facts…

Anyone can choose to operate Tor, but they will not be able to use that fact to their advantage as long as the network is diverse enough.

Compare this with a simple single node redirecting traffic which could be easily rigged by anyone, with malicious intent or not, and with or without the consent of the legal operator.

One method relies on statistical probability for security, the other one just relies on the weakest link in the human chain of trust, which can’t be trusted well to begin with.

Ironic that you should say that, because that’s what exactly I think of you.

Please enlighten us on how it can provide better anonymity and yet somehow not provide privacy or security? The latter two are prerequisites for anonymity.

Neither am I, but your facts are actually misinformation. If you think I’m wrong then you are welcome to point out where.

@Ackithe are you an IT Cyber Security expert? Because I am…

I will show links to facts instead of just talking, this is not getting us anywhere. I speak as an IT Security Expert telling you these things, and I will not reveal my identity here online.

The latter two are not prerequisites for Anonymity. Privacy, Security and Anonymity, have nothing to do with one another, they can exsist soley on their own, and each one can lack the other.

1. Just because a system is private, doesn’t make it secure or anonymous.

2. Just because a system is secure, doesn’t make it private or anonymous.

3. Just because a system is anonymous, doesn’t make it secure or private.

I made this post, to have /e/ consider other possibilites besides TOR, because it is not a good solution, this post is not here for a debate on personal opinons on the matter, rather the facts. If no one has facts to back up their converstaion, then this is just counterproductive, and pointless.

I will give examples of articles, you can find online written by IT Security experts!

This article was written by Nethaniel Ribco, a Senior Cyber Threat Intelligence Specialist at CyberProof;

You will also see that Mr. Ribco states as I also stated;

the main benefit that Tor provides is anonymity (Security and Privacy are not included!)

I will state it again, this is the only good beneift of TOR, anonymity!

Go out and try and find any big business/enterprise/corporation etc., that uses TOR, there are none, and then go out and look at how many big business/enterprise/corporations use VPNs, a lot.

Here’s an article from Hitachi.

I can only post two links to articles at present, and the forum is also putting a time limit on how often I can make posts @Manoj which I thought would be lifted after 24 hours.

When the time is lifted, I will also post another reply, to another link from Unit42 also leading security/cyber experts on the risks of TOR.

There is not one IT Cyber Security expert in the world who will tell you TOR is more secure! I challenge you to find even one and show this community!

Here’s an article from Unit42. Do you know Unit42 works with the USA Dept. of Homeland Security!

# Tor 101: How Tor Works and its Risks to the Enterprise

https://unit42.paloaltonetworks.com/tor-traffic-enterprise-networks/

@Manoj please tell this person to no longer participate here on this post, since he has no facts to back up his words, and he’s only talking.

As I also stated before, this post was only about trying to get /e/ to consider alternatives not have personal debates on this topic.

I also made this original post with questions over this, to only get a professional reply from the staff of /e/ in regards to this, again, not a discussion on the topic of TOR vs VPN.

This post is becoming off topic, I only wish that the staff at /e/ would please respond.

Please tell the community, if they wish to say something, then show information online to back up what they have to say, otherwise it’s worthless.

@Manoj do you understand my request? This post was only intended for the staff of /e/ to respond, again, not to have discussions on TOR vs VPN.

THANKS

This forum is the place to exchange experience between /e/ users with Manoj making the link between us and the staff. You should raise your questions directly to Gitlab if you don’t want to discuss with users and only with staff. Also, in this forum you can not request for someone to be excluded just because he/she contradicts you.

You may read this thread @DoR3M3 : Advanced Privacy - know all about it
(easy to be found via “advanced privacy” in forum search)

In the first post under “side effects” of “hide my IP” it says:

The implementation of Orbot bridges all the devices’s Internet traffic through the Tor network. This was initially designed for VPN Services . That’s why Hide My IP appears as a VPN in /e/OS. We are working on another solution to route the devices’s traffic directly through Tor, to avoid this confusion.

This short section may not satisfy the expert but still sounds like the first bits of an answer to your initial question and it might be a good starting point for your discussion with devs in gitlab…

I am not an expert and I do not use the AP features but to my best knowledge and understanding AP simply makes use of the VPN-interface of the android-system to force all traffic into a specific direction (tor-service in this case …and given the “hide my ip” feature is activated).
This VPN-interface can also be used to connect to real VPN-services (that´s why it is stated that it was “initially designed for …”) or to e.g. control DNS-requests (more or less similar to what a pi-hole does - requires specific apps).

I presume the (your) confusion is about being led to believe a (real) VPN-service is active (or /e/ would pretend to include VPN-service) whereas the OS only indicates the VPN-interface of the phone is being used (to access the tor-network)…

edits: clarifications+typo

Pl note - the forum is open to all to post threads where other users can comment and discuss. All users are expected to be polite and respect the views and comments of others. Issues or flaws in design or code are openly discussed. There are a number of users who are technically good who frequently pitch in with their suggestions and feedback. Issues posted on Gitlab will also attract comments from other users. That is the whole point of being an open source appreciating project and users forum.

That’s exactly that i want to say.

I made a mistake posting this, it was only meant for feedback and a question to the staff, I didn’t mean it as a topic of debate, especially if someone was going to simply make comments, with no facts to back anything up, so this was my mistake, for not clarifying it. I should of never made the post in the first place, and reached out to /e/ directly…

Yes, typical posting is certainly open for comments and contradictions, I only said that, again, because I wasn’t making this a post of discussion.

Anyhow, sorry for coming across rude/harsh to anyone, that was also not my intentions here.

Be well everyone!

Just because he didn’t mention it doesn’t mean they are excluded.

Why would they use Tor? They don’t need anonymity or the level of security that comes with Tor. And as I mentioned previously, VPNs are more than just for proxying your connection, in fact there is a service called ZeroTier which creates a VPN (yes, it does create a VPN) and connects devices to it without proxying the actual outbound connection (in other words, it doesn’t “hide your IP”).

A VPN is the right tool if you want to access an internal network which isn’t open to public, you should use Tor for that, because that’s not what it is designed for, a VPN is.

Likewise you can use a VPN to proxy your connection, but that’s not what it is designed for, but it is sufficiently good at it.

I’m sorry but you are just living under a rock at this point if you seriously believe this. Tor is partially funded by the US Military and was also originally developed by them, and they actually use it along with many other agencies who want to work covertly and securely.

It would be impossible without the participation of the general public, thus Tor is open to all.

If VPN was really better then why don’t they just use it instead? Obviously there is a reason why Tor exists… and I detailed all of that in my previous posts.

What about all the technical details that I mentioned in my posts? If you want something which has citations then just go to Wikipedia.

Or you can just point out what words I did not back up with facts, and that will be the end of it.

I don’t think you are rude, just not willing to read what I wrote and accept the facts. My intention is only to dis-spell the obvious misinformation, no offense.

@Ackithe I’m reading, and did you read what I asked? That if you wanted to say something, then please post links so people can read your so called facts that you speak of? SO how about it?

Backup what you have to say, by showing professional information online?

The fact that I showed you several links, stating the complete opposites, you still persist.

Listen, this isn’t about just you, as long as anyone is simply going to chat and not show any factual evidence online to back up anything, then it’s just talk.

Hmm

P.S. There’s no point in continuning the discussion, if all your going to do is just talk.