Why Is Tor Being Called A VPN in /e/?

You are factually incorrect, Tor is more secure than just a “VPN”. Tor is a large network of nodes connected with each other, and as long as no one controls a large portion of the network, it is very hard if not impossible to trace back the connection to its origin.

So you are incorrect when you say that a “VPN” is more secure than Tor, it can never be. A “VPN” is just a tool to connect two networks together and your privacy is entirely in the hands of whoever is operating it, which is a far cry from the decentralized nature of Tor.

You are free to file a bug report but honestly it’s just a trivial thing, keep in mind that a “VPN” is not a privacy tool, it’s just a way to create a virtual private network which comprises of different physical networks.

It is a different story that most proxy companies these days opt to provide their services via a pseudo-VPN. I’m saying pseudo because they don’t actually connect any of their network to it, they only redirect your outbound connections from their side.

So it could be argued that even “VPN” is not the right term to use here. But what difference does it make? People use that word to describe anything which proxies their connections, you can find many “VPN” browser extensions which do nothing but apply a SOCKS or HTTP proxy to the browser.

If you want to bring it to the attention of the developers, raise it on Gitlab. This guide will help you understand how to raise issues. This is the forum and for users to discuss. Posts if important will get a response from other users and do not get lost.

In the hands of whoever is operating it, and rhetorically speaking of, who are the greater more secure hands operating TOR.

By saying what you did, this clearly shows, you have very little understanding between Tor’s decentralized network and a VPN’s network.

FACT: Tor provides better anonymity, not privacy, not security.

I’m not here to debate the facts…

Anyone can choose to operate Tor, but they will not be able to use that fact to their advantage as long as the network is diverse enough.

Compare this with a simple single node redirecting traffic which could be easily rigged by anyone, with malicious intent or not, and with or without the consent of the legal operator.

One method relies on statistical probability for security, the other one just relies on the weakest link in the human chain of trust, which can’t be trusted well to begin with.

Ironic that you should say that, because that’s what exactly I think of you.

Please enlighten us on how it can provide better anonymity and yet somehow not provide privacy or security? The latter two are prerequisites for anonymity.

Neither am I, but your facts are actually misinformation. If you think I’m wrong then you are welcome to point out where.

@Ackithe are you an IT Cyber Security expert? Because I am…

I will show links to facts instead of just talking, this is not getting us anywhere. I speak as an IT Security Expert telling you these things, and I will not reveal my identity here online.

The latter two are not prerequisites for Anonymity. Privacy, Security and Anonymity, have nothing to do with one another, they can exsist soley on their own, and each one can lack the other.

1. Just because a system is private, doesn’t make it secure or anonymous.

2. Just because a system is secure, doesn’t make it private or anonymous.

3. Just because a system is anonymous, doesn’t make it secure or private.

I made this post, to have /e/ consider other possibilites besides TOR, because it is not a good solution, this post is not here for a debate on personal opinons on the matter, rather the facts. If no one has facts to back up their converstaion, then this is just counterproductive, and pointless.

I will give examples of articles, you can find online written by IT Security experts!

This article was written by Nethaniel Ribco, a Senior Cyber Threat Intelligence Specialist at CyberProof;

You will also see that Mr. Ribco states as I also stated;

the main benefit that Tor provides is anonymity (Security and Privacy are not included!)

I will state it again, this is the only good beneift of TOR, anonymity!

Go out and try and find any big business/enterprise/corporation etc., that uses TOR, there are none, and then go out and look at how many big business/enterprise/corporations use VPNs, a lot.

Here’s an article from Hitachi.

I can only post two links to articles at present, and the forum is also putting a time limit on how often I can make posts @Manoj which I thought would be lifted after 24 hours.

When the time is lifted, I will also post another reply, to another link from Unit42 also leading security/cyber experts on the risks of TOR.

There is not one IT Cyber Security expert in the world who will tell you TOR is more secure! I challenge you to find even one and show this community!

Here’s an article from Unit42. Do you know Unit42 works with the USA Dept. of Homeland Security!

# Tor 101: How Tor Works and its Risks to the Enterprise

https://unit42.paloaltonetworks.com/tor-traffic-enterprise-networks/

@Manoj please tell this person to no longer participate here on this post, since he has no facts to back up his words, and he’s only talking.

As I also stated before, this post was only about trying to get /e/ to consider alternatives not have personal debates on this topic.

I also made this original post with questions over this, to only get a professional reply from the staff of /e/ in regards to this, again, not a discussion on the topic of TOR vs VPN.

This post is becoming off topic, I only wish that the staff at /e/ would please respond.

Please tell the community, if they wish to say something, then show information online to back up what they have to say, otherwise it’s worthless.

@Manoj do you understand my request? This post was only intended for the staff of /e/ to respond, again, not to have discussions on TOR vs VPN.

THANKS

This forum is the place to exchange experience between /e/ users with Manoj making the link between us and the staff. You should raise your questions directly to Gitlab if you don’t want to discuss with users and only with staff. Also, in this forum you can not request for someone to be excluded just because he/she contradicts you.

You may read this thread @DoR3M3 : Advanced Privacy - know all about it
(easy to be found via “advanced privacy” in forum search)

In the first post under “side effects” of “hide my IP” it says:

The implementation of Orbot bridges all the devices’s Internet traffic through the Tor network. This was initially designed for VPN Services . That’s why Hide My IP appears as a VPN in /e/OS. We are working on another solution to route the devices’s traffic directly through Tor, to avoid this confusion.

This short section may not satisfy the expert but still sounds like the first bits of an answer to your initial question and it might be a good starting point for your discussion with devs in gitlab…

I am not an expert and I do not use the AP features but to my best knowledge and understanding AP simply makes use of the VPN-interface of the android-system to force all traffic into a specific direction (tor-service in this case …and given the “hide my ip” feature is activated).
This VPN-interface can also be used to connect to real VPN-services (that´s why it is stated that it was “initially designed for …”) or to e.g. control DNS-requests (more or less similar to what a pi-hole does - requires specific apps).

I presume the (your) confusion is about being led to believe a (real) VPN-service is active (or /e/ would pretend to include VPN-service) whereas the OS only indicates the VPN-interface of the phone is being used (to access the tor-network)…

edits: clarifications+typo

Pl note - the forum is open to all to post threads where other users can comment and discuss. All users are expected to be polite and respect the views and comments of others. Issues or flaws in design or code are openly discussed. There are a number of users who are technically good who frequently pitch in with their suggestions and feedback. Issues posted on Gitlab will also attract comments from other users. That is the whole point of being an open source appreciating project and users forum.

That’s exactly that i want to say.

I made a mistake posting this, it was only meant for feedback and a question to the staff, I didn’t mean it as a topic of debate, especially if someone was going to simply make comments, with no facts to back anything up, so this was my mistake, for not clarifying it. I should of never made the post in the first place, and reached out to /e/ directly…

Yes, typical posting is certainly open for comments and contradictions, I only said that, again, because I wasn’t making this a post of discussion.

Anyhow, sorry for coming across rude/harsh to anyone, that was also not my intentions here.

Be well everyone!

Just because he didn’t mention it doesn’t mean they are excluded.

Why would they use Tor? They don’t need anonymity or the level of security that comes with Tor. And as I mentioned previously, VPNs are more than just for proxying your connection, in fact there is a service called ZeroTier which creates a VPN (yes, it does create a VPN) and connects devices to it without proxying the actual outbound connection (in other words, it doesn’t “hide your IP”).

A VPN is the right tool if you want to access an internal network which isn’t open to public, you should use Tor for that, because that’s not what it is designed for, a VPN is.

Likewise you can use a VPN to proxy your connection, but that’s not what it is designed for, but it is sufficiently good at it.

I’m sorry but you are just living under a rock at this point if you seriously believe this. Tor is partially funded by the US Military and was also originally developed by them, and they actually use it along with many other agencies who want to work covertly and securely.

It would be impossible without the participation of the general public, thus Tor is open to all.

If VPN was really better then why don’t they just use it instead? Obviously there is a reason why Tor exists… and I detailed all of that in my previous posts.

What about all the technical details that I mentioned in my posts? If you want something which has citations then just go to Wikipedia.

Or you can just point out what words I did not back up with facts, and that will be the end of it.

I don’t think you are rude, just not willing to read what I wrote and accept the facts. My intention is only to dis-spell the obvious misinformation, no offense.

@Ackithe I’m reading, and did you read what I asked? That if you wanted to say something, then please post links so people can read your so called facts that you speak of? SO how about it?

Backup what you have to say, by showing professional information online?

The fact that I showed you several links, stating the complete opposites, you still persist.

Listen, this isn’t about just you, as long as anyone is simply going to chat and not show any factual evidence online to back up anything, then it’s just talk.

Hmm

P.S. There’s no point in continuning the discussion, if all your going to do is just talk.

Yes, and replied to everything which I felt is relevant.

Do you really want me to post “links”, what about the stuff I wrote in my posts? What if I were to put all of that into an article and gave you the link to it? If you really want some links, here you go:

1. https://www.torproject.org
2. https://support.torproject.org/about/how-is-tor-different-from-other-proxies/
3. https://en.wikipedia.org/wiki/Tor_(network) (more links inside)

If I recall correctly, all of those links were related to using Tor in enterprises, which I entirely discounted in my previous post. You shouldn’t use Tor in a enterprise setting, period. For more info just refer to my previous post.

Knowledge is not a physical thing that I can just “show” to you, it has to be conveyed in words, which I did. So there are two possibilities here:

1. You are ignoring what I wrote
2. You are unable to understand what I wrote

The latter would explain why you keep asking for links instead of pointing out why I’m wrong. So please tell us which one it is.

I posted specific links, that clearly show TOR is not better, safer, more secure or private, compared to VPNs.

Yes there is information out there if you want to dig for it.

Look, I’m not trying to give you a hard time, just talking here on this subject, without showing facts, doesn’t do the community any good, it’s just talk.

You have to be partial and not biased here and look at it like you are reading someone telling you something, and then wanting them to believe it.

So you really want people to simply believe what you have to say? Because, even after I showed you the facts, by professonials, even the link on Unit42 who works with Homeland Security, you still aren’t willing to accept the facts.

You’re just being stubborn…

P.S. Time to move on… Ciao…

What part of “you shouldn’t use Tor in a enterprise setting” from my previous post did you not understand? To give you the benefit of doubt I briefly read the article on Unit42… and guess what, they say the exact same thing:

The Tor project provides one of the most well-known tools that users can leverage to stay anonymous on the internet. People use Tor for many different reasons, both benign and malicious. However, allowing Tor traffic on enterprise networks opens the door to a variety of potential abuses and security risks.

So I’m being stubborn by replying to you in sufficient detail while you just keep ignoring what I say and keep accusing me of spewing baseless non-sense? (which ironically is what you are doing)

I really didn’t want to say this but I understand how Tor works, and if you really are the kind of person who looks at someone’s job to see if they are qualified instead of testing their knowledge, then you should know one thing… I’ve contributed to Tor directly, my code is part of the core Tor program right now.

I really didn’t want to say this but maybe this will grab your attention enough to stop ignoring what I post.

I agree, however you are welcome to post a final reply as long as you don’t start speaking about Tor in enterprise systems again.

Going into all the technical aspects/details is great, but we also have to understand, there will be less technically savvy people, who simply want to use a device and be safe, and need a simpler explanation to help them make a choice.

The great thing is that the differences between TOR vs VPN can be explained, very simple.

Tor is Crowd Blending, being in a crowd blending in.

Tor is like being in a crowd, in a city among thousands.

Being in a crowd you are anonymous, unknown in that crowd. You are not private, safer or more secure in the crowd, being in a crowd reduces these.

A VPN is like being alone out in the countryside, in the mountains.

Being alone in the mountains is more private, safer and more secure, than being in a crowd in a city among thousands next to you.

The differences in the technology between TOR and a VPN, depending on which you prefer, doesn’t limit you either way. Both technlogies can be changed in various ways and combined together, to improve their strengths and weaknesses.

In the end, the best way to look at this, is do you want to be in a city among thousands, or out in the woods alone?

Remember, we’re talking about Computer Technology, comparing the idea of either being in a crowd, vs being alone is all.

Being alone in the woods, no one knows where you’re at, they have a general idea, but they have to go find you. Being in the crowd, they have to figure out who you are in the crowd.

This analogy is not about the dangers of life in the city, vs the country. This is simply about, either being in a crowd, or being alone.

In the end, your choices are simple! Do you want to blend in with a crowd, having someone try to find you in the crowd? Or would you rather be alone out in the woods, having someone try to find where you’re at?

I prefer to be alone in the woods covering my tracks, because alone in the woods, you will always be more private, safer and more secure, instead of a crowd in a city.

TOR = Blending In
VPN = Alone & Hiding

This last reply, isn’t really about condoning Mullvad, it’s about reading and understanding a little also over Wireguard too, which is something I didn’t bring up, instead of just using OpenVPN.

I strongly recommend reading everything on the subject you can read on their site, especially the information on Multi Hop with Wireguard.

If you want to hide your public IP even more, use multihopping.

Besides OpenVPN, I should of said, what /e/ should really be looking at, is implementing their own Mutli Hop Wireguard Solution(s).

This topic was automatically closed after 9 days. New replies are no longer allowed.