Is there any value in using a VPN for security even without Tor or TAILS?
First of all, never use the Tor network with a VPN. At best it’ll do nothing, at worst it’ll add vulnerabilities that might reveal your identity
Secondly, yes, VPNs can help obscure your identity and hide your activity from your internet provider (which is very important for something like media piracy, which they’ve been known to send cease and desists for)
The youtube sponsorships where they claim to “encrypt your data” and protect you from “hackers” are mostly bullshit though - your data’s already encrypted if you’re on an https site, which 99% of your browsing time will be, and no one’s going to specifically and intentionally hack into your computer. The “hacking” would take place in the form of either malware, or the state requesting your personal information from the tracking companies that already have it, neither of which can be effectively prevented by a VPN alone
Short answer, if you can’t use Tor then you should be using a VPN whenever possible, especially if you’re pirating things. I recommend the free and activist-run RiseupVPN
OK SO THIS IS A THING I HAD TO LEARN ABOUT IN GREAT DETAIL FOR MY OLD JOB
VPNs (when used for privacy and not for, like, working from home but still having access to internal corporate servers) and Tor both go after the same problem: if someone’s eavesdropping on your regular old web browsing, they can tell which site you’re on (specifically, the domain name, the www.tumblr.com part of the URL) even if communication with the site is encrypted (https). That part of the URL just doesn’t get encrypted. Knowing which site you’re on can be a pretty big deal. It can tell the eavesdroppers exactly which bank and which email service you use, which news agencies you trust, etc.
What VPNs and Tor both do about this problem is they take every network packet coming out of your computer, encrypt its entire contents, and send it to another computer called an “exit server” that’s off in The Cloud somewhere. That computer decrypts it and sends it on to its final destination. Someone eavesdropping on the network in between your computer and the exit server can only tell that you are sending encrypted packets to that one computer. Someone eavesdropping on the network in between the exit and the final destination can see everything that they would have been able to see if you were talking directly to the final destination, but they can’t easily tell where it came from originally.
The technical difference between a VPN and Tor is that Tor is more thorough. With Tor, each of your packets is wrapped in three layers of encryption and sent through two additional computers on its way to the exit. This means the exit doesn’t know who you are and can’t find out. With a VPN, the exit knows everything that the eavesdroppers you were originally trying to avoid would have known.
Another important difference is that most VPN servers are run by corporations, and most Tor servers are run by anarchists (in the precise political-science sense). VPN companies are, in general, suuuper sketchy; they have been caught spying on their users over and over again, they cut corners on the encryption, they have been known to inject malware into unencrypted websites, etc. etc. etc. The anarchists usually don’t do that shit, but there have been a few incidents so bad that they made the news.
So: as @hater-of-terfs says, don’t use both a VPN and Tor at the same time, it’s pointless. But also, think about what kind of threat you care about. I’m gonna put this part in a bullet list because if you remember nothing else of this long post, remember this part:
- There is no point using either Tor or a VPN if you haven’t already taken more basic steps to improve your security online. Get yourself a password manager and an ad blocker and HTTPS Everywhere, and secure your email (at least) with 2FA, first.
- Tor and VPNs protect you from eavesdroppers near, but not inside, your computer—your ISP, the malware-infected wifi router in the coffee shop, that sort of thing.
- Tor and VPNs do not protect you at all from the websites you’re visiting. If you’re downloading pirated software, and the pirates tack on some malware, you’re hosed no matter how you download it.
- Tor and VPNs also cannot protect you from your own computer. If there’s someone with physical or remote administrative access to your computer—your employer, your abusive parents—they can snoop on you regardless, and they might be just as pissed off that you used Tor or a VPN at all, as about what you did with it. (Tails can help with this, but that’s because it’s a liveCD, not because it uses Tor.)
- A VPN will not protect you against an organization that can put legal pressure on the company operating the VPN—the government, the RIAA, that sort of entity. Assume the VPN company keeps logs even if they assure you they don’t. In fact, assume every word on the VPN company’s website is a lie.
- Tor, on the other hand, can and has resisted legal pressure from governments and record companies. The anarchists designed it so they couldn’t turn over logs even if they wanted to.
- Oddly enough, using Tor increases your risk of getting doxxed or similar. This is because there are, um, anti-anarchists who believe that everyone who uses Tor is a drug dealer or a pedophile or something even worse, and they actively try to dox Tor users—not by breaking the encryption, but by spying on them in other ways. I suppose they could also be doing this to VPN users but I haven’t heard about it.
If any of this is unclear or you want more detail, please ask.
People keep asking me about this and this is a much better writeup than any i’ve ever done.
