Stop Using Tor With VPNs

Поділитися
Вставка
  • Опубліковано 23 гру 2024
  • In this video I discuss whether or not you should use a VPN before connecting to Tor and why this isn't a good idea in most situations.
    My merch is available at
    based.win/
    Subscribe to me on Odysee.com
    odysee.com/@Al...
    ₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
    Monero
    45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
    Bitcoin
    3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
    Ethereum
    0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
    Litecoin
    MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF

КОМЕНТАРІ • 2,7 тис.

  • @MentalOutlaw
    @MentalOutlaw  Рік тому +1822

    some people are asking me about Orbot in VPN mode. Using Orbot does NOT connect you to a VPN separate from the Tor network, it treats the Tor network like a VPN in the sense that it routes all traffic through Tor (Browser, message apps, games, etc) like a VPN app would, very similar to how TAILSOS routes all of its traffic through Tor.

    • @oofyeetmcgee
      @oofyeetmcgee Рік тому +10

      Hey, what are your thoughts on Invidious?

    • @Ulvis_B
      @Ulvis_B Рік тому +37

      How many times NordVPN got hacked?

    • @rayers1000
      @rayers1000 Рік тому +3

      I thought Orbot was considered a honeypot or some such these days??

    • @pipbernadotte6707
      @pipbernadotte6707 Рік тому +24

      Network Chuck? More like Fedwork Chuck, amirite u guys?

    • @Moha-bb7xm
      @Moha-bb7xm Рік тому +3

      Iam behind 7 proxies iam protected

  • @martuuk8964
    @martuuk8964 Рік тому +6450

    Mullvad stores nothing about you. They were raided recently on a warrant for customer information - any and all information about a specific customer - and they could not turn over anything and Swedish police walked away with nothing. If Swedish law ever changes to where they cannot operate like this, they will either move their HQ or shut down. They are extremely principled. If they are ever served with legal documents authorizing active/live wiretap that are enforceable in a country where a given server is, they will simply shut the targeted server down.

    • @49531
      @49531 Рік тому +1182

      Is this actually the ultimate honeypot

    • @bruhzzer
      @bruhzzer Рік тому

      ​@@49531they've been in buisness for a long time now, either they're really commited (honeypots usually aren't (as far as we know)) or they aren't honeypots

    • @notafbihoneypot8487
      @notafbihoneypot8487 Рік тому +590

      They also now run everything in RAM officially

    • @Bond2025
      @Bond2025 Рік тому

      @@49531 Tor is, it was compromised in 2013 in preparation for Operation Onymous. The download had all the security settings set to low by default when previously they were high and for months when security settings were changed to high, scripts were running on every site to assist law enforcement.
      I even downloaded a exe from the site that contained a profiler trojan, but tor project ignored complaints.
      Many exit nodes are compromised.
      Don't use a VPN, they provide all your data to law enforcement and manipulate it. The reason people use a VPN and Tor is because they connect to a bridge to hide what they are doing.
      Tor is not secure, not private and you can be uncovered at any time. Remember the DEFCON talk that was going to show how this worked - it was pulled and they went quiet.
      VPNs might not directly log, but hosts that own equipment have to by law.
      I recently found WeVPN was a honeypot, they vanished once people realised and the police operation was shut down. One server was on a UK police IP. If you connected in to Manchester, UK, the police were watching.
      Some say these Encryption In transit email services like Proton are honeypots.

    • @vlad7269
      @vlad7269 Рік тому

      @@49531Sometimes I think like that
      But they have huge spending on their employees 100k$+ per year for each one

  • @metal-beard
    @metal-beard Рік тому +3774

    Chuck has a history of advertising stuff in the guise of ‘tutorials’.

    • @michaelm1
      @michaelm1 Рік тому +432

      Yeah, I've been thinking the same thing. It was just a one big VPN provider commercial masquerading as a tutorial.

    • @dolan_plz
      @dolan_plz Рік тому +189

      I can't stand that soft spoken shill.

    • @danielrobinson3654
      @danielrobinson3654 Рік тому +238

      Almost every video is "And to do that, we'll be using our sponsor..." and then some service that collects all of your data

    • @EchterAlsFake
      @EchterAlsFake Рік тому

      @@danielrobinson3654For real, thats why I stopped watching him. Also he doesn't really care about questions on his comment section at all. His Instagram OSINT video has millions of views, but Osintgram doens't work anymore, because the author didn't update it and lots of people don't understand that. I tried to tell them and got blocked from his channel. He could atleast like make a pinned comment or something where he tells, that the video isn't up to date.

    • @tranquility6358
      @tranquility6358 Рік тому +42

      You know that production quality doesn't come for free, right? I don't blame people for wanting to make money by legitimate means. Some of his sponsors are genuinely useful.

  • @Akac3sh
    @Akac3sh 10 місяців тому +376

    the folding table in the back really adds to the atmosphere of this whole video

    • @SolsticeSH
      @SolsticeSH 5 місяців тому +19

      Its like the dirt in the corner of that barbershop that gives you the cleanest fade. If there is no foldable table behind someone talking about edge traffic I dont want none of what he has to say lol

    • @Akac3sh
      @Akac3sh 5 місяців тому +2

      @@SolsticeSH you get it lmfao

    • @sethdouglas2765
      @sethdouglas2765 3 місяці тому +8

      So he can quickly pack up and leave if needed.

    • @rom3611
      @rom3611 3 місяці тому +1

      looked at that table at least 3 or 4 times i would say this video maybe even more idk but i agree lol

    • @livinglikeahuman7918
      @livinglikeahuman7918 2 місяці тому

      I agree

  • @vafixer8885
    @vafixer8885 Рік тому +329

    as some one who lived in china for years at one point - VPNs not government approved are very popular. you usually have to have 3/4 of them since one or two might get blocked one day then come back the next while the other 2 are blocked another day, its like cat and mouse with the government and the vpn companies but the vpns always get through, either in a few days or a competitor does. hence why i had a subscription to 4 of them when i lived there.

    • @KizukiKotataki
      @KizukiKotataki 11 місяців тому

      Won't the government ever chase after the people there? Or are the VPNs located outside mainland china?

    • @basilalias9689
      @basilalias9689 9 місяців тому +92

      Im laughing at the image of the CCP playing whack-a-mole with VPN companies.

    • @ainz2579
      @ainz2579 5 місяців тому +20

      Same in iran. Basically everything but porn used to be accessible without vpns but after people protesting and using social media to coordinate them everything got filtered i personally have 2 vpns

    • @zahiddigital8301
      @zahiddigital8301 5 місяців тому

      @@ainz2579 which ones do you use? also by using VPN, your ISP/government wouldn't actually know that you are using VPN?

    • @ainz2579
      @ainz2579 5 місяців тому

      @@zahiddigital8301 they don't care if use vpns its not illegal they oppress for the sake of doing it

  • @heathmcrigsby
    @heathmcrigsby Рік тому +603

    I use a vpn with tor to browse reddit just to mess with the feds

    • @toeman4628
      @toeman4628 6 місяців тому +170

      We do a bit of federal trolling.

    • @ainz2579
      @ainz2579 5 місяців тому +3

      Vpns sell your data to the feds

    • @fluffy6818
      @fluffy6818 5 місяців тому +8

      @@ainz2579 oh no my datat

    • @ainz2579
      @ainz2579 5 місяців тому +5

      @@fluffy6818 lmao😹

    • @hucklebucklin
      @hucklebucklin 4 місяці тому +14

      Just to have ads from random countries

  • @flioink
    @flioink Рік тому +2504

    Network Chuck has never mastered the "pullout framework" - dude has like 7 kids.

    • @redrootwire
      @redrootwire Рік тому +208

      💀😭

    • @zaremol2779
      @zaremol2779 Рік тому +374

      Good for him, honestly

    • @flioink
      @flioink Рік тому

      @@zaremol2779 I mean if he can afford it then - sure.

    • @mattjax16
      @mattjax16 Рік тому +149

      It’s cuz he’s crazy religious

    • @phxsisko
      @phxsisko Рік тому +126

      He's weirdly religious, so yeah, condoms are evil, etc. It's the reason I don't support his channel.

  • @etoilefushigi
    @etoilefushigi Рік тому +300

    If you really want to use a VPN and ensure that your opsec is as tight as possible, use a VPN to connect to a remote server like a Windows or Linux desktop, ensure that the VM is wiped when done, and connect via tor browser that way. There are many services that will provide anonymous RDPs and if you use mullvad as your VPN provider generally speaking, you're good in this regard specifically.

    • @Bond2025
      @Bond2025 Рік тому

      never use Windows, always wipe any PC completely after each use with Privazer, a shellbag cleaner and bleachbit.
      I spent years testing file and PC wiping software by running it and then examining PCs with EnCase. Evidence Eliminator was really good, but so is PrivaZer. Many others left multiple traces of activity. Your ISP records a lot about you and can provide police with access to your router as ALL of the commercial ones have a backdoor built in.

    • @casev799
      @casev799 Рік тому +11

      I'm forgetting what an RDP is in this and frankly I think there's probable to many definitions out there for me to look ghrought

    • @Daveychief23
      @Daveychief23 Рік тому

      @@casev799 Remote Desktop Protocol

    • @treemallow757
      @treemallow757 Рік тому

      Remote Desktop Protocol@@casev799

    • @visvge4934
      @visvge4934 Рік тому +24

      Remote desktop protocol lol

  • @jakeplaydirty3882
    @jakeplaydirty3882 10 місяців тому +52

    Love your logic bro 🙏 Came here after watching that Chuck video strangely. I did leave his video scratching my head a bit 😂 You make much more sense

  • @RobertoRubio-ij3ms
    @RobertoRubio-ij3ms Рік тому +51

    Amazing video. No commercial bs and technically accurate. Just gained a subscriber. Keep it coming. Kudos from Panama.

  • @hughjanes4883
    @hughjanes4883 Рік тому +1103

    You putting yourself up there with KGB and CIA TOR relays is a level of confidence I wish I had.

    • @frandurrieu6477
      @frandurrieu6477 Рік тому +89

      Bro fears nothing

    • @lolotrololo2275
      @lolotrololo2275 Рік тому +9

      What KGB?

    • @b1rdy0xf
      @b1rdy0xf Рік тому

      @@lolotrololo2275FSB

    • @phxsisko
      @phxsisko Рік тому

      I think it's a joke. Also, the KGB is dead, the FSB is the current iteration. FAPSI seems to be their equivalent to the NSA. KGB seems to be mostly famous due to western movies using them as the other evil spy group, etc. Which, yeah, they, the CIA, they are all super evil.

    • @lodyllog
      @lodyllog Рік тому +98

      @@lolotrololo2275 KGB is like a soviet FBI

  • @johnnymnemonic1369
    @johnnymnemonic1369 Рік тому +1232

    Don't use VPN: Feds are checking edge node connections and get your IP address
    Use VPN: Feds are checking edge node connections and get your VPN IP, then have to subpoena the VPN provider to potentially get your IP.
    What am I missing here?

    • @schwingedeshaehers
      @schwingedeshaehers Рік тому +262

      They probably also get your name, payment method, email,...

    • @ВалерийШадрин-л5г
      @ВалерийШадрин-л5г Рік тому +384

      You're missing the fact that you are standing out from the crowd of folks that use tor browser as usual. What's the point of slightly overburdening the law inforcement if they otherwise know where to look?

    • @cyclopsvision6370
      @cyclopsvision6370 Рік тому +59

      Nord says they do not keep logs about users' timestamps and traffic destinations

    • @tartas1995
      @tartas1995 Рік тому +117

      They need to subpoena your IP too. Vpns have your payment options. Once at the vpn, they have you. Once at the ips, they have you. Ofc there is a case for this or that, what are your local laws and how are the local laws of your vpn. Which agencies are interested in tracking you and so on. But it ain't that simple

    • @thewhitefalcon8539
      @thewhitefalcon8539 Рік тому +66

      You're missing that feds already monitor vpns

  • @henrylonghead
    @henrylonghead Рік тому +221

    "Recommend them to just use Tor like a normal person"
    - Mental Outlaw

    • @qlippoth13
      @qlippoth13 Рік тому +10

      What else could we possibly use... softether?

    • @polinskitom2277
      @polinskitom2277 Рік тому

      ​@@qlippoth13been forever since i've used softether, any new developements on it or anything interesting happen?

    • @DOG_EATER_1887
      @DOG_EATER_1887 11 місяців тому +11

      dawg no one uses Tor with good intentions its entire purpose for most is to be used safely for BAD intentions

    • @nusplus3985
      @nusplus3985 10 місяців тому

      @@qlippoth13 i2p

    • @parsoniareigns
      @parsoniareigns 10 місяців тому +4

      ​@@DOG_EATER_1887yep normal folk use Windows. Might use VPN. Some normal folk might use MAC OS. Linux or Tor. Normal folk do not.
      Only players. You are 100percent correct.👍

  • @talis1063
    @talis1063 Рік тому +77

    My intuition with VPN has always been that you're basically replacing your ISP with another one. Only useful to tunnel around whatever part of the network you don't trust / can't get through. The tunnel ends at the VPN provider, but the VPN provider still has all the info your ISP would normally have. If you trust the VPN provider more or give them less info about yourself than your ISP then I guess that's fair.

    • @EdmondDantèsDE
      @EdmondDantèsDE 10 місяців тому +29

      It makes a huge difference because your VPN provider is preferably located in a country with much stricter data privacy laws.
      VPN providers are also financially incentivized to legally fight against handing out data while ISPs mostly don't give a shit.

    • @BillAnt
      @BillAnt 9 місяців тому +1

      Might as well just use a Proxy for hiding your IP to get around restrictions with less overhead and latency than VPN's. Also simpler to set up and cheaper too. VPN's used to be useful before HTTPS/TLS encryption of 99% of modern websites.

    • @matthewprier4340
      @matthewprier4340 4 місяці тому +3

      I see the arguments here, but for me it comes down to corporations. In the USA only a handful of corporations control ALL internet traffic. Often you are lucky to get 2 options for a provider here, some places literally have one choice. Larger places have multiple choices but they all tend to become ATT/Comcast in the end. So, here, a VPN does sort of replace the ISP, but it replaces a corporation that is so willing to sell you out they are monitoring organ prices for a COMPANY that has a vested interest in your privacy for their profits.
      When you r business model is "we won't rat you out" you have a strong incentive to fight any attempts to access your customer database. Can it happen? Sure, they have to follow laws that keep getting more draconian but they also have the means to work every legal angle first. For the enforcement side, an ISP is a no-brainer to ask for information on any little whim. A VPN company is going to take some solid reason to go after them because it won't be cheap and unless they get a conviction that's money wasted.
      I LIKE that the sellout YTber recommended dual layer to his viewers. He is popular, and well liked and trusted so that means it is more likely that a bunch of new VPN+Tor connections pop up making the argument that it is enough suspicion to pursue weaker for enforcement.
      Again, this is for the USA, where money and power are the arbiters of reality so that's where you will see the most pressure. Your country has some ultimate structure as well that decides things for the masses, and that is where you should invest your effort in security. I do nothing interesting online, haven't for decades, but I use a VPN always and am switching from Vivaldi to TOR for most of my browsing just to add to the noise floor. Remember, if we are all doing it, no one stands out enough to be a threat. I'd rather protect a hundred illegal users to make sure the one journalist or protester doesn't get ganked to silence them. It is not our job to stop crime, and they need to step up their skills not rely on our passivity.

    • @acatinatux9601
      @acatinatux9601 4 місяці тому

      @@EdmondDantèsDE is nord vpn safeish?

    • @BoleDaPole
      @BoleDaPole 3 місяці тому +1

      Nord will share your information if they're asked by the US government.
      Whether that's an issue for you or not is your own answer to solve.

  • @Microtonal_Cats
    @Microtonal_Cats Рік тому +41

    3:13 This part totally comes off as "The way I see it, if you got nothing to hide you shouldn't mind you have no privacy." ...which kind if invalidates the whole video, and this advice. That's odd because everything else on this channel is the opposite.

    • @garychap8384
      @garychap8384 2 місяці тому +10

      Yeah, I felt that too!
      Also, there are a few other statements in there which I feel are demonstrably wrong ... or, at least, that there's some narrowing context for his statements that isn't coming across. They're certainly not universally true.
      Even mentioning the experts statements about not using VPNs with TOR were clearly aimed at those using commercial services based on the false claims those services make... it's a rather broad assumption that only naive people are using VPNs in a certain way for a certain reason, and not getting what they expect.
      I can give real world counter examples, including how VPN use can be indistinguishable from HTTPS use (even under a protracted state investigation) ... when using actual web services as the cover. For example, my Chinese friend owns a European VPN (running on a cheap cloud VPS) that gets used daily by several users, from China, and has not been blocked once (in a decade of use) despite having had a lot of 'strange' hits to investigate the nature of the 'web services'... even after one of those users came under a three year state investigation for protest activities.
      This is because the traffic can be switched seamlessly from the HTTPS service, to an unexposed VPN service, without any perceivable change in protocol. Anyone investigating the server gets the HTTPS content, they see no other ports or protocols... and the content being served is credible and benign.
      So, there's a strong use case... China!
      I don't think Mental Outlaw actually groks what the youths are doing over there. Sure, there will be some chasing endless public VPNs and open Proxy services that keep getting shut down or blocked... but the savvy kids are certainly not doing that.
      Private VPNs are a strong tool when properly set up for the threat model you live with. They can be made indistinguishable from bulk traffic, made highly credible and be given a verifiable cover ... TOR traffic cannot, even with obfuscation, as all the entrypoint IPs can be harvested - even the temporary helper nodes!
      So, no... VPN services for TOR access can be essential, credibly deniable and outstandingly secure. and they absolutely have their place in the security/privacy landscape. anyone that says otherwise should be challenged, as they're almost certainly making assumptions about either the way VPNs are used or the threat models people live under.
      Personal VPN, as a flexible technology, can be damned useful for privacy, anonymity and credible deniability!
      But I certainly wouldn't shill for NordVPN or similar commercial services. Not when a VPS running Wireguard, OpenVPN or even just PPTP costs as little as $5 on an unadvertised IP, and can be configured to look like a benign web service from the outside.
      We should be educating users to do privacy properly, according to their threat models... not flatly discouraging them from using certain tools simply because those tools can also be used poorly.
      Hopefully Outlaw will revisit this topic with more nuance.

    • @franckize
      @franckize 2 місяці тому +14

      My god the “read more” option didn’t prepare me enough

    • @_Baleful
      @_Baleful 2 місяці тому +2

      Totally agree.
      It’s just wishful thinking on the part of Mental Outlaw - He wants to believe “tor makes us all look the same.”
      Naw dawg, tor makes you look like a criminal, that’s the world we live in

    • @Dovimoe
      @Dovimoe Місяць тому

      Yeah, "if you don't have anything to hide, why worry about your own privacy?"

  • @webbonyoutube
    @webbonyoutube Рік тому +325

    Correction: The entry node is a "guard node" which is selected from a limited, mostly unchanging list. The idea is that if even if you roll the dice over and over and eventually get two bad nodes, those nodes that never change will keep you safe.

    • @DERADI30
      @DERADI30 Рік тому +31

      That doesn't actually sound safer.
      If you want to track tor connections and all of them route through a smaller list of nodes that doesn't often change that's the first target.
      Is there more to the system? It sounds like it's just "trust me bro"

    • @joopie46614
      @joopie46614 Рік тому +18

      @@DERADI30 You have a point, I would assume that small group of nodes are from trusted sources and probably some other characteristics which would make it less susceptible to spying, but then again if one of those trusted nodes get breached, this would probably eventually get discovered and it would no longer be a trusted node, but until that happens you still have 2 other relays which are very very likely to not be controlled by mutual organisations which keeps it relatively safe, but it still all comes down to chance really
      And by trust I don't mean each node has an assigned reputation because that would definitely make it an easy target but rather I would guess it comes down to heuristics on volunteer nodes.

    • @Kilzu1
      @Kilzu1 Рік тому

      @@joopie46614 It would be concern from privacy point of view, but TOR is based on theory of "you can't trust ANYTHING at all". Your connection to between each node is encrypted with different encryption and only 1st node you connect to, knows your real IP or what comes from your computer. This means every node past first node, knows only from which node this traffic came from and what is next destination, if someone tries to track you from one of those never changing nodes, they would have to know what traffic from which source out of thousands of others they would have to follow.
      More simply, even if someone tries to trace you from the first node your connection is going to, they would have to know at least the country you are at, ISP you are using and public IP address your computer is using, since they would have to screen through hundreds if not thousands of different connections coming all over the world at the same time, unless you are using something like a VPN to raise eyebrows, won't reveal anything other than you are just 1 among many people who use TOR.
      Now even TOR isn't able to keep you 100% anonymous, I'm pretty sure there are ways to trace TOR users, it's just extremely resource and time consuming, so unless you do something that puts you under someones radar in the first place, your traffic is seen just like any traffic, regular encrypted traffic and hardly worth the time and effort to look into that deeply.

    • @indawgwetrust4255
      @indawgwetrust4255 Рік тому

      @@joopie46614 Here: www-users.cse.umn.edu/~hoppernj/single_guard.pdf

    • @sirsneedster
      @sirsneedster 9 місяців тому +41

      Guard Node: Sees your IPS's IP address, not the content requested
      Middle Node: Can't see shit, just moves traffic from Guard to Exit
      Exit Node: Sees your requested content, cannot see who you are

  • @MMOchAForPrez
    @MMOchAForPrez Рік тому +1473

    Thank God there's somebody out there who doesn't just parrot a popular opinion. It is necessary to provide a reason you don't like something when you suggest not doing it. Otherwise all your doing is making noise.

    • @jeffhicks8428
      @jeffhicks8428 Рік тому +67

      new media is literally garbage. interesting that the guy in this video has something most new media lacks which is basic literacy and the slimmest margin of effort in actually making content. it's not common.

    • @MMMMMMarco
      @MMMMMMarco Рік тому +2

      Yup 🙏

    • @wiredfox3451
      @wiredfox3451 Рік тому +37

      But all the points he brought up weren't valid for the vast majority of people using a VPN + Tor, most people watching this video aren't doing it from China or a middle-eastern country that have hijacked VPN providers. If you don't trust your ISP, use a VPN with Tor, that way your ISP won't know you're accessing the Tor network.

    • @privateassman8839
      @privateassman8839 Рік тому +1

      ​@@wiredfox3451good point

    • @cc-dtv
      @cc-dtv Рік тому

      Popular opinion what the fuck may be popular with the troglodytes remember to update your windows proprietard

  • @valdimer11
    @valdimer11 Рік тому +271

    Chuck is all about monetization. Half of his "tutorials" are cloud based, require credentials to use, and usually only give "free trials". The dude monetizes everything, he even has a "guide" in the description down below, which is a link to his site which you have to pay for if you need any further information. My guess is Nord was probably sponsoring the video.

    • @Henry-fu2hc
      @Henry-fu2hc Рік тому +10

      To be fair a lot of the time (or at least when I last him watched a couple years ago) he would often have two tutorials, one which shows running it on your own device and one running it is a cloud based server. At the very least if you have a bit of an understanding of it anyway, you can likely use the section of the cloud tutorial post-setup to have your own go at it

    • @BMW750Ldx
      @BMW750Ldx Рік тому +1

      you are spot on...bro 😉😉

    • @alfredcam5213
      @alfredcam5213 Рік тому +7

      Why is this news or even interesting? Of COURSE he's monetizing. He is a UA-camR. LOL

    • @valdimer11
      @valdimer11 Рік тому +6

      @@alfredcam5213 you missed the point. It's one thing to monetize, but it's another to monetize while not "adding" anything to whichever subject the influencer is talking about.

    • @ibonihs
      @ibonihs Рік тому +2

      i completely disagree with him but why would nord sponsor a video about not using vpns? :q

  • @MiClLC
    @MiClLC 11 місяців тому +4

    I use this analogy. Think of Tor as a castle, it protects the space that you're in but doesn't necessarily protect YOU. Think of a VPN as hardened armor. That is what protects you from the evil ISP Dragon that's lurking somewhere in the castle. You have maximum protection, but don't think you can't be eaten if you do something stupid (bad opsec).

  • @MrCmon113
    @MrCmon113 10 місяців тому +44

    It's crazy that this guy hired an actor to mime his words.
    Godlike levels of opsec.

    • @Incidius
      @Incidius 4 місяці тому +1

      Lmaoo I didn’t realise until now

    • @薹
      @薹 2 місяці тому

      ​@@Incidius It's a joke

  • @dingokidneys
    @dingokidneys Рік тому +136

    Tor, as you said, provides a number of bridges to make the initial hop into the Tor network which effectively overcomes the concern that is supposedly addressed by using a VPN.
    Anyone can run a Tor Snowflake bridge as a browser extension or, if they have the compute and WAN bandwidth, as a small docker container. This helps people living under restrictive regimes and, again as you said, the more Tor traffic the safer each Tor user is.
    I have a Snowflake docker container running on a Raspberry Pi along with a bunch of other stuff and it's set and forget. I also have the Snowflake browser extension (overkill I know) and, apart from a tiny icon counting the number of connections you've facilitated, you wouldn't know that it's there and doing anything.

    • @dannydetonator
      @dannydetonator Рік тому +5

      Damn, you're an online bunker! I used just Orbot occasionally with mobile TOR, on my stronger phone untill it recently burned battery from all the work. And a simple free VPN for PC. How would you rate these?

    • @xaxa-0x3F
      @xaxa-0x3F Рік тому +1

      I would love info on what this browser extension is and if it takes away major bandwidth or whatever

    • @dingokidneys
      @dingokidneys Рік тому

      @@xaxa-0x3F Just Google "tor snowflake" and you'll get all the info.

    • @fenio81
      @fenio81 10 місяців тому +4

      Snowflakes to jest drobnostka dla ludzi żyjących w wolnych krajach, nawet nie zauważą że ta usługa działa w tle. Jednak jest to bardzo ważna usługa dla ludzi którzy nie mieli tyle szczęścia i żyją w krajach objętych cenzurą. Każdy z nas powinien dołożyć cegiełkę do tej inicjatywy i przynajmniej zainstalować oraz włączyć rozszerzenie Snowlakes na swojej przeglądarce.

  • @brad6817
    @brad6817 Рік тому +606

    Chuck's linux tutorials helped me a lot. It's very annoying when he disguises a sponsorship as a tutorial and crams hacking into everything he can. I don't think he really knows as much about security as he thinks he does.

    • @obm_jay
      @obm_jay Рік тому +36

      everyone i try to follow chuck tutorial they never work and make me go down a rabbit hole 😂

    • @starship748
      @starship748 Рік тому +90

      @@obm_jay100% -Dude speaks in bullet points. Interesting topics but makes me cringe when he say “hacking” over and over and over.

    • @Wookiee925
      @Wookiee925 Рік тому

      ​@@obm_jaythere always seems to be stuff missing between steps needed for them to work. At least that's been my experience

    • @arnezbridges93
      @arnezbridges93 Рік тому +26

      Dunning-Kreuger syndrome, where you think you know everything because you don't know what you don't know. Best way to be "confidently incorrect" lolz.

    • @valdimer11
      @valdimer11 Рік тому +23

      I think he does know IT but I don't think his ideas are original ...additionally all of his tutorials revolve around using some service which requires you to pay up in some way. It's nice because he finds cutting edge software to demo, but he also isn't helpful as you'd think because he isn't teaching you really anything at all. I thought he was great before I got into cybersecurity but now his demos and tutorials are next to useless because he doesn't actually teach you the ins and outs of networking, scripting, coding, OS, firewall, or anything. It's just "hey, go download this software, follow my commands, and have absolutely no idea what's going on beyond what I'm demonstrating"

  • @RedactedBrainwaves
    @RedactedBrainwaves Рік тому +56

    "Your VPN provider will send us the traffic"
    MENTAL OUTLAW IS A FED CONFIRMED!!!!

    • @vrrooooommmm123
      @vrrooooommmm123 20 днів тому

      probably is, he acts like a dude bro NSA agent

  • @agranero6
    @agranero6 Рік тому +9

    The MIT student that sent bomb threats to avoid a test was arrested BECAUSE he was not using a VPN as he was on the University WiFi and was the only one connected to TOR at that time. I am not condoning sending bomb threats, not even fake ones, but this show that your decisions must be taken in a case by case basis, use your mind not rules of thumb.

  • @Alm8hoorOW
    @Alm8hoorOW 8 місяців тому +17

    I’d argue that using a VPN won’t make you stand out as a threat because almost everyone is doing it. Actual threats have a whole bunch of compromised computers which they use as proxies in a network. And these guys infect and change proxies every few minutes so it’s impossible to track them down.

  • @Ginfidel
    @Ginfidel Рік тому +335

    Using the stupid 'app' that comes with these VPNs is the first problem. Set up a custom router and configure an interface that routes ALL traffic through one of your VPN's servers, so that your endpoint running TOR is fully encapsulated. NordVPN supports this as does any other VPN worth it's salt.
    Bottom line, kenny: VPN traffic is LESS SUS than TOR traffic. ISPs keep lists of their clients who use VPNs and who use TOR. Those lists are gonna be used against everyone on them someday. You really want your residential IP on the 'raw dogging TOR' list? Seriously?
    If you think I'm nuts, fine, put it this way instead: your ISP does not deserve to know that you are connecting to TOR. Don't bend over and hand away that information. Let them think you're another dumb normie who fell for the "Hurr, it encrypts my why figh!" marketing.

    • @TV-vz8kv
      @TV-vz8kv Рік тому +37

      Also kenny doesn't understand that "unnecessary" VPNs/proxies/tunnels are what keeps tor usable in countries where direct connection and connection through bridges is blocked. + In some countries it matters whether you connect to the tor network through VPN or directly, as it may grant you plausible deniability when giving answers to some questions from local authorities.

    • @Ginfidel
      @Ginfidel Рік тому +45

      @@TV-vz8kv Could be true. But I can't really speak to that experience. I can only speak of the good ol' US of A where ISPs keep lists of everything their users are doing on the internet, and will hand them over to the feds at the drop of a hat if asked. And it's a question of when they'll ask, not if. When that day comes, the less your ISP knows, the better.

    • @OceanicManiac
      @OceanicManiac Рік тому +5

      How do you set something like that up?

    • @Ginfidel
      @Ginfidel Рік тому

      @@OceanicManiac That's a lot to type out and I can't post links, so hop over to your search engine of choice and search 'setup pfSense VPN client' and you'll get a mix of official documents and third party tutorials. pfSense is a FreeBSD firewall operating system that I run on an old gaming PC (with a few extra NICs) as a router. During setup you can leave a NIC un-mapped to LAN or WAN and instead map it as a hardware VPN interface so that anything you plug into it will have 100% of its traffic go straight thru the VPN instead of ever touching LAN/WAN
      Pfsense is a lot of work at first, but once configured properly, it's very rewarding and low-maintenance

    • @LeePrzy
      @LeePrzy Рік тому +1

      @@Ginfidel so then since your so concerned might I ask what your home network looks like

  • @Katsumato0
    @Katsumato0 Рік тому +21

    I work in cyber security. We can analyze netflow to and from an IP address using some very expensive tools. It's not 100% all of the traffic since it relies on nodes placed throughout the world. It still reveals the IPs with lots of traffic from your house or wherever. There are better tools than I use at work to link the IP's. There are plenty of ways to get around this. Use regular ports and protocols (think HTTPS TCP 443) and CDNs to blend in.

    • @Akac3sh
      @Akac3sh 10 місяців тому +1

      what if i turn my pc off then back on again

    • @pitu5938
      @pitu5938 8 місяців тому +1

      @@Akac3sh same public ip 🤣

    • @Que_Maine
      @Que_Maine 7 місяців тому +1

      I worked in cybersecurity for 5 years and you cannot analyze net flow, has to be a national threat. And still tracking has to be signed off by higher levels.

    • @monkieie
      @monkieie 5 місяців тому +1

      If you try to analyse netflow on encrypted traffic then you'll only see the header information but the payload is secure. Try showing me a tool which can decrypt traffic in real-time.

  • @Brian2
    @Brian2 Рік тому +138

    I just want to point out that in, 2020 I believe if not then 2021, in the winter it came out Tor Guard nodes were a quarter compromised if not more so.
    That means that first node you use, the most important, is likely to be an enemy. The only reason to go for a Guard Node like that is to deanonymize people.
    Any time this is brought up and how much is the same now (Unknown. Can be 1% can be 90%) means it can not be trusted. Would you trust a VPN that shown that large of compromised servers? No. No one in videos brings this up either. Or in forums. They go all quiet and ignore it, try to change the subject.
    Here you don't even bring it up either, which is a shame as I wanted your input on this angle and factual evidence we have for how bad Guard Nodes are.
    You are saying here to trust what we know for a fact has been compromised to an insane degree. Adding a VPN that has been proven in the courts to not keep data (Mullvad) means the Guard Node being an enemy doesn't matter nearly as much.
    By the way the more popular it becomes for VPN-Tor means the less you stick out. With Network Chuck having that come out along with others wouldn't that be safer overall?

    • @crisper1614
      @crisper1614 Рік тому +41

      Very excellent critique.

    • @curious2882
      @curious2882 Рік тому

      Yes! Tor has been PROVEN compromised since 2013! When Freedom Hosting was shut down. The NSA made a whole speech about how they can de-anonymize Tor users, a tor darknet hoster was discovered and prosecuted, and it happened again in 2015 as well as 2020 just off basic googling.
      Tor is NOT safe! The NSA (and thus the rest of the US government if they ask) can and will find you if you get on their radar. Tor will not protect you.

    • @realcartoongirl
      @realcartoongirl Рік тому +7

      yes but network chuck use nord vpn and has 7 kids

    • @Splarkszter
      @Splarkszter Рік тому +4

      Network chuck was paid to fo that video in that way. Completely insecure.

    • @NeostormXLMAX
      @NeostormXLMAX Рік тому +36

      people have said in the past that there is a high chance that mental outlaw is a glowie, after all he is literally subtlety advertising illegal activities and has not been blacklisted by the algorithm, and has even gotten sponsored, he also talks like alot of CIA type people.

  • @P4P1Kpl
    @P4P1Kpl Рік тому +3

    The main issue here is not FBI/CIA investigation but security. I don't care if FBI/CIA will be suspicious. I just want to connect to TOR in the safiest method. That is why the internet users are looking information do they need VPN, proxy, wirtual machine, usb system or even but additional laptop ONLY for TOR connections.

  • @temp50
    @temp50 Рік тому +7

    6:45: Long story short: Connect to VPN, connect to TOR. If you've been tricked to click on a link which would navigate you to a clearweb IP, the destination server will still not be able to identify your real IP address because of the VPN. You are welcome.

    • @garychap8384
      @garychap8384 2 місяці тому

      Okay, now you're in China...
      ... your threat model has changed, and now you need some nuance. TOR nodes are known and may get you tortured... TOR 'Helper Addresses' are harvested... if one turns up in your traffic logs... again, you could conceivably be tortured. VPN services are actively blacklisted... repeated attempts to find/use them can get you a visit from men with heavy boots... and, again, torture isn't off the table.
      Short story suddenly got long, eh?
      I'm guessing you live in a western country and security seems so easy. It's all about endpoint concealment and content privacy, yes? After all... there's _"due process protections"_ and the right to a _"fair trial"_ ... maybe you have the _"fifth amendment"_ and so, you're here to tell everyone just how simple it all is ...
      ... well, good for you : )
      Sadly, some peoples lives depend on getting this stuff right. Their threat model doesn't include 'due process' and so making blanket statements about your _'just kinda good enough'_ OpSec merely pollutes the information space and can put people at risk.
      Y'see, not everyone is just trying to download the latest movies or searching for questionable porn. Some live in a country where just being found to have accessed a privacy service can get your whole family pulled in for questioning.
      Want to try the long story? Y'know... the one that actually holds up : )

  • @extraspecialk3244
    @extraspecialk3244 Рік тому +47

    I have heard of a case involving a correlation attack. Which involved confirming that a suspect was showing up as "online" during chatting over a TOR service. Then the suspects ISP confirmed they were using the TOR network at the time.
    Granted, they already had a lot of evidence on this person.

    • @Randomnessinlife
      @Randomnessinlife Рік тому

      Estonian government (or specifically Estonian Police & Border Control) has performed network correlation attacks against local darknet vendors by sending a succession of messages to their messaging app and then requesting ISPs to disclose info what region received their sent succession/pattern of packets. They repeat this action to narrow down from region to city, street and finally address, where they get the final end user.
      Similar case I know was when some government employee's credentials (or username) was seen by co-workers who thought it'd be funny to log in to her account. So they downloaded Tor and tried to log in via Tor Browser. They used TOR because they didn't want to get caught and thought using Tor would guarantee their safety. Government checked who, what IP in Estonia had downloaded Tor installer in the past few days. IIRC this was enough proof, that they downloaded TOR just recently and as the ISP also could prove they connected to Tor network around that time, but I could be misremembering that case, plus those guys went with a plea deal in the end anyway.
      Source: public record court documents

    • @bloodhound1182
      @bloodhound1182 Рік тому

      If they had a lot of evidence on this person already, then this case is nothing to worry about.
      Police can't arrest you over circumstantial evidence. Unless you're the kingpin of Silk Road or a mf international terrorist, chances are police aren't gonna have enough to prosecute you.

    • @sultanhanga
      @sultanhanga 8 місяців тому

      Silk Road ?

    • @extraspecialk3244
      @extraspecialk3244 8 місяців тому

      @@sultanhanga too long ago for me to recall now. I don't think it was.

    • @helloofthebeach
      @helloofthebeach 3 місяці тому

      I definitely remember a story about a college student using TOR to make a bomb threat so he could delay an exam. The college quickly flagged him by checking if anyone was using TOR on the campus network when the threat came in, and it was only him, in his dorm room. That's only circumstantial evidence, but he also fessed up instantly when asked.
      This _is_ a circumstance where a VPN would have helped him, because his adversary was looking for something very specific that was out of the ordinary, and if he always used a VPN, his traffic would be disguised as his own traffic. The college knowing he always used a VPN and was online at the time still might have put him on a list of suspects once they saw no one was directly using TOR, but he'd have had a compelling alibi.
      But given the fact that he thought this was a good idea in the first place, the outcome isn't really surprising. I think good OpSec requires a basic understanding that actions can have consequences, and this guy clearly did not. Also, he can go to hell.

  • @reznovvazileski3193
    @reznovvazileski3193 Рік тому +11

    All I heard was "Use Tor+VPN to run hemeroid videos all day on an unused PC so the feds are now stuck scrolling through hours of hemeroid footage after months of waiting to crack the encryption"

  • @jmtradbr
    @jmtradbr Рік тому +29

    Tor with VPN is like entering a place in disguise accompanied with someone who knows your real ID. Your privacy will depend on how much you trust this third party.

    • @TheTweaker1
      @TheTweaker1 Рік тому +13

      I think there are many more trustworthy third parties (like Mullvad, and IVPN) than ISPs, many of which have very questionable privacy policies.

    • @wiredfox3451
      @wiredfox3451 Рік тому +8

      More like using tor with a VPN is like entering into a place in a disguise and having a friend who stops the other guy from coming into the building who knows your real ID.

  • @Secret_Takodachi
    @Secret_Takodachi Рік тому +15

    The best opsec is that of a ritualist. No overlapping usernames. Seperate accounts attached to seperate e-mail address. Only use certain accounts on certain devices. ALWAYS FOLLOW YOUR OPSEC PROTOCOLS NO MATTER WHAT.
    No matter what your reasons are: the thing that gets competent actors caught is LAPSES IN OPSEC PROTOCOLS.
    Standard Operating Procedures are the *standard* for a reason! It's not about insanely over-complicated security: it's about CONSISTENT security that meets the minimum thresholds for data obfuscation. Failures in security practice consistency are what breach "impregnable" defenses, not insufficient security.
    At least among those who know what they're doing.

  • @andre_santos2181
    @andre_santos2181 8 місяців тому +4

    Here is Brazil the dictatorship is slowing growing over a disguise of democracy, and the govenrment is cracking each time more on opposition. So, We need to study all these options

    • @ATomRileyA
      @ATomRileyA 2 місяці тому

      Meshtastic, Skycoins Skywire meshnet look these up.

    • @d0nj03
      @d0nj03 Місяць тому

      Only right wing extremist snowflakes keep complaining about Lula after their openly fascist former president lost the election.

  • @thedankwalrus
    @thedankwalrus Рік тому +6

    thanks for making a video about this topic, have always heard that using a VPN alongside TOR is a contentious topic but never knew why.

  • @cowz8496
    @cowz8496 Рік тому +188

    Love your content but gonna have to disagree on this one. The main point I got from this was that there’s no point using a VPN because the way that TOR works is secure enough. If TOR works as intended, where you’ve got 3 different nodes operated by 3 different entities who don’t communicate with each other, then yea, having a VPN isn’t gonna change much because no one can tie you to the exit node in the first place. HOWEVER, is there a possibility that you connect to 3 nodes all controlled by a single agency? Getting into tinfoil territory here but yes, there is a CHANCE. And if that’s the case, it’s gonna be much easier to get your data from ur ISP than a reputable VPN provider like mullvad. I just don’t think it makes sense to criticise connecting to a VPN before accessing TOR on the basis that it doesn’t add any extra security. People use VPNS on the CHANCE that TOR isn’t as secure as you’d think.

    • @Cookiekeks
      @Cookiekeks Рік тому

      If they compromised Tor, they might as well have compromised your VPN provider. At this point you are f-ed anyways. How far would you take this logic? There also is a chance that all 3 nodes, and the vpn are controlled by the feds, so should you always chain 2 VPNs together? Or 3, just to be sure?

    • @lydellackerman800
      @lydellackerman800 Рік тому

      and i hate this stupid fucking assumption that all vpns will just sell yo shit. Multiple vpns have been subpoenad and had NO evidence to hand out, im aware of PIA and Express currently, as for the "they can get your payment information" is only applicable if a single person is on the server, how would the feds distinguish me from the other 16 people routing through the server?

    • @СтасСтафеев
      @СтасСтафеев Рік тому +20

      VPN isn't recommended because four relays would make the connection uncomfortably slow, i guess...
      Plus, as Kenny mentioned, four-relay would just stand out in the Web. There is no point of the feds to hope for the whole Tor connection to fall on their servers if they can see a four-relay, subpoena the VPN provider on the end of it and sit hard on that connection.

    • @ryan-el9er
      @ryan-el9er Рік тому

      @@СтасСтафеевhow does a 4 relay stand out? how would the feds actually know it was 4 connections without investigating data from each individual node until they realize there is 4? isn’t it encrypted again at each node to prevent investigating one node from revealing which connections data was sent to which node?

    • @user-xl5kd6il6c
      @user-xl5kd6il6c Рік тому

      @@СтасСтафеев it doesn't "stand out", there isn't even a way they can count the hops. And on the VPN, that same IP is shared by a high number of users. The only thing they know on the VPN is that you are using Tor
      When/If they do get the specific IP that is using Tor that is yours, they STILL have to request your info from your ISP

  • @weathercontrol0
    @weathercontrol0 Рік тому +175

    Tor over VPN is a good choice if you want to hide the fact that you are using Tor from your ISP/Government, especially if you are hosting onion sites, a lot of traffic to the Tor network is suspicious, even though nobody know what exactly are you doing there.
    And in countries like Russia it's pretty much a necessity at this point because all tor IPs are banned and bridges are getting constantly banned too, so VPN is only reliable choice to access Tor network, in countries with little more freedom it might not be that necessary

    • @user-jq3rf4tnd3s
      @user-jq3rf4tnd3s Рік тому +17

      vpns in russia are dpi banned too

    • @Bubble23428
      @Bubble23428 Рік тому

      😂😂😂

    • @zefnine
      @zefnine Рік тому +21

      This is literally the reason Tor bridges exist...

    • @ButtMonkey985
      @ButtMonkey985 Рік тому +2

      Did you even watch the video....?

    • @dimoniysh5075
      @dimoniysh5075 Рік тому +9

      Tor works for me and i in Russia lol
      And my isp uses dpi too

  • @MrKotoCraft
    @MrKotoCraft 8 місяців тому +37

    Conclusion: Do not use internet.

  • @damiank6566
    @damiank6566 6 місяців тому +5

    As much as I like Chuck's videos I think he doesn't go into details far enough sometimes and I'm glad you did some more advanced analysis. You just earned a subscriber, sir. Keep coming vids like that

  • @pasauliite
    @pasauliite Рік тому +35

    On my opinion, the best rout is :
    Neighbours wifi -> OpenVPN on russian server -> tor

    • @ynnda6155
      @ynnda6155 Рік тому

      😅

    • @polinskitom2277
      @polinskitom2277 Рік тому +4

      hope you at least spoof your MAC if you're doing that

    • @donaldkgarman296
      @donaldkgarman296 Рік тому

      ANY AGENT WILL FIND YOU , THAT IS A RED FLAG MOVE .@@polinskitom2277

    • @darkiuplaygm0089
      @darkiuplaygm0089 Місяць тому

      ⁠ @polinskitom2277 and why is the mac address on the phone set to random on the wifi network? how would they find the right one directly? spoilers can't

  • @ReclusiveAshta
    @ReclusiveAshta Рік тому +125

    I would have to contest your reasoning. In theory a VPN shouldn't be able to see any more infomation about your Tor traffic than your ISP would. Additionally if more people used VPNs with Tor this would naturally make each individual stick out less, so it might actually be a good thing to promote.
    It's more risky for your ISP to know you're using Tor than it is for a VPN because 1) An ISP has more identifiable infomation about you 2) An ISP must be located in the same country that you're in.

    • @max_ishere
      @max_ishere Рік тому +5

      As you've just proved in your comment: there's no additional protection

    • @ReclusiveAshta
      @ReclusiveAshta Рік тому +43

      And another: 3) An ISP is most definitely keeping your logs, either to sell your data or for legality purposes, whereas a VPN isn't *necessarily* keeping your logs (as long as it's a good one!)

    • @NotKewl
      @NotKewl Рік тому +26

      This is true. Also, hundreds to thousands of users may share the same IP on a VPN and, despite Kenny being a doomer and believing all VPN's are fed honeypots logging and sharing your info, a good VPN provider probably isn't logging (whereas your ISP definitively is for some countries).

    • @sveb7632
      @sveb7632 Рік тому +13

      ​@dedhorse5720correct me if I'm wrong, but your isp may know you're connecting to a vpn, but it has no knowledge of what's being transferred between

    • @ReclusiveAshta
      @ReclusiveAshta Рік тому +2

      ​@dedhorse5720 How do you know the ISP would be able to tell using this setup? Shouldn't it only be able to see the first layer of connection?

  • @disfeed
    @disfeed Рік тому +91

    For clarification regarding China's firewall. (Also known as the Great Firewall) There is actually new technology involved with identifying VPNs. A connection to a VPN creates a TLS connection. Connecting to any normal website also creates a TLS connection. So now you are essentially doubling down on TLS connections. Shouldn't be a problem right? With machine learning, it's actually possible to detect overlaying TLS connections, and block them. This is how ALL VPN's in China have pretty much been stopped. There are some cavates but unless you have some serious Linux knowledge, and spend several hours learning, it is a really difficult to evade the GFW.

    • @GenrichX
      @GenrichX Рік тому +2

      Nah. Lol

    • @disfeed
      @disfeed Рік тому +10

      @@wetfart420 It is region based, and some VPN's will work, but thats not the main issue. The issue is payment. Almost all online payment is tracked in China, and as such, can easily be blocked. Crypto is also banned in China which doesn't help.

    • @gusfl2
      @gusfl2 11 місяців тому +4

      I do confirm what you say. For this reason, some VPN providers use innovative tactics (base64 in plain HTTP requests. The base64 is encrypted and does contain TCP traffic) instead of famous VPN protocols like openvpn

    • @woodingot
      @woodingot 9 місяців тому +1

      The vless proxy protocol's xtls feature can detect whether the traffic is tls encrypted and avoid double tls.

    • @disfeed
      @disfeed 9 місяців тому +2

      @@woodingot Yeah, XTLS is just difficult for people to set up without proper know-how. You need a client and a server. Setting up a server is quite hard while being in China, so usually you will purchase access to an XTLS server.

  • @adamwallace7638
    @adamwallace7638 10 місяців тому +2

    Sir im a 100percent using a VPN to shield myself from my ISP knowing im using Tor. I dont care about anyone else other than my ISP, they sent me letters for downloading movies on bittorrent, if theyre doing that, theyre monitoring everything and will give information that ive used Tor before, for whatever reason, to a govt agency or whoever. So if I stop that from being a possibility, i dont care how unsafe it is while im on Tor. ISP is the only person i care about

  • @dawok5689
    @dawok5689 Рік тому +210

    But I thought VPNs were 100% hackerproof because everyone said so.

    • @Thurgenev
      @Thurgenev Рік тому +65

      It is, but you also need to be mounting an unicorn with rainbow coming out of his butt

    • @Ginfidel
      @Ginfidel Рік тому +1

      lol VPNs are useless in the hands of 90% of the people who use them, but we need those people to keep using them. It normalizes VPN traffic. If 1000 more normies started using a VPN to keep themselves safe from the hackermans, that's 1000 more connections for the feds to waste their time decrypting.
      The more idiots who use VPNs because they think it encrypts their heckin wifi, the better. They're subsidzing those of us who actually use them properly, both financially through normalization.

    • @crisper1614
      @crisper1614 Рік тому +71

      @@Thurgenevthis is incorrect. The rainbow is optional.

    • @ValleyMansonOfficial
      @ValleyMansonOfficial Рік тому +32

      Those sponsored ads for VPNs are bigger liars than infommercials for Testosterone boosting supplements 🤣

    • @Kermit2k
      @Kermit2k Рік тому +4

      Same people that say tor is 100% hackerpoof.

  • @Derbauer
    @Derbauer Рік тому +83

    Hey Mental Outlaw, we appreciate you. I think your suggestion at the end, to setup a middle Tor relay for 5$ a month so that as you use Tor you also lease bandwidth upto 1.5tb or so a month, is superb and hoping that people watching this, follow suit.

    • @phxsisko
      @phxsisko Рік тому +6

      Newer DD-WRT firmware's have a TOR mode for a relay setup. I'm thinking about it since I have two of the same router flashed and capable. I'm also in the process of rebuilding my entire network to something more secure. Looking to start with a new hardware firewall (PFsense) first. Between the plugins.

    • @joer8386
      @joer8386 Рік тому +3

      Let me get this straight (and correct me if I am wrong in my understanding), you are PAYING Tor so that people can USE YOUR bandwidth? What do I get in return?

    • @Derbauer
      @Derbauer Рік тому

      @@joer8386 it's about giving back, not just taking. When you use Tor, it's because volunteers are paying for the bandwidth you use.
      So, knowing that you're indebted to the kindness and generosity of anonymous volunteers, you want to pay it forward, if you find it affordable.
      You do it to help others, not just yourself.

    • @0269_m
      @0269_m 9 місяців тому

      ​@@joer8386are you one of those script kiddies. Open source is one of the main thing we defend and live for we don't get anything but 5$ donation will help t0re

    • @rayhimmel7167
      @rayhimmel7167 9 місяців тому

      @@joer8386 that's the point, you won't be paid for a good cause, like you don't pay for using tor
      but you help millions (and eventually yourself), as hundreds of others help you

  • @ivystopia
    @ivystopia Рік тому +39

    If you are being monitored, and you only open Tor to perform an activity you do not want tracked, and you connect via TOR to a compromised endpoint - then the times TOR traffic occurred on your internet connection will correspond to the times the endpoint sees your traffic. For example, compromised webserver sees a session from 14:05 - 14:55, and your ISP sees you were using TOR for that time, then that incriminates you. Your ISP is more likely to hand over this information to law enforcement. If you are running a TOR node 24/7, or running TOR through a VPN that doesn't cooperate with law enforcement, this does not apply.

    • @EwanMarshall
      @EwanMarshall Рік тому +4

      The vpn connection at the same times does though, that has been used in a court case before to compromise one guy.

    • @NeutralOrNotTooBadStuff
      @NeutralOrNotTooBadStuff 6 місяців тому +1

      ​@@EwanMarshallWhat court case exactly?

  • @McCracken2003
    @McCracken2003 3 місяці тому +3

    About sticking out because you're combining tor and a vpn reminds me of the saying "its easier to hide in public than in private"

  • @kevinair7669
    @kevinair7669 Рік тому +3

    Continue to use VPN, as this moment , 10% of exit relays, if not more, are in the hand of a state government.

  • @ShaferHart
    @ShaferHart Рік тому +14

    Dude, there are all sorts of reasons why you might want to hide your tor traffic from your ISP. That alone is a good reason to use a consumer VPN.

  • @LuigiMordelAlaume
    @LuigiMordelAlaume Рік тому +7

    1:15 "So why is he recommending a VPN?"
    You're too nice... The real answer is he's trying to get that affiliate ad money 🤑

  • @go_better
    @go_better Рік тому +7

    Thanks a lot! Gotta educate myself more on Tor and VPS. Thankfully, you got vids on the subject.

  • @okman9684
    @okman9684 9 місяців тому +6

    The irony of using a VPN for anonymity while giving away your credit catd info

  • @sffspider
    @sffspider Рік тому +4

    0:00: 📹 Network Chuck's video on accessing the dark web in 2023 has gained popularity due to its informative content and high production quality.
    2:40: 🔒 Using Tor is more effective at keeping your traffic private and anonymous than using VPNs, but there are ways to hide your use of Tor from your ISP.
    4:53: 🔒 Using a VPN may not protect Chinese citizens from government surveillance, and criminals are often caught through simple mistakes unrelated to using Tor or VPNs.
    7:19: ❌ Mixing VPNs with Tor is a bad idea, especially using NordVPN.
    9:44: 🌐 Using a VPN to connect to Tor is unnecessary and can make you stand out.

  • @michaelplaczek9385
    @michaelplaczek9385 Рік тому +58

    No, it’s a redundant layer of security to hide your IP if a Tor Relay Node is corrupted somehow

    • @williamrutherford553
      @williamrutherford553 Рік тому +20

      If a threat actor can gain complete control of a Tor relay node and deanonymize you, then gaining access to your VPN service is a walk in the park for them. If anything, it'll just provide more evidence they can corroborate against you.

    • @TheTweaker1
      @TheTweaker1 Рік тому +9

      @@williamrutherford553 How will the VPN service provide more evidence than just connecting through your isp?

    • @daLiraX
      @daLiraX Рік тому +8

      @@williamrutherford553 that's not how this works.
      Or at least if you're not shouting your private data out there.

    • @Daveychief23
      @Daveychief23 Рік тому

      @@williamrutherford553 The thing you are forgetting is a simple cost/benefit analysis - These things can take time; The challenge how difficult it is to bypass 1 layer; It's how difficult it is to bypass SEVERAL layers. Resources, Manpower and Time is limited - if you're just some random Joe looking at memes over Tor, it's not worth the cost in time to crack every single layer. What benefit do they gain? However - If you are on the powers'-that-be's list, they are much more willing to incur a larger cost, as the benefit justifies the means.
      With that in mind, consider the following two scenarios
      Scenario 1 - No VPN, using Tor to buy drugs on your favourite onion plug.
      In this case you are one mistake/leak/disclosure away from total exposure. 1 Tor relay cracked, 1 failed bridge, a DNS leak, or any other leak of your traffic for that matter.
      Scenario 2 - VPN, Using TOR
      In this case, for your true IP to be exposed, they must gain info/crack traffic from your VPN provider, AND additionally get your TOR traffic.
      On a final note - consider this; Not all users who want to anonymise themselves do so to avoid scrutiny from their local powers; It's additionally a solid option to protect your traffic from Cyberattacks, such as a Man-In-The-Middle attack (in the case of unprotected networks). It could be for say, UA-cam Stars/Streamers who want to keep their identities private from their fans. Perhaps you don't want advvertisers going "Oh, this IP just bought a 18 inch dragon shaped dildo, Let's add "Sex Toys" and related tags to this IP and sell it to other advertisers!" when you live in a house share, student accomodation etc etc etc
      The use cases are vast, varied and wild - But let's put summarise it in simpler terms:
      When it's cold outside, do you go outside naked, because your skin should protect you from the elements? Or do you add socks.. a t-shirt.. perhaps a jacket, gloves., or a hat?
      I think you get the idea :)

    • @Daveychief23
      @Daveychief23 Рік тому

      @@TheTweaker1 Your ISP likely only has your bank account number for the Direct Debit, Your name, and whatever email address you used to register with them. In the case of people trying to remain anonymous, they likely have a "Normie" email address, and a "Dirty" email address - usually several. If you register for your VPN using your dirty address, as you're trying to remain anonymous, if the VPN service handed that over, or it got hacked and leaked... then that address is burned, alongside the payment method, tying that payment method, bank account to that dirty address

  • @verack1616
    @verack1616 Рік тому +31

    Imagine having a personality test and one of the questions is: "If you have $5 dollars what would you buy?:
    - VPN services
    - A Relay
    - A Wrench

    • @SpoopySquid
      @SpoopySquid Рік тому +17

      This feels like a question Doc Mitchell would ask at the beginning of New Vegas

  • @Verpal
    @Verpal Рік тому +6

    IMO there is like one good use case for Tor plus VPN, basically to cross the GFW of China using VPN before using Tor in your destination, using VPN to cross GFW can trigger less alarm than Tor, depends on how you set it up.

  • @Charles.Foster.Offdensen
    @Charles.Foster.Offdensen 11 місяців тому +1

    Thank you! That video felt like such a joke - just one giant ad, masquerading as a tutorial, and that bothers me, since I know people believe a lot of the things they see, and won't understand that. It's good to see anyone actually suggesting to people not to use a VPN for this - it wasn't the first video I've seen recommending it ! The VPN sponsoring tuts are illegal when the channel doesn't say it's an ad. Nobody seems to care enough
    Anyway, I think Tails would be the best thing to use. It all really does depend on your threat model - people dont talk about that enough on YT... i like that it was done a bit here

  • @YatoGod-l1j
    @YatoGod-l1j Рік тому +2

    Tor weakness is the exit node. I agree though the ISP like in China can see your connected. It would be best to hide these details.

  • @gilgabro420
    @gilgabro420 Рік тому +11

    Well it might make sense to create your private VPN in a country that has good privacy regulations and connect that way. You can make yourself sure that the data gets deleted that it can't be tracked back to you.

    • @realcartoongirl
      @realcartoongirl Рік тому +6

      the vps gonna expose you

    • @lydellackerman800
      @lydellackerman800 Рік тому +3

      the issue is that you are the ONLY person routing traffic through it, so they theoretically have an infinite amount of time to slowly figure out who you are by habits, a public (paid / no log) VPN is much safer as its much harder to distinguish who is who

  • @robihr
    @robihr Рік тому +13

    eldo kim example is why tor may not be enough. he emailed bomb threat to harvard uni to avoid taking exam and when FBI checked logs from harvard network they found that only he was using tor at that time. certainly it is edge case, but it shows that there are use cases where vpn is desirable with tor.

  • @user-di5wj8is7i
    @user-di5wj8is7i Рік тому +44

    They only need to monitor the first and last hop to de-anonymize you. All VPNs are likely monitored, they don't have to go after the VPN company, they can go after datacenter, or one of the hops they use.
    Tor has guard rotation. When you use a VPN you're effectively giving yourself another permanent first hop. If they compromise the VPN company, Tor's guard rotation feature becomes effectively useless (on the scale of a well-funded attacker).
    Basically, on a large scale, it's easier for the feds to monitor every VPN connection than every ISP connection, or entry node connection. Decentralized is better. VPN undoubtedly decreases your anonymity.

    • @aronm5329
      @aronm5329 Рік тому +3

      Nord isn't monitored. They make that their biggest advertising pitch

    • @cyxceven
      @cyxceven Рік тому +39

      @@aronm5329 LMAO

    • @LuciferArc1
      @LuciferArc1 Рік тому +5

      But the fed runs tor. They own it. They already know everything within tor

    • @LuciferArc1
      @LuciferArc1 Рік тому +13

      ​@aronm5329 nord lies. Fine print says they do and they've already given information over before. They're required by law to keep logs and give them over

    • @testacals
      @testacals Рік тому +10

      @@LuciferArc1 Tor is open source, so everyone knows everything in tor. Feds doesn't run tor nodes though.

  • @Tech-Subsequent
    @Tech-Subsequent 2 місяці тому

    Sir, it is interesting that you brought this subject up. I also saw Network Chuck's recent video and I was a bit confused, he actually warned people about using a VPN and Tor in one of his earlier videos about Hacking.

  • @crazycrazy7710
    @crazycrazy7710 Рік тому +3

    This video proves that not all voices deserved to be taken seriously

  • @GameCode64
    @GameCode64 Рік тому +34

    What i used to do on high school was routing SSH tunnels over ports 80 and 443. Because all other outgoing ports were blocked. So because i used those to route my 2 servers with SSH tunnels, i was able to use the TOR browser. But i didn't do it to hide the connection. Just to make the connection. :D

    • @qlippoth13
      @qlippoth13 Рік тому +16

      Normally just looking on the lab proctor's desk for a sticky note will yield a password for elevated access.

    • @TeaInTheMorning-we2kh
      @TeaInTheMorning-we2kh Рік тому +11

      The admin password at my school was just the name of the school with no caps or spaces haha

    • @arandomcommenter412
      @arandomcommenter412 Рік тому +6

      I like your funny words magic man

    • @GameCode64
      @GameCode64 Рік тому +1

      @@qlippoth13 Well it was mostly bring your own device. But the network had those ports disabled for students, teachers and even the inhouse IT manager. So it didn't matter if you were on one of their computers or on your own computer plugged into the network with cable. Or connected to WiFi. Only ports 80 and 443 were open outgoing.

    • @qlippoth13
      @qlippoth13 Рік тому +1

      @@GameCode64 Ah yes, things have come a long way since the days of the PDP-11/70

  • @anispinner
    @anispinner Рік тому +29

    VPN is used by over a billion people daily, while TOR is by a couple of millions. I can hardly see how can you stick out less by using TOR.

    • @nottifps
      @nottifps Рік тому +9

      Using a vpn blocks tors own hob changing so u basically have a permanenr hob that can be tracked while using vpns

    • @LuciferArc1
      @LuciferArc1 Рік тому

      ​@nottifps but tor is literally ran by the feds

    • @user-xl5kd6il6c
      @user-xl5kd6il6c Рік тому +6

      A VPN is another person's PC, there's nothing particularly special about it
      When a cop see's an IP from a VPN, they can ask the VPN provider for info
      When they see a Tor IP, they cry and run to their mom, because there's no way they will directly identify you or your traffic

    • @user-xl5kd6il6c
      @user-xl5kd6il6c Рік тому +3

      @@nottifps All your Tor traffic would pass from the VPN first, but there isn't a relevant difference from all Tor traffic passing from your ISP either
      Do you trust your ISP more than your VPN provider? If so, change your VPN, because it isn't doing anything for you

    • @temp50
      @temp50 Рік тому

      @@user-xl5kd6il6c"they can ask the VPN provider for info" And that "info" would consist to things: source addr will be the IP your ISP gave you and the destination IP will be the IP of the circuit guard. I don't see the problem here with VPN to be honest.

  • @nupersu6307
    @nupersu6307 Рік тому +17

    I used to use tor with vpn in Russia since finding a bridge which isn't blocked was very hard. So there is some use for vpns with tor

  • @papahlamidas
    @papahlamidas 11 місяців тому +1

    I can totally agree that it seems like a money grab from his part at the same time it is an advertisement for tor which is a win win if you ask me.
    The sad part is how anonymity is connected to illegal activity.

  • @Nickname2Two
    @Nickname2Two 9 місяців тому +1

    Some univeristies ban access to and traffic trough tor and you can get expelled for that so runing inital connection via vpn allows you to remain undetectable. And they use only basic monitoring

  • @PanicOregon
    @PanicOregon Рік тому +51

    Thing is if someone wants to hide the fact they're using Tor from their ISP, a VPN isn't entirely necessary or really even a Valid option due to things like Super-Cookies some ISPs embed on the packet when it leaves your network.
    Instead i would say obtain a private server or even an anonymous private server from a host that accepts XMR, and host an encrypted connection VNC to that server which you will run the TorBrowser or even a Tor node off of.

    • @Ginfidel
      @Ginfidel Рік тому +13

      Super-Cookies? Wanna cite that, friendo? How is the ISP embedding this? Through the router they provide? You know, the one people should never be using if they care about security? Through the ONT? You know, the media translation box that has less CPU power than an arduino board? If they're waiting until the backbone to do it, they're gonna have a bad time appending anything customer-specific without bottlenecking it into oblivion.

    • @PanicOregon
      @PanicOregon Рік тому +11

      @@Ginfidel it's an much older thing, some ISPs don't do it anymore. But yeah the ISP embeds the 'super-cookie' on the packet when it leaves your network, if i remember correctly it's after it leaves your home network it's done on the ISP level through their infrastructure.

    • @Nathan_Woodruff
      @Nathan_Woodruff Рік тому +10

      If the super-cookie is embedded in http headers, using a vpn or even just https will prevent it from being added.
      If the super-cookie is added at the transport layer, it would still be stripped at the vpn provider since it can only be applied to the outside of the tunnel, not the data contained within. That means at most your vpn provider will be able to see the ID, which is irrelevant because they have your IP, which is already more than enough for a capable adversary to identify you.
      The same risk applies to renting a cheap vps since your vps provider can see this ID along with your IP, but this option is far easier to track via externally monitoring their network, since you are the only one connecting to it.

    • @ModPapa
      @ModPapa 11 місяців тому

      how the hell can a super cookie be placed into HTTP headers, if the HTTP request itself is encrypted with TLS? Please explain.

    • @PanicOregon
      @PanicOregon 10 місяців тому

      @@ModPapa The supercookie is placed after it leaves your network, you would need a external server for it. The full packet is not normally encrypted tho, as the WAN needs to be able to read the IP, and a couple other headers to know where it goes.

  • @Noneofyourbusiness2000
    @Noneofyourbusiness2000 Рік тому +74

    You haven't convinced me. How are they going to realize you are using a VPN with Tor any easier than they could figure out your IP address while using Tor without a VPN?

    • @ToeTV247
      @ToeTV247 Рік тому +1

      Did you even watch the video?

    • @Noneofyourbusiness2000
      @Noneofyourbusiness2000 Рік тому +51

      @@ToeTV247 give me a timestamp.

    • @garretrocha8
      @garretrocha8 Рік тому +9

      bro watched 1 minute of the video and says you haven't convinced me

    • @vincenthills5024
      @vincenthills5024 Рік тому +66

      ​@@ToeTV247if you think the answer is mentioned in the video why don't you actually cite it because it was not mentioned

    • @btuh-g7x
      @btuh-g7x Рік тому

      ​@@vincenthills5024im 5 minutes in and i already got an answer. VPNs and tor bridges offer the exact same service except tor bridges are free and not run by a company approved by the government.

  • @classicallibral5903
    @classicallibral5903 Рік тому +9

    Maybe combine everything: proxy + reverse proxy, then Mullvad than tor, and just for in case a proxy or reverse proxy gets hijacked have a couple, and make em switch every so often, randomize it, make it a headache, even for your self to track where a traceroute begins and ends, than you know you are reasonably secure, you could of course add anything in the mix :)
    And watch Three Days of the Condor 1975, good movie :D That work he did with those phones was just pure gold :D

    • @jon.schnee
      @jon.schnee 11 місяців тому +4

      Technically this would work right? But the internet speed would be slow as a snail or no?

  • @cartossin
    @cartossin 9 місяців тому +4

    Glad someone said it. I really hate the thoughtless "Just add more layers" approach to security.

  • @PatrickDAllen1
    @PatrickDAllen1 5 місяців тому +3

    Install Orbot on your Android phone and let it run with "Relaying" turned on.
    Your phone automatically becomes a non-exit, tor relay. Free of charge.
    Turn "Kindness Mode" on, for Orbit and you can also make your phone act as a snowflake proxy too.

  • @apIthletIcc
    @apIthletIcc Рік тому +11

    Chuck made a video recently suggesting email users put a '+' character in their email address, but only lists the pro's of doing so and never mentions anything about the bad side if it. Please make a video about putting a plus symbol in email addresses. Needs to be done imo, since the biggest issue of doing that, is kinda a monumental fuck up if it goes wrong.

    • @internetrules8522
      @internetrules8522 Рік тому +3

      What would the duck up be? It seems like a generally good practice as long as your fine with maybe some sites erroring, or some stuff still getting sent to your normal non plus email

    • @apIthletIcc
      @apIthletIcc Рік тому

      @@internetrules8522 Impersonation is alot easier for a bad actor to pull off if you use the plus symbol. It comes down to how certain servers internally would interpret the characters. There's alot more to it but thats the safest simple explanation I can offer.

    • @revelmonger
      @revelmonger Рік тому +4

      What would be the issues with that? I use it all the time with proton to filter my emails into folders.

    • @apIthletIcc
      @apIthletIcc Рік тому +3

      @@revelmonger I replied to this question above ^ ^ Better to err on the side of caution. My point really is simply the fact Chuck only states the pros and doesnt mention the cons, and thats not good imo.

    • @internetrules8522
      @internetrules8522 Рік тому

      for some reason you first reply to me was hidden so i had to find it by sorting comments in the newest first method. but ok ya if we assume the server treats plus like a dot or something, then there might be some potential attacks you could do to like reset password or some other things. any reccomended further reading or watching like a defcon or something? @@apIthletIcc

  • @specthegod
    @specthegod Рік тому +251

    Kenny having the peoples back, as usual. Alwsys sharing as much as he can to keep people with less knowledge than him safe... I really hope you continue to make videos like this... because privacy is a human right that is slowly being STOLEN from us by governments/large tech companies... so wr need people like you on our side, now and especially in the future.

    • @dannydetonator
      @dannydetonator Рік тому

      Yes, but you can add private mercenaries, scammers and black-hat crackers to the list. Internet is fckd though, big time.

    • @cooloutac
      @cooloutac 11 місяців тому +5

      Or he's making you a victim. Claiming a VPN doesn't necessarily add to your privacy and makes you stick out more than just using tor.. are not valid reasons to not use a VPN imo and I actually find it suspicious he's claiming they are. I clicked on the video thinking he was going to give me some actual technical reasons of how a vpn breaks the privacy of Tor but I should have known better.

    • @garychap8384
      @garychap8384 2 місяці тому

      @@cooloutac He's wrong : /
      Well, not entirely wrong... but he's looking at all this from a very western perspective. A perspective where just visiting an entrypoint won't get you tortured or imprisoned without trial. Unfortunately TOR use is visible... Many of the TOR 'Helper Addresses' can be harvested... and that's a problem for SOME people in SOME countries.
      The solution, currently, is obfuscated VPN's that are set up to hide within HTTPS traffic in such a way that no VPN use can be ascertained and the public content offers full credibility. I know some Chinese examples of this, that beat the active state blacklisting attempts and the potential persecution of users.
      TOR-over-VPN can be absolutely essential. But it has to be set up properly according to the specific threat model and thus commercial VPNs often just don't 'cut it'.
      General handwaving based on the general western case, just pollutes the information space unnecessarily : (
      I hope Outlaw one day revisits this topic with some, much needed, nuance.

    • @cooloutac
      @cooloutac 2 місяці тому

      @@garychap8384 eh, he's just repeating what most people say unfortunately. Its probably a narrative put out there by the government, who want to monitor our every little action through our isp's, whom as has been revealed the past 4 years are possibly under the control of the axis of evil.

    • @cooloutac
      @cooloutac 2 місяці тому

      ​@@garychap8384 "set up properly for the specific threat model" Yeah, we hear that fluff all the time, but what does that even mean? lol. and while you at it what do you even mean by "western case"? I think the truth is discouraging vpns is only in the interest of government surveillance no matter how you cut it. Tor is just not practical for most people and as you say maybe even less safe to use than a vpn. The problem is picking out a trustworthy vpn that won't cave to government backdoor pressure.

  • @bow-89
    @bow-89 Рік тому +7

    Fun Fact: If you aren't the head of a big criminal conspiracy or admit to some horrible shit, your only worry is a bored employee tha somewhat enjoys his job at Interpol.

  • @KrzysiuNet
    @KrzysiuNet 4 місяці тому

    I saw this video and when that dude told about VPN, I jumped right to the comments to comment on the absurd of it. But people in the comments already recognized that adding an attack vector isn't making things more secure. I'm very glad you made video about it, because VPN brainwashing needs to be stopped.

  • @xXx-lfg
    @xXx-lfg 10 місяців тому +1

    VPN + ToR on Tails has nothing to do with them doing the same thing. That's not why you use a VPN to connect to ToR.

  • @ABRetroCollections
    @ABRetroCollections Рік тому +3

    The informed recommendation is not to use TOR at all. There are too many law enforcement controlled endpoints which sacrifice your anonymity. Freenet is the better alternative and allows for stricter network connectivity between yourself and trusted nodes. FYI: VPN has no relevance on the L2 Data layer anymore as most VPN solutions use IPSec now, which lives in the L3 layer with L4 for SSL. L2TP VPN's should be avoided at this point.

  • @mollymcghee2220
    @mollymcghee2220 3 місяці тому +3

    Since my data is encrypted by the VPN, I'll stick to that.
    I don't want Ma to know anything....

  • @mattjax16
    @mattjax16 Рік тому +14

    Network chuck was sponsored by Nord VPN smh

  • @prague5419
    @prague5419 Рік тому +2

    A serious caveat to the statement "don't use a VPN with TOR", if you're going to download torrents you MUST USE the VPN with TOR. Tor will not protect you once the torrents start transferring.

  • @MatheusFinatto
    @MatheusFinatto 3 місяці тому +1

    Wait.... If the feds go to nord vpn and get the tor users, they still need to crack the tor relays to get the IP. And still, nord vpn say they register no logs from users. so they wouldnt even know that you were using Tor network, different from your local ISP.
    Am I missing something?

  • @noodlessoul8356
    @noodlessoul8356 Рік тому +8

    "Tor establishes new circuits every 10 minutes". Doesn't the 1st server (guard) remains the same all the time unless you reset the browser?

    • @UndercoverDog
      @UndercoverDog Рік тому +2

      Not for ever. Only for some weeks to months.

    • @Ginfidel
      @Ginfidel Рік тому +1

      delete the file named *torrc* to force it to look for a new guard node next launch
      i mean, i wouldn't know anything about it

    • @keylanoslokj1806
      @keylanoslokj1806 Рік тому

      ​@@Ginfidelcan you write a script that does this automatically?

  • @doyoufeelathomehere
    @doyoufeelathomehere Рік тому +7

    The only thing I gathered from this video is that's a sick hoodie

  • @leapbtw
    @leapbtw Рік тому +16

    hey MO, can you please add shipping to Europe on based win? Thank you for your content ❤️

  • @austiniscoolduh
    @austiniscoolduh Рік тому +1

    Thank you Printer_Pam for shoving this tip down our throats on the DNM subreddit back in the day. You were my favorite Fed! (iykyk...)

  • @djohanson99
    @djohanson99 7 місяців тому

    Good advice. Please watch. And if you don't understand then figure it out. It's important that you understand the technology that makes this work. Start with the 7 layer OSI model of how network communication works.

  • @AutoNoOne11
    @AutoNoOne11 2 місяці тому

    Wow, I must actually be learning in my networking class, as I was able to follow along with most of the terminology in this video

  • @jonaharagon
    @jonaharagon Рік тому +5

    I'll have to respectfully disagree with the argument you make in this video. I think you overlook some realistic scenarios where you'd want to hide your Tor usage from a local network administrator which aren't government-related, and you repeat some common misconceptions about this topic which don't really hold up under scrutiny. I know UA-cam doesn't like links in comments, but I posted a complete (long) response to the points you've made in this video on the Privacy Guides forum under the post titled "Clarify Tor's weaknesses with respect to observability" if you or anyone are interested.

  • @daLiraX
    @daLiraX Рік тому +9

    One should say, VPN usage in China is generally ONLY allowed under very strict regulations, company allowances usually (since that's where it's mostly used at the end of the day), besides state workers.
    BUT the actual tech trying to combat the GFW out there is actually amazing, new protocols (or old ones newly used like SSH) header encryption, obfusciation, multi tunneling, etc, etc.
    At the end of the day, it's what you trust more... but if you're not stupid about it, and mostly watch your opsec... it's usually too much of a hassle for anyone.
    If you're paranoid, multitunneling is not a bad concept as of today, and you kinda get the idea which companies give you access to do it with another VPN service and which do not (or per se don't even allow it). So for the average paranoid, something like Mullvad to Cryptostorm, with token payments, is pretty high up there.
    Message in general should be: Stop using bad connections and services.

  • @The_Privateer
    @The_Privateer 3 місяці тому +7

    "sticking out like a sore thumb" and "looking suspicious" is not illegal. In a country that follows a rule of law, you can look as suspicious as you want and not be breaking any laws that are attributable to you. Like you said - the true problem is OPSEC of your personal data *outside* of VPN and TOR.

  • @woman-at-arms
    @woman-at-arms 6 місяців тому

    Even if a VPN provider really doesn't keep logs etc., they can be compelled to start saving logs for you specifically after your account comes to the attention of whatever agency, etc.

  • @Rocko2552
    @Rocko2552 Рік тому +2

    Based on everything mentioned in this video, the title of this video should be "Stop using Tor With VPNs if you're committing a crime". There's nothing about VPNs making the connections less secure. The major point presented is that VPNs are more likely to be flagged. I, for one, don't actually agree with this, but that's just my opinion. However, even if true, it's only a problem if you're engaging in criminal activity. I personally believe, though not nearly impossible, it's significantly harder for law enforcement to track you down when using a VPN, as it requires more steps and fail points. Not only do you need a judge to sign off on a court order, but you also need the VPN company to record logs. So at most the information that would be shared would be e-mail and payment data. Any company that promises no logs would not put themselves at risk of a lawsuit.
    Also, VPN usage is very common these days. Even my mom uses a VPN, so she can watch Netflix/Prime from different regions. Due to how common it is, I don't think VPNs are viewed the way it once was by law enforcement.

  • @HollyTroll
    @HollyTroll Рік тому +41

    Don't use tor with VPN so u wouldn't stick out to the feds.... Don't forget to buy the "COME AND FIND IT MONERO HOODIE" 😂❤

    • @alien3.0c
      @alien3.0c Рік тому +2

      lmao, every single time

  • @phitsf5475
    @phitsf5475 Рік тому +26

    I always believed the idea behind using a vpn was to hide tor activity from your isp

    • @Luckyluckyluc
      @Luckyluckyluc Рік тому +4

      It's a question who you trust more - your IPS or some VPN company...

    • @jmd489
      @jmd489 Рік тому +39

      @@LuckyluckylucI would take a VPN company over any ISP. ISPs don’t give a fuck about you and literally have more info than VPN providers would have.

  • @Wolfrich666
    @Wolfrich666 Рік тому +5

    Nord VPN might as well be a honeypot by what ive heard, it would be like sending a private message to your FBI agent so it checks on you while on tor XD

  • @WcaVR
    @WcaVR Рік тому +1

    hi! So i'm just replying on the section you mentioned only 2 reasons to hide tor from the isp & i wanted to include the whole of Australia as a 3rd.
    We have meta data collection laws here. it stores for a minimum of 2 years. I think you shouldn't lose your privacy, even if you're doing nothing wrong.
    Using Tor may leave an Australian like a privacy break spotlight on is now on you with the metadata collection.
    knowing this law exists is like having someone stand behind you at a public place and read your screen.
    anywayz, thought i'd throw that out to ya:)
    okay byeeee :)

  • @the_true_hier_to_the_sharingan
    @the_true_hier_to_the_sharingan 11 місяців тому

    Man, this is what I was looking for. The video should have another title as well - "How to hide from your ISP that you are connecting to TOR?"