I know torrenting over Tor is bad, because it steals bandwidth from those who really need it. But if I had qBittorrent (binded to Mullvad) running in the background and then started running Tor Browser, would that negatively affect the network?

  • catsup@lemmy.one
    1·
    8 months ago

    Then you wouldn’t be torrenting over Tor, you’d be torrenting through a VPN. And also using Tor with a VPN, which is not recommended.

    • jet@hackertalks.comEnglish
      1·
      8 months ago

      For more reading https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN

      You can route Tor through VPN/SSH services. That might prevent your ISP etc from seeing that you’re using Tor (VPN/SSH Fingerprinting below). On one hand, VPNs are more popular than Tor, so you won’t stand out as much, on the other hand, in some countries replacing an encrypted Tor connection with an encrypted VPN or SSH connection, will be suspicious as well. SSH tunnels are not so popular.

      Once the VPN client has connected, the VPN tunnel will be the machine’s default Internet connection, and TBB (Tor Browser Bundle) (or Tor client) will route through it. This can be a fine idea, assuming your VPN/SSH provider’s network is in fact sufficiently safer than your own network.

      Another advantage here is that it prevents Tor from seeing who you are behind the VPN/SSH. So if somebody does manage to break Tor and learn the IP address your traffic is coming from, but your VPN/SSH was actually following through on their promises (they won’t watch, they won’t remember, and they will somehow magically make it so nobody else is watching either), then you’ll be better off.

    • PP_GIRL_@lemmy.world
      0·
      8 months ago

      Just commenting to agree with you. I see way too many “OpSec bros” on Lemmy try to say that using a VPN with Tor is a good idea

      • jet@hackertalks.comEnglish
        1·
        8 months ago

        I’m one of those opsec bros. I tunnel all of my traffic through a VPN, that I can pay with anonymously. That means my local ISP does not get direct view into the traffic I’m creating.

        When I browse tor, it is on top of that always on VPN. It is sufficient for my threat model, I have thought about it, and I am happy with that trade-off.

        In my circumstances my local ISP, is less trustworthy than mullvad. My local ISP is required by law to keep a record of all traffic flowing through it, so I lose nothing by using my VPN. In fact my VPN is strictly better, because they say they don’t log all the traffic… And even if they do, it just falls back to the same level of crappiness that my ISP has.