Thoughts on Tails not allowing a VPN.

[Waterwater10 2]

Tials, the TOR OS actively disallows the use of a VPN. I was reading their reason why, but I'm not sure about it. 

 

Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).

Similarly, we don't want to support VPNs as a replacement for Tor since that provides terrible anonymity and hence isn't compatible with Tails' goal

https://tails.boum.org/blueprint/vpn_support/

So, they say it's less secure, but on the off chance you get connected to all servers owned by the same person, they can then trace it back to your physical address. Even if the VPN provider obtains logs, they would still then need to go through a process to get the info off the company.

 

I don't understand how having a VPN connected (especially if the VPN doesn't keep logs) can be less secure. Your physical location is a "permanent entry guard", surely it's better to have a VPN as the permanent entry guard.

[zhang888 1066]

The statement is correct because not all VPN providers are the same, and most of them do keep logs.

In order to avoid biased reviews and recommendations, they suggest the use of Tor instead of a VPN,

in which case the anonymity is better than with some VPN providers who keep logs.

 

You can still manually install OpenVPN, but in this case Tails might not be for you, something like Whonix

will be more flexible with such setups.

[Waterwater10 2]

The statement is correct because not all VPN providers are the same, and most of them do keep logs.

In order to avoid biased reviews and recommendations, they suggest the use of Tor instead of a VPN,

in which case the anonymity is better than with some VPN providers who keep logs.

 

You can still manually install OpenVPN, but in this case Tails might not be for you, something like Whonix

will be more flexible with such setups.

 Do you suggest that VPNs that don't keep logs do make it more secure?

[mimosa67 1]

It makes sense to use tor inside a VPN because more people use VPNs than tor, so it is a bigger target. The VPN might not make the connection more secure, but it makes it less conspicuous.

 

This is especially relevant in countries such as Turkey where the authorities regard tor use with real suspicion.

[Staff 9972]

On top of all of the above, you can always use Tor after you have connected to some VPN server. So Tor usage can not be detected by your ISP, your government or anybody wiretapping your lines.

 

Also, Tor can't support UDP, of course, so a VPN can be used to tunnel UDP traffic with a strong protection against anybody sniffing your traffic.

 

Kind regards

[nashh 0]

I think Tails should make an option to allow VPN exit / entry nodes at startup, just the same as administrator privelages or persistent drives.  The problem with running exlusively from Tails and Tor is that you can't access the entire internet.  For example, my banks disallow a login through Tor.  So to login with my bank, I'm forced to use my regular operating system and risk being compromised.  I'd love to access my banks through Tails and Tor for security, but alas, I cannot unless exit node VPNs (like Air) are allowed.

 

Granted, I can use the unsecure browser.  I'm not compromised since I'm using Tails on a fresh restart.  But this has the drawback of exposing my IP and allowing my ISP, hotel, coffee shops, etc., to know where I bank.