PrivacyTechPro tip: Using an always-on VPN is recommended good privacy practice. However, there are other ways of tracking your specific device on the internet.
For example, if you forget you logged into Google Chrome with your real account and real name or you forgot to log out of Gmail and you visit a website with Google tracking, the site (and Google) may still be able to identify it is you browsing their site based on your device and browser fingerprints (screen resolution, installed fonts etc) and your Google login, even though you are using a VPN to obscure your IP address.
Here are a few ways this could happen:
Websites using Google sign-in - Some sites offer "Sign in with Google" as an option. If you use this to log into a site in Chrome, the site will know your Google account and can associate your activity with that account.
Cookies from Google services - As you browse the web logged into your Google account, Google may place cookies on sites you visit that could identify you to those sites. For example, if a site has integration with Google AdSense or Analytics.
Browser fingerprinting - Through techniques like collecting information about your browser, plugins, system fonts and other details, sites may be able to uniquely "fingerprint" you and track you across browsing sessions. Being logged into Google could be one detail contributing to a fingerprint.
Using a paid always-on VPN (#IVPN, #Mullvad VPN, #Proton VPN) while using Tor helps mitigate this risk when you need extra privacy by going beyond just obscuring your IP. It has anti-fingerprinting technology that makes you look the same as other users on the network.
Do a side by side test with VPN + privacy browser (#Mullvad, #Librewolf) only, VPN + regular bowser, and VPN while using Tor to see the difference with what can be known about your device here:
https://www.deviceinfo.me/
#cybersecgirl #privacytechpro #tor #vpn #privacy
1. Mullvad is a superior VPN for multiple reasons, and is worth switching from another provider like Proton or Nord
-- i don't recommend nord, but i do also recommend proton vpn. if you only want a vpn, mullvad is where it's at.
2. Running Tor - for any viable usage - through a VPN is fine, because you’re really just evaluating whether your VPN provider or your ISP knows you’re using Tor, and while neither can see the activity, you’d rather a quality VPN service be aware of Tor usage than a “definitely captured” ISP like Verizon or Spectrum
-- basically yes. tor over vpn (tor through vpn). there is more to evaluate, but it is riskier to turn off your vpn, then connect to tor, forget to reenable then expose your ip or trust your isp over a respected no log vpn provider.
also, if you don't have a vpn enabled, surfing http (unsecured sites) on tor can be used to deanonymise you by a malicious tor exit node etc (same with clearnet). this was a rebuttal to the argument made in the video.
3. If you’re aiming to cover the lowest-hanging fruit, but aren’t ready (or feel it’s currently necessary) to make the full shift to a de-googled Graphene phone and TailsOS, then simply running an always-on VPN like Mullvad for benign web activity should gain a significant amount of privacy with minimal inconvenience.
yes i recommend using an always-on vpn as i outlined. it's a basic first step re: the post, and yes to grapheneos, but with qubesos with whonix for a daily driver os. tails is awesome for what it is but it is not a daily driver per se, it's more for one and done stuff (this depends on your threat model).
tl;dr: use tor over (through) vpn. keep your vpn always-on (except for banking and other sites/apps that don't play nicely with it...you can use splittunneling to bypass vpn traffic for those). also, fyi amethyst allows you to connect through a tor proxy via orbot.
Showing page 1 of
1 pages
