You should not do this. It is at best useless, at worst strictly negative.
A VPN tunnels all your traffic through their own servers, so they are a single point of failure roughly equivalent to your ISP. Anyone with access to the VPN servers could spy on all of your traffic, completely bypassing Tor. If you pay for the VPN with a credit card, you can be easily identified.
> You should not do this. It is at best useless, at worst strictly negative.
Whenever people write this comment I get the same vibe as when people say that all the recipes in The Anarchist Cookbook are rigged to fail - however I’m in a much better position to judge the technology then the chemistry.
Adding in the VPN (which you should already have and use regularly) before the first Tor guard or bridge node has several benefits - it obscures your usage of the Tor network by a causal observer at the origin (the FBI said they could tell Dread Pirate Roberts was using Tor from the ip addresses, just not what he was using it for - though they did note he was active on Tor during periods Dread Pirate Roberts was active although that alone wasn’t enough for a warrant), it obscures your origin ip to the causal observer at the guard or bridge, your activity is mixed with all other vpn users using the same vpn server(s) - some VPNs add a layer of indirection by routing your traffic through two servers, and it increases the total number of nodes your traffic flows through by at least 1 - unless you do a compile time change to increase the length of the route.
The risk of a party having control of both your vpn and all the tor servers in your path is not zero but at that point the universe pretty much wants you to be found. Should have gone to those Wednesday pot-lucks and put a little more into the building fund. ;)
The person in the article did not use a vpn and they traced the traffic to his mom’s house - amendment to the Ten Commandments of Selling Crack, “Don’t sell crack where your moms at”.
Paying for a vpn with a credit card doesn’t make you identifiable, the list of suspects is everyone who uses the vpn, or knows someone who has a password, or works for a company that maintains a pool of corporate accounts. Most VPNs don’t link outgoing connections to back to users, just so they don’t have to deal with people asking those sorts of questions.
It's not a good idea, but not for the reason stated here.
The TOR client will establish a tunnel OVER the VPN to the entry node, so the VPN provider will only see this encrypted traffic. The VPN server cannot spy on you.
When you connect to TOR it carefully selects your circuit for diversity over the Internet between each hop (for example avoiding your entry and exit nodes not being on the same service provider). By using a VPN your opening the possibility for something to go wrong here.
The situation is different, think about nodes and encrypted channels between them.
If you encrypt traffic on your host properly and send it off to a remote host, your ISP (node(s) in between) sees encrypted traffic.
If you create an encrypted VPN connection to a VPN providers server and then configure a second encrypted connection (e.g. through Tor) from that VPN providers server to a remote host, then your VPN provider is able to see exactly what happened on that VPN providers server; since that’s where the encryption (and decryption) happens.
You should not do this. It is at best useless, at worst strictly negative.
A VPN tunnels all your traffic through their own servers, so they are a single point of failure roughly equivalent to your ISP. Anyone with access to the VPN servers could spy on all of your traffic, completely bypassing Tor. If you pay for the VPN with a credit card, you can be easily identified.