• PhilipTheBucket@ponder.catOP
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      11 days ago

      Tor is for oppressive countries where anonymity and misdirection are more important than performance. It’s literally worse than a VPN in every single way unless you’re concerned with a major country coming for your head.

      So it’s… … more secure? I generally agree with this statement. The performance is worse, which makes it unsuitable for some things.

      VPN is not “a browser”, it’s a network stack. It is separate from whatever you use for a browser. If you use Tor, you still use a browser.

      Yes, which makes it kind of silly that you originally highlighted a vulnerability in the browser as a problem with Tor. Tor is also a network stack, but it’s most often used through a bundled-in specific Tor browser, which sometimes has vulnerabilities. Most VPNs don’t bundle a browser, but the browser that’s using the VPN still sometimes has vulnerabilities. They stand in exactly the same relationship, in terms of vulnerabilities in the browser. Neither one is better than the other. That’s the point that I was making. I can absolutely assure you that I understand the technologies involved.

      • kitnaht@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        11 days ago

        It’s less secure. Tor encrypts your BROWSER data. VPN encrypts ALL of your data. Your browser isn’t the only thing that you have to worry about regarding privacy.

        Do you see how that would make Tor less secure than VPN? Is that clear?

        • PhilipTheBucket@ponder.catOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          11 days ago

          I think you should share this way of looking at security with some security professionals, and see what they say about it.

          I know some people who recently wrote an article, for example, which said among some other things:

          The simple answer is that you can’t and shouldn’t trust either free or paid VPN providers. … For some, using a VPN can be as dangerous as not using one.

          And your government can seek grounds to demand access to your browsing data anytime it wants — including retroactively — which can also include demands to access data from VPN providers, defeating the very point of the privacy you sought.

          Security experts consider the Tor network the gold standard of private browsing because it allows you to access the internet without censorship or surveillance.

          Instead of relying on a single tunnel to hide your internet traffic, Tor works by encrypting and routing users’ internet traffic through thousands of servers around the world, shielding their activity from other servers and the outside world. Because of Tor’s implementation, no single Tor server can see your browsing data. That means even if a Tor server is compromised, the attacker still cannot access the users’ browsing data within.

          Because Tor is open source, anyone can inspect its source code to ensure that it’s safe to run.

          And so on.

          You’re not wrong that a VPN will shield your non-web traffic, and if you’re doing something sensitive outside of HTTPS and the associated DNS, then Tor won’t help. It also won’t prevent someone from stealing your car or breaking into your house. And, the same very serious vulnerabilities that apply to free or commercial VPN providers will apply to all of that non-web traffic.

          The same article with the above useful tidbits of information also includes a guide to setting up your own VPN, which can be made actually extremely secure against some threats, if you do want to secure non-web traffic. Tor is still much better at protecting your web traffic, assuming that you’re doing something for which it is suitable.

          Hope this helps. Let me know if you have any questions.

          • pineapple@lemmy.ml
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            11 days ago

            There are ways to send all of your internet traffic over tor. For example tails os does it by default.

            And tor is definitely more secure than a vpn. Any VPN company can just log all your internet traffic and sell it if they want to. Compared to tor you will need to gain access to at least 2 nodes that the internet traffic goes through in order to get any mildly useful information, that is significantly harder than with a VPN.

            Also I just wanna say arguments like these are so fun to read