VPN + Whonix, or No VPN?

The thing with VPNs is that you add one more point of failure in the whole setup. There were providers who gave out logs despite claiming not to save them.

In the eyes of ISPs you already on the ‘weirdo, potential criminal list’ by using either. Most technician there, even the first party ones know only how mainstream stuff works, the only time they hear of TOR is on those darknet horrorstories on youtube.

Imo if the TBB documentation says no, then its no. If you desperately need to login somewhere, thats what obfs4, meek bridges and snowflake are there for. I rarely have problems with them, only the initial connection time was a bit slow.


I only connect to the internet with a VPN. The last time I downloaded ANYTHING without a VPN was years ago (well besides with tor).
I consider my VPN provider 1000 times more trustworthy than any ISP in my country.

Noways I also always use a VPN with tor. I think it makes me standout a lot less to my ISP than also using tor directly, after all I am only using the VPN for Netflix.

What really confuses me is that so many people say it’s bad, really bad because of correlation etc…

Again this video is exactly my opinion on the matter:

And also here copy paste from privacy guides I already linked above:

Safely Connecting to Tor

Before connecting to Tor, you should carefully consider what you’re looking to accomplish by using Tor in the first place, and who you’re trying to hide your network activity from.

If you live in a free country, are accessing mundane content via Tor, aren’t worried about your ISP or local network administrators having the knowledge that you’re using Tor, and want to help de-stigmatize Tor usage, you can likely connect to Tor directly via standard means like Tor Browser without worry.

If you have the ability to access a trusted VPN provider and any of the following are true, you almost certainly should connect to Tor through a VPN:

  • You already use a trusted VPN provider
  • Your threat model includes an adversary which is capable of extracting information from your ISP
  • Your threat model includes your ISP itself as an adversary
  • Your threat model includes local network administrators before your ISP as an adversary

Because we already generally recommend that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. There is no need to disable your VPN before connecting to Tor, as some online resources would lead you to believe.

Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic has been done in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.


Can somebody pls explain how tor protects you less if you use a VPN besides the “extra point of failure” ?

1 Like

If the resource above is not enough, you can create a thread over on the Tor Project Forum, where I and others may be able to assist you with your concerns.


Do you have an example of this happening? I check their forums from time to time, and it seems to me that they’re pretty open about anything as long as the discussion is handled properly with facts.

It is maintained by the “original” founder, but he went rogue after being absent for years. Everyone left to create Privacyguide and he started saying that they were wrong and that they pushed him out. A few months later he started using affiliate links and adding things from nowhere without any consideration. The VPN recommendation page is full of ads with affiliate links, and to make things look normal, he added some trusted providers, which of course are at the bottom of the list. While it used to be a good source, I would not trust this site at all.


I read Reddit posts about the Graphene OS drama FUD a few months back, so it is there for those looking for the story of human drama

Not sure about the other things cited of having beef

1 Like

The GrapeneOS drama. They didn’t advertise for PG/Techlore and one of the PG crew wasn’t made mod in their forum, out of the blue Micay gets swatted a few times and he tries to cut off everyone possible associated with this. He went overboard with this and created the perfect ground for a smearing campaign. The campaign goes as follows: ‘dude is crazy, don’t use his system, it could be something in there, but use our new system’, which is randomly calyxos, for which Techlore and PG heavily shill in their podcast.

There’s no guarantee or obligation to run his site, sites on the internet come and go.

I don’t use/recommend PT anymore for this reason, but what would you do if you come back after a disease (claim of PT founder) and one of your mods made off with a few thousands USD in donations, locked you out of your subreddit with a reddit loophole and claimed that the project was dead and restricted the subreddit in your name?


A Techlore YouTube video was how I ever even heard about this drama lol, I have no idea other than that source. You have the same source I do. I haven’t followed the drama, I merely heard about it when looking more into GrapheneOS stuff which I don’t yet even have anyway

Again, you cited the same source and likely know more than me.

I am just disheartened any drama is swirling at all, we all need tech like GrapheneOS etc so it is hard to see and hear when people striving for the same improvements to better humanity have a falling out with each other as that is less ability to collaborate on solutions productively
I have no opinion on the drama btw, I barely found out about it just 2 weeks ago on Techlore’s YouTube video that was posted who knows when I don’t remember the timestamp

1 Like

Granted, I don’t follow any of the insider drama. All I know GrapheneOs developer is a difficult, but brilliant person. But for the benefit for everyone reading this topic, you should provide evidence for your claims.

PrivacyGuides site recommends GrapheneOs and DivestOs on non-pixel phones. CalyxOs is not recommended:

They even have an explainer article on why you should use Graphene over CalyxOs:


Well, I’m not sure that the swat thing has anything to do with PG. They are really easy to find and if that were true I think they would have been of interest and arrested for questioning by now, which was never the case afaik.

As for the whole graphene thing, Micay was a bit off the mark while being a good developer. I don’t have an opinion on it because I didn’t follow the whole thing in detail, I only know some things partially, so I’ll try to find more information on it when I have some time.

To be honest, PG is right here. Just because you’re the founder of something doesn’t mean you get all the credit. He was away for a period of time and others contributed a lot while he was away. He can’t just come back out of nowhere and claim the donations that were made while he wasn’t even doing anything. People donated because of the work that was done in his absence and because of the publicity that was given to the work that was done by other people. Even if he has or had an illness, that’s no reason to come back and try to get it all back in his name, and to go around the forums telling the PG team is bad and that they stole his thing just to go the money route right after instead of making a good recommendation website like it always was. In my opinion, he probably wanted to take money from the project, but one day his access was restricted and he got angry about it. Now we can see his goal when we look at the website, it could’ve remained a good resource, but he decided that it was better to make money with affiliates than with donations and good recommendations.

1 Like