Questions about Tor on Android and Orbot.

[Spud1200]

I have my paid for subscription to PIA. I run my Android Phone threw this using their PIA Android App but how does Tor and Orbot impact on this.

I just downloaded Orbot but was first told when installing Orfox I needed this. I have installed the two but I'm unsure how this will impact on my PIA Subscription using the PIA Android App.

Is this Overkill. Their have been some browser extensions installed being No Script and HTTPS Everywhere.

I don't really have an understanding how this is going to work using a PIA Android App when I have OrBot and OrFox installed. Will this cause conflicting issues. Compatibility issues mabie.

Can anyone tell me anything. I'm new to the whole Android this. Isn't Android owned by Google or Microsoft. I'm not sure what one.

Their seems to be a lot of conflicting things. I have a VPN on my Phone. What is built in to Android. But then theirs a Ton of Apps were you can get free proxy services. Then theirs Paid for Subscriptions like PIA then TOR and OrBot then OrFox. I'm confused. Is their anything I need to configure my self.

 

[S0ULphIRE]

Read this first
https://www.torproject.org/about/overview.html.en

Tor basically bounces your connection request through encrypted links to several "nodes" before finally sending it to where you actually wanted it to go. That way the destination only knows that the node requested it, and your IP address stays hidden. Though obviously this doesn't work perfectly

Orbot and Orfox are just Tor for your phone.

PIA is a VPN service - you tunnel into a remote server, and all your requests originate from there as if you were in another location.

You can certainly use both together for added security, but don't expect it to be fast. Also yes, I'd say it's overkill

 

[Spud1200]

Yeah I know all that. The only problem I can see is that using TOR and a VPN together even after contacting CS for PIA is the speeds. I can get a decent speed for uploads and downloads on my 4G LTE but on the PC its not as good.

Another draw back is the Last Hop in the chain for TOR. I'm not sure about the specific vulnerability of this but I know the NSA apparently had cracked it and mabie the FBI but I'm unsure about the latter.

I don't really have anything to hide but find it interesting enough to pursue it for educational benefits.

I think connecting the OpenVPN for PIA then connecting the actual TOR would be best as the mind map I have is that I will be connecting to their Servers ultimately when I exit the Virtual Tunnel but to have my connection routed threw TOR in between is a layer of security.
Thats the mind map I have got. A Connection with in a Connection.

I'm not sure about any other serious vulnerability other than the last hop in the circuit and the speeds.

 

[root]

Another draw back is the Last Hop in the chain for TOR. I'm not sure about the specific vulnerability of this but I know the NSA apparently had cracked it and mabie the FBI but I'm unsure about the latter.

My understanding is not so much that the "agencies" have "cracked" tor, so much as many exit relays may be "agency run" - i.e in the case of some exit nodes, people are actually purposefully routing traffic for anonymity through government systems...
if your exit node is agency run, then suffice to say they know your destination, and could attempt to figure out the source person based on other information, (e.g. like usernames used, searches made, browser strings etc.)

As for VPN... I can't quite understand what you mean...
are you planning on routing your VPN through TOR? - in which case where is the benefit? your communication still has a fixed endpoint - the VPN provider, where presumably you need to sign up for an account.

or are you planning on encrypting traffic with VPN to your entry node?


I suppose that the answer to your question depends mostly on what you are expecting to achieve.

 

[Spud1200]

My understanding is not so much that the "agencies" have "cracked" tor, so much as many exit relays may be "agency run" - i.e in the case of some exit nodes, people are actually purposefully routing traffic for anonymity through government systems...
if your exit node is agency run, then suffice to say they know your destination, and could attempt to figure out the source person based on other information, (e.g. like usernames used, searches made, browser strings etc.)

As for VPN... I can't quite understand what you mean...
are you planning on routing your VPN through TOR? - in which case where is the benefit? your communication still has a fixed endpoint - the VPN provider, where presumably you need to sign up for an account.

or are you planning on encrypting traffic with VPN to your entry node?


I suppose that the answer to your question depends mostly on what you are expecting to achieve.

Highlighted in Bold. Thats what I was getting at but could of worded it better. I spoke to my VPN Provider and they said their is conflicting issues between TOR and them and its not recommended.

I was curious how I or it could be achieved. Weather I would have to set up an entry node my self and mabie change some settings on my end such as VPN I.P Address.

I was curious about how this would work thats what I was meaning. I could of explained better. Apologises.

 

[root]

https://www.bestvpn.com/blog/42672/using-vpn-and-tor-together/

 

[Spud1200]

https://www.bestvpn.com/blog/42672/using-vpn-and-tor-together/

I followed this up and contacted AirVPN what was specifically said to be compatible with TOR as its an OpenVPN. Their is a very small amount of Company what will deal with VPN over TOR or TOR over VPN.

From what I can gather its all about the threat level. I don't think \ believe I'm in danger of anything or anyone but like to learn about these things as more of a hobby. Its quite an interest.

Thanks for the link.