A misunderstanding between people is caused by various needs and threat perceptions. Imagine for a second that you want to drop a very anonymous comment on a social network, how would you do it? What would you use? VPN? Tor? Perhaps an SSH tunnel? Well, to achieve 100% anonymity, you could easily buy a Sim card and used a phone, then post the comment using the device, a considerable distance from where you stay, then sink the phone. Easy right? But wait, what if you plan is not just to drop a one-time comment or hide your IP from a site? I mean, what if you want absolute anonymity, impossible to hack? Or maybe you don't want it to even be deciphered that you are using anonymity tools. That is the kind of anonymity that will be discussed here. Okay, to be completely upfront, like everything "perfect", perfect anonymity is a dream...mostly, but that doesn't mean you can't get close enough. You may be identified by system fingertips and some other means, but as to the majority of general web users, you can stay completely anonymous.It should be noted that the author does not, by any means, intend for this to be utilized for illegal actions anywhere..


Roughly, basic protection looks like this: client → VPN/TOR/SSH tunnel → target. Or course, this is simply a little stepped up version of an IP substitution proxy. Quality anonymity cannot be achieved by this means. As little as one incorrect or perhaps default setting in notorious WebRTC and the actual IP address will be displayed for all to see. It is also susceptible to node compromising, fingerprints and the likes. It is a commonly held opinion that a private VPN trumps a public one because the user is confident about his/her system setup. Imagine that someone knows your outside IP, and by extension, your data center. That data center knows what server the IP belongs to. Furthermore, consider how hard it is to determine what actual IP is connected to the server. Now, what if there's only one client, you? And now consider that there are many, say gets much harder right? As for Tor, merely using it at all is suspicious. Also, nodes that are outbound are just about a thousand. A lot of them are block-listed hence are not allowed by many sites. Take Cloudfare for example, it is able to either enable or disable Tor connections using a Firewall. Use T1 as the country. Also, it is good to note that Tor is much slower than VPN. In summary, if what you want to do is bypass simple site blocks, have a fast connection and route any other traffic through another node, then use VPN, preferably a paid service. Using the same money, you will have access to many countries as well as a lot of outbound IPs instead of VPS with a single country, and an arduous setup process. In a case like that, using Tor is counterproductive. That is not to say there aren't cases where Tor will work fine especially when you have added security such as VPN or an SSH tunnel.


Medium protection looks like this: client → VPN → Tor and variations.

It is a reasonable working tool for those of us who are uncomfortable with IP spoofing. In this case, one technology strengthens the other, but note that while obtaining your actual address will be difficult, you will still be susceptible to the attacks mentioned above. The weak link is your work computer.


It looks something like this: Client → VPN → Remote workplace (via RDP/VNC) → VPN.

In this case, your work computer should not be yours. Rather, use a remote machine with, perhaps, Windows 8, Firefox, some plugins, codecs and no unique fonts. Basically, it should be a plain, boring machine which would be difficult to distinguish from numerous others out there. If there is ever any leak, you will still be covered by a different VPN.

In the past, Tor/VPN/SSH/Socks was believed to allow a strong level of anonymity, however, these days, it is advisable to add a remote workplace.