A misunderstanding between people is caused by various needs and threat perceptions. Imagine for a second that you want to drop a very anonymous comment on a social network, how would you do it? What would you use? VPN? Tor? Perhaps an SSH tunnel? Well, to achieve 100% anonymity, you could easily buy a Sim card and used a phone, then post the comment using the device, a considerable distance from where you stay, then sink the phone. Easy right?
But wait, what if you plan is not just to drop a one-time comment or hide your IP from a site? I mean, what if you want absolute anonymity, impossible to hack? Or maybe you don't want it to even be deciphered that you are using anonymity tools. That is the kind of anonymity that will be discussed here.
Okay, to be completely upfront, like everything "perfect", perfect anonymity is a dream...mostly, but that doesn't mean you can't get close enough. You may be identified by system fingertips and some other means, but as to the majority of general web users, you can stay completely anonymous.It should be noted that the author does not, by any means, intend for this to be utilized for illegal actions anywhere..
BASIC PROTECTION LEVEL
Roughly, basic protection looks like this: client → VPN/TOR/SSH tunnel → target.
Or course, this is simply a little stepped up version of an IP substitution proxy. Quality anonymity cannot be achieved by this means. As little as one incorrect or perhaps default setting in notorious WebRTC and the actual IP address will be displayed for all to see. It is also susceptible to node compromising, fingerprints and the likes.
It is a commonly held opinion that a private VPN trumps a public one because the user is confident about his/her system setup. Imagine that someone knows your outside IP, and by extension, your data center. That data center knows what server the IP belongs to. Furthermore, consider how hard it is to determine what actual IP is connected to the server. Now, what if there's only one client, you? And now consider that there are many, say 100...it gets much harder right?
As for Tor, merely using it at all is suspicious. Also, nodes that are outbound are just about a thousand. A lot of them are block-listed hence are not allowed by many sites. Take Cloudfare for example, it is able to either enable or disable Tor connections using a Firewall. Use T1 as the country. Also, it is good to note that Tor is much slower than VPN.
In summary, if what you want to do is bypass simple site blocks, have a fast connection and route any other traffic through another node, then use VPN, preferably a paid service. Using the same money, you will have access to many countries as well as a lot of outbound IPs instead of VPS with a single country, and an arduous setup process.
In a case like that, using Tor is counterproductive. That is not to say there aren't cases where Tor will work fine especially when you have added security such as VPN or an SSH tunnel.
MEDIUM PROTECTION LEVEL
Medium protection looks like this: client → VPN → Tor and variations.
It is a reasonable working tool for those of us who are uncomfortable with IP spoofing. In this case, one technology strengthens the other, but note that while obtaining your actual address will be difficult, you will still be susceptible to the attacks mentioned above. The weak link is your work computer.
HIGH PROTECTION LEVEL
It looks something like this: Client → VPN → Remote workplace (via RDP/VNC) → VPN.
In this case, your work computer should not be yours. Rather, use a remote machine with, perhaps, Windows 8, Firefox, some plugins, codecs and no unique fonts. Basically, it should be a plain, boring machine which would be difficult to distinguish from numerous others out there. If there is ever any leak, you will still be covered by a different VPN.
In the past, Tor/VPN/SSH/Socks was believed to allow a strong level of anonymity, however, these days, it is advisable to add a remote workplace.
This is how it looks: Client → Double VPN (in different data centers, but still close to each other) → Remote workplace + Virtual machine → VPN.
It should consist of a primary VPN connection as well as a secondary one in case of compromise. What this does is hide traffic from the ISP while concealing your real ISP address is the data center, using a remote workplace. Following that, is a virtual machine that has been installed on the server. The virtual machine is necessary so as to roll back to the most ordinary system along with a standard set of plugins following each download.
Note that it should be done in a remote and not a local workplace because some people who used a virtual machine locally, even with the TripleVPN once entered an IP checking site and were shocked to see their actual IP listed. You can't tell what software a developer will create and install in the browser you use without your knowledge. So please, endeavor to use a remote workplace.
This setup has been tested and lags are significant even if everything has been correctly configured, geographically speaking, but they are tolerable lags.
What we assume here is that the user will not place the servers on different continents. For instance, if you are in New York, your first VPN can be in New York, the second, say, in Mexico, the remote workplace can be Canada and the last VPN, perhaps, in Venezuela. Same continent. It's advisable to place the chain across neighboring countries that kind of hate each other.
In addition, you could make your actual machine automatically visit websites in the background, thus imitating Web browsing. Doing this will remove suspicions that may arise about you using anonymity tools because your traffic only goes to one IP address and also through one port. It is also possible to add Whonix/Tails and go online via a public WiFi, however, only do this after changing your network adapter settings so as not to lose anonymity. Remember that you can be identified visually too, so you may want to change your looks somewhat.
Like attempts to locate VPN usage, fingerprints are hard to bypass as a result of the time involved in sending packages from the user to the website, and back from the website to the user's IP address. Of course, you can cheat some of these checks, but another nightmare may suddenly come up overnight. The importance of a remote workplace and a clean virtual machine cannot be overstated. The average cost of a solution like that begins from $40 per month. It is advisable to only pay using only Bitcoin.
Do not forget that the most important step towards achieving relatively perfect anonymity, is by keeping personal and secret data separate. All these steps will be rendered null if you accidentally, say, log into your personal Google account.
Stay anonymous and careful.