That's true in theory but does require you to place absolute trust in a company motivated to stay in business. Additionally having no way to verify their no log policy makes trust harder. Great for torrents; less great for genuine security.
Generally that was my initial thought. But I'm not convinced now. There seems to be some specific use cases (tor is blocked and bridges aren't working) but outside of that it seems uncertain that increased security or anonymity is gained.
Good write up talking about it generally here that I found informative. And an overview of various ways they might be combined here that isn't quite so negative on adding a vpn.
But I agree with you that framing anything in online security as an absolute either or is a bad idea. It depends on your specific threat model and needs. Which requires a fairly deep understanding. Which sucks since who has time or technical skill enough for that. Not most people. Thus marketing saying "hey this is the one thing you need to be safe."
That's true in theory but does require you to place absolute trust in a company motivated to stay in business. Additionally having no way to verify their no log policy makes trust harder. Great for torrents; less great for genuine security.
True, though Tor can also be compromised
Of course. I'd say it's harder than serving a binding court order or targeting one company that you know has much sensitive data.
Actually I guess we shouldn't frame this as an either/or. Tor with a VPN is probably best, so long as you find one compatible.
Generally that was my initial thought. But I'm not convinced now. There seems to be some specific use cases (tor is blocked and bridges aren't working) but outside of that it seems uncertain that increased security or anonymity is gained.
Good write up talking about it generally here that I found informative. And an overview of various ways they might be combined here that isn't quite so negative on adding a vpn.
But I agree with you that framing anything in online security as an absolute either or is a bad idea. It depends on your specific threat model and needs. Which requires a fairly deep understanding. Which sucks since who has time or technical skill enough for that. Not most people. Thus marketing saying "hey this is the one thing you need to be safe."