Common Mistakes That Lead to Deanonymization
Many people ask questions like how to set up “Tor + VPN from Tails” or how to create a “VPN → Tor → VPN” chain. The main goal of these setups is usually to ensure anonymity. However, those who ask such questions often focus too much on their IP address and completely forget about much more important aspects. For example, in the blog post “iCloud Phishers and Where They Live”, the author managed to find the attackers’ full names, workplaces, emails, phone numbers, and social media profiles with photos—without ever knowing or caring about their IP addresses. The attacker used burner SIM cards, disposable emails, VPNs, and laundered money through a chain of payment systems and burner phones. In other words, he tried hard to stay anonymous.
The point isn’t that you shouldn’t try to hide your IP address, but that it’s absolutely pointless if you don’t understand other aspects of anonymity. Below are typical mistakes that lead to deanonymization. Some may seem obvious or even silly, but people make them—sometimes out of ignorance, sometimes by forgetting more important things while setting up two VPNs, three Tors, and eight proxies.
1. Anonymity in Social Networks
If you register on a social network like VK using your real phone number, then connect to VK through Tor to post a comment in the official city administration group accusing a local official of corruption, does that make you anonymous? No, because your social network account is linked to your phone number. Your IP address isn’t even necessary to identify you.
2. Anonymity and Cookies
Cookies are small pieces of information stored in your web browser after a website sends them to you. If you visit a site, receive cookies, then reconnect through Tor and post a comment, those cookies can link your comment to your previous visit from a different IP address. Cookies are designed to identify users regardless of their IP.
3. Many Sites Store Previous IP Addresses
For example, you register a VPN account (which you plan to use through Tor) from your real IP because “Tor is slow” or the site doesn’t accept Tor connections. Even if you later connect to the VPN through Tor, your original IP is still stored in the account history, compromising your anonymity.
4. “I’ll Buy a VPN (or VPS for OpenVPN) and Be Anonymous”
Even if you register through Tor, if you use wallets or payment methods that can be traced back to you, you’re not anonymous. The same goes for buying burner SIM cards or logging into wallet sites—if you don’t maintain anonymity at every step, it’s all pointless. This is why plain Tor is often more anonymous than Tor + OpenVPN. It’s very hard to buy anything without leaving a trace.
5. OpenVPN Is Great, But Not for Anonymity
VPNs were originally designed to create virtual private networks, allowing computers around the world to access each other’s local resources securely. The traffic is encrypted for outsiders, but not for the VPN server and its clients. If you use a free or paid VPN, be aware that the server owner can do anything with your traffic and likely keeps logs of your activity. According to Whonix documentation, a third of popular VPN providers are owned by Chinese companies (not known for privacy), and many others are in countries like Pakistan. It’s impossible to know how many are honeypots, but it’s likely that all paid and free VPN providers log activity.
6. There Are a Thousand and One Ways to Find a User’s Real IP
From simply sending a link to a controlled site and checking the IP (if communicating via an anonymous messenger) or sending a file with a trojan, to more sophisticated methods—there are many ways to reveal your real IP.
7. Using Closed-Source Software for Illegal Activities Is 100% Risky
Backdoors can exist in legitimate closed-source software as hard-to-detect vulnerabilities known only to the manufacturer, or as blatant backdoors (which have been found in official router firmware, for example). For illegal closed-source software distributed anonymously, why wouldn’t someone add a backdoor? The user can’t complain to the police if they get infected by malware in a hacking tool they bought illegally.
8. Lack of Understanding of Basic Technical Aspects
In previous articles, I found an attacker’s sites simply by analyzing where a POST request was sent. The attacker left scripts in an archive on the site, likely not realizing how easy it is to track POST requests even if the HTML is obfuscated. Other technical mistakes include using simple SSH passwords (“no one knows where my server is”), not understanding what information can be accessed on a server, or not knowing what Cloudflare is for.
9. The Big Picture
For example, if infrastructure targets are attacked and the IP traces lead far away, but the methods and targets are similar to those used by a known hacker group, that’s a clue. Patterns matter.
10. Metadata in Files
You should know everything about metadata and tools for viewing and cleaning it. Otherwise, if you share files, all your other anonymity measures can become useless—just like logging into a social network with your real account while using Tor.
Should You Use Tor with VPN, Proxy, or SSH?
This is a common question with no definitive answer. If your country or ISP blocks access to the Tor network, using VPN + Tor may be the only solution. But you must understand the risks: VPNs are designed for private networking, not anonymity. If you don’t understand the risks of adding extra nodes and just do it because you read it on a forum, it’s a bad idea. There’s no reliable way to reveal a Tor user’s real IP, but a VPN honeypot will know everything about you:
- Your real IP address
- Which sites you visited
- What responses you received
Below is a translation from the official Tor Project documentation. I generally agree with these opinions, assuming you trust the Tor network. I don’t have 100% trust in Tor, but it’s the best option among available solutions for hiding your IP.
Can I Use a VPN with Tor?
Generally, we do not recommend using a VPN with Tor unless you are an experienced user who knows how to configure both in a way that does not compromise your privacy.
Introduction
There is much discussion on the Tor mailing list about combining Tor with VPN, SSH, and/or proxies in various ways. The “X” in this context means “VPN, SSH, or proxy.” Each combination has its own pros and cons.
Anonymity and Privacy
You can seriously compromise your anonymity by using VPN/SSH in addition to Tor (proxies are discussed below). But if you know what you’re doing, you can increase your anonymity, security, and privacy. VPN/SSH providers keep financial transaction records, and you’ll leave traces unless you pay truly anonymously. VPN/SSH acts as a constant entry or exit node, which can solve some problems but create new risks.
Who is your adversary? Against a global adversary with unlimited resources, adding more nodes makes passive attacks a bit harder, but active attacks easier, as you increase your attack surface and send more data that can be analyzed. Adding nodes can protect you against colluding Tor nodes and black-hat hackers targeting Tor client code (especially if Tor and VPN run on separate systems). If the VPN/SSH server is compromised, you weaken Tor’s protection. If the server is trustworthy, you may increase anonymity and/or privacy, depending on your setup. VPN/SSH can also help bypass Tor censorship (if your ISP blocks Tor or if the destination blocks Tor connections).
VPN/SSH vs. Proxy
The connection between you and VPN/SSH is encrypted, but not always. The connection between you and an open proxy is not encrypted. “SSL proxies” are usually just HTTP proxies that support the CONNECT method, originally designed for SSL connections to web servers, but also used for IRC, SSH, etc. Some HTTP(S) proxies may even leak your IP via the “http forwarded for” header, making them “non-anonymous proxies.” In any case, a single open proxy is much worse than Tor.
VPN vs. SSH or Proxy
VPN operates at the network level. SSH tunnels can offer SOCKS5 proxies. Proxies work at the application level. These technical details create their own issues when combined with Tor. Many users find VPN setup complicated and may forget to connect to the VPN first. If the VPN connection drops (server reboot, network issues, VPN process crash), direct connections may occur without VPN. To solve this, you can use something like a VPN firewall. At the application level (using SSH tunnels or proxies), many apps ignore proxy settings. The safest solution is to use transparent proxies, which is possible for VPN, SSH, and proxies.
Connection Schemes
- You → X → Tor: Some people must use VPN or proxy to access the Internet (due to country or ISP restrictions). Others do it for different reasons.
- You → VPN/SSH → Tor: Routing Tor through VPN/SSH can prevent your ISP and others from seeing that you use Tor. VPNs are more common than Tor, so you won’t stand out as much, but in some countries, switching from Tor to VPN/SSH may also be suspicious. Once the VPN client connects, the VPN tunnel becomes the default route, and Tor Browser (or Tor client) traffic goes through it. This can be a good idea if your VPN/SSH network is safer than your own. Another benefit is that Tor can’t see your IP behind the VPN/SSH. If someone manages to break Tor and discover your traffic’s IP, and your VPN/SSH doesn’t log, this helps you stay anonymous.
- You → Proxy → Tor: This does not prevent your ISP and others from seeing you use Tor, since the connection between you and the proxy is unencrypted. Depending on the proxy server’s configuration, Tor may not see who you are. If someone breaks Tor and discovers your traffic’s IP, and your proxy doesn’t reveal you, your real IP remains hidden.
- You → Tor → X: Generally, this is a bad idea. Some people do this to bypass Tor network bans. Tor frequently changes its path through the network. By choosing a fixed destination X, you lose this advantage, which can have serious consequences for your anonymity. For example, accumulating information about requests from different Tor IPs is harder, but using a single exit node removes this benefit.
- You → Tor → VPN/SSH: You can also route VPN/SSH through Tor. This hides and protects your activity from Tor exit nodes, but VPN/SSH exit nodes can still monitor you. This only makes sense if you can pay for VPN/SSH anonymously. It’s not easy without virtual machines, and you’ll need to use TCP mode for VPN (to route through Tor). In practice, setting up VPN connections through Tor is quite complex. Even if you pay anonymously, you create a bottleneck where all your traffic passes—VPN/SSH can profile everything you do, which is dangerous over time.
- You → Tor → Proxy: You can also route proxy connections through Tor. This does not hide or protect your activity from Tor exit nodes, since the connection between the exit node and the proxy is unencrypted. Now two parties can log and manipulate your unencrypted traffic. It makes no sense unless you can pay for proxies anonymously.
- You → X → Tor → X: There is no research on whether this is technically possible. Remember, this is likely a very bad idea, since “You → Tor → X” is already a bad plan.
- You → Your Own (Local) VPN Server → Tor: This is different from the above. You don’t need to pay a VPN provider since you host your own local VPN server. This does not protect you from your ISP seeing your Tor connection, nor from Tor exit node surveillance. It’s done to ensure all your traffic goes through Tor without leaks; otherwise, it makes no sense.
The “Elusive Joe” Principle
A cowboy rides through the square.
- Who is that?
- That’s Elusive Joe.
- Really, no one can catch him?
- No one cares enough to try!
What can you do to make sure you’re never found? The only 100% guarantee is if no one is looking for you. Even if you study every “anonymity manual” cover to cover, even if it’s written by someone who truly understands (which is unlikely, since such a person wouldn’t take on that responsibility), and even if you do everything right, if you don’t understand the other aspects discussed above, your chances of getting caught by one of these “silly” mistakes are high.
It’s better to be a law-abiding person and use your knowledge and skills for legitimate purposes:
“These days, stealing has become so hard that I feel like I actually earned this money.”
Sources: