[icc97]

Who didn't think they were being spied on?

This is why you used https to hide the full URL, VPN to push the problem to a 3rd party who might care a bit more about privacy and then Tor on top of it all.

Here's the good old EFF explanation [0]

[0]: https://www.eff.org/pages/tor-and-https

[microtonal]

This is why you used https to hide the full URL, VPN to push the problem to a 3rd party who might care a bit more about privacy and then Tor on top of it all.

Did you read the article? The ISP-provided modem/router automatically sends an overview of devices actively connected to the router (with their MAC address, name, and whether they are currently connected) to the ISP.

This is a different issue than private browsing and using a VPN/HTTPS/Tor is not going to solve this particular problem. The solution to this problem is replacing the router or putting another router between the ISP router and your internal network to hide your internal network from the ISP-provided router.

[icc97]

Good point, my bad, I'd skimmed it and not read the bit after the XML text. The title was somewhat misleading, and the HN admins have changed it now.

I'd still be more concerned about my unencrypted HTTP traffic though.

[45h34jh53k4j]

No, dont run Tor over VPN. Its VPN over Tor.

Tor provides anonymity, VPN provides privacy. You want anonymity between you and the VPN, and privacy between you and internet hosts.

From the OpSec for xyz series: https://grugq.github.io/presentations/Keynote_The_Grugq_-_OP... • TOR connection to a VPN => OK • VPN connection to TOR => GOTO JAIL

[icc97]

This site [0] explicitly says that VPN over Tor is a bad idea. It's quite possible it's wrong. But I don't understand why?

[0]: https://www.expressvpn.com/how-to-use-vpn/tor-vpn