[Question] Does Using Kindness in Proxy Mode while having a different VPN always on create risks to users in anti-VPN countries?

[amd1890]

Describe Your Question
I am connecting to a VPN always and I am using Orbot in proxy mode for different Apps. I would like to be able to have kindness mode turned on.

I am concerned about this combination. The App doesn't stop me from doing this, but if I am connecting to a data center IP, it may be a known VPN IP address and it may have a high fraud score.

I am not sure if Orbot connects to Tor on top of my VPN. Since my VPN is set to always and deny any non-VPN connections, it should be connecting through my VPN.

I am just worried about kindness somehow leading to some user having a VPN address as the attempted Snowflake IP and somehow this causing problems. This was probably already taken into account during programming, but I would not want someone to use Snowflake, connect to a data center IP through me prior to getting to Tor, and then wind up in trouble.

Is Your Question Related?
I don't think so.

Additional Context
Many of the data center IPs I connect to are sometimes blacklisted with high fraud scores. If someone is in a hostile country that doesn't have a firewall (but people can get in trouble later), this seems like a risk unless Orbot is programmed to avoid the VPN. If Orbot can avoid the VPN in proxy mode, this seem like a bug in the OS, because the OS is designed to specifically not allow this in certain modes, which I have on.

[n8fr8]

It is a somewhat unique combination of configuration that you are attempting.

If Orbot is the VPN, when Kindness mode is on, that happens outside of the Tor network exit node VPN IP space. We can control it in that case.

With a separate VPN running, we don't have any control. It may be possible for Orbot to detect that, and explain why it may not be a good idea to use Kindness mode in that case.

Otherwise, the Snowflake Broker is constantly evaluating the pool of Snowflake Proxy IPs it has for quality and throughput. I don't think there is any harm for you offering up your IP in that way, through the VPN, but it may be of less quality and use than a Snowflake Proxy that is NOT on a VPN.

[amd1890]

It may be a decent idea to either display a message or disable kindness mode for VPN users when Orbot is in proxy mode.

I know you wrote "I don't think there is any harm" but I worry about a user in a country in which they are not blocked by a firewall, actually connect to the VPN, and then the VPN gets them in trouble. For instance, in India VPNs are illegal, but I'm not sure if there is an actual firewall blocking connections to VPNs. I would hate for someone in India to connect to me thinking they are being stealthy, the connect gets flagged by an ISP in a review that happens later, and they wind up in some situation.

This situation may not really exist in the wild, but I'm not sure. Some sort of message would clarify this.