"VPN > Tor = provides privacy from your VPN provider. It will also prevent your ISP from knowing you use the Tor network. It will not provide any protection from malicious exit nodes on the Tor network."
fixed.
--- vpn>tor vs tor>vpn-- With this method (VPN>TOR) your VPN KNOWS you are using tor (including time stamps and first node IP), and they KNOW who you are because they have direct access to your IP also backed up (potentially) by payment information. They don't know WHAT you're sending/recieving. This method is pretty much only useful for hiding tor use from your ISP. In some locales this can be an important feature, but bridges also serve the same purpose. I've read that VPN use is more common and less "suspicious" traffic, however tor use is legal in most places.
I'm not 100% on VPN structure or where it sits on the OSI stack. I do know there are different kinds and it's harder for leakage because VPN's take most if not all your traffic instead of just TCP (TOR). I believe that when you use VPN>TOR your TCP traffic is encrypted for TOR before it ever gets seen by anyone else on your network/VPN If you have any leakage (non TCP traffic, or TCP traffic not properly routed through TOR) your VPN will see your end destination traffic =bad (VPN > TOR).
with TOR>VPN the VPN sees all your outbound traffic but they don't know WHO you are (anonymity). This assumes that they have no payment information or any traffic content which can be linked to you (i.e. browsing your facebook w/ login info). This does provide a single static vector for attack and data can be logged for extended periods of time which can reduce anonymity so you will want to change as frequently as possible. TOR>VPN is good for visiting sites or services which block tor exit nodes, or if you want to hide the fact you are using tor from your end destination.
---- attacks ---- tangent There are attacks which can be implemented against low latency networks (no matter how many nodes). If a global adversary can see all the traffic, they know what's going where, and when. If this is logged privacy & anonymity = gone If they can see most of the data and request for the rest privacy & anonymity = gone. I'm guessing you'd have to be a pretty big fish to get fried this way as it would require a fair amount of resources and a lot of international cooperation. Dont be fooled as there are monitoring stations that passively collect data. It's a matter of scale, priority, and threat level. Multiple governments use TOR as well so it must be fairly good at what it does. There are other attacks with which I'm less familiar. end-to-end timing - if they can see exit traffic and entry traffic they confirm by timestamping and volume of data.
We also assume that encryption can't be broken in a reasonable of time or expense of resources. I'm willing to bet that governments can crack a lot of encryption schemes but it also requires a lot of resources (back to threat model) and still time. In theory, all data, logs, and traffic could be stored and slowly cracked over time or stored for future use but the amount of traffic generated vs available storage space is unfathomably large. Also, if a person were smart with that kind of tech (serious encryption breaking) it would be used secretly, sparingly, and only for very important tasks.
Controlling stake of TOR relays, MitM most of the attacks mentioned are more geared towards the traffic side of tor, there are other server <-> client attacks which have less to do with tor itself than really client issues such as a compromised machine, fingerprinting, personally identifiable data etc etc.
more on attacks here:
https:/blog.torproject.org/category/tags/attacks
Any corrections or thoughts are welcome.