[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor to VPN to Internet = Bad. Why?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor to VPN to Internet = Bad. Why?
From: Phillip <equusaustralus@xxxxxxxxx>
Date: Thu, 26 Apr 2012 03:13:01 +0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Apr 2012 19:13:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=dL9S5/1X8KxvA/4aiMdbCUIqBOVC107XvgqwemqX9NA=; b=kP08uplYF2ppURMQqinJnx+frB/38wa3iYpFsFrcshIZ8mXQmOtBQ9nXKFBQ0orHaC FU8zDVmdNTLIs5tPZnrtHxkCYpLqCJuLuYpRLIZyLfzQGou7eRvGs7NFFEyE3BeYFAvu zxqpTKFaRX4IVqnLihlZPe5brQz7o9kQFTL20oJWXKN0g1Ti3ZZKMqBgK9ASXAPxrEhE dT4JApHqr8od3HHA/Eagtf8LS4vpyzFHHvEoSX+kHnKtnyTs3fC5eCxbK819tWvsqHL4 QrGVyt1NL9NSAYQ/6NUhRIjY7PV0oreWFze905I5Axh1DAQasPabe20JUB8q8w9JHEzm 9EAA==
In-reply-to: <CAL8tG=npJNXOQLR7Jiwqi-j=f3Y-+T+pvShRDBhc4bHQbK62zg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1335362791.62539.YahooMailClassic@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4F984207.60107@xxxxxxxxx> <CAL8tG=npJNXOQLR7Jiwqi-j=f3Y-+T+pvShRDBhc4bHQbK62zg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1

It's possible to sign up for VPNs anonymously, as well as finding VPN
providers that keep no logs. Mullvad is a good example of one which you
can sign up for using bitcoin or even cash in the mail. Here's a list of
some more privacay-aware VPNs:

https://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

Otherwise, I think it would be a better idea to run your whole
connection through a VPN first, then connect to Tor. That way your ISP
has absolutely no idea what's going on on your connection, plus you have
the additional benefit of obscuring your location.

With a good anonymous VPN + Tor, performance wouldn't be degraded much
at all, and you get double the privacy and security ;)

> I think in some cases where Tor is blocked, connecting to a VPN through Tor
> may be useful. The problem of course is signing up for the VPN anonymously,
> but this can be achieved with Bitcoin, to an arbitrarily high level of
> security, although at present it's still kind of inconvenient a level of
> mixing that would be just as anonymous as Tor.
>
> On Wed, Apr 25, 2012 at 12:27 PM, Ondrej Mikle <ondrej.mikle@xxxxxxxxx>wrote:
>
>> On 04/25/2012 04:06 PM, Low-Key² wrote:
>>> Recently, I'd come across some chatter that suggested that connecting to
>> a VPN via TOR was not a good idea and, rather, the better idea was to
>> connect to a VPN that then used Tor.  I've not found any articles on the
>> net that really discuss this issue.  My concern stems from more of a
>> curiosity due to an encrypted private web proxy I used to run for foreign
>> activists.  While the proxy would have appeared entirely benign to anyone
>> in their regime, a number used Tor to connect to it. My larger question is,
>> if there is a security concern for using Tor to connect to a VPN which then
>> connects to the internet, would the same concerns apply to people who use
>> Tor to connect to an encrypted web proxy?  Thanks in advance for any
>> replies.
>>
>> I think the main issue is that user needs to authenthicate to the VPN, so
>> no
>> matter where they came from via Tor, they are identifiable. That is true
>> even if
>> the credentials are shared, in that case it's known that the individual
>> connecting via the VPN must be from a small group.
>>
>> On the other hand, if your goal is to hide location instead of identity
>> from the
>> VPN, connecting via Tor _might_ do the trick. I'm saying _might_, since
>> some
>> data inside the protocols transmitted over the VPN could contain your real
>> IP or
>> other identifying information (depends on the protocol(s) used inside VPN).
>>
>> In the case of the encrypted proxy the attacker might know that it's some
>> group
>> of people you gave access credentials to. So it depends on what the
>> attacker can
>> learn - e.g. the attacker will retrieve your name from whois and might
>> attempt
>> to find out from your communication which individuals belong to that group
>> or
>> attempt to compromise the proxy and view logs.
>>
>> Ondrej
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor to VPN to Internet = Bad. Why?
  - From: Low-Key²
- Re: [tor-talk] Tor to VPN to Internet = Bad. Why?
  - From: Ondrej Mikle
- Re: [tor-talk] Tor to VPN to Internet = Bad. Why?
  - From: AK

Prev by Author: Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Next by Author: Re: [tor-talk] Where's Torbutton?
Previous by thread: Re: [tor-talk] Tor to VPN to Internet = Bad. Why?
Next by thread: Re: [tor-talk] Tor to VPN to Internet = Bad. Why?
Index(es):
- Author
- Thread