[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Help me secure my setup

Hash: SHA1

My current setup is fairly simple. Let me introduce some consistent naming 

- - server - my server (VPS) in the datacentre
- - router - a router in my home, it has a private VPN connection to the 
- - tor PC - a PC on which I browse tor

Currently tor client is running on the server and tor PC accesses its 
socks port through the VPN. All other Internet access from the tor PC 
is blocked on the router, so no leaks are possible. Tor PC has only 
one, internal IP.

Advantage is that in case of a raid, it would be done in the datacentre 
before raiding my home.

Major drawback is that it is possible for the attacker to hack into the 
server (or just seize it invisibly, as it's only virtual) and sniff on the 
localhost between the VPN end and socks port.

I've been recently thinking of different approaches.

1. Maybe I should run a private (unpublished) bridge on the server and a 
tor client on my tor PC, that would be able to connect only to the bridge 
(through a VPN)? This way, all unencrypted traffic would never exit a tor 
PC. This PC is secured enough to assume it's secure from being hacked 
into. It's also encrypted and never left unattended.

Additional question: if a tor client connects through a bridge, does it 
need to access other servers (like directory authorities) directly, or 
it would work if I give it access only to the bridge?

I'm a little scared of bridges, as they don't use guards (yet?) and they 
are less popular than traditional relays, so bugs in them are more likely 
to exist.

2. Maybe I should run a tor client on a separate machine in my home, 
between my tor PC and the router, and route all traffic from it through 
the VPN, so it would look like it originates from the server? This way 
all unencrypted traffic will still be inside my home and I would avoid 
using bridges.

3. Maybe I should modify point 1, but publish the bridge address? I'm 
tight on my bandwidth and I don't want to run a relay, but maybe this way, 
as the outgoing traffic originating from me will blend with outgoing 
traffic originating from other using my bridge, it would be more plausible 
to deny my activities if someone launches a correlation attack? They would 
have to correlate traffic entering and leaving my bridge with traffic on 
the exit node (or rendezvouz point, or any node in the path from an exit 
service to it), while in case of a client (or a private bridge), it would 
be sufficient to correlate the traffic on a guard (for client) or a middle 
node (for bridge) with the traffic on an exit node...

I'm much more concerned with anonymity accessing hidden services than with 
anonymity accessing clearnet services through exists, by the way.

- -- 
Oskar Wendel, o.wendel@xxxxxxxxxxxxxxxxx
Pubkey at https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to