[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to use Tor without a website knowing I am using Tor - possible?



On 05/19/2019 01:51 PM, jiggytwiggy@xxxxxxxxxxxxx wrote:
> What's the best way to connect to a site via Tor if the site engages in
> exit censorship?

There is no entirely good way.

There's the Cloudflare Onion Service.[0,1,2] Basically, Cloudflare
redirects Tor users to its onion service, which then connects to the
website. So there's no exit involved, and no CAPTCHAs. However, that
only works for sites that use Cloudflare. And both you and the site must
trust them.

> Bridges - or is there a better option.

Not bridges. That's on the guard side. Maybe "exit bridges". But those
would be blacklisted just as fast as exits are.

> In short, I want to have all the benefits of Tor without the destination
> site knowing I am using Tor. Is this even possible?

If you're desperate, you can try an HTTPS proxy, or route a VPN via Tor.
But HTTPS proxies are typically scummy, and may inject ads, or even drop
malware. Some VPN services are probably honest, but most of them are
also scummy.

Your best bet is running your own HTTPS proxy or VPN, on a VPS. But it
must be a VPS leased anonymously through Tor, using Bitcoin that's been
mixed at least twice through Tor. Some VPS providers accept other
cryptocurrencies that may be intrinsically more anonymous than Bitcoin.

But even so, that funnels your Tor traffic through that VPS. So you're
no longer just some anonymous Tor user. You're linked to that VPS. So if
it gets linked to you, then everything you've done through it gets
linked to you. Also, if you use a VPN, that pins the Tor circuit that
it's using. And that increases the risk of traffic analysis.

Bottom line. Using HTTPS proxies or VPNs through Tor is dangerous. So if
you do it at all, you should only do it only when absolutely necessary.
Using your own HTTPS proxy is probably the least dangerous option,
because that doesn't pin Tor circuits.

0)
https://www.securityweek.com/cloudflare-launches-security-service-tor-users
1)
https://www.bleepingcomputer.com/news/security/cloudflare-ends-captchas-for-tor-users-while-blocking-bad-actors/
2)
https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk