[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
- From: Mirimir <mirimir@xxxxxxxxxx>
- Date: Thu, 4 Oct 2018 15:26:49 -0700
- Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Thu, 04 Oct 2018 18:27:08 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1538692013; bh=1hEDV3iu70faRDDdrD6C3n480ochk55X9bCVKym1Ef4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=cMRfXJoWPeXXzxtzS3WcRRp0pWviYCt4/yCq0uwD/zI3L414Cw7JEz2jLpQxUwIZM hcUjGgCgECuhbxFQi/oOaOstKzzfMSycvUBG61exQB8RVn5+KKplsxdSPUMATZUVJ9 OFVbNdVzhoAfSs7nrovvnO4ZUlLi9pqjuji3LTOo=
- In-reply-to: <sv50d2bAGfT46ntJh4h7lx50YQ5UsFZnuPKwRmE9AzriSqhznkWdeIwUcm_cOo0edKZRtUGmOSprA2b_fqMWwivg7v-nug-Uql24jnUdlaE=@protonmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- References: <_cA_gm2Op17mqM5HIP_wiWecp_gqWhDWtpMBuM-xBtFeKW0rQxM06eWhFP_K7htuteSDiwBU7Imy-cEBeeouKsAuV-ngpRl0Meq6Uc8X5IQ=@protonmail.com> <20181003102327.GL2793@inner.h.apk.li> <sv50d2bAGfT46ntJh4h7lx50YQ5UsFZnuPKwRmE9AzriSqhznkWdeIwUcm_cOo0edKZRtUGmOSprA2b_fqMWwivg7v-nug-Uql24jnUdlaE=@protonmail.com>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
On 10/03/2018 04:36 AM, ithor wrote:
> Ok, so basically I have to stick with trust... kinda dangerous really in my geographical location.
>
> I know there's a lot of talk about the pro and contra of using some kind of VPN before entering the Tor network, how it can deanonymize you and how you basically still have to trust someone.
>
> But still, in order to defeat the possibility of a malicious entry-node or to avoid having my ip broadcasting i'm connecting to blacklisted obfs4 bridges, wouldn't a "trustworthy" VPN tackle that issue? I'm thinking of providers that employ a mix of obfuscating servers, like PSIPHON. It obfuscates a SSL layer with an http one and is conceived especially for activists living under censorship.
>
> So ok, one could state: maybe most of the ip's of those servers (even being over 6000 worldwide) are known to the gvt trolls and they're just letting you through in order to get information about you. That's right, but then one should add another security layer by connecting over public wifi and not home router and f.ex. spoofing MAC addresses at every connection.
>
> It would still be a protecting layer before connecting to the entry-node, even over a obfs4 bridge.
From devices that are identifiably mine, and not some ~anonymous VPS, I
only connect to Tor via nested VPN chains, typically three deep. Some
VPN providers, such as IVPN, even offer obfs4 tunneling. Others, such as
AirVPN, offer SSH and TLS.
It's not prudent to trust VPN services, any more (or less, really) than
it is to trust any particular Tor relay. Or any particular ISP, for that
matter. But with three VPN services in a nested chain, adversaries would
need data from at least two of them. And they'd need to work through the
chain, from one end or the other. Or do traffic analysis.
<SNIP>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk