[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor browser and VPN or web proxy
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-talk] Tor browser and VPN or web proxy
- From: Mirimir <mirimir@xxxxxxxxxx>
- Date: Sat, 29 Sep 2018 16:28:46 -0700
- Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Sat, 29 Sep 2018 19:29:04 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1538263730; bh=Gsf85Szlt9YltDdNABd3pcrYteZ1c83+FT+vjCIHOp8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=nsgAYL+BJ6RfputygOJnapUJ9+H4a7HuWJcu1l1lprdAFeRe3my8lgJGasICVEsKz WiSIE5q/9kANlVY57oyu7cq1V+zr48Q8a0wj11KYToVgR+7BxBvrcO/E34N10jfIuo oo1Kh4vy1XKKK58u+uvN+1VT/IVwfDjQeNKIF4B0=
- In-reply-to: <DvZ3TQw1331t_b61Yz9LNjKFlelxGrJTwFRR1YLSY4a9_jSaoWoxM0WERoTHDustaNslMGg8q2hnwLIHfsPTmkLXBrQKFx424mvmMkbj2Zs=@protonmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- References: <CAJXMFhFAB78LZ5M-xJHp6TVjj+aYBeX4VCqEWHGsMqWpb__9hw@mail.gmail.com> <DvZ3TQw1331t_b61Yz9LNjKFlelxGrJTwFRR1YLSY4a9_jSaoWoxM0WERoTHDustaNslMGg8q2hnwLIHfsPTmkLXBrQKFx424mvmMkbj2Zs=@protonmail.com>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
On 09/29/2018 09:29 AM, panoramix.druida wrote:
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> El sábado, 29 de septiembre de 2018 11:58, J B <jb.1234abcd@xxxxxxxxx> escribió:
>
>> Hi,
>> Could you please explain in what sequence the two should be activated and
>> why
>> (which setup is secure) ?
>> TB -- VPN or web proxy
>> or
>> VPN or web proxy -- TB
>
> I am playing with QubeOS and I try Tor -> VPN (with Bitmask) and I found this useful for not having captchas everywhere as it does happend with Tor alone. I try this thanks to this talk: https://www.youtube.com/watch?v=f4U8YbXKwog
True. But this is the most dangerous way to combine Tor and VPNs.
If you connect first through a VPN (yours or a commercial service) and
then to Tor, the VPN becomes like your ISP. It encrypts and obscures
your traffic. So your ISP can't easily tell that you connect with Tor,
or what you otherwise connect with directly.
But your VPN provider _does_ know all that. Also, some argue that VPN
services are more likely malicious than ISPs, and so potentially
compromise your Tor use. But others (including Mirimir) argue that ISPs
are more readily compromised by local adversaries, so using VPN services
increases security and privacy for Tor use.
Also, if you connect to Tor through a VPN, entry guards can't easily
know your ISP-assigned IP address. So malicious entry guards (or those
who had compromised them) would need to get that information from your
VPN provider. That would have provided some protection against CMU's
relay-early exploit, which pwned many .onion services and users.
However, connecting first to Tor, and then through Tor circuits to a
VPN, is _far_ more dangerous. Bottom line, you throw away all of the
anonymity that Tor can provide. That's because your VPN provider may
know who you are. Perhaps because you paid them in some traceable way.
Or perhaps because you accidentally connected directly, and not through
Tor, revealing your ISP-assigned IP address to them.
However, if you're careful, you can use VPNs through Tor to 1) avoid
Tor-specific CAPTCHAs, 2) route UDP traffic, and 3) use online services
that generally don't work well with Tor alone.
<SNIP>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk