Changes between Version 11 and Version 12 of doc/TorPlusVPN


Ignore:
Timestamp:
Apr 11, 2012, 7:14:11 PM (8 years ago)
Author:
proper
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorPlusVPN

    v11 v12  
    55= general =
    66== Anonymity and Privacy ==
    7 You can very well decrease your anonymity by using VPNs in addition to Tor. If you know what you are doing you can increase anonymity, security and privacy.
     7You can very well decrease your anonymity by using VPN/SSH in addition to Tor. (Proxies are covered in an extra chapter below.) If you know what you are doing you can increase anonymity, security and privacy.
    88
    9 Most VPNs log, there is a money trail if you can't pay really anonymously (an adversary is always going to probe the weakest link first...). A VPN acts either as a permanent entry or as a permanent exit node. This can introduce new risks while solving others.
     9Most VPN/SSH provider log, there is a money trail, if you can't pay really anonymously. (An adversary is always going to probe the weakest link first...). A VPN/SSH acts either as a permanent entry or as a permanent exit node. This can introduce new risks while solving others.
    1010
    11 Who's your adversary? Against a global adversary with unlimited resources more proxies make passive attacks (slightly) harder but active attacks easier as you are providing more attack surface and send out more data that can be used. Against colluding Tor nodes you are safer, against blackhat hackers who target Tor client code you are safer (especially if Tor and VPN run on two different systems). If the VPN/SSH server is adversary controlled you weaken the protection provided by Tor. If the server is trustworthy you can increase the anonymity and/or privacy (depending on set up) provided by Tor.
     11Who's your adversary? Against a global adversary with unlimited resources more hops make passive attacks (slightly) harder but active attacks easier as you are providing more attack surface and send out more data that can be used. Against colluding Tor nodes you are safer, against blackhat hackers who target Tor client code you are safer (especially if Tor and VPN run on two different systems). If the VPN/SSH server is adversary controlled you weaken the protection provided by Tor. If the server is trustworthy you can increase the anonymity and/or privacy (depending on set up) provided by Tor.
    1212
    13 VPNs can also be used to circumvent Tor censorship (on your end by the ISP or on the service end by blocking known tor exits).
     13VPN/SSH can also be used to circumvent Tor censorship (on your end by the ISP or on the service end by blocking known tor exits).
    1414
    1515== VPN/SSH versus Proxy ==
     
    1919
    2020Also read [https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Arent10proxiesproxychainsbetterthanTorwithonly3hops-proxychainsvsTor Aren't 10 proxies (proxychains) better than Tor with only 3 hops? - proxychains vs Tor].
     21== VPN versus SSH or Proxy ==
     22VPN operates on network level. A SSH tunnel can offer a socks5 proxy. Proxies operate on application level. These technical details introduce their own challenges when combining them with Tor.
     23
     24The problematic thing with many VPN users is, the complicated setup. They connect to the VPN on a machine, which has direct access to the internet.
     25 * the VPN user may forget to connect to the VPN first
     26 * VPN connection might breaks down and the user continues to use the direct connection, which jumps in
     27To fix this issue you can get some hints from [https://trac.torproject.org/projects/tor/wiki/doc/TorVPN TorVPN].
     28
     29When operating on the application level (using SSH tunnel socks5 or proxies), the problem is that many applications do not honor the proxy settings. Have a look into the [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO Torify HOWTO] to get an idea.
     30
     31The most secure solution to mitigate those issues is to use transparent proxying, which is possible for VPN, SSH and proxies.
    2132
    2233= you -> X -> Tor =
     
    2940
    3041Another advantage here is that it prevents Tor from seeing who you are behind the VPN. So if somebody does manage to break Tor and learn the IP address your traffic is coming from, but your VPN was actually following through on their promises (they won't watch, they won't remember, and they will somehow magically make it so nobody else is watching either), then you'll be better off.
    31 
    32 The problematic thing with many VPN users is, the complicated setup. They connect to the VPN on a machine which has direct access to the internet. (No isolation.)
    33  * the VPN user may forget to connect to the VPN first
    34  * VPN connection might breaks down and the user continues to use the direct connection, which jumps in
    35 To fix this issue you can get some hints from [https://trac.torproject.org/projects/tor/wiki/doc/TorVPN TorVPN].
    3642
    3743== you -> proxy -> Tor ==