Interesting. This is one of TOR's design flaws. They are trying to address it but it seems they are running up that hill.
I don't entirely trust Tor. So I always use it through nested VPN chains (usually with three VPN services, but sometimes just two, if I'll be running many instances, and am just hitting my own hidden services). For more anonymity and deniability, I've used anonymously-leased remote VPS or servers as workspace, and use them via Tor. I typically setup anonymously-leased remote servers just like local ones, with FDE (LUKS with LVM2) and VirtualBox. With dropbear in the pre-boot system, I can unlock LUKS volumes via SSH. There's no physical security, of course, but I know whenever the server reboots. And if it reboots spontaneously, I can choose to nuke and reinstall, or move on. I run VirtualBox on them, and access VMs via remote desktop (RDP with TLS authentication). I plan to test exposing VirtualBox remote desktop as a Tor hidden service. And of course, I can use nested VPN chains and Whonix, just like on local VirtualBox hosts. I note that this is not Tor over Tor, which is insecure. I'm using a remote desktop via VPNs and Tor, and that remote desktop is accessing the Internet via VPNs and Tor. There's latency for sure, sometimes as much as 1-2 seconds, but you get used to it Less elaborately, I just setup anonymously-leased remote VPS with minimal Linux desktop. I either setup VNC server as Tor hidden service, or just use VNC via SSH via Tor. This is more for throwaway play, because there's no privacy with hosted VPS.
There are times that I feel like I have learned so much in regards to security and privacy. Then I read a post like the one I am quoting and I realize I have soooooo far to go. I can tell you fire that stuff off so casually that you may not even realize just how smart you are!!
With two boxes on LAN as VirtualBox hosts, you can practice all of that locally. And it's not hard to find instructions for each step online.
seems like it might be better to confront you govt and speak your mind right to they face instead of hiding behind 25 layers of nested VPNs. unless you live in say Iran or some place similar.
I do understand that if you're in the logic of anonymity you can perceive it as fuller than full, but still : what can possibly be the motivation of bringing carefulness to such an extent? Latency, responsiveness brought to a crawl (unless perhaps connection is basically of very high standard) for the sake of what, unless of course in specific geopolitical areas of the world? I'm not criticizing, only trying to understand the cost of opportunity when it comes to anonymity.
Hunter S. Thompson, Fear and Loathing in Las Vegas "Is it doable?" is basically it for me, potential applications aside My first machine ran DOS, with third-party disk-based virtual memory and DESQview for multitasking. So I have some experience with high-latency
Download link to PDF research paper (523 KB) at MIT follows: Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services. -- Tom
Many people may say we have more to fear from more pervasive paranoid goverments that masquerade as homes of the free, oh and the UK