Anonymous Services - Can We Get A List Going And Feedback?

Discussion in 'privacy technology' started by DasFox, Nov 2, 2010.

Thread Status:
Not open for further replies.
  1. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I had one of the Onion developers tell me that using VPN with Tor is not going to improve anything with Tor over privacy or anonymity.

    I had lengthy discussions with this developer, who gave me a very good impression of his professionalism over this matter, to make me realize Tor and VPN together is pointless...
     
  2. katio

    katio Guest

    Could you share some insights because that's anything but obvious.
    Besides this clearly contradicts your previous
    "Also I wouldn't trust using Tor because you're anonymous but not private. Forget Tor and get a decent VPN, not a pptp connection..."
     
  3. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Basically from what I remember it had to do with the nodes, as most people are concerned with, and trying to improve this, thinking adding VPN to the mix improves upon this providing better privacy or security and the developer told me it doesn't.

    So in a nuttshell for all the things Tor lacks, people seem to be under the false impression that hopping through a VPN, routing Tor through it will make improvements and it doesn't...

    I didn't make any contradictions, read it again; ;)

    Your using the vyprvpn that is PPTP? If so ditch that, PPTP isn't as secure as OpenVPN.

    Also layering Tor on top of OpenVPN isn't going to provide you with any more anonymity, privacy or security, it's just a myth.

    Also I wouldn't trust using Tor because you're anonymous but not private. Forget Tor and get a decent VPN, not a pptp connection...
     
    Last edited: Feb 8, 2011
  4. katio

    katio Guest

    Yeah, you did. That's what I said :p

    From the way you reported what this developer said I conclude what he really meant to say was:
    Adding VPN on top of an Onion encryption doesn't improve anything because the data is already encrypted on the _node_. It really makes no difference with the first and second node, and on the last one eavesdropping is possible on plain-text protocols no matter if it's a VPN server or a Tor node.
    But that doesn't mean you can't improve privacy with a trusted VPN and anonymity with an offshore VPN that doesn't keep logs or that doesn't even know who you are. These are different aspects.

    Your contradictions is you say a VPN is better in terms of privacy, Tor is worse but Tor+VPN (in the first configuration) isn't better than Tor, neither in terms of privacy nor security.
    That clearly doesn't make much sense.
     
  5. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    That makes sense. Tor+VPN would arguably be better only if one could access the VPN via Tor, because in that case only encrypted VPN packets would be exiting Tor. That would also be cool because the VPN provider, if it accepted anonymous payments, wouldn't know your true identity or location.

    I think that we all agree on that -- except which VPN that might be ;)

    It makes sense to me, FWIW. Tor+VPN (that is, accessing Tor via VPN) isn't better than Tor alone, because (as you note above) "eavesdropping [by Tor exit nodes] is possible on plain-text protocols". DasFox argues that OpenVPN-based VPNs are better than Tor -- and also better than such VPNs plus Tor -- because exit nodes are known and trusted (by the VPN provider, anyway) rather than random Tor exit nodes that may snoop or worse.
     
  6. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    First off, so I'm clear here and you are too, we are talking about the combination of Tor with VPN...

    The poster thought, or it's my understanding that by adding VPN to Tor it would make Tor better, it won't...

    A good VPN is much better then Tor, so trying to combine the two is pointless, that is why I said to just use VPN and forget Tor. So let's say this another way, if you have a good VPN, why are you even bothering using Tor, that's stupid, just use a good VPN, it's all you need...

    So slow down katio and just read, I thought I made it clear, LOL... :)

    I made a typo, 'DIDN'T and no read it again what I said, you've got things backwards, twisting my words...

    I said;

    Tor on top of OpenVPN isn't going to provide you with any more anonymity, privacy or security, it's just a myth.

    Meaning adding VPN to Tor, does nothing to improve Tor... ;)

    And certainly trying to add Tor to a VPN does not at all improve the VPN...

    And I ended saying, just use VPN...

    So, the ending, if you really care about security, privacy and anonymity you use a good VPN and that's all there is to it and that's all I was trying to explain...
     
    Last edited: Feb 8, 2011
  7. katio

    katio Guest

    Which is another statement that is far from being obvious. Please tell us why you think that's the case.
    I argued here why (I think) this is NOT true:
    https://www.wilderssecurity.com/showthread.php?t=277329 (starting with post 24)

    I was just kidding (see the smiley?).

    You keep on repeating this but fail to explain why you think that is the case, let alone proving it. On the other hand I tried to demonstrate WHY I think Tor with a VPN is better than VPN OR Tor alone, improving security and also privacy depending on how you set it up.
    If I failed to explain that just ask with specific (technical) questions. There is no point in repeating our general diverging opinions.
     
  8. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Here go to the OnionCat website and email the developers;

    http://www.cypherpunk.at/onioncat/

    The Tor model can never be as secure and it's certainly not as private as a GOOD VPN and that's the bottom line...

    Tor only provides Anonymity, when it comes to privacy and security, forget it, Tor doesn't have it on the level of a high quality VPN...

    I'm not going to get technical with this discussion because it involves to much to explain, but some aspects can be explained that aren't so complicated.

    Tor's biggest problems are on the reliability of who's sitting on the nodes and possibly sniffing, that you have to put a BIG TRUST factor into using it and when you just look at this one simple little problem, that's more then enough to steer clear of it and no one can argue that, not even the highest level of developers, or executives at Tor will disagree over this.

    I spoke to a OnionCat developer who told me these things and also one of Tor's own executives, so what more do you want when the leading people tell you these things?

    So you don't believe me, email them... ;)
     
    Last edited: Feb 9, 2011
  9. katio

    katio Guest

    No, that's not how it works. You make very strong statements without any sound evidence or rationale whatsoever. You make the claims, you prove them. Don't give me the "that's too technical" (if you actually know what you are talking about you can explain the most difficult problems of the world in a simple way everyone understands) or "the leading people said so" without proper citation or reference.

    At least now you say Tor provides anonymity, before you claimed privacy AND anonymity are no match compared to a "good" VPN.
    The points you rise are nothing new and nothing I hadn't covered in the linked thread or other discussions here. The "BIG TRUST factor" applies to VPNs too, to lesser extent but that's why I said you can combine Tor and VPN. You get superior anonymity and don't need to trust any unknown parties. Or you could just use TLS, PGP, .onion services or any other encrypted protocols and the whole "privacy problem" becomes moot.

    Besides "privacy" and "anonymity" you throw in another term, "security". What's that supposed to mean? It's a very broad term and adds nothing to clarify or support your points (other than distraction).
     
  10. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I'm not sure why you don't read what I'm saying and give a response to the answers I've given, but you don't seem to be paying attention...

    1.Tor= Node problems
    2.Tor Node problems = VPN can't cover for that problem and improve Tor
    3.OnionCat developer explained this to me, as well as one of Tor's executives.

    Go and email one of the OnionCat developers I gave you the URL to their site and email the executive at Tor, his email is on their site too, I told you this and you keep still arguing, they have the answers and this is what I said...

    Now if you're not going to trust listening to them, the experts in this field, then who are you going to listen to?
     
  11. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    Adding TOR to your VPN will increase your anonymity as long as you don't send any sensitive information about yourself. But if you protect your data with good encryption and security addons, node sniffing will not do much. Some VPNs may be vulnerable to timing attacks, adding TOR after your VPN will increase the 'noise' and delay on your network requests, and make it harder to success with these attacks.

    For me, the TOR-exit-node-sniffing-problem is not that much different from the global internet spying that already occurs. I always asummes that unencrypted traffic is read by some third party, so I never post/store sensitive information on unencrypted "channels".

    /Simon
     
    Last edited: Feb 10, 2011
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    One advantage, I would think, of using Tor through your VPN would be that your ISP would have no knowledge or record of you connecting to Tor. They would only see the VPN. And the destination point would have no knowledge of you connecting to the VPN. All they could see would be Tor.

    The other thing too is if you did not trust your VPN provider 100%, then you could have some peace of mind knowing that they could only see an encrypted connection to Tor.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    But what if you used the new Tor Router that may be available soon?

    http://www.geekosystem.com/tor-router/

    It seems that you could fire up the VPN and that it would be forced to go through Tor. And on top of that, I bet you could actually fire up the Tor browser. So your VPN connection would be forced through the Tor Network via the router, and you would simultaneously tunnel another tor connection on through the VPN. So you could both enter and leave the VPN via Tor.:argh:

    I use to have an Iphantom. Someone posted this link a long time ago http://www.frostjedi.com/terra/scripts/ip_unmasker.php as a proof of concept that your true IP could be revealed while using Tor. And it worked! But it never revealed my true IP. It was only able to reveal the Iphantom IP. I also fired up the VPN with the Iphantom connected and it worked just fine. And I also tried starting up the Vidalia connection. So my VPN was going through the Iphantom, and my browser's Tor connection was tunneling through all of that. Now maybe I am wrong, but I can only assume that with the Tor Router, things would work in the same way.
     
  14. katio

    katio Guest

    @DasFox

    Even though it was your turn to produce sources, citations and proof for your claims I emailed the onioncat devs in the interested of all readers of this thread.
    I got a lengthy reply that hopefully can explain better where I failed and resolve all misunderstandings.
    Without much further ado, here it is:
    Many thanks to creo who allowed me to post his response here on the forum.

    quick additional info: He quotes my email I sent to him and quotes me quoting forum posts from DasFox.
     
  15. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Katio,

    Thanks for the info, I guess the OnionCat developer forgot I asked about Tor as well as OnionCat...

    Oh well now we have what looks like some nice answers....


    THANKS
     
  16. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    I personally now stay away from all these VPN providers that have these supposed servers all over the world, nothing but a bunch of BS really...

    Go out and look at a big majority of all these VPN providers, that have servers all over the place, these are not the type of VPN providers you want to use if you are serious...


    THANKS
     
  17. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Thanks for the reply, we need to keep this post alive, it seems to have a bit of helpful information for people, myself included... :)


    CHEERS

    P.S. Trying to get them to sticky it, to benefit us all...
     
  18. Subgud

    Subgud Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    151
    Location:
    Norway
    I am not sure in which way I can help this thread as I can see that some of the things you are discussing is far over my data knowledge. But I can tell what I use and how it works for me.

    I have been trying 3 different vpn services and I settled with one of them. I have tried out comodo trustconnect, supervpn and astrill vpn.

    I chose astrill as my vpn. The reason? First of all, the speed. I am sensitive to speed. I have from my isp 10/10mb. I want the same speed from the vpn. Second, I want something easy to use and a nice, easy interface. Astrill is all that. I am also very happy that I can use astrill on my mobilephone. Astrill also have many servers in many countries and they are easy to switch between.

    I mainly use my vpn for hiding my ip and for watching tv in other countries. So when it comes to astrill and how their security etc I have chosen to trust what I can read on their website.

    Their online support is very good. Fast and informal! The pricing is ok, 10.95$ for a month and some discount if you sign up for a year. And if you want to promote them via links on your website, facebook etc you`ll get % of the income they have on your links.

    Unlimited bandwith, switch between servers as much as you can as often as you like for free. No ads. Supports both open openweb and openvpn protocol. They do require that you leave your phonenr when you buy from them. I asked the support why and they said it is theire payment company that required this to verify that the card is yours and that your are not a criminal. I can buy that since everytime I use my creditcard online and buy things, if my adress or phonenr is wrong my transactions wont go through.

    So there you have it. Me, astrill and my thoughts about it :)
     

    Attached Files:

    Last edited: Apr 14, 2011
  19. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I've know of them, never really checked them out...

    They seem like a reputable business, if you ask them you can get their business registration information to verify their business in Australia and they said they don't keep any logs...

    Might be a good one to check out...

    One thing though of interest about them, SparkLabs that makes the Viscosity client for OSX, also working on a Windows version, located also in Australia won't even recommend them.

    SparkLabs has a recommended list and I think this is a good thing to see from developers that make a OpenVPN client, this brings a level of credibility;

    http://www.thesparklabs.com/support/vpn_service_providers/
     
    Last edited: Apr 16, 2011
  20. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
  21. x942

    x942 Guest

    Privacy:
    I have a VPN set up at my home as well as an SSH tunnel. Use both for privacy and security when it comes to Open HotSpots.

    Anonymous:

    I use a three or four layer method:
    1) Faked Mac Address
    2) Public access point
    3) Use TAILS Live CD to force all traffic over TOR
    4) Connect from that to a proxy and then to what ever site i need to.

    I do this mainly for when I am pentesting client sites to prove just how anonymous a hacker can be. The above method is IMPOSSIBLE to track even if they get back to the HotSpot the false Mac wont match you so their is no evidence.
     
  22. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Are you talking about HotSpots as it relates to public access as a Wifi or the actual Open HotSpots Network that you use and that also in reference to number two as your public access point?
     
  23. x942

    x942 Guest

    Open Hotspots as in local starbucks or for that matter ANY unsecured network. This way even if they somehow track you back to that hotspot they can NEVER find you. Why? two reasons:
    1) It's open; Anyone could have connected and logs would be over written pretty fast.
    2)Faked Mac address; Recommend using a common manufacture if it is "unknown" or a old (no longer used) one someone will be suspicious of it.

    Since the Mac goes back to normal on reboot even if they suspect you they cannot prove it. TAILS flushes RAM on shutdown and over wrights it AKA No evidence = no conviction.

    Now this is 100% ANONYMOUS but not SECURE your data MAY be intercepted but in my purpose (Pentesting) I don't need to worry about this. I am only showing clients how anonymous an attacker can be. The above was used against a client who even had an (ex) police officer come in (who used to be with the Digital Crime Unit). He couldn't think of any way to track it all the way back to the AP let alone attacker.
     
  24. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Ok, wasn't sure for a sec there on your HotSpots...

    Well this is all fine and dandy when you can jump on an open wifi connection that can work decent, when you are around one.

    As far as Tails goes, at this point in time I don't place much trust in Tor...


    THANKS
     
  25. x942

    x942 Guest

    I trust tor for anonymity. Just don't use p2p and you'll be fine. The layered proxy also slows any one down tracking me.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.