VPN or TOR?

Discussion in 'privacy general' started by bellgamin, Jan 23, 2021.

  1. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Hello @Palancar

    Of course all of your Internet security decisions are yours and I respect them. Thank you kindly for the data.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    By the way I just checked before signing in here and my TOR circuit exit was just under 20 meg a few seconds ago.

    1. General OPSec for most clearnet connections. l like having 5-6 hops between someone like "Palancar" and my actual ISP connection. TOR browser eliminates fingerprint analysis in a classic way. Most users try to look unique so they can't be cross referenced among the various sites they visit. They attempt to mitigate risks by employing completely different browsers to specific sites (Brave, Firefox,Chrome), but TOR if used properly does it MUCH better. How? If I employ the generic TBB to visit a site, such as here, I project a vanilla TOR fingerprint. This means that EVERY TOR browser bundle (in generic configuration) online casts the EXACT same identification when queried by onlookers. Screen size, browser details, etc.... There is NO difference between me and every user smart enough to use TOR in generic/vanilla configuration. So I appear as identical to 10's of thousands of users online at this time. Further all my TBB/TOR use is in virtual machines so if an aggressive attacker breaks out of the bundle (not easy to do) they gain the details of a virtual machine and NOT the physical hardware of the host OS motherboard. Hope this makes sense.

    2. The other point of conversation is that TOR is required for me to gain access to the onion sites I participate in. My FTPs, encrypted email accounts, etc.... are ONLY accessible via onion!
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Oh yeah I remember that. They require you to keep tor in the original window size so u can blend in with everyone else... Except that windows size is super smol and uncomfortable. Why cant it be 1920 X 1080....
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    Two things:

    1. You can change the size if you want to. The rule of thumb is to drag the screen larger (not max) and NOT to click on the MAX button in the browser. This means the display is much larger but doesn't exactly match your actual screen size. Every time you drag it larger the screen size may be different that the time before.

    2. You may shrug this one off. Monitors are very cheap where I live. You can actually use a 24" monitor and by doing that even with the TOR browser at default it may be larger than the average laptop screen. Just a thought, and yes I have done that often. Seems like waste of display, but again security is the driving force for many.
     
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Yeah u drag it and u become unique (unless someone else dragged it to ur same window size, then u become almost unique I guess)...

    Well I use 23 inch monitor and I always have browser in max, so...

    Just block javascript and css and view sites in plain html, then no one will ever know looooooooooooooool

    Oh wait, that's a unique identifier in itself, hahahahaa
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    There all all kinds of ways to use TOR. I have TOR set up in my router along with 3 VPNs using Fresh Tomato Firmware. The VPNs and TOR are all on separate subnets on different Wifi channels. TOR is layered over a VPN so my ISP doesn't see I'm using it. I use these capabilities of the router to isolate problematic devices, media boxes mainly, that I have have no direct control over and no trust in. I also use it for unblocking geo restricted content on these devices. I have one smart TV on the TOR channel and speed can vary but I watched several videos with the built in Youtube app last night in HD with no glitches, sudden reductions in resolution or captchas. Doesn't always happen and I thought the TOR circuit might have failed and I was using the VPN. Then an ad came out in Russian and I knew TOR was working properly.

    In regards to speed, being smart about routing your VPN layers can help. I generally do it with the first hop to a big city node with fast speeds that is closer to the second hop. The second hop has a fairly low latency due to this. In the world of streaming, I've found that you can sometimes improve performance with far away sources with a VPN. A fast VPN connection is consistent and if it is near the source, it eliminates some of the randomness of packet routing across vast physical distances.
     
  7. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    Yeah, no disrespect to the coders behind TBB, but I'm just not sure I completely buy that. There are so many different fingerprinting metrics... user agent, timezones, fonts, language choices, canvas metrics, webgl metrics, javascript settings, platform response, cookie settings or lack thereof, etc, etc. I can't imagine some "uniqueness" doesn't leak through. Not to mention, even if you are correct and the TOR developers have considered every possible metric and provided a solution in each and every case (even if it means some inconveniences to users), then you have to consider the uniqueness of TOR itself. Heck, Wilders is a security site, but how many people actually access it in the generic TBB mode... you might be unique in that alone. That is, the fact that a site can fingerprint you as TOR probably means you represent <0.5% of the site's users, as compared to someone using something like Chrome (although, of course, Chrome leaks all of the other uniqueness markers). Those companies that make money off of invading privacy are pretty creative, and when it potentially means millions of dollars of lost advertising revenue... the game is kind of stacked against you.
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Alec,

    Understand all of your comments. My "money" is still on being the generic TBB user with identical profiles to other such users. If the TOR dev team missed something that item would be above my pay grade anyway. And without providing their usernames I have spoken with several others here that use TOR/Whonix/TBB in generic mode for the same reasons I stated above. I am not worried about the "Wilders" thing. I go to many sites but on each I am the generic TBB user, except for my home machine where my actual identity is being used - banks, etc... That is on another machine and connection though.

    To try and mitigate the "maybe TOR missed something" I use unique TBB's for each site where I spend "log in" time. e.g. Wilders has a unique TBB/TOR setup that I ONLY access Wilders using. This bundle NEVER goes to a site other than Wilders. Hope that makes sense.
     
    Last edited: Feb 4, 2021
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    So you know there's a TOR user on wilders, how does that help?
     
  10. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    Well, Wilders might be a bad example, as I doubt that they make use of any cross-site trackers that might correlate you via TBB usage and other "leaking" uniqueness markers... and, anyway, Palancar, addressed my concern by stating... "I use unique TBB's for each site where I spend 'log in' time. e.g. Wilders has a unique TBB/TOR setup that I ONLY access Wilders using." It seems rather inconvenient to me, but I suppose that I do understand it better now.

    I guess my concern wasn't with TOR Browser Bundle so much, as it and its users typically think through these issues far better than most... but was more a concern about many "anonymizing" technologies that are supposed to make you less trackable, however, in practice many of them ironically may make you more trackable as such a small percentage of the population use them that they, in essence, become a uniqueness marker in and of themselves. If that makes sense. I suppose it's not impossible, but I'm a bit fatalistic on browser fingerprinting and the ability for these cross-site trackers to correlate information about you.
     
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I wouldn't use any of them unless there's valid reason. This traffic is difficult to analyze or filter out, blackfog will not see vpn connection and would not block ip connection for instance , I'd rather avoid tunneling for security buff. It really depends. Even if you don't use vpn your device might be difficult to track all the same, there's always noise (there was a large article on this)
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Tor sometimes makes spying on your traffic easier. There are many malicious exit nodes performing SSL stripping. Unless you know how to avoid or at least detect that don't use Tor for your all Internet traffic. Use Tor Browser only for specific activities where you don't log in anywhere via Tor, unless you know what you are doing (know basics of networking). Surfing the Web is quite safe over Tor, but unless you know what you are doing logging in or providing any PII are no-no.
    Trustworthy VPNs are the most valuable in low security/vulnerable gateways/untrusted ISPs/unsecured Wifi networks.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.