Computer (VPN 1) connected Phones Internet on (VPN 2)? Tunnel within a tunnel...

Discussion in 'privacy technology' started by iunlock, Dec 26, 2014.

  1. iunlock

    iunlock Registered Member

    Joined:
    Dec 26, 2014
    Posts:
    10
    So I'm curious...

    Instead of a VPN service that bounces your data around like with TOR does with it's traffic....

    In theory and in reality, wouldn't the following be a very secure set up connection wise?

    Cell Phone (Connected to VPN company ABC) ---> Tethering via USB/Wireless ---> Computer connected to your phones WiFi connection, but with your computer connected as well on its own VPN (company XYZ?) * These are two different VPN companies that are not of the same. *

    I use the top two VPN services that are recommended here on these forums. When I'm out and about, for giggles, with my phone always being connected on VPN anyway with one company....I would tether and connect again on my laptop over my 2nd companies VPN.

    This provides a tunnel within a tunnel, which would be ideal for anyone wanting to go the extra yard for security? Whereas if you were using only 1 VPN provider, you're only hanging on the string of trusting them 100%....but with connecting using the method above, wouldn't that eliminate any trust issues with your first VPN company since you'd be having encrypted data going through another encrypted tunnel?

    All in all, you'll have to choose which VPN company you trust the most to be your 1st VPN then tunnel that through your phone connected to VPN #2 yes?
     
    Last edited: Dec 26, 2014
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    So like multihop ( https://www.ivpn.net/what-is-a-multihop-vpn ) but then of course separate VPN providers for the hops. I'm not as savvy as I'd like to be, but I'm pretty sure that's a thing people do indeed do.

    It's been mentioned around here that you'd even be great running Tor through a VPN. Of course once your stuff leaves the Tor exit, or the VPN- then it still has to rely on whatever encryption it's wrapped in till it reaches it's final destination (so we're into more encryption, wrapped in encryption. Like say, a website using HTTPS).

    Makes me think of the Get Smart show opening.

    edit

    Or actually, https://en.wikipedia.org/wiki/Matryoshka_doll but with a different doll inside each one.
     
  3. iunlock

    iunlock Registered Member

    Joined:
    Dec 26, 2014
    Posts:
    10
    I use TOR while connected to a VPN sometimes....and you're right, it all depends on the final destination as the exit node is where it counts, as a VPN only ensures a safe passage of your data, but once it reaches where it needs to go to ....it's all in the air again so to speak. This is why I think it's a great idea to use two VPN companies and to tunnel within a tunnel.

    ivpn is basically what TOR does, bounce it here- bounce it there, but I bet it's wayyyy faster haha as TOR is sometimes a nightmare to use because you're a year older by the time it connects. (Sometimes)

    VPN 1 + TOR + VPN 2 .... seems pretty solid... you'd just have to trust VPN 1 100%.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, using VPNs from multiple providers in nested chains is more anonymous than just one VPN.

    Why do you say for "VPN 1 + TOR + VPN 2" that "you'd just have to trust VPN 1 100%"?
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591

    Before I got to the bottom of this thread I was going to ask the same question. For instance; your name is John Doe (really in this example). John connects to vpn1, which is a legit connection made from John's ISP provider. Nothing wrong/illegal and any data packets going from John's computer to vpn1 are completely tunneled and his ISP and/or internet snoops cannot determine what is passing through John's connection. Now to add a "partition of trust" John adds TOR and/or vpn2 and maybe 3. If John's vpn1 gets compromised the encryption from TOR and/or subsequent vpns keeps VPN1 in the dark. Even VPN1 cannot see what is going back and forth, they can only see there is TOR or subsequent VPN.

    As you can see there is no more significance to being position 1 in the chain. If even one link in a multi part chain holds up the data moving through remains visible ONLY to John on his computer.

    As a consideration the number one connection is only relevant when you want to decide whether to show your ISP that you are using TOR or a VPN. After the first hop your ISP doesn't have a clue if you set it up correctly.

    I strongly prefer to go VPN first and leave my ISP in the dark regarding TOR use. Others here will argue the reverse. Doesn't matter, its your call.
     
  6. iunlock

    iunlock Registered Member

    Joined:
    Dec 26, 2014
    Posts:
    10
    I agree with you. This is how I connect:

    Computer connected to VPN 1 ---> Tor Browser ---> Internet connected to my HotSpot that is also connected to VPN 2.

    The reason I've mentioned trusting your "VPN 1" 100% is because you are tunneling everything through their servers so who knows if there is a back door in there somewhere. Now "VPN 2," would have no clue what's going on because they'd only be able to see encrypted data passing through. It's like a lock within a lock of your data.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    OK, I get it. The Tor Browser connects via VPN1, and VPN1 connects through VPN2.
    Well, VPN2 only sees the connection to VPN1. That's cool. But VPN1 only sees connections to Tor directory servers and entry guards, and that doesn't tell it anything useful, except as part of a deanonymization attack on Tor (ha ha).
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    I think we are all on the same page here. The idea of "partition of trust" is that while we trust every link in our respective connection chains, the reality is that a "glitch/adversary" along the path might just be able to compromise a link. With one link compromised YOU are not, and that is why its important for some.

    99% of the time a dependable single hop VPN would suffice. Its easy to add the few extra links for that remaining 1%, and to sleep better at night over the thought of what a tunnel breakdown could mean. LOL!
     
  9. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    Going back to tunnelling vpn1(laptop) through vpn2 (smart phone), I often USB tether my laptop/phone to get online when installing WIFI drivers on new installs... Its a Broadcom thing!!.
    When I connect the phone online over vpn using OpenVPN for Android https://play.google.com/store/apps/details?id=de.blinkt.openvpn
    and connect the phone to the laptop I would expect to see the vpn server ip. I haven't be able to acheive this no matter what I try. The phones browser see's the vpn, the laptop doesn't.
    The laptop and computer are connecting some other way than the phones vpn unless I'm missing something :eek:
    Theres no bluetooth, wired or other connections and I have used the drop non vpn connections in OpenVPN for Android'settings.
    I would like to make this work.
     
  10. iunlock

    iunlock Registered Member

    Joined:
    Dec 26, 2014
    Posts:
    10
    OpenVPN stopped working properly since KitKat 4.4. <-- Was the worst thing ever to happen to VPN users. Complete nightmare. Due to the security "nonsense of enhancements," on KitKat 4.4, it messed up how data packets are transferred via ipV4....

    There is only one VPN provider that I have found to work on 4.4+ (PM me) ....I haven't used OpenVPN since 4.3

    Note: I'm assuming you're on KitKat 4.4?
     
  11. iunlock

    iunlock Registered Member

    Joined:
    Dec 26, 2014
    Posts:
    10
    Yes indeed. I just love the idea of being able to do something like a tunnel within a tunnel where it makes it virtually impossible to crack.
     
  12. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
    Hi and yes,
    I'm running the MaximusHD custom ROM on a HTC one m7 http://forum.xda-developers.com/showthread.php?t=2189373/
    Kitkat 4.4.3
     
Loading...