On the Topic of Tor's Weaknesses

Discussion in 'privacy technology' started by lotuseclat79, Mar 22, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    They mention being able to trace you if they have access to the first and last node, if I understand correctly. So I guess if you open the Tor Browser bundle after connecting to a VPN, the connection could only be traced back to the VPN.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's correct Caspian.
     
  4. zero_Phil

    zero_Phil Registered Member

    Joined:
    Apr 22, 2011
    Posts:
    67
    So if you don't use a VPN Tor is useless?
     
  5. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    @zero_Phil: My understanding is that it is possible for an adversary to monitor both the entry and exit nodes which your data is sent through but it is possible. That being said, it is a good idea to use both TOR and a VPN. This is because TOR gives you anonymity but does not protect your data (i.e. the exit node can see your data). Use a VPN and TOR and you can have both anonymity (through TOR) and an encrypted and private internet connection which adds another layer of security as well.
     
  6. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    In my opinion, that would work only if there is just one relay nod in between.
    Bad-Good-Bad, if there are two or more, it would be very hard(er). Plus if you have https, then it is encrypted.
     
  7. zero_Phil

    zero_Phil Registered Member

    Joined:
    Apr 22, 2011
    Posts:
    67
    Thanks Jack & Hugsy, all interestng stuff.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Adding a VPN only protects from evil Tor exit nodes if the VPN is routed through Tor. Conversely, adding a VPN only protects from the deanonymization attack described by the OP if Tor is connecting through the VPN. But you can have both, if you like.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that. . But then if the organization who was able to control the first and last node contacted the VPN provider to see who was connected to tor at such and such time, and the VPN provider agreed to give it to them, then that would be that. So still it is important to have a trustworthy VPN who is truly devoted to the principles of privacy and freedom.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I wish I knew how to have it both ways. That would be pretty cool. How do you get a VPN to go through tor?

    I have a JanusPA that I bought a long time ago. But I never got around to hooking it up. Do you think it would still be safe to try? That is the only way I could think of getting a VPN to go through tor. Connect the JanusPA, fire up the VPN, and then fire up the Tor browser bundle....LOL
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Tor handles TCP, so TCP-based VPNs (HTTPS port 443) work. VPNs deal pretty well with packet loss and latency. See -http://www.wilderssecurity.com/showthread.php?t=316044 for one approach.

    I wouldn't use JanusPA unless you could update Tor.
     
  12. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    @mirimir

    I was under the impression that you could accomplish both (Hiding your identity from your VPN provider through TOR and keeping the contents of your data safe through the TOR network using your VPN).

    Here is what I am basing my assumptions on:

    Air over Tor


    Using AirVPN with TOR
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    OK, that works too: routing TCP VPN traffic through Tor. But your ISP etc does see that you're using Tor.
     
Loading...
Thread Status:
Not open for further replies.