Discussion in 'privacy technology' started by lotuseclat79, Mar 22, 2012.
On the Topic of Tor's Weaknesses.
They mention being able to trace you if they have access to the first and last node, if I understand correctly. So I guess if you open the Tor Browser bundle after connecting to a VPN, the connection could only be traced back to the VPN.
That's correct Caspian.
So if you don't use a VPN Tor is useless?
@zero_Phil: My understanding is that it is possible for an adversary to monitor both the entry and exit nodes which your data is sent through but it is possible. That being said, it is a good idea to use both TOR and a VPN. This is because TOR gives you anonymity but does not protect your data (i.e. the exit node can see your data). Use a VPN and TOR and you can have both anonymity (through TOR) and an encrypted and private internet connection which adds another layer of security as well.
In my opinion, that would work only if there is just one relay nod in between.
Bad-Good-Bad, if there are two or more, it would be very hard(er). Plus if you have https, then it is encrypted.
Thanks Jack & Hugsy, all interestng stuff.
Adding a VPN only protects from evil Tor exit nodes if the VPN is routed through Tor. Conversely, adding a VPN only protects from the deanonymization attack described by the OP if Tor is connecting through the VPN. But you can have both, if you like.
Thanks for that. . But then if the organization who was able to control the first and last node contacted the VPN provider to see who was connected to tor at such and such time, and the VPN provider agreed to give it to them, then that would be that. So still it is important to have a trustworthy VPN who is truly devoted to the principles of privacy and freedom.
I wish I knew how to have it both ways. That would be pretty cool. How do you get a VPN to go through tor?
I have a JanusPA that I bought a long time ago. But I never got around to hooking it up. Do you think it would still be safe to try? That is the only way I could think of getting a VPN to go through tor. Connect the JanusPA, fire up the VPN, and then fire up the Tor browser bundle....LOL
Tor handles TCP, so TCP-based VPNs (HTTPS port 443) work. VPNs deal pretty well with packet loss and latency. See -http://www.wilderssecurity.com/showthread.php?t=316044 for one approach.
I wouldn't use JanusPA unless you could update Tor.
I was under the impression that you could accomplish both (Hiding your identity from your VPN provider through TOR and keeping the contents of your data safe through the TOR network using your VPN).
Here is what I am basing my assumptions on:
Air over Tor
Using AirVPN with TOR
OK, that works too: routing TCP VPN traffic through Tor. But your ISP etc does see that you're using Tor.
Separate names with a comma.