Question on VPN

Discussion in 'privacy technology' started by lonneytunes, Aug 25, 2012.

Thread Status:
Not open for further replies.
  1. lonneytunes

    lonneytunes Registered Member

    Joined:
    Aug 25, 2012
    Posts:
    3
    Hello people, if there is any possibilities where VPN service provider act as man in the middle (putting the trust factor aside)? Thanks.
     
  2. Jamie1980

    Jamie1980 Registered Member

    Joined:
    Aug 24, 2012
    Posts:
    1
    Location:
    United States
    It strikes me on the basis of common sense alone that using a VPN (no matter how it's structured or advertised) is not unlike dropping your car off at the garage for repairs for a couple of days while the mechanic ( a guy you happen not to know for sh*t) goes through your glove, checks under your seats and rifles through your trunk - and then calls the cops if he even sniffs pot or sees baby talcum powder anywhere on or in the car - at least US, Canadian, Australian or European VPNs, or any other country we have mutual enforcement treaties with for that matter.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I agree with Jamie1980. VPN providers see all your traffic. You can encrypt anything that you want private, but they still see where you're going. You can use Tor to hide that, but they at least see that you're using Tor.

    Using VPNs does hide all of that from your ISP. So you want to pick VPNs that you "trust" more than your ISP. As Jamie1980 suggested, you want to pick one in a country that doesn't readily cooperate with yours. We know that using HMA didn't work out for recursion, a LulzSec member from the US. However, HMA might have protected Egyptian dissidents (or so HMA has claimed).

    Combining VPNs (via nesting) from multiple poorly-cooperating countries is better. You can add Tor to the mix if you like. While perfect Internet anonymity is an illusion, workable anonymity is possible for most of us.
     
  4. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,428
    Those are? I don't see Iran or Venezuela offering VPN services
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Maybe you haven't looked hard enough ;)

    But seriously, I didn't say "non-cooperating". Panama and Russia don't cooperate as readily with the US as the UK does. And it's no accident that Countermail operates in Sweden, rather than in Germany. Or consider BolehVPN. How long would their torrent focus fly in Australia?
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I know you have mentioned using a VPN, running Tor through that, and then connecting to another VPN from there. Which sounds pretty amazing. Wouldn't that be perfect anonymity? I mean, if that last VPN has never seen your real connection, and it only sees Tor, how could it be traced?

    And what if you are running a VPN and then run Tor through that and connect to a hidden Tor service (or whatever it's called)? That never leaves the Tor network, right? So could it be traced? I would think that would be pretty darned anonymous.

    Actually, wouldn't a Tor hidden service be 100% anonymous as long as you didn't give out any personal info? No exit node, right?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @caspian

    If you're combining VPNs and Tor, you'll be very hard to trace. But everything on the Internet has a public IP address, and everything can be traced, given enough traffic data.

    Of course, gathering and analysing so much data would be very difficult and expensive, so only high-value targets of TLAs need worry. Far more likely is de-anonymization through spearphishing. That's how Anonymous outed some users of the Tor hidden service "Hidden Wiki".
     
  8. lonneytunes

    lonneytunes Registered Member

    Joined:
    Aug 25, 2012
    Posts:
    3
    Last edited: Aug 28, 2012
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @lonneytunes

    We did lose sight of your question about MITM attacks :(

    As you got from Server Fault, encrypted (SSL, SSH, etc) traffic is no more vulnerable to VPN providers than it is to ISPs. In either case, MITM attacks would require the target server's encryption key.
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Is spear phishing talking people into giving up personal information?Like gaining someone's trust so they five you a username or email address?

    I'll have to look up hidden wiki again. I thought that was just a list of services in the Tor network. I found a list a few weeks ago poking around. I did see some illegal stuff but I also saw quite a bit of stuff that just looked really normal. Nothing out of the ordinary. Message boards, blogs etc...
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @caspian

    Spearphishing is phishing that's targeted on specific individuals, and that looks like something that they'd normally get (such as an email from a coworker). Anonymous' #OpDarknet wasn't that focused. They posted an "emergency Tor update" on one of the CP-related pages that was actually malware. It "phoned home" when targets weren't using Tor. See -http://pastebin.com/hquN9kg5-.
     
  12. lonneytunes

    lonneytunes Registered Member

    Joined:
    Aug 25, 2012
    Posts:
    3
    Thanks mirimir

    [me]<->[vpn server]<--(proxy spoofed ssl cetr)-->[proxy]<--(website ssl cert)-->[website]
    If there is some "mechanism" to verify the website CA cert (e.g some 3rd party), probably it will provide better authenticity right?
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That looks pretty clever. Was this the Tor Browser Bundle or just Firefox configured with Tor? Because the tor button in TBB wouldn't be connected to the internet while TBB is closed right? And Tor is automatically started when TBB is opened, as far as I know. So how could tor button phone home with a true IP unless it was tor button installed in regular firefox that was being used without tor?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @caspian

    The malware didn't do anything to Tor. It waited until Tor wasn't connected, and then queried a Metasploit site, which logged IP address and whatever it could find (as with the old decloak.net site). I don't know (or remember) specifics about how it evaded protections in TBB. When Tor isn't connected, your computer must have normal Internet access to find Tor entry nodes. Unless everything but safe Tor nodes is blocked in your hosts file, I don't see what would stop the Metasploit query.
     
  15. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,428
    Didn't they also fake a signed Verisign certificate? I believe that could be how they got them.
     
  16. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    lols emergency tor update, thats gold xD
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Indeed. This was after the DDoS attacks on The Hidden Wiki etc had started. And a (totally unrelated) Tor update was expected. So it was plausible, I guess. But downloading a "Tor update" from The Hidden Wiki, while it was being DDoSed and aggressively defaced, was just plain stupid.

    Still, I wonder how many have recently downloaded Java patches from third-party sites.
     
  18. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,428

    There is more to it than that. They had help from Mozzila in #OpDarkNet. Someone on the inside eh ;) Couldn't of happened to a nicer bunch of people I think.
     
Loading...
Thread Status:
Not open for further replies.