some questions

Discussion in 'privacy technology' started by Georgiegie, Jul 9, 2015.

  1. Georgiegie

    Georgiegie Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    8
    i was wondering, with tails is it necessary to use a vpn even though the traffic is already encrypted? the only scenario i believe that vpn would be necessary is after you open tor just so the data that the exit node will collect is still encrypted.

    also, do you know a secure usb i can purchase online that is suitable to host tails?
     
  2. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    If you don't take other measures such as a secure VPN your ISP can know you are using tor.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Your ISP will see the first place you connect to, regardless of whether it's a VPN or Tor. In both cases, where you connect from there is beyond their ability to see.
     
  4. Georgiegie

    Georgiegie Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    8
    What we don't want
    Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).

    Similarly, we don't want to support VPNs as a replacement for Tor since that provides terrible anonymity and hence isn't compatible with Tails' goal.

    Source: https://tails.boum.org/blueprint/vpn_support/
     
    Last edited by a moderator: Jul 9, 2015
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That Tails quote is misguided. You already have a "permanent entry guard" -- your ISP. Your ISP is likely to cooperate with your government and other corporate criminals. A VPN provider in another country is more likely neutral, especially if has stronger privacy laws or is unfriendly to your country. But routing Tor through VPN in Tails requires installing the VPN client at each boot. However, if you're anonymously using public WiFi hotspots, then you're better off without the VPN, unless the hotspot blocks Tor connections.

    I agree that using VPNs through Tor is unwise, because it reduces anonymity. Only do that if you have some UDP-based app that you want to route via Tor, or if you want to access sites that block Tor exits.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Like several other questions regarding Tor, there's compromises involved. Trust is one of the big issues. On what basis can an exit node be determined to be more or less trustworthy than a VPN? Either can be legitimate or owned by the adversary you seek to evade. If you're going to chain Tor with VPNs, you'd better make sure that there are no leaks, no means by which your traffic can escape that chain. IPv6 is proving to be a major issue with VPNs in regard to leaks. I wouldn't call the Tails quote misguided. One has to consider its target audience. It isn't necessarily aimed at experts in networking and internet protocol. If you don't get it right, you can harm your anonymity more than you help it.
     
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    If you use tails I assume you would therefore be using tor browser which is maintained and developed by mozilla. I wonder for what reason should mozilla be trusted?
     
  8. Georgiegie

    Georgiegie Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    8
    what if you're using a 3g dongle that actually changes ip every 1 hour? (that's how it was really set up, not sure why but it's a good advantage to have).

    well, i only use tor and nothing else. just to visit sites and some hidden services. i don't use any third-party applications. and yes, i understand that tails is amnesic, so whatever i install will be gone when i boot it. what do you suggest in my situation?
     
  9. Georgiegie

    Georgiegie Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    8
    what do you think about mullvad? i believe they have a feature that protects your ipv6. also, how about adding in dnscrypt? that would indeed be such a big mess starting up with tails due to all of this that i have to install and the internet speed is quite slow.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It all comes down to whether you care that the 3G provider knows that you're using Tor. If so, you could use a VPN service. But you'd need to setup the VPN each time you booted Tails.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't use a VPN, just Tor. For me, IPv6 is not an issue. My equipment is all IPv4. Regarding DNSCrypt, it serves no purpose with Tor. When you use Tor, your DNS traffic is also routed through the network. You'll be using the DNS service specified by the specific exit node. By using DNSCrypt, you'll be resolving the IP addresses directly instead of routing them through the network. You would introduce a major leak.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't use Tails or the Tor browser, aka FireFox. I'm rapidly losing trust in Mozilla thanks to the "call home" feature creep. I can't comment much on Tails, haven't kept up with it. Does it still use the Tor browser bundle? Like Tails, the Tor browser bundle is a compromise. It represents a tradeoff between anonymity and usability. Because of it being the "standard package" for Tor, it's the primary target for deanonymizing attacks. Not that long ago, the FBI exploited the TBB and deanonymized a lot of users.

    There's two schools of thought on this issue. The Tor browser bundle makes all users look and behave exactly the same. In theory, that's good. In practice, it's vulnerable. IMO, blending in with the rest of the Tor users is less important than making your package more resistant to deanonymizing attacks. Most of this tradeoff centers around javascript and having control over 3rd party connections. IMO, the default settings of the NoScript component are insufficient, as is the lack of control over 3rd party connections. The Building your own privacy package thread covers a lot of this tradeoff. Myself, I feel that the benefits of an extension like Request Policy more than offset the fact that it can make your traffic identifiable. The attack used by the FBI could have been defeated with either better javascript filtering or by controlling 3rd party connections. That said, it comes back to the same security/privacy, vs usability issue and the ability of the user. IMO, when the adversaries include nation states and 3 letter agencies, standard packages built for the average user don't get the job done. There is no convenient way against such adversaries.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Recent Tor browser releases restrict third-party cookies, and there's a "Security Level" slider with four selections that trade off security vs anonymity.
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Have they restricted 3rd party connections yet?
     
  15. Georgiegie

    Georgiegie Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    8
    well, 3g is very very dominant in this country. sim cards cost around $0.7 and people sell hacked 3g dongles. you can basically order any 3g dongles, put the sim in, and then you'll have uncapped internet connection. however, i find it weird how it changes the ip every 1 hour. so basically, it disconnects every hour by default. i'm really sure they can't monitor an activity just by ip because it will be such a huge job. so no, i'm not really concerned about my isp finding out that i'm using tor.

    i'm kinda confused about your reply. so if you're not using the tor browser, did you download the tor expert bundle? because that's the only download i see that doesn't include a browser. now, the question is, which browser company is reliable or is even there a browser that supports internet freedom?

    yes. i cannot agree with you more, using the tor browser bundle actually doesn't make you anonymous, using tor configured in a different one makes actual sense because you're still anonymous and your traffic and data are still encrypted while being out of the mozilla browser realm.

    referring to your javascript comment, you can customize the javascript on it since it's like firefox, you have the 'about:config' where you can customize the browser. also, tbb offers a security/anonymity panel which you can adjust, and likewise for noscript.

    just to wrap it up, what are your suggestions for much better anonymity + security when browsing the deepweb? i understand that you prefer a self-customized tor, and by basing of your comments, you will most likely never use a vpn.
     
  16. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    What bothers me most about Tor is in their FAQ for Tor node operators.
    I said ummm hello !! Who is highly likely to do exactly that because they are not subject to such criminal laws...
     
    Last edited: Jul 10, 2015
  17. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    i have Sprint 3G and 4G Wimax - the 3G gives me a new IP any time i disconnect and reconnect. the 4G i think the IP might change once a day or so.
     
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    @Georgiegie
    This post describes the basic package that I use. It's an older version of the Vidalia exit bundle, which they appear to no longer offer. I haven't updated because the current versions of Tor won't run on my system. The browsers are older versions of SeaMonkey and Palemoon, both of which have the Request Policy extension. Choosing Proxomitron over NoScript is another compromise decision. Proxomitron gives far better control over javascript, browser headers, ETags, etc than NoScript. The downside is HTTPS, especially with CDNs (content delivery networks). IMO HTTPS is broken by design and can't be relied on whatsoever. That said, with more sites requiring it, we're forced to have software that's compatible with it. Even with the current modifications, there's quite a few problems with HTTPS connections that are difficult to solve in a filtering proxy.
     
  19. Georgiegie

    Georgiegie Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    8
    i'm quite confused. but given this is an old post and your old setup right? because upon viewing seamonkey's site, it has a big sign that it's a project of mozilla, a company that you really have no faith in. i haven't checked out palemoon yet but i'll go over the 'build your own privacy' before i give that browser a look. thanks @noone_particular
     
  20. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
    According to the Pale Moon forum the developer is making more changes to the browser in upcoming
    version 26.

    XP users will no longer be supported in the coming weeks in new updates to the browser, but
    looks like the Atom/XP build will continue for now.

    This version of Pale Moon is optimized specifically for use on Intel Atom™ processors and compatible with
    the Windows XP and Server 2003 operating systems. Atom processor recommended but not required.

    Not recommended for regular Intel or AMD processors on current operating systems (Vista or higher).
     
  21. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    @Georgiegie If you go to the first post on Page 1, on "Building Your Own Privacy Package" I've got an index there, and there's relevant post numbers beside the topics discussed. You might find that beneficial. I'm working on hot-linking those post numbers as well. For the ones I'm yet to do, you can easily find the right page, by knowing there's 25 posts per page. Of course reading through the whole thread would be optimal, but it is huge. Nonetheless it is packed full of info from some extremely knowledgeable people at Wilders here.
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yes, but there's been some jitter. See https://blog.torproject.org/category/tags/tbb

    Tor Browser 4.5 (April 27th, 2015)
    Tor Browser 4.5.1 (May 12th, 2015)
    But there's still no Adblock.
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Actually, that's the setup I'm still using. Mozilla used to be a lot better than they are now. SeaMonkey used to be called the Mozilla Suite. Mozilla stopped its development. Another group took over and picked that awful name. Although it still uses the Gecko engine, it is largely separate and doesn't have near the feature creep that's seen in FireFox.

    Like operating systems, browsers are another compromise decision. There is no ideal browser just as there's no perfect operating system. I trust Microsoft less than I trust Mozilla, but I run Windows, old Windows, highly modified. I won't run anything after XP. I'd rather deal with the security issues of the older versions than the spyware design of the newer ones. It's the same with browsers. I don't want to spend hours digging through configurations and disabling the feature creep every time a new version comes out.
     
Loading...