Why Should I Use a VPN

Discussion in 'privacy technology' started by merisi, Jan 3, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    imo the only point of using a VPN is so that you can stream youtube videos anonymously. Tor is less traceable than VPNs but you cannot use flash, activex, javascript, or plugins (which are required for Youtube videos, flash games, and other sorts of live content). You can only safely use Tor to browse and post on text/picture based sites. If you want to hide your ip address while being able to use live-content, then use a VPN although it is much more traceable than Tor.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @retialox

    With the setup "You--->ISP--->VPN--->Tor--->Internet", your traffic is unencrypted (except if there's end-to-end encryption) between the VPN exit and the Tor entry.

    With the setup "You--->ISP--->VPN1--->Tor--->VPN2--->Internet", your traffic is encrypted to the VPN2 server through the entire chain, until it leaves the VPN2 exit.

    As I understand Tor, there's a nested series of reply instructions. I haven't seen a clear explanation. Basically, each relay in the circuit that you specify knows only where packets came from, where packets should go to, and how to handle encryption both ways. That is:

    relay one knows you and relay two
    relay two knows relay one and relay three
    relay three knows relay two and the Internet site
     
  3. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
    I would argue, that VPNs provide no anonymity for web content at all for most users. Who understands browser tracking sufficiently well or uses Tor Browser with the VPN?

    Tor is an client and an anonymity network, which can transport TCP. If you manage to tame the application, you can force it to use Tor, which replaces your IP with Tor. Application fingerprinting/linkability/security is a different topic, but I would argue, that with Whonix you can use all that pseudonymously.

    I'd rather recommend to download Whonix, build Whonix from source code or build my own and use Tor than using a VPN.

    I wrote about that at length:
    https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WhichTornodeknowswhat

    And also created an table as overview:
    https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Overviewastable
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I agree. Just using a VPN doesn't change your browser fingerprint. You can use a different browser while using the VPN, but mistakes are hard to avoid. And then there's the chance that downloaded files will phone home when you open them. Using a VM through the VPN addresses those issues.

    But even then, your "anonymity" depends on the VPN provider. Using two or three nested/chained VPNs segregates the information among the providers. However, an adversary could gain their cooperation or compromise them.

    With Tor, on the other hand, everyone using Tor-optimized Firefox (in TBB, Tails or Whonix) looks the same. And for tracing your activity, an adversary would probably need to control most of the relays that your client is using.
     
  5. Grassman20

    Grassman20 Registered Member

    Joined:
    Jul 14, 2013
    Posts:
    28
    Location:
    USA
    I'm a security novice and a PrivateInternetAccess VPN user. I'm still learning about the world of security and privacy, but it seems to me that a good VPN has significant benefits.

    Now, I know that if someone is actively tracking me, a VPN won't help that much. That being said, if I'm being hunted by someone competent, there's pretty much nothing I can do on the web that they couldn't piece together anyway.

    From what I can tell, one benefit of a good VPN is to obscure my history on the web. Since my connection from home to PIA VPN is encrypted and I use DNScrypt, that rules out the option of pulling my ISP history logs years later. PIA says they don't keep logs of user activity, so I should be good there too. I know they could be lying about log keeping, but they seem to have a decent reputation. It's hard to be certain.

    I use other tools as well, but I feel like the VPN is a key component in keeping people 5 years in the future from going back and looking through all the ISP/DNS logs they're keeping at that big NSA facility. Not that they'd find anything juicy anyway, but I just feel better about showing them the middle finger. :cool:

    Am I on the right track with this?
     
  6. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
    If anything, the VPN obscures only your IP address.

    But your browser rats you out all the time providing a million tracking technologies. Thats what Tor Browser is for, cleaning up the application level (however good that works is another question).

    No one uses Tor Browser for use with VPNs, but someone should promote it. Using a standard browser really isn't anonymous at all.

    No objection against that. Just noting, two things.
    1. If your VPN is correctly configured, it will do DNS resolution for you, hence no need for DNSCrypt. And yes, DNS requests send to the VPN are encrypted their way to the VPN.
    2. What does make you think DNSCrypt doesn't log all your DNS requests?

    Well, but maybe it could be a good idea to let one do the traffic and the other one do the DNS so no one has all information. For whatever that's worth.

    They don't need it, if the NSA already had access the the VPN server. Thanks to PRISM the likelihood of this is now without dispute.

    whonix.org uses apache-mod-removeip as well, doesn't log IPs of visitors. But how do we know that our hosting provider/data center doesn't log? How does PIA know that their hosting provider/data center doesn't log? How do they ensure, that their ISP doesn't log?

    If you assume your ISP logs everything, assume the ISP of the VPN provider logs everything as well. Thats similar to a global passive adversary.They'll just compare the logs and know everything.
     
  7. NotRight

    NotRight Registered Member

    Joined:
    Jun 12, 2013
    Posts:
    37
    Location:
    Here
    2 quick questions for anyone who knows about VPNs:

    1. Would a purchase of AirVPN be a good choice?

    2. Is using a VPN without TOR pointless? I am trying to understand how to remain anonymous but get lost when you start putting Tor in the mix. Are you just being extra safe, or if you use a VPN - Tor is pretty much a necessity.?

    Regards,
    me
     
  8. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @NotRight

    I concur with most of the writeup that adrelanos linked to. I prefer to have my ISP and other local observers see VPN connections rather than Tor. Although fingerprinting is possible, my primary VPN connection is shared by many VMs doing many things, so it wouldn't be trivial.

    In theory, Tor can provide real anonymity. That's by design, not just hope. Although there are known vulnerabilities, it's the best that's available. But it's slow, and can only handle TCP traffic. Also, discipline is required for actually being anonymous. User error is probably the most serious vulnerability ;)

    With VPNs, in contrast, any anonymity that you get depends entirely on providers' discretion. You can chain multiple VPNs, tunnelling one through another. But that just forces adversaries to compromise at most a few more providers. With Tor, adversaries would need to compromise a substantial share of the entire Tor network, or exploit some fundamental vulnerability.

    So, VPNs are good when you want some anonymity, using a pseudonym, but not in a life-or-death way, and when you need speed. Tor is good when you want stronger anonymity, and can tolerate less speed.

    AirVPN is a fine service. It, BolehVPN, iVPN and Mullvad have consistently been mentioned favourably on Wilders.
     
  10. NotRight

    NotRight Registered Member

    Joined:
    Jun 12, 2013
    Posts:
    37
    Location:
    Here
    Thought I can't answer your question with 100% certainty, I can tell you this. I just started using Mullvad VPN and I forgot I had it running while trying to purchase MalwarebytesPro from their website, and they declined my transaction. I called and they said they were getting conflicting information with my IPs/credit info/and some other stuff. I don't remember exactly what he said but he said "Are you in the netherlands??". Anyways, I told him I turned off what he kept referring to "proxies". And they approved my transaction.

    I also tried to do some PayPal stuff and my account was put on "limited". I had to turn off the VPN, and verify some stuff over the phone.

    But it appears VPNs can cause some problems if you are trying to do certain things, and I think financial stuff falls in this category.

    Regards,
    me

    edit: didn't realize this was early in the thread. can ignore if want :p
     
    Last edited: Jul 19, 2013
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Now that those companies know that you used that IP address, using that VPN is less (maybe just a little less) anonymous for you. That's because there may be records that get correlated with other activity.

    It's important to segregate what you do over VPNs from your "true name" stuff. That's also true for Tor. But because Tor changes exit IPs frequently, and because Tor-optimized Firefox tries to avoid leaking identity across websites, it's a less permanent issue. On the other hand, because Tor can provide stronger anonymity, the stakes might be higher.
     
    Last edited: Jul 20, 2013
  12. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245

    I get some confusion with financial transactions when I'm using a VPN connection from another country. So if I'm from the USA and trying to log into Paypal through a Netherlands server, Paypal will not like it. It's a protection on the account. I always make sure to switch over to a server from my home country when conducting those types of transactions. That's why I like iVPN.net...they offer servers around the world and all are super fast.
     
  13. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    odd never had paypal issues over here no matter what vpn server ive used tbh , and you should use separate servers from your vpn provider for IRL and "Anonymous" stuff not using the same IP for both activities thats a big no no , thou even when they say they dont log , id still take in account the worst case scenario that they do, even when they really dont depending on what vpn you sign up for , so your first vpn can be considered the encryption gateway , it encrypts your originating ISPs traffic

    , and thats a great starting point , then for truly anonymous stuff use a vpn chain as explained in this thread, aka any subsequent vpn following that first vpn that one can asume knows your IP, logically, even for IRL stuff id never use my isps ip , aka unencrypted traffic , its like running around naked ,no thank you sir
     
    Last edited: Jul 21, 2013
  14. scriptolab

    scriptolab Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    16
    Hello,

    Just a couple of questions for you guys after lurking the forums and trying all kind of set-ups.
    I finally settled to using 2 vpn (host and guest both win7), my first question is: should I use 2 comodo firewalls, each for every vpn, or is that overkill?
    Using them both (1st in host with its blocking rules if the vpn drops and the 2nd in guest with its own rules) is my current config, but I'm feeling my internet connection is a tad slower now.

    My 2nd question. I'm trying to find a good browser, so I tried to add/remove lot of addons in firefox, tried jondofox, but as pointed out in the forums, the best (if one can call it that way) still remains Tor Browser.

    The issue is I do not have the knowledge to compile it from source, therefore in the VM after connecting the 2nd VPN, I connect to tor in order to have the browser pop up, then I stop tor, and add a proxy in tor browser preferences.
    This seems to work, having the same fingerprint as all tor users while avoiding the loss of speed and bypassing sites-unfriendly to vpn exit IPs (by using the replacement proxy).

    Does anyone know if separating tor and vidalia from the browser is possible?
    Is my alternative ok?

    Thanks.:ninja:
     
  15. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
    My answers doesn't imply endorsement or not for what you plan. Just answering specific questions.

    You're looking for a solution that doesn't exist. This issue is little known. No VPN provider/other project is working on a browser with fingerprinting/likability resistance as serious as Tor Browser developers.

    Yes, that's possible. I maintain instructions how to do it in the Tor wiki:
    https://trac.torproject.org/project...BrowserwithalocallyinstalledTorVidaliaNIXONLY

    After you did that, in Tor Button settings, set to "Transparent Torification", which means "no proxy settings". So it will use whatever your operating system provides, which will hopefully be the (two) VPN(s). That will result in using Tor Browser through a VPN.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Doing that might make one rather unique, no?
     
  17. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
    Thats why I didn't comment on that. I don't know. I'd speculate, maybe yes. But who know how many people are using it.

    In Whonix documentation I wrote long time ago:

    VPNs for cooperate networks, insecure wifi hotspots to call home, etc. Fine technology.

    VPN for anonymity... Well, there more I learned about it, the less I am convinced that it offers any protection for most web browser users who currently use it in default configuration. (=some random VPN + regular browser)

    VPN fans should really push using Tor Browser for VPNs forward. In meanwhile, I am sure VPN providers find it quite convenient that everyone is overlooking browser tracking.
     
  18. scriptolab

    scriptolab Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    16
    Thanks for your responses.
    @adrenalos - the problem is I'm on windows in the guest vm as well. So I won't be able to decompile, modify, recompile the start tor browser.exe without some programming skills which I actually lack. I mean I tried and downloaded an exe decompile (ollydbg) but what I see when I open the exe is not as pleasant to my unskilled eye as opening a .html with notepad++ :D

    Any suggestions? Still I like the idea of using Tor Browser, if not only for its uniqueness/lack of, at least for its being deeply tweaked, and for my feeling a bit more secure with it.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    @adrelanos

    Ah, I remember reading that, now.

    If anonymity is important enough to use Tor Browser, one might as well just use Tor, I think.

    I wonder whether any Tor exit relay operators also provide open proxies. Then Tor and VPN traffic could have the same IP address.
     
  20. scriptolab

    scriptolab Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    16
    My main concern is with google and facebook.
    As I log in daily, I need to cloack from them when I sign in in my 2nd account (not associated with my true identity) as much as possible, without any leaks.
    All I want them to have is the ip of the socks I'm using and the fingerprint of ONE popular browser without any other BIG leaks.
    Speaking of witch, could facebook determine that I'm using a socks 5 and reveal my vpn ip? Considering flash is off and dns is also resolved through socks with proxifier?

    Anyway, that's why I think TBB is the right one, but I cannot cope with tor speeds + socks, so any help for win users to separate the bundle?
     
  21. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
    If you want to compile it, you need to get the source code and build instructions. It has nothing to do with a decompiler.

    Could be difficult on Windows....

    Source: https://www.torproject.org/projects/torbrowser/design/#firefox-patches

    Make Tor Browser exit when not launched from Vidalia

    Another idea...

    From https://trac.torproject.org/project...BrowserwithalocallyinstalledTorVidaliaNIXONLY

    Not sure if TBB "Alpha" without Vidalia is already the default download, it will be in the following months.

    I think "TOR_SKIP_LAUNCH=1" should work on Windows as well. You just need to figure out how to set environment variables on Windows so that the application you are starting can read it. Might require a batch script with just two lines (set env variable, start TB).

    Please share if you figure out.
     
  22. scriptolab

    scriptolab Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    16
    That was a ~ Snipped as per TOS ~ but finally got a workaround :argh:

    Fisrtly you need to start TBB normally and let it connect to TOR network, then go to C:\path\to\Tor Browser\FirefoxPortable\Data\.

    While running TBB, Copy and Paste the "profile" folder in the same folder (it would became "profile-copy") and rename it to "profile2" or whatever. Now you should have profile and profile2 in the Data folder.
    As you have an instance currently open, you'll get an error saying a file (parent.lock) can't be copied. Just click "skip" and let the copy finish.

    Now go to C:\path\to\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe and right-click and send it to desktop.

    On the desktop, right-click and properties and change target to
    "C:\path\to\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe" -no-remote -profile "C:\path\to\Tor Browser\FirefoxPortable\Data\profile2"

    Now close TBB. Then the next time, open it from the newly created shortcut. It'll open TBB without VIDALIA/TOR. :argh:


    And for those who want to start only Vidalia/Tor with no running browser, I found out a workaround as well. Edit vidalia.conf and put an X at the end of "BrowserExecutable=tbb-firefox.exe X"
     
    Last edited by a moderator: Jul 23, 2013
  23. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    Lol. I just decided to read this thread because I was surprised to see it was running and I saw this post.

    I've heard about people having problems with PayPal when using a VPN. While I pay for a VPN, I rarely ever use it and I'm not sure if I even need it. I think to make a VPN useful you need to start chaining it with TOR or other VPNs as has been suggested widely on this thread.

    I'm not even sure how much I trust my VPN provider (Air). It surprises me that with the level of protection that they offer that the authorities are happy to let this happen when there seems to be such a drive to stop this from happening. Saying that, nor have I heard anything that suggests they have betrayed their users.

    I tried BolehVPN earlier this year and while using it, I tweaked Comodo Firewall and I messed it up a bit so I ended up reseting it. I was using 5.12 which doesn't stealth ports automatically and after an hour or so of surfing I had someone trying to access my pc. They were trying to use the remote exploit of controlling your pc within Microsoft. I decided that BolehVPN wasn't for me after that but saying this their admin was very helpful and I know others on the forum are very happy using it.
     
  24. adrelanos

    adrelanos Registered Member

    Joined:
    Sep 28, 2012
    Posts:
    85
    Why not copy it before TBB has ever run?

    If its really just that file, thats not an issue. Otherwise I would be cautious that it won't corrupt any more files. To be safe, I recommend to run a folder comparison on a file by file base (there are tools to automate that, it only shows the differences).

    I can't imagine why this is required. Why not just make a shortcut of "C:\path\to\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe" to the desktop as the first step, add -no-remote?

    You'll do something similar, but why copy a profile while TBB is running?

    I wonder why this works. If you read the description for -no-remote, it has nothing to do with Tor/Vidalia.
     
  25. bolehvpn

    bolehvpn Registered Member

    Joined:
    Oct 10, 2011
    Posts:
    84
    Location:
    Malaysia
    Thank you for the honest feedback and the kind words. Just a few notes of clarification.

    A VPN does not necessarily secure you from port scans. For those servers which we provide open ports where you are not sharing the IP while you are using it (which is a good thing for many people since it allows full connectivity options and open port status which is needed for many P2P and VOIP applications), you would still get those port scans or 'exploit attempts'. This happens randomly and sometimes hackers focus on a particular IP range.

    If we were to block those ports, then these applications will have issues or lower performance and a firewall should be part of every security conscious user so you're no worse off than without a VPN from the port point of view. As you still need a antivirus, a VPN is no replacement for a firewall though of course if you block all the ports, you can achieve this at the cost of functionality.

    It's kinda like saying, I got a virus from a download, BolehVPN must be at fault! They should block all transfers of .exe files etc etc!

    We can perhaps integrate a simple system into our GUI that would allow the user to lock down all these ports, but it would be in effect a mini firewall, much better served by a proper firewall solution but that's just our take on it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.