Silk Road forums
Discussion => Security => Topic started by: django on September 29, 2013, 06:49 am
-
firstly sorry for yet another post on this subject however i have spent the last day and a half searching the forums and am coming up with more questions than answers.
if anyone is able to help me it would be appreciated.
i am currently using tails via usb and then loading in bridges. however having read certain articles it appears to me that my isp will still see that i am connecting to tor before the bridges load up? that is correct.
i recently purchased a vpn i won't say which one as there has been lots of discussion on it. they can give me an exit node to enter into my vidalia settings under the edit current torrc? is this advised and if so should i still use the bridges and if so do i manually enter them before or after changing the exit node in advanced vidalia settings.
i have come to the conclusion that tails is not a secure setup for me and so am migrating to whonix but this will take a few weeks i imagine.
with that in mind, i will be using bazille tutorial for the set up and will enter my vpn settings and get everything in that setup to run through the vpn first.
is it better to have 2 vpns one for your home pc for downloading etc and another soley for tor or are you better off sticking with one.paying for it with bitcoin and using throwaway email address.
is it advisable to change vpns on a regular basis every 3-6 months to help avoid unwanted attention?or will that bring more attention to our isp?
thanks in advance for any help on this matter. ;D
-
You should use entry nodes in the country where the VPN is located. No need to specify exit nodes. You don't need to use bridges with a VPN. If you use bridges with VPN, make sure the bridges are in the country where the VPN is located.
Your ISP can see that you use Tor when you use normal bridges. Ofuscated obfs3 bridges are a lot harder to detect.
Not sure how to use VPN with Tails, but with Whonix you could start the VPN software on the host OS so it would tunnel all the Whonix traffic through the VPN. You should use a clean host OS for that, so there is no unwanted information getting transmitted through the VPN.
You may also want to produce cover traffic through the VPN, e.g. with Bittorrent. For someone who sniffs the line between you and the VPN it would look like you're downloading porn or something. Don't run Bittorrent in Whonix however. That is not only frowned upon, it can also decrease anonymity. My bootable Whonix tutorial explains how to set up OpenVPN and create cover traffic with Transmission (Bittorrent).
If you use 2 different locations with 2 different methods/modems of going online, then it's better to use 2 different VPN's. If you use the same modem at both locations then it doesn't help to use 2 different VPN's. It's not necessary to change VPN's every x months, but it doesn't hurt either.
-
hi mate, im glad you replied to my thread as i've been reading your thread on whonix setup on usb and am going to do it this week.
so i will be ditching tails this week anyways for what should be following your whonix tutorial a open vpn whonix system with torrents downloading.
can you install a bitcoin wallet to whonix? or would i have to stick with a tails usb with electrum which i am relucant to do.
cheers
-
I never tried installing Electrum on Whonix, but it shouldn't be much different from installing Electrum on Tails.
-
If you use bridges with VPN, make sure the bridges are in the country where the VPN is located.
I can't think of any reason for that, could you explain this please?
-
Not sure how to use VPN with Tails, but with Whonix you could start the VPN software on the host OS so it would tunnel all the Whonix traffic through the VPN. You should use a clean host OS for that, so there is no unwanted information getting transmitted through the VPN.
Tails doesn't support VPNs out of the box and the developers are against it. Easiest way to use a VPN with Tails is to buy a router that supports OpenVPN and set it up there.
-
I can't think of any reason for that, could you explain this please?
The more country borders the connection between VPN and entry node / bridge crosses, the more secret services will detect it. If the bridge is in the USA the NSA will have the connection between VPN and entry node, and the connection between entry node and middle node visible for traffic analysis. If the route between you and VPN is also monitored by the NSA then using a VPN is a useful as using no VPN at all.
-
Thanks for your answer. But imo there are some flaws with your senario.
1) You assume border-crossing has some significant role in computer networks. NSA can intercept your packets if you use a bridge in US regardless of the country of origin. Using a VPN in another country will add a jurisdiction problem for the nsa, which is simply non-existent if you use VPN based in US.
If you consider also the Snowden leaks and the way Lavabit was shut down (secret courts/gag orders), you can easily say that US VPNs probably share logs with NSA, making the US(VPN)->US(bridge) by far the worst combination to use, even though there's not any border-crossing.
2) You assume traffic originated and destined to the same country does not cross borders. That's not always the case, you can live in Germany, request a page from a German server and there's a big chance your traffic will be routed through UK (to say hello to GCHQ).
Borders are not your problem imo, I would say they re your friends. It's a matter of surveillance capabilities and jurisdiction issues, so staying away from NSA/GCHQ/NATO/etc and routing you traffic through different countries would be your best bet, otherwise one single entity/national agency could monitor most of your hops. It's the same reason that tor builds international circuits.
-
If you use an entry node in the country of the VPN it is much less likely to get routed through anohter country. But true, you should use traceroute to check out the route at different times of the day.
There is no good reason to have the entry node outside of the country in which the VPN is located. It is not necessary and will only lead to more secret services looking at the traffic. When the traffic goes through underwater cables the NSA and/or GCHQ will most likely see it too. Then it's easy to correlate the traffic between you <-> VPN and VPN <-> entry node. Then the jurisdication problem is not a problem at all. They don't need to ask the VPN provider for any data to correlate the traffic. So it's basically like using no VPN at all, at least if you don't use proper cover traffic. Using a US VPN when you live in the USA is also useless, and there's other countries you shouldn't use.