Silk Road forums

Discussion => Security => Topic started by: Altered Dimensions on October 02, 2013, 10:31 am

Title: Safest methods Tails VPN wtf???
Post by: Altered Dimensions on October 02, 2013, 10:31 am
So is tails the safest way to browse SR or what? i have tried reading through all the tails documentation but really only gathered from it that your isp can tell your using tor and possibly tails but now what you are viewing on tor.

Having said that is that a bad thing? what countries is using tor considered suspicous or not advised?

Alsp VPN??? i have heard stuff about VPN but it has me mighty confused, should tails users be using VPN as well to maintain compete security and hide the fact your using tor?

I also seen that in the startup screen of tails it mentions your not connected to a VPN or is it VPM?
think it says something along the lines of virtualbox additions failed and a warning on the right hand side
I don't know but it makes it sound as if the developers wanted you to use this feature?

If anyone could point me in the right direction of using VPN with tails or VPM (whichever one it is) or if i even should be trying to achieve this i would be greatly thankfull.
Title: Re: Safest methods Tails VPN wtf???
Post by: Nightcrawler on October 02, 2013, 02:28 pm
So is tails the safest way to browse SR or what? i have tried reading through all the tails documentation but really only gathered from it that your isp can tell your using tor and possibly tails but now what you are viewing on tor.

Having said that is that a bad thing? what countries is using tor considered suspicous or not advised?

Alsp VPN??? i have heard stuff about VPN but it has me mighty confused, should tails users be using VPN as well to maintain compete security and hide the fact your using tor?

I also seen that in the startup screen of tails it mentions your not connected to a VPN or is it VPM?
think it says something along the lines of virtualbox additions failed and a warning on the right hand side
I don't know but it makes it sound as if the developers wanted you to use this feature?

If anyone could point me in the right direction of using VPN with tails or VPM (whichever one it is) or if i even should be trying to achieve this i would be greatly thankfull.

Tails is probably the best method of accessing SR right now. It's chief advantage is that it is not supposed to leave any traces on your host machine.

SInce you mention virtualbox additions, you appear to be running Tails in a virtual machine. When you launch Tails, the software checks whether it is being run in a virtual machine and. if so, issues a warning that the host operating system could potentially access data from the running Tails instance (and vice-versa).

A VPN is a Virtual Private Network. In general, I don't recommend these, as they are essentially one-hop proxies. Astor has stated that one should never use a VPN whose existence has been discussed here on the Forums, and I concur. Once it becomes known that you're using a particular VPN provider, the authorities will simply single-out that provider, and attempt to unmask you.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07  B66B AFC8 CE71 D9AF D2F0
Title: Re: Safest methods Tails VPN wtf???
Post by: astor on October 02, 2013, 03:40 pm
Running Tails in a VM defeats the two main advantages of using Tails.

1. Leaving no trace on your computer. If you're running it in a VM, then the system image is on your hard drive. The reason most people want to use Tails is so they can put it on a thumb drive that is easily destroyed, swallowed, flushed down the toilet, etc., leaving no trace of Tor activity on their computer. If the shit hits the fan, you won't have time to properly wipe your drive or that file.

2. It's based on Linux, so the attack surface for malware is much smaller. Assuming Windows is your host operating system, your Tails VM is potentially vulnerable to the malware that infects Windows.

If you're going to run something in a VM, you might as well run Whonix, which isolates Tor in a separate VM and gives you a little better security, although you need to store the images in an encrypted container, or install a custom Workstation with full disk encryption, because unlike Tails, data is stored unencrypted in the default Whonix Workstation.

Unfortunately, Whonix hasn't been updated in 6 months and the Gateway VM still uses Tor 0.2.3, and upgrading it to Tor 0.2.4 seems to break the Gateway for a lot of people. I haven't explored it enough to figure out what the safe upgrade path is (ie, which changes should be accepted and which shouldn't during the upgrade), although I did get Tor 0.2.4 working in the Gateway before. Expect Whonix to be slow with Tor 0.2.3 because of the botnet.

OTOH, the latest version of Tails upgraded to Tor 0.2.4, so kudos to them. The main problem with Tails is the lack of persistent entry guards. That should be TODO item number one. I don't know why it isn't. You should manually set bridges to get persistent entry guards.


BTW, Tails isn't the best way to browse SR. Take a look at this thread:

http://dkn255hz262ypmii.onion/index.php?topic=201622.msg1448383#msg1448383

In the two months since that thread was started, a paper came out about external passive surveillance of the Tor network,

http://dkn255hz262ypmii.onion/index.php?topic=209514.msg1512060#msg1512060

and we've learned a lot about massive surveillance by intel agencies. These revelations have changed the game, imo.

I honestly don't know what to tell you now. Tor may not be sufficient to protect you against near-global surveillance by cooperating intel agencies. It seems that all low latency anonymity systems are fucked. The Tor Project web site admits as much, right on the main page:

"For most uses, Tor provides the best available protection against a well-resourced observer. It's an open question how much protection Tor (or any other existing anonymous communications tool) provides against the NSA's large-scale Internet surveillance."

The people I talk to who know a lot about anonymity systems seem to think that high latency mix networks are the only way to get anonymity in the face of this surveillance.

The only thing I can tell you in the mean time is to tunnel out of and/or avoid the countries with the most aggressive surveillance.
Title: Re: Safest methods Tails VPN wtf???
Post by: Altered Dimensions on October 05, 2013, 02:03 am
Running Tails in a VM defeats the two main advantages of using Tails.

1. Leaving no trace on your computer. If you're running it in a VM, then the system image is on your hard drive. The reason most people want to use Tails is so they can put it on a thumb drive that is easily destroyed, swallowed, flushed down the toilet, etc., leaving no trace of Tor activity on their computer. If the shit hits the fan, you won't have time to properly wipe your drive or that file.

2. It's based on Linux, so the attack surface for malware is much smaller. Assuming Windows is your host operating system, your Tails VM is potentially vulnerable to the malware that infects Windows.

If you're going to run something in a VM, you might as well run Whonix, which isolates Tor in a separate VM and gives you a little better security, although you need to store the images in an encrypted container, or install a custom Workstation with full disk encryption, because unlike Tails, data is stored unencrypted in the default Whonix Workstation.

Unfortunately, Whonix hasn't been updated in 6 months and the Gateway VM still uses Tor 0.2.3, and upgrading it to Tor 0.2.4 seems to break the Gateway for a lot of people. I haven't explored it enough to figure out what the safe upgrade path is (ie, which changes should be accepted and which shouldn't during the upgrade), although I did get Tor 0.2.4 working in the Gateway before. Expect Whonix to be slow with Tor 0.2.3 because of the botnet.

OTOH, the latest version of Tails upgraded to Tor 0.2.4, so kudos to them. The main problem with Tails is the lack of persistent entry guards. That should be TODO item number one. I don't know why it isn't. You should manually set bridges to get persistent entry guards.


BTW, Tails isn't the best way to browse SR. Take a look at this thread:

http://dkn255hz262ypmii.onion/index.php?topic=201622.msg1448383#msg1448383

In the two months since that thread was started, a paper came out about external passive surveillance of the Tor network,

http://dkn255hz262ypmii.onion/index.php?topic=209514.msg1512060#msg1512060

and we've learned a lot about massive surveillance by intel agencies. These revelations have changed the game, imo.

I honestly don't know what to tell you now. Tor may not be sufficient to protect you against near-global surveillance by cooperating intel agencies. It seems that all low latency anonymity systems are fucked. The Tor Project web site admits as much, right on the main page:

"For most uses, Tor provides the best available protection against a well-resourced observer. It's an open question how much protection Tor (or any other existing anonymous communications tool) provides against the NSA's large-scale Internet surveillance."

The people I talk to who know a lot about anonymity systems seem to think that high latency mix networks are the only way to get anonymity in the face of this surveillance.

The only thing I can tell you in the mean time is to tunnel out of and/or avoid the countries with the most aggressive surveillance.

Which countries have the most aggresive surveillance?  i can only assume US is on top of the list


I full heartedly have to thank you astor as you have helped this community with so much and asked for so little.
You are truly a freedom fighter if i have ever met one.
Title: Re: Safest methods Tails VPN wtf???
Post by: GyroGym on October 05, 2013, 03:50 am
Just use tails in a usb like it was meant to be used. Less bullshit and runs alot better, I love it.