Silk Road forums
Discussion => Security => Topic started by: californiadreams on April 14, 2013, 12:18 am
-
Anyone have experience running VPN?
Or VPN + TOR
Looking at this site and wanted your input
https://airvpn.org
My goal is extra anonymity and security.
-
bump
-
**clearnet**
http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/
CLEARNET site contains a list of reviews on some of the more popular vpns available updated as recently as mar2013. i cannot offer much insight except to say for US users, to check out priv int acc. they provide many servers which are located in the US with extremely high speeds (options available for non-US too). you are also able to pay with a variety of methods and are encouraged to use anonymous e-mail and btc. seems to be best compromise of pricing/security for my tastes. i only have experience with pia, and so far i've been satisfied. they provide network/open vpn and mobile options as well.
hopefully others may weigh in on some pros/cons of this or other available vpns.
-
I've been avoiding this thread because quite frankly, it's my least favorite topic. It's been discussed to death on the forum, but it keeps getting bumped here.
Use the search function. There are at least 30 threads with VPN in the title, and many more besides.
-
Anyone have experience running VPN?
Or VPN + TOR
Looking at this site and wanted your input
https://airvpn.org
My goal is extra anonymity and security.
I use VPN over Tor (Tor over VPN is pointless) when accessing bitcoin exchanges, etc. I don't know why you want the VPN but you can easily find something cheaper than AirVPN, especially if you don't need unlimited data. You can even set up a VPN on a VPS if it works out cheaper.
Tor is much, much faster than it used to be when I first started using it years ago, so there's not much use for a VPN on it's own. Anyway, when they tell you that they don't keep logs, why should you believe them?
-
Using VPNs and Tor in conjunction, whether this makes sense for you depends on your threat model.
On using Tor firstly.
When you use Tor by itself to access a filternet site e.g. www.google.com, the traffic flow looks like this:
[Your machine] -> [Tor Network] Entry Guard -> Relay -> Exit Node [/Tor Network] -> [Google's server].
For lots of people, this is good enough. But all you guys are superninjas! So let's continue.
There are 3 other possibilities in using VPN and Tor:
1. [Your machine] -> [VPN] -> [Tor Network] Entry Guard -> Relay -> Exit Node [/Tor Network] -> [Google's server].
2. [Your machine] -> [Tor Network] Entry Guard -> Relay -> Exit Node [/Tor Network] -> [VPN] -> [Google's server].
3. [Your machine] -> [VPN] -> [Tor Network] Entry Guard -> Relay -> Exit Node [/Tor Network] -> [VPN] -> [Google's server].
Mostly it's about not associating traffic from your machine with the Tor network in different ways.
If you have read about the Tor network before, you'll all know:
Tor (like all current practical low-latency anonymity designs) fails when the attacker can see both ends of the communications channel. For example, suppose the attacker controls or watches the Tor relay you choose to enter the network, and also controls or watches the website you visit. In this case, the research community knows no practical low-latency design that can reliably stop the attacker from correlating volume and timing information on the two sides.
So if the enemy has control over the Entry Guard and the Exit Node, they can use a correlation/timing attack to deanonymize you. This is why it's important that you receive an Entry Guard randomly or that you continually use a non-compromised Entry Guard called a persistent Entry Guard.
If you had a VPN (1), then you have a layer between you and the deanonymization attempt. Whether this is useful depends on the VPN provider and the style of the deanonymization attack.
A useful advantage of a VPN (1) isn't a buffer against a timing attack, although this may be a subject for some debate. It's that your ISP can't detect that you're using the Tor Network using Deep Packet Inspection since all traffic from your machine is encrypted to the VPN. The VPN's ISP could know that somebody who uses the VPN services is using Tor, but not which IP address is the source of the traffic. I think the main threat to Tor isn't direct attacks on it's anonymity system, but an panopticon style environment where everybody is being watched all the time using DPI, and the use of Tor automatically red flags you as a dissident. That is the message I took from the events in Syria and PRC, the utility of Tor is severely compromised by an all pervasive police state. Anonymity ultimately means belonging to a large set of nameless entities after all, if anonymity and encryption are illegal then freedom to communicate is impossible.
The advantage of VPN (2) is that the websites receiving your traffic cannot detect you're coming from a Tor Exit Node. The advantage of this is that the site's administrator doesn't know you're anonymous, which means you cannot (probably) be red flagged as being suspicious or have websites blocked to you (4chan famously blocks Tor Exit Nodes, for good reason in their case). A good example of this is accessing MtGox via Tor. I think we've heard reports that those accounts get frozen. Because all Tor Exit Node IP addresses are public, there is no great difficulty in implementing such a filter. Wikipedia blocks Tor traffic as standard for example. You might bitch and moan at MtGox, but at least they told you that you're being monitored even if they stole your money.
The advantage of using VPN (3) is just the added advantages of using both setups.
Note that plaintext information transmitted can be read by an Exit Node. So a VPN (2) isn't any help to you there. As always, the answer to that is the use of PGP. And obviously if you're accessing hidden services then it's also pointless since you never reach it.
The disadvantages are that:
A: It costs money.
B: If VPNs keep logs and have your identity using them is totally pointless. Google "HideMyAss" and "LulzSec" for example.
C: A VPN (2) may not necessarily prevent the admin at the filternet site knowing you're trying to be anonymous. It will prevent him knowing you're using Tor, but I'm fairly sure that some websites keep lists of anonymous proxies as well as Tor Exit Nodes. If you want to test this, try accessing 4chan, I reckon by now moot has a comprehensive list of every anonymous proxy on the planet. :D
--
That's a lot to digest, so scan it carefully and fellow travelers should check Pine hasn't made any mistakes.
--
If you have questions, it'd be a good idea to also ask kmfkewm, he has studied this area in depth.
-
These "anonymous" VPN services do keep logs. It's bullshit when they say they don't. How long they keep these logs for? Only they know. So unless you have access to a botnet/compromisd systems or a VPN that has no way of tracking you whether it's through payment or IP address I wouldn't use them.
-
great vpn intro post pine! thanks, as always!
-
great vpn intro post pine! thanks, as always!
Sure. Read more,
On Entry Guards: https://www.torproject.org/docs/faq#EntryGuards
On the use of VPNS: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#you-X-Tor