[tor-talk] Unsafe for Tor?
Phillip
equusaustralus at gmail.com
Fri Feb 10 10:48:56 UTC 2012
> On 02/10/2012 05:01 AM, Gramps wrote:
>> Phillip wrote the following on 02/09/2012 06:33 PM:
>>> I've had the same problem when I routed my e-mail client to send
>>> everything through Tor (via SSL/TLS of course ;))... When I logged on to
>>> Gmail (and Facebook for that matter) via the web interface, it would
>>> challenge me to prove my identity...
>>>
>>> Now I just run my whole connection, including my Tor node, through a
>>> VPN :)
>>>
>>>
>> That sounds like what I need to do to keep my bank and credit card co.
>> from challenging me all the time! Can you give me a reference to
>> something that lays out how to set up a VPN to do that?
>>
> unless you are somewhere where you can connect to tor, but not to your
> vpn provider, why would you tunnel your VPN through tor? hiding the fact
> you are using a vpn? traffic shape obfuscation? i'm curious.
>
> you always end up with the same unencrypted/ssl/tls stream from your vpn
> endpoint to the destination.
>
> you -> vpn -> tor = makes sense to me
> you -> tor -> vpn = not so much
>
>
> cheers
> -k
>
It's the other way round, as you said, me -> vpn -> tor. That way my tor
node runs through a VPN (slightly degraded performance), and all of my
regular non-tor traffic also runs through the VPN.
And with a plugin like HTTPS Everywhere, most of the sites I visit are
encrypted all the way. Therefore double encryption.
I live in a country with unfiltered and very fast Internet access, but
where the authorities have a very easy way to tap into your connection
directly if they choose to, without all those annoying judicial
niceties... I just choose to make their job slightly more difficult ;))
More information about the tor-talk
mailing list