[tor-talk] Tor -> VPN Clarification
l.m
ter.one.leeboi at hush.com
Mon Feb 2 01:51:32 UTC 2015
"Joe Btfsplk" wrote:
I gather the one with "more variables in my favor" is Case 2 - Using
VPN
to connect to Tor?
That is the one (some) have said is definitely not good - yes? Still
others may have said that VPN connecting to Tor, isn't as bad as some
have indicated?
Observation: There are a LOT of assumptions about VPNs & adversaries.
And they may / could be true. Just sayin'.
The scenarios you describe, would almost seem to say (equivalent of):
"Either of these is *full* of pitfalls, but since I'm gonna die if I
don't do something, I can pick one (then pray)."
Reason I ask (about using Tor & *anything* else), is I need to do some
legitimate, online research.
Not political / terrorist issues, etc., nor anything socially taboo.
But still something I don't want anyone looking over my shoulder.
And I'm not sure if using TBB by itself (in Windows) is "good enough."
----------------------------------------------------------------------------------------------------
Yes, given all the variables I feel Case 2 is to my advantage. I
really don't advocate for VPN through Tor. That's two congestion
control algorithms (both using TCP) in play and one of them (VPN) will
be based on end-to-end circuit conditions. It gets worse once
pluggable transports are used. It's not an assumption that
intelligence agencies are targeting VPN's but I can't remember where I
read it. I also recall a couple articles about members of notable
hacker groups getting thrown under the bus by their (paid) VPN handing
over logs/metadata. These days politics involves promises to ban
encrypted communication if re-elected (UK). If I'm going to have to
pick one I choose opsec and case 2. But then I use Tor for legitimate
online research so the possibility of an adversary within Tor is kinda
the point. I take as absolute certainty that if I screw up opsec my
VPN will capitalize. Pitfalls doesn't even come close to describing
it.
Not thinking TBB is good enough is a good place to start.
The other options for proxy or SSH through Tor or vice-verse have
their appropriate uses so I didn't mention them. I think the
TorPlusVPN wiki covers those.
--leeroy
More information about the tor-talk
mailing list