Discussion:
[tor-talk] Tor browser and VPN or web proxy
J B
2018-09-29 11:58:17 UTC
Permalink
Hi,
Could you please explain in what sequence the two should be activated and
why
(which setup is secure) ?
TB -- VPN or web proxy
or
VPN or web proxy -- TB

jb
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torpr
TNT BOM BOM
2018-09-29 12:51:00 UTC
Permalink
you can read it here:

- User -> VPN -> Tor -> Internet
https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor
- User -> Tor -> VPN -> Internet
https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN
- User -> Tor -> Proxy -> Internet
https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_proxy
- User -> Proxy -> Tor -> Internet
https://www.whonix.org/wiki/Tunnels/Connecting_to_a_proxy_before_Tor

you want more , read Whonix Docs:

https://www.whonix.org/wiki/Documentationdocumentation

Enjoy!
Post by J B
Hi,
Could you please explain in what sequence the two should be activated and
why
(which setup is secure) ?
TB -- VPN or web proxy
or
VPN or web proxy -- TB
jb
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi
panoramix.druida
2018-09-29 16:29:48 UTC
Permalink
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Post by J B
Hi,
Could you please explain in what sequence the two should be activated and
why
(which setup is secure) ?
TB -- VPN or web proxy
or
VPN or web proxy -- TB
I am playing with QubeOS and I try Tor -> VPN (with Bitmask) and I found this useful for not having captchas everywhere as it does happend with Tor alone. I try this thanks to this talk:

Post by J B
jb
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.
Mirimir
2018-09-29 23:28:46 UTC
Permalink
Post by panoramix.druida
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Post by J B
Hi,
Could you please explain in what sequence the two should be activated and
why
(which setup is secure) ?
TB -- VPN or web proxy
or
VPN or web proxy -- TB
I am playing with QubeOS and I try Tor -> VPN (with Bitmask) and I found this useful for not having captchas everywhere as it does happend with Tor alone. I try this thanks to this talk: http://youtu.be/f4U8YbXKwog
True. But this is the most dangerous way to combine Tor and VPNs.

If you connect first through a VPN (yours or a commercial service) and
then to Tor, the VPN becomes like your ISP. It encrypts and obscures
your traffic. So your ISP can't easily tell that you connect with Tor,
or what you otherwise connect with directly.

But your VPN provider _does_ know all that. Also, some argue that VPN
services are more likely malicious than ISPs, and so potentially
compromise your Tor use. But others (including Mirimir) argue that ISPs
are more readily compromised by local adversaries, so using VPN services
increases security and privacy for Tor use.

Also, if you connect to Tor through a VPN, entry guards can't easily
know your ISP-assigned IP address. So malicious entry guards (or those
who had compromised them) would need to get that information from your
VPN provider. That would have provided some protection against CMU's
relay-early exploit, which pwned many .onion services and users.

However, connecting first to Tor, and then through Tor circuits to a
VPN, is _far_ more dangerous. Bottom line, you throw away all of the
anonymity that Tor can provide. That's because your VPN provider may
know who you are. Perhaps because you paid them in some traceable way.
Or perhaps because you accidentally connected directly, and not through
Tor, revealing your ISP-assigned IP address to them.

However, if you're careful, you can use VPNs through Tor to 1) avoid
Tor-specific CAPTCHAs, 2) route UDP traffic, and 3) use online services
that generally don't work well with Tor alone.

<SNIP>
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproj
Paul Syverson
2018-09-30 03:35:28 UTC
Permalink
Post by Mirimir
Post by panoramix.druida
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Post by J B
Hi,
Could you please explain in what sequence the two should be activated and
why
(which setup is secure) ?
TB -- VPN or web proxy
or
VPN or web proxy -- TB
I am playing with QubeOS and I try Tor -> VPN (with Bitmask) and I found this useful for not having captchas everywhere as it does happend with Tor alone. I try this thanks to this talk: http://youtu.be/f4U8YbXKwog
True. But this is the most dangerous way to combine Tor and VPNs.
If you connect first through a VPN (yours or a commercial service) and
then to Tor, the VPN becomes like your ISP. It encrypts and obscures
your traffic. So your ISP can't easily tell that you connect with Tor,
or what you otherwise connect with directly.
But your VPN provider _does_ know all that. Also, some argue that VPN
services are more likely malicious than ISPs, and so potentially
compromise your Tor use. But others (including Mirimir) argue that ISPs
are more readily compromised by local adversaries, so using VPN services
increases security and privacy for Tor use.
Also, if you connect to Tor through a VPN, entry guards can't easily
know your ISP-assigned IP address. So malicious entry guards (or those
who had compromised them) would need to get that information from your
VPN provider. That would have provided some protection against CMU's
relay-early exploit, which pwned many .onion services and users.
However, connecting first to Tor, and then through Tor circuits to a
VPN, is _far_ more dangerous. Bottom line, you throw away all of the
anonymity that Tor can provide. That's because your VPN provider may
know who you are. Perhaps because you paid them in some traceable way.
Or perhaps because you accidentally connected directly, and not through
Tor, revealing your ISP-assigned IP address to them.
While that is all roughly on-average correct, it depends entirely on your
adversary and intended activity. (You might not be average.) If, as
one example, you need to connect to a corporate VPN and you don't
want a local adversary (such as the ISP) to know your affiliation with
that corporation, then this is the order to do things.

aloha,
Paul
Post by Mirimir
However, if you're careful, you can use VPNs through Tor to 1) avoid
Tor-specific CAPTCHAs, 2) route UDP traffic, and 3) use online services
that generally don't work well with Tor alone.
<SNIP>
--
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.or
Mirimir
2018-09-30 07:00:07 UTC
Permalink
Post by Paul Syverson
Post by Mirimir
Post by panoramix.druida
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Post by J B
Hi,
Could you please explain in what sequence the two should be activated and
why
(which setup is secure) ?
TB -- VPN or web proxy
or
VPN or web proxy -- TB
I am playing with QubeOS and I try Tor -> VPN (with Bitmask) and I found this useful for not having captchas everywhere as it does happend with Tor alone. I try this thanks to this talk: http://youtu.be/f4U8YbXKwog
True. But this is the most dangerous way to combine Tor and VPNs.
If you connect first through a VPN (yours or a commercial service) and
then to Tor, the VPN becomes like your ISP. It encrypts and obscures
your traffic. So your ISP can't easily tell that you connect with Tor,
or what you otherwise connect with directly.
But your VPN provider _does_ know all that. Also, some argue that VPN
services are more likely malicious than ISPs, and so potentially
compromise your Tor use. But others (including Mirimir) argue that ISPs
are more readily compromised by local adversaries, so using VPN services
increases security and privacy for Tor use.
Also, if you connect to Tor through a VPN, entry guards can't easily
know your ISP-assigned IP address. So malicious entry guards (or those
who had compromised them) would need to get that information from your
VPN provider. That would have provided some protection against CMU's
relay-early exploit, which pwned many .onion services and users.
However, connecting first to Tor, and then through Tor circuits to a
VPN, is _far_ more dangerous. Bottom line, you throw away all of the
anonymity that Tor can provide. That's because your VPN provider may
know who you are. Perhaps because you paid them in some traceable way.
Or perhaps because you accidentally connected directly, and not through
Tor, revealing your ISP-assigned IP address to them.
While that is all roughly on-average correct, it depends entirely on your
adversary and intended activity. (You might not be average.) If, as
one example, you need to connect to a corporate VPN and you don't
want a local adversary (such as the ISP) to know your affiliation with
that corporation, then this is the order to do things.
aloha,
Paul
Right. Didn't think of that. And yes, that _is_ a safe use case. Because
you don't need/want to be anonymous to that corporation. Or for anything
you do through that VPN connection.

Even so, for that you might as well use a VPN service, instead of Tor.
Because performance will be much better. Unless it's important to hide
corporate affiliation from more than just local adversaries.
Post by Paul Syverson
Post by Mirimir
However, if you're careful, you can use VPNs through Tor to 1) avoid
Tor-specific CAPTCHAs, 2) route UDP traffic, and 3) use online services
that generally don't work well with Tor alone.
<SNIP>
--
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://
Loading...