From: noreply@mixmin.net   
      
   On Sun, 8 Sep 2024 10:06:04 +0200, "J.O. Aho"  wrote:   
   >On 03/09/2024 22.39, david wrote:   
   >> What I don't get is if you're on your isp, you can get on vpn.   
   >> So why can't you get on another vpn when you're already on vpn?   
   >> Or, maybe, you can?   
   >   
   >Yes you can, there is a number of solutions to this. but let's not go   
   >into details as many of the posts already poked on them.   
   >The real question is why would you want to do that? You tend to get no   
   >further "security" of "anonymity" of it. The last VPN will be the one   
   >that can decipher your traffic anyway.   
      
   too many variables; casual users like myself probably have little   
   use for anonymity apart from avoiding website trackers and usenet   
   trolls...but some may have more serious concerns about preventing   
   "unauthorized" access to unencrypted content regardless of format   
   or function, in such cases "whole message encryption" is strongly   
   recommended https://www.danner-net.de/omom/tutorwme.htm  see also:   
      
   (using Tor Browser 13.5.3)   
   https://support.torproject.org/faq/faq-5/   
   >Can I use a VPN with Tor?   
   >Generally speaking, we don't recommend using a VPN with Tor unless   
   >you're an advanced user who knows how to configure both in a way   
   >that doesn't compromise your privacy.   
   >You can find more detailed information about Tor + VPN at our wiki.   
   >https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN   
   >TorPlusVPN   
   >Last edited by Alexander Faeroy 4 years ago   
   >TOC(depth=1)   
   >Introduction   
   >There are many discussions on the Tor Mailing list and spread over   
   >many forums about combining Tor with a VPN, SSH and/or a proxy in   
   >different variations. X in this article stands for, "either a VPN,   
   >SSH or proxy". All different ways to combine Tor with X have   
   >different pros and cons.   
   >General   
   >Anonymity and Privacy   
   >You can very well decrease your anonymity by using VPN/SSH in addition   
   >to Tor. (Proxies are covered in an extra chapter below.) If you know   
   >what you are doing you can increase anonymity, security and privacy.   
   >Most VPN/SSH provider log, there is a money trail, if you can't pay   
   >really anonymously. (An adversary is always going to probe the weakest   
   >link first...). A VPN/SSH acts either as a permanent entry or as a   
   >permanent exit node. This can introduce new risks while solving others.   
   >Who's your adversary? Against a global adversary with unlimited   
   >resources more hops make passive attacks (slightly) harder but active   
   >attacks easier as you are providing more attack surface and send out   
   >more data that can be used. Against colluding Tor nodes you are safer,   
   >against blackhat hackers who target Tor client code you are safer   
   >(especially if Tor and VPN run on two different systems). If the VPN/   
   >SSH server is adversary controlled you weaken the protection provided   
   >by Tor. If the server is trustworthy you can increase the anonymity   
   >and/or privacy (depending on set up) provided by Tor.   
   >VPN/SSH can also be used to circumvent Tor censorship (on your end by   
   >the ISP or on the service end by blocking known tor exits).   
   >VPN/SSH versus Proxy   
   >The connection between you and the VPN/SSH is (in most cases, not all)   
   >encrypted.   
   >On the other hand the connection between you and an OpenProxy is   
   >unencrypted. An 'SSL proxy' is in most cases only a http proxy which   
   >supports the connect method. The connect method was originally   
   >designed to allow you to use to connect using SSL to webservers but   
   >other fancy things such as connecting to IRC, SSH, etc. are possible   
   >as well. Another disadvantage of http(s) proxies is, that some of them,   
   >depending on your network setup, even leak your IP through the 'http   
   >forwarded for' header. (Such proxies are also so called 'non-anonymous   
   >proxies'. While the word anonymous has to be understood with care   
   >anyway, a single OpenProxy is much worse than Tor).   
   >Also read Aren't 10 proxies (proxychains) better than Tor with only 3   
   >hops? - proxychains vs Tor.   
   >VPN versus SSH or Proxy   
   >VPN operates on network level. A SSH tunnel can offer a socks5 proxy.   
   >Proxies operate on application level. These technical details   
   >introduce their own challenges when combining them with Tor.   
   >The problematic thing with many VPN users is, the complicated setup.   
   >They connect to the VPN on a machine, which has direct access to the   
   >internet.   
   >the VPN user may forget to connect to the VPN first   
   >without special precautions, when a VPN connection breaks down (VPN   
   >server reboot, network problems, VPN process crash, etc.), direct   
   >connections without VPN will be made.   
   >To fix this issue you can try something like VPN-Firewall.   
   >When operating on the application level (using SSH tunnel socks5 or   
   >proxies), the problem is that many applications do not honor the proxy   
   >settings. Have a look into the Torify HOWTO to get an idea.   
   >The most secure solution to mitigate those issues is to use   
   >transparent proxying, which is possible for VPN, SSH and proxies.   
   >You -> X -> Tor   
   >Some people under some circumstances (country, provider) are forced to   
   >use a VPN or a proxy to connect to the internet. Other people want to   
   >do that for other reasons, which we will also discuss.   
   >You -> VPN/SSH -> Tor   
   >You can route Tor through VPN/SSH services. That might prevent your   
   >ISP etc from seeing that you're using Tor (VPN/SSH Fingerprinting   
   >below). On one hand, VPNs are more popular than Tor, so you won't   
   >stand out as much, on the other hand, in some countries replacing an   
   >encrypted Tor connection with an encrypted VPN or SSH connection, will   
   >be suspicious as well. SSH tunnels are not so popular.   
   >Once the VPN client has connected, the VPN tunnel will be the   
   >machine's default Internet connection, and TBB (Tor Browser Bundle)   
   >(or Tor client) will route through it.   
   >This can be a fine idea, assuming your VPN/SSH provider's network is   
   >in fact sufficiently safer than your own network.   
   >Another advantage here is that it prevents Tor from seeing who you are   
   >behind the VPN/SSH. So if somebody does manage to break Tor and learn   
   >the IP address your traffic is coming from, but your VPN/SSH was   
   >actually following through on their promises (they won't watch, they   
   >won't remember, and they will somehow magically make it so nobody else   
   >is watching either), then you'll be better off.   
   >You -> Proxy -> Tor   
   >This does not prevent your ISP etc from seeing that you're using Tor   
   >because the connection between your and the proxy is not encrypted.   
   >Sometimes this prevents Tor from seeing who you are depending on the   
   >configuration on the side of the proxy server. So if somebody does   
   >manage to break Tor and learn the IP address your traffic is coming   
   >from, but your proxy does not log an the attacker didn't see the   
   >unencrypted connection between your and the proxy, then you'll be   
   >better off.   
   >You -> Tor -> X   
   >This is generally a really poor plan.   
   >Some people do this to evade Tor bans in many places. (When Tor exit   
   >nodes are blacklisted by the remote server.)   
   >(Read first for understanding: How often does Tor change its paths?.)   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)