From: noreply@mixmin.net   
      
   On Wed, 18 Sep 2024 05:47:58 +0200 (CEST), Nomen Nescio    
   wrote:   
   >mailchuck.com   
   >...   
   >the payment address is linked to each individual email account.   
      
   (using Tor Browser 13.5.4):   
   >https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN   
   >TorPlusVPN   
   >Last edited by Alexander Faeroy 4 years ago   
   >TOC(depth=1)   
   >Introduction   
   >There are many discussions on the Tor Mailing list and spread over   
   >many forums about combining Tor with a VPN, SSH and/or a proxy in   
   >different variations. X in this article stands for, "either a VPN,   
   >SSH or proxy". All different ways to combine Tor with X have   
   >different pros and cons.   
   >General   
   >Anonymity and Privacy   
   >You can very well decrease your anonymity by using VPN/SSH in addition   
   >to Tor. (Proxies are covered in an extra chapter below.) If you know   
   >what you are doing you can increase anonymity, security and privacy.   
   >Most VPN/SSH provider log, there is a money trail, if you can't pay   
   >really anonymously. (An adversary is always going to probe the weakest   
   >link first...). A VPN/SSH acts either as a permanent entry or as a   
   >permanent exit node. This can introduce new risks while solving others.   
   >Who's your adversary? Against a global adversary with unlimited   
   >resources more hops make passive attacks (slightly) harder but active   
   >attacks easier as you are providing more attack surface and send out   
   >more data that can be used. Against colluding Tor nodes you are safer,   
   >against blackhat hackers who target Tor client code you are safer   
   >(especially if Tor and VPN run on two different systems). If the VPN/   
   >SSH server is adversary controlled you weaken the protection provided   
   >by Tor. If the server is trustworthy you can increase the anonymity   
   >and/or privacy (depending on set up) provided by Tor.   
   >VPN/SSH can also be used to circumvent Tor censorship (on your end by   
   >the ISP or on the service end by blocking known tor exits).   
   >VPN/SSH versus Proxy   
   >The connection between you and the VPN/SSH is (in most cases, not all)   
   >encrypted.   
   >On the other hand the connection between you and an OpenProxy is   
   >unencrypted. An 'SSL proxy' is in most cases only a http proxy which   
   >supports the connect method. The connect method was originally   
   >designed to allow you to use to connect using SSL to webservers but   
   >other fancy things such as connecting to IRC, SSH, etc. are possible   
   >as well. Another disadvantage of http(s) proxies is, that some of them,   
   >depending on your network setup, even leak your IP through the 'http   
   >forwarded for' header. (Such proxies are also so called 'non-anonymous   
   >proxies'. While the word anonymous has to be understood with care   
   >anyway, a single OpenProxy is much worse than Tor).   
   >Also read Aren't 10 proxies (proxychains) better than Tor with only 3   
   >hops? - proxychains vs Tor.   
   >VPN versus SSH or Proxy   
   >VPN operates on network level. A SSH tunnel can offer a socks5 proxy.   
   >Proxies operate on application level. These technical details   
   >introduce their own challenges when combining them with Tor.   
   >The problematic thing with many VPN users is, the complicated setup.   
   >They connect to the VPN on a machine, which has direct access to the   
   >internet.   
   >the VPN user may forget to connect to the VPN first   
   >without special precautions, when a VPN connection breaks down (VPN   
   >server reboot, network problems, VPN process crash, etc.), direct   
   >connections without VPN will be made.   
   >To fix this issue you can try something like VPN-Firewall.   
   >When operating on the application level (using SSH tunnel socks5 or   
   >proxies), the problem is that many applications do not honor the proxy   
   >settings. Have a look into the Torify HOWTO to get an idea.   
   >The most secure solution to mitigate those issues is to use   
   >transparent proxying, which is possible for VPN, SSH and proxies.   
   >You -> X -> Tor   
   >Some people under some circumstances (country, provider) are forced to   
   >use a VPN or a proxy to connect to the internet. Other people want to   
   >do that for other reasons, which we will also discuss.   
   >You -> VPN/SSH -> Tor   
   >You can route Tor through VPN/SSH services. That might prevent your   
   >ISP etc from seeing that you're using Tor (VPN/SSH Fingerprinting   
   >below). On one hand, VPNs are more popular than Tor, so you won't   
   >stand out as much, on the other hand, in some countries replacing an   
   >encrypted Tor connection with an encrypted VPN or SSH connection, will   
   >be suspicious as well. SSH tunnels are not so popular.   
   >Once the VPN client has connected, the VPN tunnel will be the   
   >machine's default Internet connection, and TBB (Tor Browser Bundle)   
   >(or Tor client) will route through it.   
   >This can be a fine idea, assuming your VPN/SSH provider's network is   
   >in fact sufficiently safer than your own network.   
   >Another advantage here is that it prevents Tor from seeing who you are   
   >behind the VPN/SSH. So if somebody does manage to break Tor and learn   
   >the IP address your traffic is coming from, but your VPN/SSH was   
   >actually following through on their promises (they won't watch, they   
   >won't remember, and they will somehow magically make it so nobody else   
   >is watching either), then you'll be better off.   
   >You -> Proxy -> Tor   
   >This does not prevent your ISP etc from seeing that you're using Tor   
   >because the connection between your and the proxy is not encrypted.   
   >Sometimes this prevents Tor from seeing who you are depending on the   
   >configuration on the side of the proxy server. So if somebody does   
   >manage to break Tor and learn the IP address your traffic is coming   
   >from, but your proxy does not log an the attacker didn't see the   
   >unencrypted connection between your and the proxy, then you'll be   
   >better off.   
   >You -> Tor -> X   
   >This is generally a really poor plan.   
   >Some people do this to evade Tor bans in many places. (When Tor exit   
   >nodes are blacklisted by the remote server.)   
   >(Read first for understanding: How often does Tor change its paths?.)   
   >Normally Tor switches frequently its path through the network. When   
   >you choose a permanent destination X, you give away this advantage,   
   >which may have serious repercussions for your anonymity.   
   >You -> Tor -> VPN/SSH   
   >You can also route VPN/SSH services through Tor. That hides and   
   >secures your Internet activity from Tor exit nodes. Although you are   
   >exposed to VPN/SSH exit nodes, you at least get to choose them. If   
   >you're using VPN/SSHs in this way, you'll want to pay for them   
   >anonymously (cash in the mail [beware of your fingerprint and printer   
   >fingerprint], Liberty Reserve, well-laundered Bitcoin, etc).   
   >However, you can't readily do this without using virtual machines. And   
   >you'll need to use TCP mode for the VPNs (to route through Tor). In   
   >our experience, establishing VPN connections through Tor is chancy,   
   >and requires much tweaking.   
   >Even if you pay for them anonymously, you're making a bottleneck where   
   >all your traffic goes -- the VPN/SSH can build a profile of everything   
   >you do, and over time that will probably be really dangerous.   
   >You -> Tor -> Proxy   
   >You can also route proxy connections through Tor. That does not hide   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)