Tails, Tor & VPN: Pros and Cons

There are bits and pieces of information available in regards to this topic but that is exactly what they are - bits and pieces.

As a community it would be great for us to get together and concisely address the 'best' opsec available within tails and also address why other options are not quality opsec measures.

Put forward the assumption that users have done their research to anonymously aquire a VPN service that has a vetted no-logging policy.

  1. Permanent entry guard node [tails>vpn>tor]

    a. Prevent ISP from knowing of or even blocking your tor usage

    b. Prevent compromised entry guards from being able to analyze your usage of hidden services [which is miniscule in the total usage of tor] and correlate specific sites/pages using any website fingerprinting data available. Think about the people who enabled javascript for pgp encryption on WSM I believe it was...

  2. Permanent exit node [tails>tor>vpn]

    a. Prevent having a compromised point of decryption from tor. A compromised/snooping exit node would have access to tons of data (including passwords) passing through it although their origins are hidden. Hopefully HTTPS-everywhere would be enough to thwart any snooping but somebody with more knowledge would need to comment.

  3. Rotating entry guards, exit nodes [tails>tor]

    a. Opsec would be pretty airtight here assuming there is no metadata available to fingerprint. However there may be many situations where one may feel a need to temporarily disable NoScript potentially leaving themselves vulnerable.

I do not have an absolute opinion on what is the best approach. I believe different circumstances have different requirements. I think that it would be great to start a good discussion to evaluate the pros and cons of each measure and to identify different circumstances where options 1-3 provide the best opsec specific to a user's unique needs.

Please do not refrain from contributing if you have any knowledge or opinions. This is my first registered interaction with this sub but I have been around long enough to see the community aspect deteriorate. That helps nobody except for our common adversaries.

TL;DR - What are the pros and cons of tails, tor and vpn as either a permanent entry guard/exit node


Comments


[9 Points] savingfluffybunnies:

Doesn't work. Best way to use VPNs though.

Stops ISP from seeing you use Tor. Allows VPN provider to see you use Tor and monitor the type of traffic coming through.

Only trust Tor network, no 3rd party. ISP can see you use Tor but it doesn't matter. Easiest option.

For enhanced security use Whonix. A lot of the stuff you talk about on here seems like bullshit and it seems like you've done very little research.


[2 Points] betandloose:

Thanks for this topic ! I am also deeply learning & testing diferents OPSEC approaches with differents OS Combos, aimed at "Vendor" usage for both DNM & Openbazaar...

I do think that it best to hide from your ISP the fact that you use TOR, While it may be allowed, it is always "flagged as suspicious" by ISP. And in the advanced scenario that LE are against you, this can lead to easy correlating, if you live in a non "TOR-dense" area...

This need you to put Faith in your carrefully chosen VPN provider (which I do more than my ISP) It is possible to double VPN, for added security. (ISP>vpn1>vpn2>TOR)

My actual setup would be (assuming connexion from home) :

What do you think of this setup ?


[1 Points] AutoModerator:

Please note that WallStreet Market is not listed because of very serious issues. You should avoid it at all costs.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[1 Points] Intergalactic_Reborn:

Just install a VPN on your Router and use Tails. There done.