Silk Road forums
Discussion => Security => Topic started by: weed4me6969 on July 31, 2013, 10:30 pm
-
Hello all!
I want to get a vpn, and tried to order one off of Sniffsniff...But it is some messed up cracked version that does not work!!! So whatever you do dont get that, it was only $5 but still... I just want to be even more secure, and dont want my isp to know when and how long i use tor for!
So which VPN's do not keep logs, and i dont care if it is free or not, this is about being secure...But hey, if i can download it from a torrent or something, hey, that is cool too!!!
Thanks guys/gals 8)
-
Private Internet Access or BTGuard.
-
:-X
-
Interested in getting a VPN myself. ill stay updated on this so when i get more serious about it
:P
much love all_mcrad!
-
Definitely one where you can pay in bitcoins. I've been using AirVPN and they've been great but I'm sure the others are just as good.
-
A VPN is a great way to add another layer of security and anonymity in conjunction with Tor if -- and only if -- it is used correctly.
-- Buy your VPN anonymously. Use a provider which allows BTC payments.
-- Do NOT connect to any services (e-mail, facebook, etc) which hold your identity when using your VPN.
There's a few ways you can connect to a VPN and Tor simultaneously. The solution I see most fit is: You -> VPN -> Tor -> Internet
The page below has a great deal of information regarding Tor and VPN setup.
[CLEARNET WARNING]
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
-
ugh all the VPN talk makes me sick. First of all, telling people the VPN you use means that traces to you can start at that VPN. Thanks for not making me trace you through Tor, now I can focus on the VPN provider that you just told me you use. Second of all, I think people vastly over estimate how much more anonymous a VPN can make them. Essentially a VPN at best hides that you use Tor and gives you a static entry guard that will possibly protect you if your Tor circuit is bad (then again, your VPN provider could be bad to begin with, in which case your entry node is always bad). I wonder if I made a VPN company up and started suggesting people on SR use it, how much business I would get. Probably too much. And then I would have all of your IP addresses, and do fingerprinting and correlation attacks to link IP addresses to forum posters.
-
ugh all the VPN talk makes me sick. First of all, telling people the VPN you use means that traces to you can start at that VPN. Thanks for not making me trace you through Tor, now I can focus on the VPN provider that you just told me you use. Second of all, I think people vastly over estimate how much more anonymous a VPN can make them. Essentially a VPN at best hides that you use Tor and gives you a static entry guard that will possibly protect you if your Tor circuit is bad (then again, your VPN provider could be bad to begin with, in which case your entry node is always bad). I wonder if I made a VPN company up and started suggesting people on SR use it, how much business I would get. Probably too much. And then I would have all of your IP addresses, and do fingerprinting and correlation attacks to link IP addresses to forum posters.
What?
Then you will see the person using TOR, which would basically be the same as if they did not use the VPN at all. Let's not forget that VPNs are not like bitcoins, in which 50+% of users are actually SilkRoad members. I think most SR members just connect using their normal IPs, don't use PGP, and most certainly don't encrypt their drives, assuming TOR to be this immunizing program for badasses.
The majority of VPN use is for torrents and post-Snowden fiasco. I would say the vast majority of VPN users do not use TOR-but they do use BitTorrent, which is of concern of the MPAA and RIAA moreover.
I think the paranoia here is overblown and misdirected, not to say security is overrated.
All people caught on SR thusfar have been the low-hanging fruit: the cell phone users, the poor stealthers, and such. Getting a vendor with good stealth is about 10x more important than some of the meanderings here, unless the user is being chased by INTERPOL, and even then it would be difficult.
-
So you use Tor and tell me you use BobVPN. So now that is great because I can go to BobVPN and see who all is using Tor. Okay there are twenty people using BobVPN and connecting to Tor, you are probably one of them. Now if I can watch traffic over BobVPN I can quickly pinpoint your traffic with fingerprinting attacks, since I already see the posts you make here and the size of the posts. Only one of the twenty people using BobVPN to connect to Tor is likely to have traffic pattern correlating with the posts I can see you making on the forum here. Also many VPN providers keep logs of who is connected to the VPN when, even if they don't keep traffic logs. So now I can use these logs and see who of the twenty are connected to the VPN when I see traffic from you on this site. Over a small period of time I can use intersection attack to deduce who you are. You could say well my VPN keeps no logs blah blah, and I say fine that is great but you still have essentially changed your security model from Tor to your VPN provider, and that makes life easier for me if I am trying to trace you.
-
Care to tell me your set of Tor entry guards? I mean it isn't like I will see anything other than people using Tor if I own your entry node right? Plenty of people using Tor these days, so might as well tell me your entry guards. Or I could just wait a while since everybody is using tails, I imagine it wont take very long before you use my entry guard anyway and then I can use fingerprinting attack and correlation attack to tie you to your forum nym. It is sure nice of the forum to keep timestamps of when these series of bytes came from your computer to it :), I wonder how many people sent message the same size as yours through Tor at the same time you sent that post to the forum? Markov modeling will help me filter them away ;).
-
+1 for technical accuracy.
Markov chains, packet sniffing, stylometry, can all be utilized and probably are. You do indeed have a good point; I never thought of it in that sense as my main concern was the ISP reporting of Tor traffic, which seems to be given up quite willingly.
Taking this into consideration, we probably should enact a no-discussion rule with regards to VPNs and ISPs.
I still maintain that the most likely cause of seizure is poor stealth, but taking all avenues into consideration is best.
-
Naming your VPN is a dumb idea, and should be banned from this forum.
-
Rule of a thumb.
If you can't find a list of suitable VPNs on Google, you shouldn't be using VPN to connect to Tor.
OP look into obfsproxy.
-
Naming your VPN is a dumb idea, and should be banned from this forum.
Damn sorry guys i didnt know it was such a big fuckin deal!!! I apologize, as i just wanted some info from people that have similar experiences..... didnt mean to get everyone hacked... :o
-
Damn sorry guys i didnt know it was such a big fuckin deal!!! I apologize, as i just wanted some info from people that have similar experiences..... didnt mean to get everyone hacked... :o
It's fine. Tinfoil hat is is a little tight on these posters. Not that that's really a bad thing.
-
Damn sorry guys i didnt know it was such a big fuckin deal!!! I apologize, as i just wanted some info from people that have similar experiences..... didnt mean to get everyone hacked... :o
It's fine. Tinfoil hat is is a little tight on these posters. Not that that's really a bad thing.
A side effect of having technical knowledge related to the matter at hand.
-
A side effect of having technical knowledge related to the matter at hand.
We're all really impressed. Please don't find me!!