Silk Road forums

Discussion => Newbie discussion => Topic started by: flashlight5 on June 06, 2013, 11:09 pm

Title: TOR & OVPN
Post by: flashlight5 on June 06, 2013, 11:09 pm
Do not use Tor through VPN. People think that this is more secure. It is not more secure. This is a single point of attack and a method of tracking you.

just read that on two different websites. can sb explain it? Dont get the point of attack thing. every website / service would just get a TOR IP, wouldnt it ?
thx!
Title: Re: TOR & OVPN
Post by: TheGolden24 on June 06, 2013, 11:15 pm
I have also heard the same and would like to learn more on the topic
Title: Re: TOR & OVPN
Post by: mbius298074 on June 07, 2013, 01:04 pm
Do not use Tor through VPN. People think that this is more secure. It is not more secure. This is a single point of attack and a method of tracking you.

just read that on two different websites. can sb explain it? Dont get the point of attack thing. every website / service would just get a TOR IP, wouldnt it ?
thx!

This advice was mainly for carders and "freedom fighters" (e.g., lulzsec). It is possible to locate someone using tor if you control/watch their entry (e.g., home ISP or VPN) and exit point (Tor exit node or the site they are attacking) using a correlation attack. The idea is that you show the traffic they send is equivalent to the traffic that is received.

However, the security of using a VPN to connect to Tor depends on the method you use to connect to Tor in the first place. If you are connecting from a hacked or public WiFi then using a VPN is a security risk for the reason above as the entry is then fixed. If you are connecting from home it is maybe a little safer depending on your country, ISP and VPN.
Title: Re: TOR & OVPN
Post by: flashlight5 on June 07, 2013, 02:58 pm
thx for the info, not really sure i follow you thou.

Lets say I use a WLAN and connect directly to tor, then my entry point is fixed anyways... ? Ultimately I need a fixed entry point...?!

Of do I have it wrong?

I mean it like this:

     WLAN
       IIIIIII
I____OVPN___I
          I
          I
          I
         V
-----TOR Server 1------
-----TOR Server 2------
-----TOR Server 3------


INTERNET


Every body just seeds the TOR exit.. in case somebody gets around TOR, they get my vpn ip. Or do I have it wrong?
Title: Re: TOR & OVPN
Post by: mbius298074 on June 08, 2013, 06:07 am
thx for the info, not really sure i follow you thou.

Lets say I use a WLAN and connect directly to tor, then my entry point is fixed anyways... ? Ultimately I need a fixed entry point...?!

Of do I have it wrong?

I mean it like this:

     WLAN
       IIIIIII
I____OVPN___I
          I
          I
          I
         V
-----TOR Server 1------
-----TOR Server 2------
-----TOR Server 3------


INTERNET


Every body just seeds the TOR exit.. in case somebody gets around TOR, they get my vpn ip. Or do I have it wrong?

No problem. Glad to help.

To answer your question, your entry point isn't fixed if you change public WiFi hotspots before connecting each time. However, if you use the same WiFi access point then your location is fixed, like using the same VPN, and you are more suseptible to a correlation attack.

Basically, the statement about "VPN before Tor is bad" assumes that you connect to Tor from a changing IP each time. If you don't then the advice doesn't hold.
Title: Re: TOR & OVPN
Post by: flashlight5 on June 08, 2013, 06:16 pm
What you say now makes sense. °,^

A good VPN service have have several Servers so you can change too.

But getting from a good VPN that many ppl use to my home Ip is still a long shot, right?
Title: Re: TOR & OVPN
Post by: mbius298074 on June 10, 2013, 02:38 am
What you say now makes sense. °,^

A good VPN service have have several Servers so you can change too.

But getting from a good VPN that many ppl use to my home Ip is still a long shot, right?

The number of servers the vpn has doesn't matter. If you are traced to your VPN and someone wishes to identify you (e.g., the government) then they will watch everything from that VPN, not just the server you connect to.

If your attacker is determined enough it is very easy to trace you from your VPN to your home IP if you are connecting from home.
Title: Re: TOR & OVPN
Post by: flashlight5 on June 10, 2013, 10:55 pm
easy??!!!! for real!?!

with a good vpn service? dont think so.. my provider has been raided several times because some morons did DOS attacks. but they didnt log so nobody got caught
Title: Re: TOR & OVPN
Post by: nosponser on June 11, 2013, 12:20 am
i thought it worked this way:  Me ---> VPN ---> Entry node ---> Relay Node ---> Exit Node ----> Internet
 making it harder to go backwards stops at VPN ? no? at the least i thought being on the vpn hides TOR activity from ip and le
Title: Re: TOR & OVPN
Post by: mbius298074 on June 11, 2013, 03:49 am
easy??!!!! for real!?!

with a good vpn service? dont think so.. my provider has been raided several times because some morons did DOS attacks. but they didnt log so nobody got caught

Yes, very easy. All they need to do is attain the ability to watch the VPN traffic. The fact a VPN may have no or minimal logs is not helpful if the traffic is being monitored and logged in realtime by someone else. That is what happened with "HideMyAss" and the lulzsec hackers even though HMA said they kept no logs.
Title: Re: TOR & OVPN
Post by: mbius298074 on June 11, 2013, 03:50 am
i thought it worked this way:  Me ---> VPN ---> Entry node ---> Relay Node ---> Exit Node ----> Internet
 making it harder to go backwards stops at VPN ? no? at the least i thought being on the vpn hides TOR activity from ip and le

Again, it depends on how you are connecting to Tor. You must decide if you want a fixed entry point to the tor entry node.
Title: Re: TOR & OVPN
Post by: whatsmyname on June 11, 2013, 04:11 am
i connect to swiss vpn then i use the tor portable
Title: Re: TOR & OVPN
Post by: mbius298074 on June 12, 2013, 03:28 am
i connect to swiss vpn then i use the tor portable

OK, so a fixed location then.
Title: Re: TOR & OVPN
Post by: THCKingCA on June 12, 2013, 03:58 pm
So what's the best way to stay safe out here??  MAC vs PC???