Silk Road forums
Discussion => Security => Topic started by: alchemistor on August 29, 2012, 01:51 pm
-
Hi folks... I'm just curious if anyone has a newb-proof guide on creating the most anonymous, securest connection out there.
I'm new here, and whilst I realise my ISP will always be aware I am using Tor, I'd love to know how I can be as safe as POSSIBLE.
To similar people out there, are there any really good guides or tutorials on how to achieve such a thing?
If such a thing is too much to ask, a guide on using SR anonymously whilst at a public wifi location will suffice, if possible.
A guide maybe for using Tor over VPN?
A guide for using Tails for SR?
Stuff like this would be much appreciated as I've done much searching only to be left with confusion.
Cheers all. Forgive me if you've heard this 100 times.
-
What is wrong with using a VPN? I have heard people make that comment before but I would like to know more. I can understand that if your VPN can track your payment method that is no good, and if you VPN keeps logs that is no good, but if they do neither, how is this worse then just running straight unencrypted through your ISP?
-
there are sticked threads around. but i will tell you that any vpn use is a bad idea, and that tails is generally a failure of a hardened anonymity-geared os (although way better than running the browser bundle on windows for example)
i have a VPN from Sweden who have a strict policy on logs and such, also payment is anonymous VIA btc.
Why is tails a failure? Is Liberte a better option?
I don't want my ISP knowing I'm using Tor.. I have to use a VPN then connect to Tor via VM in Liberte... Is this safe enough if I was hypothetically a vendor?
-
I don't understand how the vpn is anything different then a 2nd isp, hiding your traffic from your 1st isp. Is it that people using a vpn are more likely to be suspect so the bad guys might focus there? I really want to understand what makes using tor through a vpn less safe then using tor without one.
-
Yeah I never understood the concept of people saying a VPN and Tor together are a bad idea.
...Isn't the main point of a VPN is to encrypt and hide all of your traffic from your ISP? That's what 85% of the VPN websites I see out there promote: "Be free from your ISP" "Not even your boss can see your traffic at the workplace computers!" and "No more government blocks and restrictions!"
So these people who believe connecting to a VPN is unsafe are telling me that it's safer to be connected to my domestic ISP rather than connecting in a log-free server in Sweden?
It simply makes no sense. Even if the VPN service was corrupt and kept logs and stored traffic in Sweden, UK, Netherlands, etc., don't you think it would at the very minimum be harder and annoying for LE to contact a service out of country?!?
I really would like someone to back up how VPNs are bad when used with Tor and not have a bunch of people just say "VPN and tor makes it less secure". Please backup your answers!
As more so relating to the topic, I use my normal windows OS with a known log-less VPN in Sweden when browsing SR. When I am making a transaction I use Liberte on a USB with my VPN as well.
Works great. And in my opinion, buy a VPN service! Even for non SR situations it's awesome. Gives you an ultimate sense of security at all times. No worries with "illegal" downloads or torrents one bit.
-
https://lists.torproject.org/pipermail/tor-talk/2012-January/022913.html read that and pay special attention to anything said by roger dingledine, he's the lead tor developer
also see http://dkn255hz262ypmii.onion/index.php?topic=26419.0
again i recommend using obfsproxy not a vpn, you achieve the same end result but there's no one party that can compromise you
"In short, I think "You -> VPN provider -> Tor network" can be a fine idea,
assuming your VPN provider's network is in fact sufficiently safer than
your own network; but "You -> Tor network -> VPN provider" is generally
a really poor plan.
--Roger"
Not disagreeing that obfsproxy is not better then a vpn. Just trying to understand all this. I need to do some more research into obfsproxy as this is the first I have looked into it. Thank you for bringing it to our attention. If my understanding is correct it is another level of encryption that makes tor traffic look like something else. It does this between your tor browser and somewhere before the exit node, correct?
I still haven't found any info on why a vpn on the front side of tor is a liability. It is clear that if you are using a vpn on the backside then it can see all that you are doing.
-
Obfsproxy seems like a great idea and I hope it is further incorporated into the TBB. As it stands now it is not safe to be running the TBB obfs version. As BigEasy pointed out in the 'VPN advice' thread: that version of the TBB is unsafe. https://trac.torproject.org/projects/tor/ticket/5937
-
https://lists.torproject.org/pipermail/tor-talk/2012-January/022913.html read that and pay special attention to anything said by roger dingledine, he's the lead tor developer
also see http://dkn255hz262ypmii.onion/index.php?topic=26419.0
again i recommend using obfsproxy not a vpn, you achieve the same end result but there's no one party that can compromise you
Still the person running the bridge can compromise you, at least as much as the people running the VPN. It is safe enough to enter through a VPN before using Tor, although it is probably more likely that a VPN provider keeps logs (even if they say they do not) than it is for your ISP to keep logs of all their users traffic. If you are mostly interested in hiding that you use Tor, that is what bridges and obfsproxy are for. A VPN will hide that you use Tor in that your ISP will see you connecting to an IP address of the VPN node instead of a Tor node IP address, but it will not hide from DPI that you are using Tor because Tor traffic looks very unique. Using a bridge hides that you are connecting to a known Tor node IP address but also does not disguise your traffic, that is what obfsproxy was made for. So far obfsproxy seems to be doing well enough to prevent the censors in China from fingerprinting Tor traffic, I am not familiar with the state of its implementation but currently it is the only way Chinese people can connect to Tor without the censors detecting it and blocking them.