Gaming The VPN Fallacy

[linuxares]

Tor =/= Full anonymity. It's been proven a couple of times that people been caught using TOR. Use a VPN + TOR if you wish to be safer. I use PIA that have been proven in court not to log anything at all!
I would rank your post more as scare mongering than anything else. A VPN is better than not if you use a public wifi or want to hide your IP.

 

[Alexander1970]

For some purposes.

Mainly for watching Videos or Live Streams from TV Mediathekes,because they are not allowed in Austria (due Country restrictions mainly from Germany..... ).

 

[RaptorDMG]

I use it for torrenting on PC and on my phone all the time as it's the only device I'm likely to use on public wifi

 

[The Real Jdbye]

In order to access Tor in China you'll need to use a bridge. Use the built in meek-azure pluggable transport. China can't block it because that would mean blocking Microsoft Azure.

I would not put it past the Chinese government to do such a thing. They are blocking a rather large part of the Internet already after all, I would not be surprised at all if they were to block a little more.

 

[dAVID_]

Tor =/= Full anonymity. It's been proven a couple of times that people been caught using TOR. Use a VPN + TOR if you wish to be safer. I use PIA that have been proven in court not to log anything at all!
I would rank your post more as scare mongering than anything else. A VPN is better than not if you use a public wifi or want to hide your IP.

VPN over Tor can only be helpful if you have complete trust in your VPN provider, which is absolutely impossible. They don't need to keep logs in order to do a timing correlation attack on Tor. All they need is the exact time you made a request on their servers, and the exact time an exit node that you are using sends a request to a site.
On the other hand, at the very least you can be sure that the people developing Tor aren't trying to monitor your traffic. This is because Tor is free and open source software. Attempting to implement a backdoor into source code that anyone can see is useless. VPN providers cannot prove that they are not monitoring your traffic.
"But you can't trust Tor nodes to not monitor your traffic either".
No, you can't have complete trust in Tor nodes either. Who's to say they're not monitoring my traffic?". That's right, but at the very least you can be 100% sure that the developers of Tor are not attempting to snoop on your data.

Also, even if an attacker attempts an ARP spoofing attack in order to downgrade your connecting to HTTP, your browser will probably alert.
And even if an attacker was successful, all it takes to avoid having your data exposed is common sense. In other words, not entering sensitive data on HTTP sites.

Also, I'd say this post is the opposite of scare mongering. All I am doing is talking about the common misconceptions about VPN services, and what they do and don't provide.

I think these links pretty much sum up my thread:
https://matt.traudt.xyz/posts/you-want-tor-24tFBCJV.html
https://matt.traudt.xyz/p/mRikAa4h.html

--------------------- MERGED ---------------------------

The lock icon is often confusing for non-tech savvy. On sites like this one you will (sometimes) get warnings of mixed content (secure site but insecure content pulled in from other sources).

As said, if you just want a secure tunnel and not a different IP you can setup a VPN server at home for free.

Tor already does this. Your connection to the Tor network is always encrypted.

 

[yuyuyup]

I'd rather my ISP see my activity than risk scrutiny from authorities for even touching tor.

 

[UltraDolphinRevolution]

Just make sure you're using the meek-azure pluggable transport, or chinese authorities might realize.

They might have already. The first day was slow but I could watch youtube videos in 144p pretty easily. Now it's basically impossible.
Then again, I have no idea what I'm doing. Before starting it I choose meek-azure, but I didn't change anything so I don't why it is working so poorly now. Maybe their system already figured it out.

 

[bodefuceta]

I agree with most of what you said. Though you seem to believe Tor is some sort of silver bullet, it most definitely is not. Remember you only need to control 2 nodes of someone's circuit, or 1 node and one clearnet pathway, to completely deanonymize someone, and it's widely believed NSA has access to over 50% of all nodes and most of the clearnet paths.

TOR is basically a military project designed to honeypot foreign governments into believing it is secure. They will NOT use access to your data to give you piracy warnings nor expose you downloaded illegal content, to keep TOR's security believable. But will ABSOLUTELY sniff on secret information. Mostly relevant if you have ties to government.

Even the hacker group lizard squad (or something) managed to sniff on most of TOR traffic by renting servers and operating TOR nodes on them. I think all of wikileaks first release batch was sniffed from TOR too. It's also believed some popular darkweb markets were taken down through these vulnerabilities. Using TOR helps other people blending in, but nothing can be done if the nodes are compromised.

 

[ThoD]

I agree that Tor is the best choice, VPNs are overrated in security. Also, while it hasn't been mentioned in this thread, I should point something out for anyone who thinks using Opera is good because of the built-in VPN... it's NOT, Opera clearly states that they ARE logging your data when you use the built-in VPN if you go over their agreement. One more thing, on the topic of VPNs, 99% of them only use either 1-2 nodes, claimining it's safe, when it's very easy to get past just that much security with advanced tools and a tiny little bit of patience, ESPECIALLY if the one trying to steal your data is in the same network (eg: public networks), hell, most VPNs do nothing against attacks from the same network so it's all on your OS's settings and firewall alone, since while they can't steal your data packets, they can ridiculously easily install a remote access tool in seconds without you even realizing it even with VPN active (and before some idiot says "they can't do that if you use VPN", they can, even the standard RATs you find on the clearweb can do that much).

 

[ghjfdtg]

Tor already does this. Your connection to the Tor network is always encrypted.

If you can live with the slowness. Not as bad as it used to be but still slow. It's also overkill for this scenario in my opinion because all you really need is a secure tunnel and not a network designed against censorship.

 

[Ericthegreat]

Pretty sure all the people who recommend vpn's are either corporate paid trolls, or brainwashed people. A few years ago a guy would post on Reddit that he got an isp warning letter, people would say "throw it in the trash", now they get 20 people telling them how stupid they are and how they might get sued because they didn't get a VPN, many of these also talk about the price like "it's $26 for a year idiot", seems to be the only real reason to use a VPN is if you pirate porn.

 

[linuxares]

Pretty sure all the people who recommend vpn's are either corporate paid trolls, or brainwashed people. A few years ago a guy would post on Reddit that he got an isp warning letter, people would say "throw it in the trash", now they get 20 people telling them how stupid they are and how they might get sued because they didn't get a VPN, many of these also talk about the price like "it's $26 for a year idiot", seems toe the only real reason to use a VPN is if you pirate porn.

hmm? I use my VPN service for various reasons. I sure as heck won't want to be connected without a VPN on an airport network. There is a whole bunch of reason to get an VPN. It's not just for piracy. And that example you gave was probably because of a faulty torrent client leaking info via the DHT network.

 

[IncredulousP]

Came in ready to argue but actually I agree, you brought up great points.

 

[dAVID_]

I'd rather my ISP see my activity than risk scrutiny from authorities for even touching tor.

Don't you think they're already on to you for using a VPN? Also, just using Linux puts you on a watchlist, so I wouldn't worry too much.

I agree with most of what you said. Though you seem to believe Tor is some sort of silver bullet, it most definitely is not. Remember you only need to control 2 nodes of someone's circuit, or 1 node and one clearnet pathway, to completely deanonymize someone, and it's widely believed NSA has access to over 50% of all nodes and most of the clearnet paths.

TOR is basically a military project designed to honeypot foreign governments into believing it is secure. They will NOT use access to your data to give you piracy warnings nor expose you downloaded illegal content, to keep TOR's security believable. But will ABSOLUTELY sniff on secret information. Mostly relevant if you have ties to government.

Even the hacker group lizard squad (or something) managed to sniff on most of TOR traffic by renting servers and operating TOR nodes on them. I think all of wikileaks first release batch was sniffed from TOR too. It's also believed some popular darkweb markets were taken down through these vulnerabilities. Using TOR helps other people blending in, but nothing can be done if the nodes are compromised.

Yeah, that's what I said. You only need to control two Tor nodes. However, where did you get the "NSA controls 50% of Tor nodes part"? I'd like to know.

Also, believing Tor or any tool provides perfect anonymity is foolish. If your adversary has enough power, they will find you.

If you can live with the slowness. Not as bad as it used to be but still slow. It's also overkill for this scenario in my opinion because all you really need is a secure tunnel and not a network designed against censorship.

Like I said earlier, your connection to the Tor network is encrypted. In fact, the only Tor node that can see unencrypted data (not counting HTTPS) is the exit node.

 

[yuyuyup]

Don't you think they're already on to you for using a VPN? Also, just using Linux puts you on a watchlist, so I wouldn't worry too much.

I don't use a VPN either (well, I guess my wii u was put on a DNS redirector, if that counts)

 

[dAVID_]

They might have already. The first day was slow but I could watch youtube videos in 144p pretty easily. Now it's basically impossible.
Then again, I have no idea what I'm doing. Before starting it I choose meek-azure, but I didn't change anything so I don't why it is working so poorly now. Maybe their system already figured it out.

That's weird. Alternatively, you could go to bridges.torproject.org and request an obfs4 bridge (the default one won't work because the chinese authorities blocked it). I don't know if they can detect obfs4 traffic, but if you can't connect to meek-azure at all you should try this.
And if that doesn't work either, consider using Snowflake, an experimental pluggable transport.

 

[The Real Jdbye]

Related to the thread title:

 

[linuxares]

Well TOR was created by DARPA. So to hide their agents they made it public, turning in to a hidden in plain sight situation. But yeah, NSA have spyed on TOR users before, especially by exit nodes.
"

• On July 3, 2014 ARD revealed that XKeyscore is used to closely monitor users of the Tor anonymity network,[5] people who search for privacy-enhancing software on the web,[5] and readers of Linux Journal.[24]"

So no, Tor won't make you anonymous, just a bit harder to find.

"An adversary may try to de-anonymize the user by some means. One way this may be achieved is by exploiting vulnerable software on the user's computer.[16] The NSA had a technique that targets a vulnerability – which they codenamed "EgotisticalGiraffe" – in an outdated Firefox browser version at one time bundled with the Tor package[17] and, in general, targets Tor users for close monitoring under its XKeyscore program.[18] Attacks against Tor are an active area of academic research[19][20] which is welcomed by the Tor Project itself.[21] The bulk of the funding for Tor's development has come from the federal government of the United States,[22] initially through the Office of Naval Research and DARPA.[23]"

How else do you think they manage to take down pedonetworks etc on Tor if it was 100% secure? It isn't, and never will be.

 

[dAVID_]

Well TOR was created by DARPA. So to hide their agents they made it public, turning in to a hidden in plain sight situation. But yeah, NSA have spyed on TOR users before, especially by exit nodes.
"

• On July 3, 2014 ARD revealed that XKeyscore is used to closely monitor users of the Tor anonymity network,[5] people who search for privacy-enhancing software on the web,[5] and readers of Linux Journal.[24]"

So no, Tor won't make you anonymous, just a bit harder to find.

"An adversary may try to de-anonymize the user by some means. One way this may be achieved is by exploiting vulnerable software on the user's computer.[16] The NSA had a technique that targets a vulnerability – which they codenamed "EgotisticalGiraffe" – in an outdated Firefox browser version at one time bundled with the Tor package[17] and, in general, targets Tor users for close monitoring under its XKeyscore program.[18] Attacks against Tor are an active area of academic research[19][20] which is welcomed by the Tor Project itself.[21] The bulk of the funding for Tor's development has come from the federal government of the United States,[22] initially through the Office of Naval Research and DARPA.[23]"

How else do you think they manage to take down pedonetworks etc on Tor if it was 100% secure? It isn't, and never will be.

That vulnerability only affected people who used outdated version of Tor Browser, since NoScript wasn't enabled by default.
Also, I don't recall describing Tor Browser as a tool that gives you complete anonymity. The truth is that no software is bulletproof, and if that you can always be deanonymized if your adversary is powerful enough.

However, I think believing that the NSA can't gain access into VPN servers is a bit naive.

 

[linuxares]

That vulnerability only affected people who used outdated version of Tor Browser, since NoScript wasn't enabled by default.
Also, I don't recall describing Tor Browser as a tool that gives you complete anonymity. The truth is that no software is bulletproof, and if that you can always be deanonymized if your adversary is powerful enough.

However, I think believing that the NSA can't gain access into VPN servers is a bit naive.

Oh the NSA probably have more 0days than Snowden knew about.