On 10/03/2018 04:36 AM, ithor wrote: > Ok, so basically I have to stick with trust... kinda dangerous really in my > geographical location. > > I know there's a lot of talk about the pro and contra of using some kind of > VPN before entering the Tor network, how it can deanonymize you and how you > basically still have to trust someone. > > But still, in order to defeat the possibility of a malicious entry-node or to > avoid having my ip broadcasting i'm connecting to blacklisted obfs4 bridges, > wouldn't a "trustworthy" VPN tackle that issue? I'm thinking of providers > that employ a mix of obfuscating servers, like PSIPHON. It obfuscates a SSL > layer with an http one and is conceived especially for activists living under > censorship. > > So ok, one could state: maybe most of the ip's of those servers (even being > over 6000 worldwide) are known to the gvt trolls and they're just letting you > through in order to get information about you. That's right, but then one > should add another security layer by connecting over public wifi and not home > router and f.ex. spoofing MAC addresses at every connection. > > It would still be a protecting layer before connecting to the entry-node, > even over a obfs4 bridge.
From devices that are identifiably mine, and not some ~anonymous VPS, I only connect to Tor via nested VPN chains, typically three deep. Some VPN providers, such as IVPN, even offer obfs4 tunneling. Others, such as AirVPN, offer SSH and TLS. It's not prudent to trust VPN services, any more (or less, really) than it is to trust any particular Tor relay. Or any particular ISP, for that matter. But with three VPN services in a nested chain, adversaries would need data from at least two of them. And they'd need to work through the chain, from one end or the other. Or do traffic analysis. <SNIP> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
