Jump to content
Not connected, Your IP: 3.12.71.166
Sign in to follow this  
dwright

Appelbaum: "When you are using certain VPNs..."

Recommended Posts

"If you're using things like a single hop VPN to do things in a so-called "anonymous" way on the internet, you should probably stop."

 

"When you are using certain VPNs, the NSA has special traffic flow analysis software, for example, that will mark you, put it into a database, and later when an analyst wants to compromise you, they can just pull it out of this database."

 

Jacob Appelbaum in a talk that you can watch here:

(watch from about 2:15 for these quotes)

 

Unless there's a practical reason not to use Tor on top of your VPN connection, it's really best to use Tor (excellent though VPNs are for things that Tor cannot do).

Share this post


Link to post

dwright,

 

Thanks for the information.

 

Is this capability some sort of timestamp attack where encrypted and decrypted traffic are matched?

Or do they know the entry and exit IPs of VPN operators?

In your opinion, would running Virtual Machines with OpenVPN from different services (Air, etc.) serve the same function as Tor+VPN?

 

I would not recommend people use Tor for high bandwidth stuff (ie. torrents) as it's run by volunteers.

 

Users could also try JonDo in addition to Air. They use a three-hop system with independent mix operators.

It runs as an encrypted proxy and must be configured for the individual application used. They offer a modified FireFox profile, JonDoFox to install, which changes settings to improve privacy. The service does charge for bandwidth (not unlimited) usage, and Bitcoins are accepted. A good tool for browsing.

 

Here's an example of a setup for multihop with different VPN providers

(all should use strong algorithms + OpenVPN):

 

Computer connects to Air.

Virtual Machine created. VM connects to another VPN.

Now, traffic routed through Air then through other VPN.

This would create 2 hops, more VMs or routers (which would be in between the physical computer and the net) running OpenVPN connected to different VPN companies would improve the anonymity.

Share this post


Link to post

Is this capability some sort of timestamp attack where encrypted and decrypted traffic are matched?

Or do they know the entry and exit IPs of VPN operators?

Good questions, I can't be sure from the information I have. Given the extent of the collection they perform though, it has occurred to me that both of these might be possible.

In your opinion, would running Virtual Machines with OpenVPN from different services (Air, etc.) serve the same function as Tor+VPN?

Maybe in some circumstances. Tor Browser Bundle has other protections in that the security is hardened against many attacks and has an anonymised fingerprint. Nested VPNs won't help so much in this regard. If you're proxying other applications though, say an email client, then maybe the protection would be comparable? I don't feel I have the expertise to give reliable answers to these though, so this is really just speculation!

 

Just to clarify, when I said "Tor on top of your VPN" I had in mind a direct connection to the VPN and then Tor Browser; I did not mean using Tor as a Socks proxy for OpenVPN, which if anything is less anonymous, since it demonstrates that you are an AirVPN customer to the site you visit.

 

I'm definitely with you on not using Tor for torrents. That was partly what I had in mind when I said VPNs are excellent for many things that Tor can't do. On top of that I was also thinking of flash player and logins that require a nearby IP address, eg online banking.

 

JonDonym does seem interesting, but I see no real reason to trust it more than Tor Browser.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...