Jump to content
Not connected, Your IP: 3.219.31.204
dYu784jseDsJ

What's the point of VPN over TOR?

Recommended Posts

Ok since I can't get VPN over TOR working, I've created a complex psychological rationalization for why I don't need it. Here goes:

With just VPN, AirVPN knows who you are and what you're doing. They are committed to privacy and won't let hostile agents break the law to extort any data they have. And that data should be nearly non-existent since they claim to not keep any logs -- they should be throwing away all such data on session termination.

With VPN over TOR... AirVPN still knows what you're doing, but they get the exit node's IP instead of yours. At first glance this may seem like anonymity, but since your ability to connect requires a unique, valid VPN account, they could easily discern your IP address based on connection history if they wanted to, provided you've connected to them directly in the past.

So..... what's the point of VPN over TOR again? End of the day, if you don't trust a VPN service, there's no reason to use it for anonymity, right?

I'd love to be proven wrong

Share this post


Link to post

I'd love to be proven wrong :D

Hello!

Wrong :D In our post we described how to perform real partition of trust in order to prevent us to track you even if we were "malignant":

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

The key is preventing us to know who you are in every and each case. Of course this is required only if you need to transmit "extremely critical" information.

Kind regards

Share this post


Link to post

Ok since I can't get VPN over TOR working, I've created a complex psychological rationalization for why I don't need it. Here goes:

With just VPN, AirVPN knows who you are and what you're doing. They are committed to privacy and won't let hostile agents break the law to extort any data they have. And that data should be nearly non-existent since they claim to not keep any logs -- they should be throwing away all such data on session termination.

With VPN over TOR... AirVPN still knows what you're doing, but they get the exit node's IP instead of yours. At first glance this may seem like anonymity, but since your ability to connect requires a unique, valid VPN account, they could easily discern your IP address based on connection history if they wanted to, provided you've connected to them directly in the past.

So..... what's the point of VPN over TOR again? End of the day, if you don't trust a VPN service, there's no reason to use it for anonymity, right?

I'd love to be proven wrong

I think (in general) you make fine points. This is why I think it is far superior to do Tor over VPN. Connect to the VPN first and then exit out of Tor. The VPN can never see what you are doing, except that you are in Tor. Tor exit nodes are fine with encrytped web sites and fine for anonymous/stealth browsing. And you can use it with the VPN UDP protocol and requires no speacial setup.

Share this post


Link to post

I think (in general) you make fine points. This is why I think it is far superior to do Tor over VPN. Connect to the VPN first and then exit out of Tor. The VPN can never see what you are doing, except that you are in Tor. Tor exit nodes are fine with encrytped web sites and fine for anonymous/stealth browsing. And you can use it with the VPN UDP protocol and requires no speacial setup.

Hello!

For the thread readers, please keep in mind that with the above solution you will not be able to tunnel transparently everything over TOR so you will have to specifically configure applications to be tunneled over TOR.

On top of that and more importantly remember that as usual you will not be able to tunnel UDP over TOR, while with OpenVPN over TOR you obviously can transparently tunnel everything, including UDP, over OpenVPN over TOR.

Finally and perhaps MOST importantly, with the above solution you can be trapped and tracked by a malicious TOR exit node.

Therefore just plan carefully which partition of trust best suits your needs.

Kind regards

Share this post


Link to post

To anyone reading this thread, do not listen to Admin on this subject. If your goal is to combine privacy + anonymity then "TOR over VPN" (i.e. connect to VPN first then run TOR) is to way to go and is better than "VPN over TOR" (i.e. connect to TOR then to the VPN). Its like the OP said. Theres is no point in "VPN over TOR" because the VPN will know who you are anyway, if you paid with a credit card. Also, with TOR's slow speed, you're just bottlenecking your connection. I can see why Admin advocates "VPN or TOR" because that way a VPN provider gets to be the last node before hitting the internet (see all your traffic and log it, if they log that is). Get a load of this:

<link removed: no advertising allowed>

"TOR over VPN" is like putting on a condom before having sex.

"VPN over TOR" is like putting on a condom after having sex.

Why choose the one with more disadvantages?

Disclaimer: I am in not any way affiliated with <no avdertising allowed>. Just here to impart knowledge. "TOR over VPN" works with any VPN provider.

Share this post


Link to post

To anyone reading this thread, do not listen to Admin on this subject. If your goal is to combine privacy + anonymity then "TOR over VPN" (i.e. connect to VPN first then run TOR) is to way to go and is better than "VPN over TOR" (i.e. connect to TOR then to the VPN). Its like the OP said. Theres is no point in "VPN over TOR" because the VPN will know who you are anyway, if you paid with a credit card.

Hello!

That's why we accept Bitcoin (also through a separate reseller) and Liberty Reserve. If you tunnel over TOR over OpenVPN, the VPN can see your real IP address. So, if your aim is to hide your IP address to our servers and use every protocol over TOR, you have to go with Air over TOR. If you don't want to hide your IP address to our servers AND you don't need to tunnel UDP over TOR AND you don't need transparent tunneling over TOR, then TOR over VPN is an option.

Also, with TOR's slow speed, you're just bottlenecking your connection. I can see why Admin advocates "VPN or TOR" because that way a VPN provider gets to be the last node before hitting the internet (see all your traffic and log it, if they log that is).

It's the opposite. If you tunnel TOR over VPN, you'll need to configure every single program to be tunneled over TOR, and you can't anyway tunnel UDP. If you tunnel VPN over TOR, our servers can't know who you really are and you bypass proxy limitations and need to configure every single program to be tunneled over a proxy. So it's just a matter of what you really need.

Kind regards

Share this post


Link to post

To anyone reading this thread, do not listen to Admin on this subject. If your goal is to combine privacy + anonymity then "TOR over VPN" (i.e. connect to VPN first then run TOR) is to way to go and is better than "VPN over TOR" (i.e. connect to TOR then to the VPN). Its like the OP said. Theres is no point in "VPN over TOR" because the VPN will know who you are anyway, if you paid with a credit card.

Hello!

That's why we accept Bitcoin (also through a separate reseller) and Liberty Reserve. If you tunnel over TOR over OpenVPN, the VPN can see your real IP address. So, if your aim is to hide your IP address to our servers and use every protocol over TOR, you have to go with Air over TOR. If you don't want to hide your IP address to our servers AND you don't need to tunnel UDP over TOR AND you don't need transparent tunneling over TOR, then TOR over VPN is an option.

Also, with TOR's slow speed, you're just bottlenecking your connection. I can see why Admin advocates "VPN or TOR" because that way a VPN provider gets to be the last node before hitting the internet (see all your traffic and log it, if they log that is).

It's the opposite. If you tunnel TOR over VPN, you'll need to configure every single program to be tunneled over TOR, and you can't anyway tunnel UDP. If you tunnel VPN over TOR, our servers can't know who you really are and you bypass proxy limitations and need to configure every single program to be tunneled over a proxy. So it's just a matter of what you really need.

Kind regards

I think you make an argument but not a valid argument. Consider:

It would be impractible and perhaps impossible to always log in to a VPN from Tor; eventually, a direct connection will be made, which exposes the real IP to the VPN server and operator. Therefore, whether you log into the VPN with or without Tor, the VPN will still know a subscriber based on his login credentials. There is no escaping this. It is unreasonable and virtually impossible (with one or two exceptions) to avoid a VPN operator from identifying you based on the IP.

Tor is slow; and connecting to the VPN from Tor has too many limitations.

It is considerably better to log into a VPN first and then exit out of Tor.

Yes, it is true that there are some limitations to Tor; each application must be configured separately (unless using a socksifier) to connect via Tor but this is a weak argument. a VPN-Tor connection will never be used for all applications; only for the most anonymous, like a Mail Client, Bitcoin, and web browsing.

Although Tor exit nodes are an issue--I suspect that it is overblown. Dynamic IPs will generally never be used for secure services; and even if they were, they are almost always encrypted. Tor is perfect for anonymous web browsing and anonymous applications like encrypted email.

Honestly, I fail to see any real benefits of Tor to VPN.

Share this post


Link to post

I think you make an argument but not a valid argument. Consider:

It would be impractible and perhaps impossible to always log in to a VPN from Tor; eventually, a direct connection will be made, which exposes the real IP to the VPN server and operator. Therefore, whether you log into the VPN with or without Tor, the VPN will still know a subscriber based on his login credentials.

Hello!

That's the whole point. An account used for critical activities for which the account holder does not want to let VPN administrators know its real IP address must always connect over the VPN over TOR. It's not difficult at all (once you have configured OpenVPN or our client to use a TOR proxy, OpenVPN will not even connect if you forget to run the proxy) and a careful person will always do that, or use separate accounts for separate activities. In our case, we are unable to correlate because we don't keep logs. But if a server is monitored in real time by an hostile entity, here you can see the great advantage of VPN over TOR. You can defeat an adversary even if it can monitor YOUR line AND VPN servers lines simultaneously, and this is a huge, really enormous benefit.

Anyway, this sends us back to partition of trust.

Honestly, I fail to see any real benefits of Tor to VPN.

We have repeatedly been talking about the strong advantages of Air over TOR in order to perform partition of trust when absolutely necessary:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

Obviously partition of trust can be performed with any other socks or http proxy, or with VPN over VPN (for example just running a client in a host machine and another client which connects to a different server in a VM), TOR is just a significant example which gives some notable advantages (for example in TOR Browser Bundle you find a customized browser perfectly prepared to mitigate any privacy assault).

It all depends on which adversary you have to face. A file sharer adversary is completely different from the adversary in human rights hostile countries.

Kind regards

Share this post


Link to post

I think you make an argument but not a valid argument. Consider:

It would be impractible and perhaps impossible to always log in to a VPN from Tor; eventually, a direct connection will be made, which exposes the real IP to the VPN server and operator. Therefore, whether you log into the VPN with or without Tor, the VPN will still know a subscriber based on his login credentials.

Hello!

That's the whole point. An account used for critical activities for which the account holder does not want to let VPN administrators know its real IP address must always connect over the VPN over TOR. It's not difficult at all (once you have configured OpenVPN or our client to use a TOR proxy, OpenVPN will not even connect if you forget to run the proxy) and a careful person will always do that, or use separate accounts for separate activities. In our case, we are unable to correlate because we don't keep logs. But if a server is monitored in real time by an hostile entity, here you can see the great advantage of VPN over TOR. You can defeat an adversary even if it can monitor YOUR line AND VPN servers lines simultaneously, and this is a huge, really enormous benefit.

I do not think the issue is entirely of trust. AirVPN is the best VPN on the market, at the very least top three, but the issue is not of logging.

If it is an issue of criticial activities then Air over Tor is not right; Tor over VPN makes more sense. Why? Because the VPN (in theory) already knows who you are. If you connect to the VPN from Tor, the VPN still knows who you are because of your login credentials. If you connect to the VPN first and then Tor, the VPN still knows who you are but has absolutely no idea where you are going or what you doing other than connecting to Tor. This is more private and anonymous.

And the isssue if not so much of difficulty. Both are easy. It just makes no sense to do VPN over Tor, when the VPN can identity you each time by the login credentials. By exiting out of Tor, the VPN can never see your true origin.

Anyway, this sends us back to partition of trust.

No, I do not think it does. And even if it did, trust requires faith. Tor, on the other hand, does not; it is architecturally anonymous. A VPN is not.

We have repeatedly been talking about the strong advantages of Air over TOR in order to perform partition of trust when absolutely necessary:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

Obviously partition of trust can be performed with any other socks or http proxy, or with VPN over VPN (for example just running a client in a host machine and another client which connects to a different server in a VM), TOR is just a significant example which gives some notable advantages (for example in TOR Browser Bundle you find a customized browser perfectly prepared to mitigate any privacy assault).

It all depends on which adversary you have to face. A file sharer adversary is completely different from the adversary in human rights hostile countries.

Kind regards

Yes, but Tor is architecturally anonymous; it requires no trust, like a VPN.

I suppose we can agree to disagree.

Share this post


Link to post

Hello!

Thank you for the nice discussion.

If you connect to the VPN from Tor, the VPN still knows who you are because of your login credentials.

Absolutely not: Air has been designed exactly with the purpose to leave the option to customers to NOT allow the admins to know the identity from the login credentials. It is well explained in the link given in the previous post: if you buy a code with Bitcoin from an independent reseller and you connect over TOR, there's no way in this world that Air admins can get to know your identity.

No, I do not think it does. And even if it did, trust requires faith. Tor, on the other hand, does not; it is architecturally anonymous. A VPN is not.

Unfortunately not. If you use only TOR, you anyway need to trust:

- that the exit node is not malicious or compromised;

- that your adversary does not control the relevant portion of the TOR network you connect to. Control over the TOR network is possible by an adversary with enough power (for example a well determined government which controls the ISPs and the border routers).

Bypassing the trust on one single party requires partition of trust. So, with VPN over TOR you defeat a malicious exit node and an adversary which has the power to control your line AND (the Air server you connect to OR the relevant portion of the TOR network). With TOR over VPN, you can't defeat this type of adversary and you don't defeat a malicious exit node.

Kind regards

Share this post


Link to post

Absolutely not: Air has been designed exactly with the purpose to leave the option to customers to NOT allow the admins to know the identity from the login credentials. It is well explained in the link given in the previous post: if you buy a code with Bitcoin from an independent reseller and you connect over TOR, there's no way in this world that Air admins can get to know your identity.

The fact remains when a connection is made to a server, the login credentials must be authenticated and the user's IP be visible in order to process the connection. Yes, this information is not "recorded" but it is visible--and it has to be. So in the final analysis, if a strong opponent comes after you (a government warrant), this "visible" information will be recorded and used against you.

Unfortunately not. If you use only TOR, you anyway need to trust:

- that the exit node is not malicious or compromised;

- that your adversary does not control the relevant portion of the TOR network you connect to. Control over the TOR network is possible by an adversary with enough power (for example a well determined government which controls the ISPs and the border routers).

The discussion we are having is not of using "only Tor." It is a VPN into Tor.

Moreover, I think the whole Tor exit node has been greatly hyped.

1. Assuming the exit node is malicious--so what? What are you doing on Tor that could effect you? Encrypted websites protect you; non-encrypted websites are anonymous--even if sniffed. No one is stupid enough to submit sensitive information in non-encrypted websites. Any exit server operator can be compromised, including Air. It is impossible to prevent a corrupt operator.

2. In the extremely unlikely event that all the nodes are controlled by a powerful enemy (i.e. a government agency), so what? First, you are starting with a VPN, which means the Tor entry node cannot see your real IP; and you exit out of Tor with anonymous browsing or into encrypted websites.

Bypassing the trust on one single party requires partition of trust. So, with VPN over TOR you defeat a malicious exit node and an adversary which has the power to control your line AND (the Air server you connect to OR the relevant portion of the TOR network). With TOR over VPN, you can't defeat this type of adversary and you don't defeat a malicious exit node.

You know--the Internet is awash with Tor exit node talk but I have never seen any real evidence to support it. Yes, malacious Tor exit nodes exist--so what? Tor is for anonymity, not security or privacy. And even if you use Tor for security, it is secure on encrypted websites. I fail to see the logic in this argument.

The VPN server needs to check whether an account is on premium status in order to allow the connection but does not keep any information about any account, it queries for authorization a backend server. We recommend NOT to put information in your account data that can be exploited to disclose your identity. As long as we don't know who you are, we can't tell anybody who you are. With Air over TOR, you can also prevent our servers to know your real IP address, even while you are connected.

So the fact remains that the VPN can see your IP--and in truth, it has to, in order to connect to the server and to forward the IP packets.

but does not keep any information about any account

But "keep" does not mean it cannot be seen. And in truth, it has to be seen to authenticate the user.

But the larger point here is this: if compelled to by a government, all users can be identified by their login credentials and their IPs. Connecting to Tor first to "hide" an IP from the VPN would be senseless since the authorities would already have identified you by the credentials and the IPs recorded. By exiting out of Tor, neither the authorties nor the VPN operator can know your destination. If the authorties come after you, for whatever reason, and they see you exited out of Tor--it is by magnitudes more difficult to be identified than if you exit out of a VPN server.

Share this post


Link to post

Absolutely not: Air has been designed exactly with the purpose to leave the option to customers to NOT allow the admins to know the identity from the login credentials. It is well explained in the link given in the previous post: if you buy a code with Bitcoin from an independent reseller and you connect over TOR, there's no way in this world that Air admins can get to know your identity.

The fact remains when a connection is made to a server, the login credentials must be authenticated and the user's IP be visible in order to process the connection. Yes, this information is not "recorded" but it is visible--and it has to be. So in the final analysis, if a strong opponent comes after you (a government warrant), this "visible" information will be recorded and used against you.

No, that's plainly false. If you connect over Air over TOR, our servers see the TOR exit-node IP address. We don't perform authentication on an IP basis and we our servers don't block connections from TOR exit nodes.

Moreover, I think the whole Tor exit node has been greatly hyped.

Please see here:

http://www.zoklet.net/bbs/showthread.php?t=99012

Nodes like that are not uncommon and it's very easy to run them and sniff all the traffic. Sites which allow non-https connections are very many. Even Yahoo and Facebook do not force https (and GMail forced it only recently) and for the experience of this admin even activists living in human rights hostile countries make those mistakes, which are fatal in social networks and e-mail web wrappers sites.

The guy in the above thread was able to discover some interesting things and passwords, and a government can do much more.

1. Assuming the exit node is malicious--so what? What are you doing on Tor that could effect you? Encrypted websites protect you; non-encrypted websites are anonymous--even if sniffed. No one is stupid enough to submit sensitive information in non-encrypted websites.

Unfortunately the evidence shows the contrary. Even e-mails of chinese people (who surely have a lot to fear from their government) could be sniffed in the above example.

Any exit server operator can be compromised, including Air. It is impossible to prevent a corrupt operator.

So you confirm that partition of trust is very necessary when someone deals with critical activities for which identity disclosure causes direct harm to physical safety and personal freedom.

You know--the Internet is awash with Tor exit node talk but I have never seen any real evidence to support it.

Look deep into darknets and specialized forums, you will discover a lot of interesting things. The above link was just an example.

Yes, malacious Tor exit nodes exist--so what? Tor is for anonymity, not security or privacy. And even if you use Tor for security, it is secure on encrypted websites. I fail to see the logic in this argument.

In real life, anonymity is not unlinked from privacy. The correlations you can perform when you control a significant portion of the TOR network may well lead to identity disclosure

The VPN server needs to check whether an account is on premium status in order to allow the connection but does not keep any information about any account, it queries for authorization a backend server. We recommend NOT to put information in your account data that can be exploited to disclose your identity. As long as we don't know who you are, we can't tell anybody who you are. With Air over TOR, you can also prevent our servers to know your real IP address, even while you are connected.

So the fact remains that the VPN can see your IP--and in truth, it has to, in order to connect to the server and to forward the IP packets.

No, that's plainly false. If you pay with Bitcoin and you use the code to activate an account with a configuration to connect over Air over TOR, our servers NEVER come to know neither your identity nor your real IP address. If you forget to run the TOR proxy the OpenVPN client will not even reach any of our servers.

On the contrary, if you use TOR over Air, our servers can see your real IP address. So one solution or the other is to be decided on a case by case basis, according to the adversary you have to face. They are two different partitions of trust.

but does not keep any information about any account

But "keep" does not mean it cannot be seen. And in truth, it has to be seen to authenticate the user.

But the larger point here is this: if compelled to by a government, all users can be identified by their login credentials and their IPs. Connecting to Tor first to "hide" an IP from the VPN would be senseless since the authorities would already have identified you by the credentials and the IPs recorded. By exiting out of Tor, neither the authorties nor the VPN operator can know your destination. If the authorties come after you, for whatever reason, and they see you exited out of Tor--it is by magnitudes more difficult to be identified than if you exit out of a VPN server.

No, again this is false, see above. With the specified setup, we NEVER know neither the identity nor the IP address of the customer, so we can't disclose those information, not even if we had a gun pointed to our head. Those information could not be discovered not even if one of our servers was monitored in real time.

Kind regards

Share this post


Link to post

I'm enjoying the discourse. Intellectual polemics are beautiful.

No, that's plainly false. If you connect over Air over TOR, our servers see the TOR exit-node IP address. We don't perform authentication on an IP basis and we our servers don't block connections from TOR exit nodes.

I think there is a disconnect between us. I am not suggesting you perform an authentication on an IP basis; but you do perform an authentication based on login credentials—you have to, as all premium services do. I never suggested Air blocks Tor entrance nodes or exit nodes.

Yes, if a person purchases Air via Bitcoin, via Tor, and configures the certificates to connect to Air from Tor first then a person will remain essentially invisible. That is not the dispute and it never has been.

The argument is of practicability. How practical is it to purchase a premium VPN and only use it to first connect to Tor? The speeds would be staggeringly slow 99% of the time. Some services would fail to properly work, not to mention some websites with such a configuration.

We are working on the assumption that, even if premium services are purchased anonymously with Bitcoin and Tor, virtually all users will log into the VPN most of the time without connecting to Tor or any other SOCKS proxy.

When such a connection is made to the VPN server, a person's true IP address can and will be eventually seen and, if required, recorded. I am not suggesting Air logs IP addresses; however, like all other services, it can be compelled to by law. Air and its employees will not go to prison on behalf of someone else—nor should they.

Moreover, I think the whole Tor exit node has been greatly hyped.

Please see here:

www.zoklet.net/bbs/showthread.php?t=99012

Nodes like that are not uncommon and it's very easy to run them and sniff all the traffic. Sites which allow non-https connections are very many. Even Yahoo and Facebook do not force https (and GMail forced it only recently) and for the experience of this admin even activists living in human rights hostile countries make those mistakes, which are fatal in social networks and e-mail web wrappers sites.

The guy in the above thread was able to discover some interesting things and passwords, and a government can do much more.

I'm a bit puzzled by your rationale. Clearly, the link you gave does not disprove anything I have stated. There is no dispute that Tor exit nodes can be malicious. In my book, I list better references of such instances—even by Chinese, Russian, and American governments.

Moreover, the article itself goes against your own comments:

What's just awful though is that they don't seem to be browsing anything that's the least bit sensitive.

This does not add weight to your argument. And neither does this:

I hoped this would help me find passwords, but they're all garbage. I've been able to find about 5 for tom.com (some Chinese email site) and 3 for darkwarez.pl, but that's it. Nothing interesting.

And most importantly:

All of the data recorded ended up being on port 80.

In other words, unencrypted connections.

But the exit node, despite seeing a person's traffic, has no idea who the person really is—the exit node can only see the traffic from the middle node, and only the entrance node can see the initial IP of the user—unless the user enters into Tor with a VPN IP or a proxy IP.

There is no dispute that much of the Internet is unencrypted. But people who use Tor, also have HTTPS Everywhere, the extension for Firefox and Chrome. And more importantly, virtually all social networking sites and quality email services are encrypted today.

Unfortunately the evidence shows the contrary. Even e-mails of chinese people (who surely have a lot to fear from their government) could be sniffed in the above example.

Only if the connection is unencrypted. No one disputes this. But an encrypted email connection cannot be sniffed. I challenge you to find me one scholarly piece of evidence that proves Tor exit nodes are not safe with encrypted connections?

Moreover, are you suggesting that if a person uses a VPN (Air) to connect to unencrypted websites—whether email, bank, social networking, et al.--that the data cannot be sniffed in transit? And if so, how does this differ from Tor? And if not, then why do websites offer encryption?

So you confirm that partition of trust is very necessary when someone deals with critical activities for which identity disclosure causes direct harm to physical safety and personal freedom.

I confirm? I have never, ever, denied this at all. Cascading and layering is of paramount importance when absolute anonymity is required.

Look deep into darknets and specialized forums, you will discover a lot of interesting things. The above link was just an example.

The above example proved nothing of any importance—and in fact, goes against your comments.

In addition, I'm a bit puzzled by your duplicity. On the one hand, you elevate and praise purchasing AirVPN from Bitcoin codes, which is an unencrypted website, via Tor, which you plainly asseverate is unsafe, insecure, and can be used to identify you, and yet you state that this setup will keep you anonymous? Which is it?

People on the Internet can post whatever they like, and often do, but this is not evidence of anything.

Show us documented scholarly evidence that states Tor exit nodes are unsafe in HTTPS sites? The link you provided goes against your argument. Even HTTP traffic, regardless of the service, can be sniffed in transit. A VPN cannot protect you from this.

In real life, anonymity is not unlinked from privacy. The correlations you can perform when you control a significant portion of the TOR network may well lead to identity disclosure.

I do not think your first sentence is entirely accurate, on various levels. The second sentence is true—if it were true, but you need evidence to buttress it.

No, that's plainly false. If you pay with Bitcoin and you use the code to activate an account with a configuration to connect over Air over TOR, our servers NEVER come to know neither your identity nor your real IP address. If you forget to run the TOR proxy the OpenVPN client will not even reach any of our servers.

As already stated multiple times, under the controlled conditions of your statement, yes, the statement would be true; but this is not a real world scenario. No one questions the validity of the above scenario, since the argument has never been about that.

Perhaps we should have a poll on this forum of how many people browse the Internet with the above configuration 100% of the time?

On the contrary, if you use TOR over Air, our servers can see your real IP address. So one solution or the other is to be decided on a case by case basis, according to the adversary you have to face. They are two different partitions of trust.

You are setting up a false scenario and a straw man. Your configuration can only be true if used 100% of the time—which I doubt there is a single person who does that, since it would ruin the purity of the VPN for everyday browsing.

By exiting out of Tor, it is more rationale. You accept that the VPN will see your true IP (unless using your impractical configuration) and that to enhance the anonymity of a connection, you connect to Tor and exit out of Tor.

No, again this is false, see above. With the specified setup, we NEVER know neither the identity nor the IP address of the customer, so we can't disclose those information, not even if we had a gun pointed to our head. Those information could not be discovered not even if one of our servers was monitored in real time.

No one disputes this, nor has anyone disputed this.

Share this post


Link to post

er suggested Air blocks Tor entrance nodes or exit nodes.

Yes, if a person purchases Air via Bitcoin, via Tor, and configures the certificates to connect to Air from Tor first then a person will remain essentially invisible. That is not the dispute and it never has been.

The argument is of practicability. How practical is it to purchase a premium VPN and only use it to first connect to Tor? The speeds would be staggeringly slow 99% of the time. Some services would fail to properly work, not to mention some websites with such a configuration.

Hello!

This is your own personal vision of practicability. Our vision is meeting our customers and users requirements.

We have been asked how to hide the IP address of a client to our own servers, and an answer is OpenVPN over TOR, not TOR over OpenVPN.

We have been asked how to hide the IP address of a client AND the payload contents of the clients packets to our own servers, and the answer is again OpenVPN over TOR, not TOR over OpenVPN. When you tunnel over TOR over OpenVPN, there's nothing more you can do, our servers will see your real IP address.

When you tunnel over OpenVPN over TOR, you have plenty of chances to hide your traffic to our servers as well (just to make an example, with TOR over OpenVPN over TOR: you connect a host machine over OpenVPN over TOR, and you connect a guest machine over TOR, so from the VM you have TOR over OpenVPN over TOR).

Actually, when life or personal freedom is at stake, our users don't mind about performance. If they have to send out highly sensitive data (for example for whistleblowing or to document brutality of an oppressive regime) it's a fact that they don't care whether it will take 10 hours instead of 1 minute.

We just offer all the available options, then it's up to the user to decide which one to follow according to the power of his/her adversary or adversaries, but it's important that there's no confusing information about that, it must be very clear that TOR over OpenVPN does NOT meet the requirement to hide simultaneously the client real IP address and the traffic payload to our servers.

We are working on the assumption that, even if premium services are purchased anonymously with Bitcoin and Tor, virtually all users will log into the VPN most of the time without connecting to Tor or any other SOCKS proxy.

This is a very Western-like point of view which does not take into account how an "anonymous" activist works and what he/she really needs. Actually, performance is not a problem up to the point that the most careful persons go even further, chaining OpenVPN over TOR over another VPN over proxy etc. This can be easily done following the most basic security rule, separate accounts and routes for separate activities. The price in terms of performance hit is totally irrelevant.

In addition, I'm a bit puzzled by your duplicity. On the one hand, you elevate and praise purchasing AirVPN from Bitcoin codes, which is an unencrypted website, via Tor, which you plainly asseverate is unsafe, insecure, and can be used to identify you, and yet you state that this setup will keep you anonymous? Which is it?

That's quite obvious, because if you tunnel Bitcoin over TOR, it does not matter the the TOR exit node will come to know your transaction, because when you obtain the code and use it to activate any account you wish in our https website (always over TOR, to hide the IP address to our website) you solve automatically the two problems: it's irrelevant that the TOR exit node is compromised/malicious AND the correlation between the Bitcoin payment and an account in Air is destroyed.

People on the Internet can post whatever they like, and often do, but this is not evidence of anything.

The importance of their posts is their reproducibility, just like with any scientific inquiry. Run your own TOR exit node and you'll be able to reproduce those results.

Show us documented scholarly evidence that states Tor exit nodes are unsafe in HTTPS sites?

This is argument has been partially faced in another thread:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=5317&Itemid=142

In general, if you are not "caged" and you can entirely trust an SSL certificate, then you're safe, but that's not always the case (and we go back to the discussion about vInspector and similar products). The real and successful attacks performed by hostile entities are numerous and we can come back to them when possible.

In real life, anonymity is not unlinked from privacy. The correlations you can perform when you control a significant portion of the TOR network may well lead to identity disclosure.

I do not think your first sentence is entirely accurate, on various levels. The second sentence is true—if it were true, but you need evidence to buttress it.

You have just to consider all the stolen SSL certificates in real cases in the past (for example the Comodo affair http://techblog.avira.com/2011/03/24/stolen-ssl-certificates/en/ ) to have some significant examples and ideas about how it was possible that such attacks were successful.

As already stated multiple times, under the controlled conditions of your statement, yes, the statement would be true; but this is not a real world scenario. No one questions the validity of the above scenario, since the argument has never been about that.

Perhaps we should have a poll on this forum of how many people browse the Internet with the above configuration 100% of the time?

It is indeed a real world scenario and the argument is exactly on this point. Feel free to start a poll, although there might be a bias due to users who don't care or don't have the time to answer about that. Most of the demands for hardening the anonymity layer through partition of trust (in order to hide IP address and traffic to our own servers) come from citizens living in human rights hostile countries. It's not a setup really necessary to file sharers, for example. In addition, you can use two different accounts, only one of them connects over OpenVPN over TOR every and each time.

Kind regards

Share this post


Link to post

In my first post I posted a link to an article on this topic. It states some advantages and disadvantages of "user>VPN>TOR" and "user>TOR>VPN"; it was from another VPN provider's website, it got scrumbed because of "advertising". Here is the link again, this time using a URL redirector site:

hxxp://bit.ly/Lplcs7

I will add a few more points:

-TOR runs over TCP and will not forward UDP.

-Doing "VPN over TOR" means encapsulating TCP/IP into TCP/IP (3-way hand shakes between the client and the tor entry node AND between the tor entry node and the VPN), which doesn't bode as well as encapsulating TCP/IP into UDP/IP (3-way handshake only between VPN and tor entry node, Which is the optimal configuration for "TOR over VPN", assuming the user connects with UDP to the VPN first, which means a faster connection).

Admin, you imply that activists don't care about performance or how long it would take to move critical data but I doubt they would want risk more time than necessary to risk getting tracked down by an adversary. Would you rather spend 1 hour or 30 minutes moving that data?

If you had said before that AIR users wanted to hide their IP from AIR then we would agree on "VPN over TOR", that's about the only justifiable use for it.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...