Need help with fundamentals

[demise 1]

1) For maximum partition of trust, am I right to say that I should:

- Tunnel over AirVPN over Tor in the host OS

- Use Tor Browser Bundle directly in the guest OS

The above would result in Me -> Tor -> AirVPN -> Tor

However, I am in doubt of the significance of such a setup. Wouldn't Me -> Tor -> Tor provide almost the same amount of anonymity without having to pay for a VPN? What about Me -> Tor -> Tor -> AirVPN or Me -> AirVPN -> Tor -> Tor? To reiterate my question, why the emphasis on Me -> Tor -> AirVPN -> Tor but not anything else?

2) In layman terms, what is DNS and how would a DNS leak occur?

3) Are there any simpler ways than the method involving Comodo to cut off my internet connection in case of VPN disconnection on Windows?

[Staff 9921]

1) For maximum partition of trust, am I right to say that I should:

- Tunnel over AirVPN over Tor in the host OS

- Use Tor Browser Bundle directly in the guest OS

The above would result in Me -> Tor -> AirVPN -> Tor

However, I am in doubt of the significance of such a setup. Wouldn't Me -> Tor -> Tor provide almost the same amount of anonymity without having to pay for a VPN? What about Me -> Tor -> Tor -> AirVPN or Me -> AirVPN -> Tor -> Tor? To reiterate my question, why the emphasis on Me -> Tor -> AirVPN -> Tor but not anything else?

Hello!

That setup was the answer to how to hide both your real IP address and your traffic to our servers. Each setup has its pros and cons, there's not an "optimal" setup for every case. First of all, you need to define what adversary you have to face.

2) In layman terms, what is DNS and how would a DNS leak occur?

Please see http://en.wikipedia.org/wiki/Domain_Name_System

A DNS leak is meant as a DNS query sent out by a system (where an OpenVPN client runs) unencrypted, i.e. outside the tunnel. Typically it happens on Windows systems because Windows lacks the concept of global DNS, so each card can have different DNS IP addresses.

Another kind of DNS leak (which is not properly a leak) is when a computer uses as nameserver the router DNS IP address. In this case, it's correct that the DNS query will go to the router, which in turn sends it out unencrypted to its own DNS servers (exception: if the router runs its own, autonomous DNS). This is a particular case which also Linux, Mac and *BSD users must be aware of.

3) Are there any simpler ways than the method involving Comodo to cut off my internet connection in case of VPN disconnection on Windows?

Currently not as safe as those provided by a firewall.

Kind regards

[demise 1]

Thanks for the answers. For Me -> Tor -> AirVPN -> Tor, would a malicious Tor exit node be able to traceroute all the way back to me?