How it's better to connect to Tor

I want to know cons and pros and your opinions and what you would use ?

  1. What is better using a public or hacker wifi or flashed router with an open-source GNU/Linux distribution. Solutions such as OpenWrt and DD-WRT

VPN used as 1st hop vs Bridges
What are cons/pros bought VPN without leaving moneytrail, runing VPN on different port like 80 or 443 and emulating traffic so VPN will have lot of inbound and outbound with lots of ip’s.

https://www.whonix.org/wiki/Computer_Security_Education#Router_and_Local_Area_Network_Security

In most cases using Whonix without using a VPN , proxy etc is the correct choice. Using a VPN can can degrade security and anonymity if not used/configured correctly.

Device MAC addresses are almost certainly recorded by the open wifi admin.

Not directly comparable to the first part of your question. Last time I checked OpenWRT did not have package verification support in their package manager meaning anyone can tamper with OS updates and infect it.

DD-WRT is not fully free and has engaged in controversial licensing practices: http://www.wi-fiplanet.com/columns/article.php/3816236/The-DD-WRT-Controversy.htm

Bridges are more trsutworthy as they are run by volunteers like the Tor network. VPNs are likely keeping records because they can or they are forced to by laws of their jurisdictions that require them to as ISPs.

We aready discuss the advantages of VPNs as a first Hop on our wiki and the benefits are non-existent compared to using it as a final hop in some cases.

1 Like

So what’s is better to use or there is no safe open-source GNU/Linux distribution for flashing router ? Or maybe it’s better to not use a router at all and change it for a non-smart switch ?

In case it’s a country where there are no laws for recording ?

What in case it’s configured and used correctly

Your best bet is a popular ARM board that runs Debian or its derivatives like Raspbian. You will definitely have more horsepower and flexibility compared to the weak garbage sold of the shelf.

There’s literally no way you can verify their claims of not recording. And the benefits of using VPNs as a first hop is negligible.

Any wiki on this ?

Yes, we can’t verify if they claim recording, but still by country laws ISP are not forced to keep recording, you have own dedicated server and there is no moneytrail left, VPN is configured cofigured correctly and vpn can connect to bridges after that. Do you think even in that case public bridges are better ? Thanks

And bridges weaknesses :
Some bridge addresses are freely provided by the Tor website or by email upon request, meaning adversaries likely use these methods to obtain bridge information
And bridges can be hosted by adversaries and universities for researches
Thank you

Plenty of guides floating around. Choose the one that works for your board model.

Yes I do. Tor network volunteers are likely more interested in protecting you than a VPN.

Enumerating all bridges takes much more effort than a VPN. Hiding Tor use from a global adversary is not going to happen. Read our wiki on why.

can you give a link please for any board model

RPi 3+ comes with it wifi now AFAIK. It has a Debian port and work is being done to upstream its video drivers

There’s the “under the radar” issue too.
Connecting to a VPN is done by many millions of people, for various reasons, and by itself doesn’t make you stand out much.
Tor on the other hand is used by people who aim for higher anonymity levels, and I guess viewed as more suspicious. Connecting to a bridge = connecting to Tor. With this smaller number it should be easier for authorities to further narrow down the list by using correlation attacks and such.

But why not use both? VPN->Bridge->Middle->Exit ?

It more like

n = number of users connecting to a specific VPN service provider.

3 million = number of Tor Brower users

In many places using a VPN can be arouse just as much suspicion as Tor. Also an ISP can use Deep Packet Inspection ( DPI ) to see if you are using Tor.

Using a obfs4 bridge is the recommended method to circumvent state-level censorship of the Tor network. Its also possible to use Lantern

User->VPN->bridge->Tor-internet

Combing Tunnels/proxies/bridges does not necessarily strengthen anonymity. On the contrary, it can complicate set up and possibly weaken anonymity.

Can’t see a reason to use VPN and bridge together (first 2 hops)

Let’s take the following scenario:

  • You are expressing your views online under a pseudonym.
  • Your country’s authorities seek to censor you or worse.
  • They may have a general idea about your regional location but not an accurate address.
  • They can relatively easily narrow down the list of ISPs you connect through and can get any information they like from those ISPs, which are naturally under their jurisdiction.

Now, assuming the Tor nodes are out of their sphere of influence, who will they narrow the list to - all those who connected to guard nodes / bridges through the regional ISPs or all those connected to VPNs? the number of users connected to VPNs through those ISPs will be significantly larger (yes, also depends on the country).
If it’s possible to detect Tor traffic encrypted by VPN it’s still a higher level of attack, compared to just screening users by a list of IPs they connect to.

Interesting line of thought.

VPN/SSH Fingerprinting might nullify it though.

1 Like

You may be missing the bigger picture here. You’re trying to solve one of Tor’s problems by throwing more of the same solution at the problem it can not solve.

Read this section: How can we help? | Tor Project | Support
Tor protects you from 1. the destination, 2. the origin (ISP), 3. Tor itself. It can’t protect you from adversaries that see both ends.

By your assumption:

You’ve already lost regardless of whether you add 1, 2, or 10 VPNs to your chain. The adversary has full visibility on your ISP. They have at the least, partial visibility on the destination (ie they can watch when you post), and at the most, they have full visibility because your destination also uses ISPs that they control. They don’t need to know who’s using a vpn, or tor or whatever. It’s trivial to link the traffic up.

A good case study would be the Harvard bomb hoaxer: FBI agents tracked Harvard bomb threats despite Tor - The Verge The fact that the perpetrator used Tor narrowed the list of suspects. There may have been more VPN users at the same time but it’s doubtful that that would have prevented him from being caught. How large would be the set of VPN users who logged on just prior to the event and logged off soon afterwards? Since the investigators had full visibility of the school’s network, they could easily see the usage and traffic patterns of each vpn connection. (Remember also that the student confessed. It’s not certain that his Tor usage would have been enough to convict.)

The ultimate lesson is that a free society can not tolerate warrantless searches and dragnet investigative techniques (physical or digital). The current privacy tools still depend on privacy-respecting laws and enforcers who respect those laws.

2 Likes

Don’t you think some consideration should be given to the difficulty of the attack? Many things are possible, yes, but different methods have different costs.

Given a list of IPs of bridges, guard nodes or VPNs, any beginning programmer / system administrator working for an ISP can screen and quickly find the users who connected to this list, in certain times etc. Run this check on the logs once a week or once a month, this isn’t a big request to make.

But to figure out VPN traffic encapsulates Tor should not only be more difficult algorithmically, it requires analysis of packet by packet in real time, over a significant amount of the traffic. This will place some additional load on the ISP’s servers, can slow it down and perhaps even expose the traffic to interruptions due to bugs in the process. I think this is quite different from an ad-hoc analysis of the logs.

So we have different costs (mostly in resources) to those different cases.

Regarding the Harvard case study, I don’t think there would be a big difference if he connected through VPN or Tor, because this is relatively a small network with few potential suspects and I assume investigators could handle either with more or less the same difficulty.

From your posts I understand you don’t see either bridges or VPNs (used before Tor) as helpful. What will be helpful then, to increase anonymity at the entry / ISP side? perhaps sticking to public networks, for example get a strong wifi adapter / antenna, change MAC address, and connect only through remote wifi networks?

I agree with entropy - doesn’t matter if you chain multiple VPNs, use bridges etc - a global adversary is gonna marry up the traffic flow at least some of the time and the ID of the user is going to be trivial for them under those circumstances.

The Tor Project is quite clear on this issue. If you want a low latency browser, don’t expect absolute anonymity from the spooks. Expect partial anonymity, some of the time. But you will defeat most other chumps out there in probability i.e. surveillance capitalists like Google and co (although Google does own a ton of internet infrastructure that could aid deanonymization).

There doesn’t appear to be any strong, reliable, low-latency, anonymity method available for sitting duck targets i.e. those conducting activities from a non-mobile location. Thus, save your hero (revolutionary, illegal…) antics for the off-line space only.

If you need absolute anonymity, it would probably require Tails from random public networks far, far away from your home location + physical opsec measures. Or for private comms - email encryption + offline OTPs, since they’re not gonna raid your house for the OTP unless you’re Pablo Escobar or some jihadi wannabe.

You know, all of this reinforces that the “Masters of the Universe” own the net and computing solutions are hopeless in the main against state-level adversaries.

However, their major blind-spot is that they are so far up everybody’s electronic ass, and invest so heavily in this area, that proper physical opsec arrangements in meatspace have very, very good chances of never being detected.

When you see a 100 foot wall, do you climb it, or do you circumvent it? Take anything you really care about off-line, use cash, limit electronic communications, don’t buy shit on-line, don’t overshare online, don’t use surveillance capitalist products (that’s 99% of large companies), don’t goad the electronic stalkers, and don’t do anything that could rob you of your liberty on-line. Call it an electronic harm minimization method.

I think that is the only solution, since it is clear that they will NEVER rollback their surveillance systems. Just pray for a huge solar flare instead to bake everybody’s electronics to shit and we can all return to truly private arrangements, while also living a 19th century lifestyle…

3 Likes

If you use both with the VPN as the outer layer you stand out even more than normal Tor users. Your Tor use in the VPN will be detectable for advanced adversaries.

1 Like