Oftentimes there are websites which will block tor outright, so in these cases can you still have the tor protection in whonix while pointing traffic through a (residential) proxy to be able to access tor blocking sites?
Something similar in fashion to proxy chains.
This wiki is great: https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_proxy. In the interest of quickly sorting through these options, I’d like to run the following scenario by you.
Suppose, that I have a friend (met through an anonymous forum) who agrees to host proxy server for me to hide behind his IP address. He will run whatever Dockerfile I give him. I use Whonix to avoid leaking my identity to him. Ideally, what kind a proxy server should he run to make this configuration easier and most secure?
Or will change it as he sees fit.
Easily, your friend will have a full log of all your activities.
Further, the traffic between the exit relays and the proxy server will potentially be unencypted.
I’d prefer a root access (via ssh) to a server and set up openvpn there on my own.
@sheep Thanks for the insights. I understand that renting a server is an easier approach. I’m just trying to play through the residential proxy scenario. You’re right, the proxy could log unencrypted traffic and DNS requests, but not HTTPS traffic. This may or may not be sufficient depending on the use case.
Such sites should go straight and permanently to your personal shitlist. And everyone must label every such site as Tor-hostile, even if there’s a bunch of brainless lemmings mass downvoting on reddit, hackernews and alike places full of wannabe elitist snobs. Mock these websites everywhere, reach them on Twitter and trigger Godwin’s Law. They started the hostility and discrimination against Tor and other anonymity literate users, we have the right to tell them to go screw themselves. This is a typical social problem, it is pointless to try and solve it by technical means.
With HTTPS traffic, the proxy will still know the IPs you’re connecting to, and at which times, as well as the amount of Kb u/l and d/u.
If you’re not carefully making sure you’re always on right site, the proxy could use its own SSL certificate and keep two encrypted connections (one with the site’s real certificate, one to you), while sniffing everything in the middle (see evilginx2 for a practical example of a tool doing that). Other ways will be to strip the ssl altogether (will work with some sites, not with others).
Terminology breaks down (since Tor is also a “proxy”) however in sofar
the word “proxy” was used here, there are many security issues with it,
these are outlined here: