Various sites block Tor exit nodes. What will be the recommended way to connect in this case? Tor->VPN? Tor->Proxies? Tor->VPS? Tor->JonDoNYM?
Of course in all cases the link after Tor should be either free or paid anonymously.
We don’t have a recommendation for this (yet?).
See also:
What solution could we recommend? Any that is legal, easy to set up and doesn’t decrease anonymity? Specifically with respect to Challenges in Provider Location Selection it’s going to be very hard.
What would you do?
My opinions, currently, are:
- Proxies - main advantage is that there are many free proxies out there, so you could connect with a different IP each time. Disadvantage - not encrypted, probably higher MiTM risk then others.
- VPNs - more secure, but fewer free choices - it will not be practical to setup connections to many different providers, so you will have few exit IPs. Sometimes a fixed IP is an advantage though. Some sites don’t mind Tor but go crazy if you log in from different locations each time.
- VPS, more work in setting up, not sure how this is even done, costly and just a fixed exit.
- JonDonym - 6 hops and probably slow. Plus, doesn’t JonDonym get blocked as well?
Setup on Whonix - to me all those setups look complicated, and especially if I want to switch between them in different cases, or even between different proxies, different VPNs etc. Changing the settings repeatedly will be hellish, a better option may be to keep different workstations and even different gateways? This will mean a lot of maintenance to keep all updated and so on.
I’m sure this isn’t a rare problem?
I have found the Startpage proxy through Tor Browser works in most instances to bypass the block and access readible content - no fancy configuration required. Sure, you’re not gonna login anywhere and engage with interactive content (mostly), but it’s passable.
Only rarely does some website prevent the Startpage proxy, and if they do, the same info is easily found elsewhere in 99% of cases. Some websites are also rolling back their Tor bans over time, and those that don’t are not usually that important anyhow and are opposed to basic freedoms, so probably aren’t worth bothering with.
2 Likes
Could you please document that? Seems like a missing piece and very simple (good!) trick, worthwhile to know.
pano:
Setup on Whonix - to me all those setups look complicated, and especially if I want to switch between them in different cases, or even between different proxies, different VPNs etc. Changing the settings repeatedly will be hellish, a better option may be to keep different workstations and even different gateways? This will mean a lot of maintenance to keep all updated and so on.
Indeed. Another two shortcoming of the documentation. Introduced by me.
-
Certain parts of it are only required if you depend on the VPN to
always be used. Otherwise if you don’t need a fail-closed mechanism,
things are a lot simpler. Circumvention is a lot easier than hiding. -
For your question, presenting all these options in detail
(Tunnels/Introduction) - targeting users caring about hiding and
fail-closed mechanism - worsens the documentation for users who just
want simple circumvention.
Will do.
1 Like
Documentation shortcomings, I believe, may be part of the difficulty, but not the major part. I will try to clarify what I mean.
First, the issue of having a fail safe mechanism is of utmost importance. In fact, I don’t see why someone mainly interested in circumvention rather than anonymity will bother to use Whonix anyway, so the emphasis on a reliable mechanism is exactly what’s needed.
Second, I do accept that initial setup can be complex. After all, we are dealing with third parties (namely, VPN and Proxy providers), that don’t all operate in the same way.
Regarding the documentation - yes, it can be tricky to follow but if certain settings need to be done only once, it’s not the end of the world. When you need to switch back and forth in some cases, then it becomes, in my opinion, not realistically manageable.
The main issue as I see it is ease of activation / deactivation.
Take the example of bridges. I can turn them on or off by commenting or uncommenting a couple of lines in torrc (or 50_user.conf in Whonix 14…). Easy!
Do we have anything of that kind in the cases of VPN before / after Tor and in the case of proxies? that’s what I would like to understand!
If not, I think adding such on/off “switches” - reducing activation / deactivation to a single place (after an initial setup of course) - will be very useful. Especially for the “after Tor” cases, where we don’t always have the possibility to just use Tor.
1 Like
pano:
Documentation shortcomings, I believe, may be part of the difficulty, but not the major part. I will try to clarify what I mean.
First, the issue of having a fail safe mechanism is of utmost importance. In fact, I don’t see why someone mainly interested in circumvention rather than anonymity will bother to use Whonix anyway, so the emphasis on a reliable mechanism is exactly what’s needed.
Should have clarified:
a) circumvention of Tor blocks by destination websites.
b) Not circumvention of Tor blocks at ISP level.
For a), for simply viewing a website, circumvention is not super
important to be 100% reliable. If it doesn’t work for a few seconds and
then continues to work, no problem.
For both, a) and b) there are use cases.
The main issue as I see it is ease of activation / deactivation.
Multiple VMs seem best here. Otherwise recipe for disaster / messing up.
Do we have anything of that kind in the cases of VPN before / after Tor and in the case of proxies? that’s what I would like to understand!
The closest is using Qubes but still no on/off as easy.
If not, I think adding such on/off “switches” - reducing activation / deactivation to a single place (after an initial setup of course) - will be very useful. Especially for the “after Tor” cases, where we don’t always have the possibility to just use Tor.
Unrealistic at this point.
1 Like
Thanks Patrick. I’ll focus on the User->Tor->Proxy/VPN for now and set a couple of VMs to see how this goes. For those cases, I understand the changes are only at the Whonix-Workstation (when using VirtualBox), correct?
Yes.
1 Like