Good afternoon!
Russia has banned TOR browser.
Therefore, do I have to prescribe bridges in OS Whonix?
Moreover, does provider can see that I use TOR browser in Whonix or its hidden that I use it?
Thank you for your attention !
Yes, bridges are used to circumvent censorship. I would use an obfs4 bridge
Whonix does not hide that you are using Tor. Your service provider will know that you are using Tor.
The following wiki page gives you an overview of using bridges with Whonix. I think it will answer some of your questions.
4 Likes
Hi @Barbarian !
Just in case obfs4 bridges are also banned in Russia, you can also try Lantern which is a censorship circumvention tool:
2 Likes
Hi @iry
For clarity, if obfs bridges are banned, it would be a simple matter for the Russian govt to block all public obfs bridges but much more difficult if you roll your own. Is this correct?
Also, do you know of any Russian specific sites that @Barbarian may find useful for circumventing censorship?
2 Likes
Hi @0brand !
It depends on whether the censorship technology is sophisticated enough to detect the user is using obfs protocols:
- If sophisticated enough, it even does not matter for an adversary to get the information of “public” bridges. They can simply detect someone is using obfs Tor and block it dynamically;
- If not sophisticated enough, an adversary may tried to get as many bridge info as possible(From bridgeDB, from TBB sources code like what China is doing, or from any other channels). In such a case, it would be “much more difficult if you roll your own” obfs bridges.
Sorry, I don’t. But I have been holding a thought that China has the most sophisticated censorship technology and if a censorship circumvention technology works under China’s GFW, it is very likely to be useful to users in other censored area.
3 Likes
easiest should be purchasing any of these max $0.5 blacklisted SSH-tunnel proxies and including it in WHX Gateway config just to work around - it will work forever, only issue is who will create how-to running Whonix over SSH-tunnel manual))
as long as TOR works about 1-3 mbps it will be ok with any proxy… so it seems openVPN may be runned in WHX-Gateway too… and look at vpngate-net too (free openVPN private nodes list - as long they mostly malware and attack, seems they not gov’t if it’s matters at all), some kind of TOR-like initiative, they also lists faked and gov-t IPs to compromise those chinese etc services…
Hi @DCC
I do not believe using a VPN is a good option if Tor use is dangerous or considered suspicious in your location. It would be a simple matter for your service provider or Govt to use Deep packet inspection (DPI) to ascertain if you are using Tor. I don’t think running a VPN in Whonix Gateway would provide you with any protection from DPI.
1 Like
I mean it will not help to hide you are hiding (as it not needed at all) but let you just work))
it’s huge walking-around initiative in itself but if someone wants… much harder then type 2 strings - nano torrc and obfs-bridge info (same tunnel in mean)… Oracle VBox have no proxy workaround in any way, so putty + proxifier for win and ssh + privoxy for linux would be fast ready if needed…
just for such mystical case if there really would be traced and blocked every brigde IP)) and most of all in case of free openVPN it’s still free, so DPI etc not mean a thing until proxy users will be abused)) and even then buy bruted ssh-tunnel for cents and use it free of any, only issue it takes some more time to turn on and less than any kind of VPN, machine resources… starting pair a of ssh via proxychain etc you just get hi-speed doubleVPN almost free…
Supports SSL-VPN (SoftEther VPN) protocol
it’s from vpngate - do you mean SSL can be parsed and disclosed of connecting TOR? there are known Uzbekistan and Kazahstan gov’t even attacks all SSL connections, inspite what they are - now checked - so what they do - some kind of korean-light internet - they issued national SSL certificate and forced all users to install it in trusted (in real live known as MITM SSL attack) - so without it https will not work lol))) guess /this country/ have no banks or any private financial xD
even in that case VPS should be right solution)) eg if it can access amazon so it can access amazon cloud or google cloud etc - as far as /evidence is logs/ (just a logs of last used IP - so any live-build or else liveCD will solve you) receiving JPG images from it should be fun…
UZ/KZ seems like nothing more than compromised exit node - compromise an agent with access to traffic costs less than graphic card for mining - so as they still have a lot of payments incl corporate there, and more huge of gov’t corps payments - seems internal traffic remains encrypted, such as payment merchants etc))
Hi @DCC
My apologies but I am having a hard time understanding you as I’m sure you are having a hard time understanding me .
What I meant was using a VPN is not a good option to hide your Tor usage if you live in a country where Tor usage would be dangerous or suspicious.Your ISP or govn’t can use DPI to tell if you are using Tor.
The better option would be to use an obfs 4 bridge or as @iry point out Lantern would also be an option if obfs4 bridges were banned in Russia.
I looked at VPN Gate and if you require privacy they are not one I would use. They keep extensive connection logs, the service is very slow, and you would have to place quite a lot of trust in the volunteers that run the network.
yes, you gave me the answer to my question - are they able to analyse SSL-crypted traff, so yes they are
what about speeds, for me TOR usually shows about same 1-3 mbps so this not an issue, and for security imho running VPN on server is just the same as TOR - and logs are elsewhere, in TOR hosting servers too - and govs have they all if rejected…
That is around the same connection speeds get as well.
You can’t really compare the two as they are both designed for different uses.
Tor was designed and used for anything that requires anonymity.
VPNs were designed to provide the user with added security and privacy. The security and privacy benefits are dependent on the VPN solution used and the service provider.
VPNs do not provide anonymity and should never be used for that purpose. You should be using Whonix with TBB for anything that requires anonymity
sure agree, but -
- what about Oracle compromacy itself? (ok well don’t you heard about govs exploit found in RSA by developers forced to renew client side software?)
- openVPN used in most expensive and trustful twin and quad VPN services, costs about $100+/month staying the same, and sure paid eg some kind tracked while this not
- most services blocks TBB and if you need eg sms-verify you lose - so if I need eg one and only VPS access via client - should I use WHX Workstation instead of eg liveCD in VM? looks like a choice - making your bread or stay safe lol (so there’s logs and caches will remain on WHX while liveCD not - if there’s for some reason they really may know where to go)
I understand that TOR is safer (until someone have not granted access to both input and exit nodes lol - then when they get your IP, browser’s and other settings mb wouldn’t help you) and not tryin to compare, but there must be a flexibility, eg in combining it with other solutions, what I asked about…
Hi @DCC
That is correct, however if you are connected to the internet you are vulnerable to exploits/vulnerabilities regardless of what Os/software you use.
I’m not sure what you mean by “twin” and “quad” VPN service. Can you give the name of the service providers you are referring to?
Are you saying the more expensive the service/software, the better it is? The most well known and respected anonymity software is FREE (e.g Tor, Whonix, Tails). Regardless of what VPN service provider you use you are still vulnerable to exploits regardless of the VPN software itself. And yes Tor, Whonix etc. also have vulnerabilities.
You have to take the VPN service providers word that no logs are kept. That is quite a lot of trust to put into someone. What if the service provider was force to keep logs (by the gov’t) They probably could not tell anyone (i.e. customers). This is dependent on what jurisdiction the provider lies in.
I think that is really quite simple. If you need an amnesic OS, go with Tails. If you don’t, go with Whonix. 
I agree. However you did not mention combining with other solutions. I thought you meant VPNs could be user instead of Tor for anonymity 
There is one more thing I would like to add if you don’t mind:
Its Tor not TOR
It took me a while to realize that and I thought I would share it with you. I hope you don’t take any offense.
1vpns.com for example - they too hard to find, those trusted, most just uses nordVPN by meaning they know how to pay and to use it, etc - it a reality, that in real life there not as colorful as want to appear)) I mean there no safe and no simple solution exist at all…
but using proxy for access to one VPS is even less risky and much less fingerprintable (as those spelling etc analytics) then to access for example one social account where you have to share info… and instead of working in VPS any way there are too much personal fingerprints, while there mb only your own favorite login names etc xD
free services such as Whonix etc appeared just in last days, giving a trend that free is better than paid, it caused by many reasons, mostly internet n social net popularity etc… reasonable scenario… what makes tor better than any I2P vpn, etc - is that there much more users using same IPs))
Its Tor not TOR
I believe that /evidence is logs/ - just logs of last used IP, so in most loud cases such as those silkroads and wikileaks, if there were no current evidence of using them, so those people might at least ride to other countries as in case with paxful for example…
Whonix exists since 29 Feb 2012. Tails even longer.