I’m new to the whole privacy thing, and have started testing various options with a view to been a bit more discrete while on-line. However I have read that it is possible that the Tor exit node could in theory read my traffic, including passwords and login details.
One way to avoid this would be to use an encrypted VPN over Tor, however I think I’m a little bit out of my depth, and reading the whonix documents implies that this isn’t really necessary.
So do I need to use Whonix-Tor-VPN or am I misunderstanding things as normal?
the exit node can, of course, only read unencrypted content, meaning hidden service connections are “hard to not readable”. Same goes for most versions of SSL, so pretty much any modern webpage, that offers “https” is also “hard to not readable”. That’s also one of the reasons, why you always should encrypt your communication with GPG.
So, unless you access a site which only offers an unencrpyted connection, eavesdropping will be quite hard. (such sites shouldn’t be trusted anyway, though).
I’d forgotten the whole https thing, so I guess all I really need to do is check everything is on a secure conneection. Is there anyway to force the tor browser to only accept https connections?
[quote=“Ego, post:2, topic:2060, full:true”]
the exit node can, of course, only read unencrypted content, meaning hidden service connections are “hard to not readable”. [/quote]
Just a quick clarification, it is impossible for exit nodes to read any traffic going to hidden services because they are not involved at all. Exit nodes provide a means to “exit” the Tor network and access clearnet sites. You don’t need to leave the Tor network to access hidden services. The last hop just thinks it’s routing traffic to another Tor relay. Is the connection to Tor hidden services encrypted?
Famous example of exit nodes sniffing credentials was Blockchain.info. They have an .onion address as well as https, both of which are “safe” to use. The problem occurred when Tor users accessed the site using http, giving exit nodes a chance to steal info. Blockchain.info now requires Tor users to access the site using the .onion address only.
If you must pass sensitive info over http (really, really bad idea), then your suggestion is one option. Of course, that requires finding a trustworthy VPN. If you’re able to acquire a VPS anonymously, you could host your own VPN and eliminate the trust factor. (Even better if the VPS uses a shared IP.)
And if you are using a VPN you are just shifting the issue. Then the same attack could be mounted by the VPN [if compromised, bribed for forced], the ISP of the VPN as well as the ISP of the destination server. There might be lower risk for that to happen when “exiting” though the VPN rather than a Tor exit, however there are other disadvantages… See also:
Should’ve written “reduce” not “eliminate”. Your traffic will be unencrypted on the VPS at some point and vulnerable to interception. Physical Attacks. Same conclusion: Don’t use http for sensitive info.
A side question to the above, assuming you want to hide the places you visit from your ISP and local government, if you use https along I’d guess they can still see where you’re visiting even if they can’t see what you are doing, is this still the same when going through the Tor network alone without a VPN
Replacing a Tor exit with a VPN at the end of the chain only shifts the
risk from one to another. And the ISP of the Tor exit or VPN and the ISP
of the destination could still monitor / manipulate. So no way around
https or onion.