Re: [Tails-dev] OpenVPN

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] OpenVPN
> intrigeri,

We're a team actually :)

> I was under the impression that using a VPN service would provide a
> certain level of anonymity because it masks your true IP and sends
> traffic through an encrypted tunnel. So while a listener would know you
> were connecting to a VPN, the traffic on the other end could have come
> from anyone. Is that incorrect?


This is correct. The only difference here is that you rely heavily on a
single VPN provider, so if it is giving out your data your are screwed.
On the other end Tor, relies on three different hops and none of them
can have a full view of who is going what. That's the difference.

> Perhaps this question is out of scope,
> but I am curious if third party VPN services truly accomplish what they
> claim.


That's the whole issue. Plus the Torbrowser does tons of magic to hide
the fingerprint of your browser. If a VPN only relays your traffic, your
browser might still appear as completely unique on the server side. And
thus you are not anonymous anymore, even though you have a different IP
address. I wonder how this is advertised by VPN providers...

> I was also under the impression - through reading your wiki and
> other info on the web - that Tor is good for masking location, but that
> the endpoints could listen to all your traffic.


Yes, the exit node can listen to all your traffic. So does the exit
point of the VPN.

> I read the page on limited VPN support that you linked to. I am not
> sure I understand how using an anonymous VPN service with or without Tor
> would somehow make it worse. The entry point is the same, but the
> traffic is tunneled.


You shouldn't add a VPN to Tor to improve on anonymity, but only in
certain cases where you couldn't use Tor or the service you want to
reach otherwise. That is what we will try to provide.