Re: [Tails-dev] OpenVPN

Delete this message

Reply to this message
Author: adrelanos
Date:  
To: tails-dev
Subject: Re: [Tails-dev] OpenVPN
a432511@???:
> I was under the impression that using a VPN service would provide a
> certain level of anonymity because it masks your true IP and sends
> traffic through an encrypted tunnel.


If combining a VPN/proxy/ssh with Tor improves anonymity, privacy and
security or not is a controversially discussed topic. There is a page
dedicated on that topic collecting all the pro and contra arguments:
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
(Mostly written by me.)
In conclusion, I'd say the answer depends on your assumption and threat
model.

> So while a listener would know you
> were connecting to a VPN, the traffic on the other end could have come
> from anyone. Is that incorrect?


If you mean by listener = ISP, and if you mean a Pre-Tor-VPN (user ->
VPN -> Tor -> destination), it's correct.

I am very skeptical if VPN's or SSH's are even able to hide the fact
you're using Tor, see VPN/SSH Fingerprinting:
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#VPNSSHFingerprinting

> Perhaps this question is out of scope,
> but I am curious if third party VPN services truly accomplish what they
> claim.


Leaving protocol leaks (browser fingerprinting aside), a single VPN
provider provides nothing more than weak anonymity by policy. On the
other hand, Tor provides anonymity by design.

> that Tor is good for masking location, but that
> the endpoints could listen to all your traffic.


VPN servers used as post-Tor-VPN (user -> Tor -> VPN -> destination
webserver) can also listen to plaintext traffic. Shifting trust from a
Tor exit to a VPN and therefore giving up stream isolation and
introducing a permanent exit node is imho a bad idea.