Would it have helped the Harvard bomber to use VPN on top of TOR?

I'm curious ...

Given that the Harvard student lost his anonymity simply
by using Tor on the Harvard WiFi network, do you think
there would have been worthwhile anonymizing value had he
simply added VPN on top of Tor?

That is, after anonymizing his browser fingerprint,
instead of going directly to freeware Tor, one adds
an additional layer of freeware VPN?

The presumed advantage is that the local WiFi network
couldn't have "seen" the Tor connection

The disadvantage presumably would be that both VPN and
Tor slow things down; but they guy was only sending email.

QUESTION:
Does freeware VPN add any additional anonymizing value to Tor?

On 22/01/14 19:26, Danny D. wrote:

QUESTION:
Does freeware VPN add any additional anonymizing value to Tor?

This depends on how well the VPN provider logs your activity and how
willing they are sharing this information. I would more bet on those pay
services which has setup their services to help their customers to use
piratebay and similar services without the fear of getting sued by some
greedy MPAA or similar idiots.

--

//Aho

On Wed, 22 Jan 2014 19:58:05 +0100, J.O. Aho wrote:

This depends on how well the VPN provider logs your activity and how
willing they are sharing this information.

With the FBI tracking the offender, probably nothing
would have saved him.

But, for general use, I don't think VPN adds *anything*
of value, with or without TOR.

For one, VPN can be seen by your ISP or by the wifi
access point that you select, so, that singles you
out immediately as an offender of their rules.

Better to blend in with everyone else, and use neither
VPN nor TOR. If you must, one without the other is probably
OK, but having both is a security hole in and of itself.

On Wed, 22 Jan 2014 19:46:47 +0000, David Thomas wrote:

But, for general use, I don't think VPN adds *anything*
of value, with or without TOR.

i think vpn adds a lot of value over and above tor!

even if the vpn provider rats on you, they can only
say you were using tor because they don't know your
end url.

plus your traffic is doubly encrypted, once by vpn
and then again by tor.

On Wed, 22 Jan 2014 19:58:05 +0100, J.O. Aho wrote:

This depends on how well the VPN provider logs your activity and how
willing they are sharing this information.

i don't understand why the vpn logs would matter.

all the vpn would know is that you went to tor.

the vpn wouldn't know where else you went.

On 1/22/2014 11:52 AM, Danny D. wrote:
On Wed, 22 Jan 2014 19:46:47 +0000, David Thomas wrote:

But, for general use, I don't think VPN adds *anything*
of value, with or without TOR.

i think vpn adds a lot of value over and above tor!

even if the vpn provider rats on you, they can only
say you were using tor because they don't know your
end url.

plus your traffic is doubly encrypted, once by vpn
and then again by tor.


At most places, access to VPN is "by invitation", i.e., via a
discrete logon. While using VPN would mask the physical address
of the transmitter to a recipient, a backtrace would end up at
the VPN server. Checking the VPN logs would then track back to
the originator. If by Wi-Fi, it would point to the user, typically
to the machine's MAC; and if by a physical connection, to the
actual ethernet port. Anonymity is better assured over an open
internet than via dedicated routing, with/without tor.

GR

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

On Wed, 22 Jan 2014 19:58:05 +0100, J.O. Aho wrote:

I would more bet on those pay
services

That's pretty much what this article said also:
http://lifehacker.com/5940565/why-yo...for-your-needs

On Wed, 22 Jan 2014 13:26:48 -0500, Danny D.
wrote:

QUESTION:
Does freeware VPN add any additional anonymizing value to Tor?

Of course. You're essentially going through two proxies AND giving
yourself a failsafe if ever Tor gets compromised (and it seems to have
been a few days ago).
--
Silver Slimer
GNU/Linux is Communism

On Wed, 22 Jan 2014 13:08:33 -0800, Ghostrider " wrote:

Checking the VPN logs would then track back to
the originator.

For two reasons that doesn't bother me at all ...
a. Most of these VPN providers say they don't have *any* logs.
b. I just want Internet anonymity; not immunity from the law

If by Wi-Fi, it would point to the user, typically
to the machine's MAC; and if by a physical connection, to the
actual ethernet port.

Again, that's not at all worrisome since my eth0 and wlan0
MAC address is randomly changed every time I reboot.

Anonymity is better assured over an open
internet than via dedicated routing, with/without tor.

I'm not so sure I believe that...

On Wed, 22 Jan 2014 18:47:35 -0500, Silver Slimer wrote:

Of course. You're essentially going through two proxies AND giving
yourself a failsafe if ever Tor gets compromised (and it seems to have
been a few days ago).

I think that's good advice.

1. The VPN gives us encryption from, I guess, home to the server.
2. The VPN goes to Tor, which gives us encryption to the destination.
3. And, if the destination is an https address, we get a third level of encryption.

At least that's how I *think* it works.

On Wed, 22 Jan 2014 20:49:43 -0500, Danny D.
wrote:

On Wed, 22 Jan 2014 18:47:35 -0500, Silver Slimer wrote:

Of course. You're essentially going through two proxies AND giving
yourself a failsafe if ever Tor gets compromised (and it seems to have
been a few days ago).

I think that's good advice.

1. The VPN gives us encryption from, I guess, home to the server.
2. The VPN goes to Tor, which gives us encryption to the destination.
3. And, if the destination is an https address, we get a third level of
encryption.

At least that's how I *think* it works.

I haven't used Tor myself but have used VPN's in the past. Essentially,
your ISP will know that you made a connection to the VPN, but from that
point on they know nothing. Once connected to the VPN, you are anonymous
and once you connect to Tor, your activity becomes anonymous to the
provider of the VPN.

--
Silver Slimer
GNU/Linux is Communism

The intellect and maturity of GNU/Linux advocates:
"Does Snot's penis taste salty, Silver Slipper?" - Onion Knight v3.0
"Isn't it time you went home to alt.suicide.holiday?" - Nobody

Danny D. writes:
The VPN goes to Tor, which gives us encryption to the destination.

Tor is for anonymity, not
encryption. http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
--
John Hasler

Dancing Horse Hill
Elmwood, WI USA

On Wed, 22 Jan 2014 21:15:14 -0500, John Hasler
wrote:

Danny D. writes:
The VPN goes to Tor, which gives us encryption to the destination.

Tor is for anonymity, not
encryption. http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29

Correct.
--
Silver Slimer
GNU/Linux is Communism

The intellect and maturity of GNU/Linux advocates:
"Does Snot's penis taste salty, Silver Slipper?" - Onion Knight v3.0
"Isn't it time you went home to alt.suicide.holiday?" - Nobody

On Wed, 22 Jan 2014 20:15:14 -0600, John Hasler wrote:

Tor is for anonymity, not encryption.

I might have mixed them up, in my examples.

Are these examples correct?

---- === not encrypted
++++ === encrypted

1. Normal un-encrypted connection:
Home PC----ISP----Internet----Destination

2. The standard TOR scenario:
Home PC----ISP----Internet----Tor1/Tor2/Tor3---Destination

3. I think this is the "personal VPN" scenario:
Home PC++++ISP++++Internet++++VPN Server----Destination

4. I think this is the encryption adding personal VPN to Tor:
Home PC++++ISP++++Internet++++VPN++++Tor1/Tor2/Tor3---Destination

Are those diagrams correct?

On Wed, 22 Jan 2014 23:08:20 -0500, Danny D'Amico wrote:

On Wed, 22 Jan 2014 20:15:14 -0600, John Hasler wrote:

Tor is for anonymity, not encryption.

I might have mixed them up, in my examples.

Are these examples correct?

---- === not encrypted
++++ === encrypted

1. Normal un-encrypted connection:
Home PC----ISP----Internet----Destination

2. The standard TOR scenario:
Home PC----ISP----Internet----Tor1/Tor2/Tor3---Destination

3. I think this is the "personal VPN" scenario:
Home PC++++ISP++++Internet++++VPN Server----Destination

4. I think this is the encryption adding personal VPN to Tor:
Home PC++++ISP++++Internet++++VPN++++Tor1/Tor2/Tor3---Destination

Are those diagrams correct?


It's more like
PC---ISP----Internet----VPN----Tor/Tor2/Tor3----Destination. Nowhere along
the same is there any kind of encryption.
--
Silver Slimer
GNU/Linux is Communism

The intellect and maturity of GNU/Linux advocates:
"Does Snot's penis taste salty, Silver Slipper?" - Onion Knight v3.0
"Isn't it time you went home to alt.suicide.holiday?" - Nobody