[tor-bugs] #6900 [Tor Client]: Tor VPN mode feature
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Sep 23 12:24:57 UTC 2012
#6900: Tor VPN mode feature
----------------------------+-----------------------------------------------
Reporter: proper | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Client | Version:
Keywords: needs-proposal | Parent:
Points: | Actualpoints:
----------------------------+-----------------------------------------------
Comment(by proper):
Replying to [comment:2 rransom]:
> VPNs leak traffic every time the system's IP routing table changes
(which happens e.g. every time any of the system's network interfaces
disconnects and reconnects). A ‘VPN-like client’ cannot be safe, even if
you do implement a userland IP stack to convert the user's TCP packets
into Tor streams.
That can be stopped with correct routing tables, which ensure to fail
closed. This is known to some people and there are instructions to stop
it. [http://cranthetrader.blogspot.com/2011/10/dont-allow-non-vpn-
traffic.html example]
> Aside from the fact that this can't be safe to use at all, the user's
applications will send unique identifiers over the Internet regardless of
whether the VPN's network interface is active, thus making the user
traceable anyway.
Yes, a VPN mode would open up for identity correlation since everything
goes through Tor, even through the same circuit, such as software updater
and so on. It depends on the threat model: Do you want more effective
protection against DNS and other leaks? Or do you distrust the Tor exits
more and are more scared of identity correlation? Proxy mode and VPN mode,
both have advantages and disadvantages. This would be a fine topic for
research as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6900#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list