[tor-talk] Tor to VPN to Internet = Bad. Why?

miniBill cmt.minibill at gmail.com
Wed Apr 25 22:32:23 UTC 2012


>> On 04/25/2012 04:06 PM, Low-Key² wrote:
>> > Recently, I'd come across some chatter that suggested that connecting to
>> a VPN via TOR was not a good idea and, rather, the better idea was to
>> connect to a VPN that then used Tor.  I've not found any articles on the
>> net that really discuss this issue.  My concern stems from more of a
>> curiosity due to an encrypted private web proxy I used to run for foreign
>> activists.  While the proxy would have appeared entirely benign to anyone
>> in their regime, a number used Tor to connect to it. My larger question is,
>> if there is a security concern for using Tor to connect to a VPN which then
>> connects to the internet, would the same concerns apply to people who use
>> Tor to connect to an encrypted web proxy?  Thanks in advance for any
>> replies.
>>
>> I think the main issue is that user needs to authenthicate to the VPN, so
>> no
>> matter where they came from via Tor, they are identifiable. That is true
>> even if
>> the credentials are shared, in that case it's known that the individual
>> connecting via the VPN must be from a small group.
>>
>> On the other hand, if your goal is to hide location instead of identity
>> from the
>> VPN, connecting via Tor _might_ do the trick. I'm saying _might_, since
>> some
>> data inside the protocols transmitted over the VPN could contain your real
>> IP or
>> other identifying information (depends on the protocol(s) used inside VPN).
>>
>> In the case of the encrypted proxy the attacker might know that it's some
>> group
>> of people you gave access credentials to. So it depends on what the
>> attacker can
>> learn - e.g. the attacker will retrieve your name from whois and might
>> attempt
>> to find out from your communication which individuals belong to that group
>> or
>> attempt to compromise the proxy and view logs.
>>
>> Ondrej

A VPN allows traffic correlation if you do You -> Tor -> VPN -> Internet

Leonardo


More information about the tor-talk mailing list