[tor-talk] Tor -> VPN Clarification
ter.one.leeboi at hush.com
Sun Feb 1 21:51:50 UTC 2015
"Joe Btfsplk" wrote:
This VPN & Tor (or Tor & VPN) subject - and its discussion here has
Maybe too complex for all but a handful of folks?
What's complex? Intelligence agencies are reportedly targeting all VPN
providers. Governments are targeting encryption of communications in
the name of national security. Sounds to me like it's a matter of
damned if you do, damned if do don't.
Case 1, Using Tor to connect to a VPN -- Forces the use of TCP for the
VPN and makes it (much) easier to perform statistical correlation.
Suppose you then start to apply modifications via pluggable
transports. Now you're network conditions are in flux measurably from
bridge to exit and back. So your VPN connection is adjusting while Tor
is itself still vulnerable to attacks at the ISP level. Tor learns
your use over time so you'll tend to have at most one clean circuit
available. Now what happens if the circuit is destroyed either OR
internal or at either end. Your exit ip changes to another of a
limited set of exits that support the port used by the VPN. The VPN
could still throw you under a bus for connecting from a Tor exit. If
they sell you out by your account/system fingerprint intelligence will
already be monitoring said VPN and so we're back to statistics derived
from watching both ends. Your adversary is already on the VPN, already
watching the exits, knowing which ones support said VPN service ports.
Now all that's left is to trace the traffic back to the guard--and
you. Unless you've already connected to a malicious guard by chance,
ISP level gaming of circuit build times, or guard rotation. i.e.
predictable to a fault.
Case 2, Using a VPN to connect to Tor -- Enables the use of resilient
UDP signalling. Allows you to throw padding traffic at the VPN while
using Tor. Tor is itself subject to the network conditions of the VPN.
The VPN is more capable to adapt to changing network conditions due to
the use of UDP and differences in the congestion control compared to
Tor+TCP. On the other hand the VPN provider may try to make money from
your non-torified usage. They might also (try to) throw you under a
bus at the knock of intelligence agencies. If they do they can provide
your Tor guard fingerprint. If you use many simultaneously you might
have cause for concern. If you only use one it might not be so bad.
Your torified traffic will presumably be spread across multiple exits
and be changeable at a click. Your adversary is already on the VPN,
already watching the exits, but (hopefully) don't know which ones you
use because of the dynamic nature. Now all that's left is to trace
your traffic from guards to exit. This might be harder if you use
pluggable transports and if they cannot predict your use.
I haven't even included the implications if, in addition, your middle
hop is adversary-controlled. Now I'm not saying either is better but I
prefer the one with more variables in my favor.
More information about the tor-talk