[tor-talk] torjail - run programs in tor network namespace
mirimir at riseup.net
Wed Jul 25 08:41:11 UTC 2018
On 07/25/2018 01:26 AM, Roman Mamedov wrote:
> On Wed, 25 Jul 2018 01:14:12 -0700
> Mirimir <mirimir at riseup.net> wrote:
>> True. But I'd rather use the Whonix approach. It's doable using two VPS.
>> That is, if the provider will cooperate. One VPS runs the web server,
>> and it has no Internet connectivity or public IP, just a private IP on a
>> local network. The other VPS runs the Tor client, and it has two
>> interfaces. One with Internet connectivity and a public IP. And the
>> other on the same local network as the server VPS.
> And all your traffic before even entering Tor goes across the provider's
> "local" network, where it can be captured in the clear and analyzed.
Well, sure. But you're pretty much at providers' mercy whenever you use
VPS. Even dedicated servers can be easily compromised.
And OK, I should have recommended encrypting local traffic with
WireGuard or whatever.
Alternatively, you could use a dedicated server, and run your own VPS.
Or you could use a KVM VPS that can run VMs. It's sluggish, but it works.
More information about the tor-talk