Methods of anonymity online. Part 4. Tor & VPN. Whonix

Hello!

So we got to more interesting things. In this article we will look at how to combine Tor with VPN / SSH / Proxy.
For the sake of brevity, I will write VPN everywhere, because you are all great and you already know the pros and cons of VPN, SSH, Proxy, which we studied earlier here and here .
We will consider two options for connections:

• first VPN, then Tor;
• first Tor, and then VPN.

I will also tell you about the Whonix distribution, which implements the most advanced achievements in the field of network anonymity, because, among other things, both the analyzed schemes are configured and work in it.
The previous parts are here:
Part 1: Methods of anonymity online. Just about the complicated .
Part 2: Methods of anonymity online. Data leaks .
Part 3: Methods of anonymity online. Firefox .

First, let's define some of the postulates:
1. The Tor network provides a high level of client anonymity while observing all the mandatory rules for its use. This is a fact: there were no real attacks in public on the network itself.
2. A trusted VPN (SSH) server ensures the confidentiality of the transmitted data between itself and the client.
Thus, for convenience in this article, we mean that Tor provides client anonymity, and VPN - confidentiality of transmitted data.

Tor through VPN. First VPN, then Tor.

A VPN server with such a scheme is a permanent entrance node, after which encrypted traffic is sent to the Tor network. In practice, the scheme is implemented simply: first, a connection is made to the VPN server, then a Tor browser is launched, which automatically sets up the necessary routing through the VPN tunnel.

Using such a scheme allows you to hide the very fact of using Tor from our Internet provider. We will also be closed from the entrance node of Thor, which will see the address of the VPN server. And in the case of a theoretical compromise of Tor, we will protect the VPN line, which, of course, does not store any logs.
Using a proxy instead of VPN is meaningless: without the encryption provided by the VPN, we won’t get any significant advantages in such a scheme.
')
It is worth noting that the Internet service providers invented the so-called bridges specifically for circumventing the ban on Tor.
Bridges are such Tor nodes that are not listed in the central Tor directory, that is, not visible, for example, here or here , and therefore more difficult to detect.
How to configure bridges, it is written in detail here .
Several bridges can give us the Tor site itself at .
You can also receive bridge addresses by mail by sending a letter to bridges@torproject.org or bridges@bridges.torproject.org with the text: “get bridges”. Be sure to send this email from gmail.com or yahoo.com.
In response, we will receive a letter with their addresses:
" Here are your bridge relays:
bridge 60.16.182.53:9001
bridge 87.237.118.139:444
bridge 60.63.97.221:443 »
These addresses will need to be specified in the settings of Vidalia - Tor proxy server.
Sometimes it happens that bridges are blocked. To circumvent this, the so-called “obfuscated bridges” are introduced into Tor. Without going into details, they are harder to find. To connect to them, you need, for example, download Pluggable Transports Tor Browser Bundle .

Advantages of the scheme:

• we will hide from the Internet provider the very fact of using Tor (or connect to Tor if the provider blocks it). However, there are special bridges for this;
• We'll hide your ip-address from the Tor input node, replacing it with the address of the VPN server, but this is not the most effective increase in anonymity;
• in the case of a theoretical compromise of Tor, we will remain behind the VPN server.

Cons of the scheme:

• we must trust the VPN server in the absence of any significant advantages of this approach.

VPN via Tor. First Tor, then VPN

In this case, the VPN server is a permanent exit to the Internet.

Such a connection scheme can be used to bypass the blocking of Tor nodes by external resources, plus it should protect our traffic from listening on the output Tor node.
There are many technical difficulties in establishing such a connection, for example, you remember that the Tor chain is updated every 10 minutes or that Tor does not miss UDP? The most viable practical implementation is the use of two virtual machines (more on this later).
It is also important to note that any output node will easily allocate the client in the general stream, since most users go to different resources, and when using such a scheme, the client always goes to the same VPN server.
Naturally, the use of conventional proxy servers after Tor does not make much sense, since traffic to the proxy is not encrypted.

Advantages of the scheme:

• protection against listening to traffic on the Tor output node, but Tor developers themselves recommend using encryption at the application level, for example, https;
• Protection against blocking Tor addresses by external resources.

Cons of the scheme:

• complex implementation of the scheme;
• we have to trust the outgoing VPN server.

Whonix concept

There are many OS distributions whose main purpose is to ensure anonymity and protect the client on the Internet, for example, Tails and Liberte and others. However, the most technologically advanced, constantly evolving and effective solution that implements the most advanced security and anonymity equipment is the distribution kit of OS Whonix .
The distribution consists of two Debian virtual machines on VirtualBox, one of which is a gateway that sends all traffic to the Tor network, and the other is an isolated workstation that connects only to the gateway. Whonix implements the mechanism of the so-called isolating proxy server. There is also the option of physically separating the gateway and the workstation.

Since the workstation does not know its external ip-address on the Internet, this allows you to neutralize many vulnerabilities, for example, if the malware gets root access to the workstation, it will not be able to find out the real ip-address. Here is the scheme of Whonix, taken from its official website.

OS Whonix, according to developers, has successfully passed all possible tests for leaks . Even applications such as Skype, BitTorrent, Flash, Java, which are known for their ability to access the open Internet bypassing Tor, have also been successfully tested for the absence of leaks of deanonymizing data.
OS Whonix implements many useful mechanisms of anonymity, I will indicate the most important:

• all traffic of any applications goes through the Tor network;
• to protect against traffic profiling, OS Whonix implements the concept of thread isolation. Applications pre-installed in Whonix are configured to use a separate Socks-port, and since each Socks-port uses a separate chain of nodes in the Tor network, profiling is impossible;
• Secure hosting of Tor Hidden services is provided. Even if the attacker hacks the web server, he will not be able to steal the private key of the “Hidden” service, since the key is stored on the Whonix gateway;
• Whonix is ​​protected from DNS leaks, as it uses the principle of an isolated proxy in its architecture. All DNS queries are redirected to Tor's DnsPort;
• Whonix supports the “obfuscated bridges” discussed earlier;
• “Protocol-Leak-Protection and Fingerprinting-Protection” technology is applied. This reduces the risk of customer identification through creating a digital fingerprint of the browser or system by using the most commonly used values, for example, the user name is “user”, the time zone is UTC, etc .;
• it is possible to tunnel other anonymous networks: Freenet, I2P, JAP, Retroshare via Tor, or work with each such network directly. More details about the features of such connections can be found here ;
• It is important to note that Whonix has tested, documented and, most importantly, all (!) VPN / SSH / Proxy combination schemes with Tor work. More information about this can be found at the link ;
• OS Whonix is ​​a completely open source project using free software.

However, it is worth noting that Whonix OS has its drawbacks:

• more complex setup than Tails or Liberte;
• two virtual machines or separate physical hardware are required;
• requires increased attention to maintenance. It is necessary to monitor the three OS instead of one, store passwords, and update the OS;
• in Whonix, the New Identity button in Tor does not work. The fact is that the Tor browser and Tor itself are isolated by different machines, therefore, the New Identity button does not have access to Tor management. To use a new chain of nodes, you need to close the browser, change the chain using Arm, the Thor control panel, the Vidalia analogue in the Tor Browser, and start the browser again.

The Whonix project is developed separately from the Tor project and other applications that are included in it, therefore Whonix will not protect against vulnerabilities in the Tor network itself or, for example, 0-day vulnerabilities in the firewall, Iptables.

The safety of Whonix can be described as a quote from his wiki : “ And no, it’s not a problem. such . "
If you are looking for departments of "their three letters," you will be found :)

The issue of friendship between Tor and VPN is ambiguous. Disputes on the forums on this topic do not subside. I will give some of the most interesting ones:

1. the section on Tor and VPN from the official Tor project page;
2. Tails distribution forum section on VPN / Tor issue with Tails developers opinions. The forum itself is now closed, but Google has saved the discussion cache ;
3. section of the forum of the Liberte distribution on the issue of VPN / Tor with the views of the developers of Liberte.
   Thanks for attention!