⬆️ ⬇️

Methods of anonymity online. Part 4. Tor & VPN. Whonix



Hello!



So we got to more interesting things. In this article we will look at how to combine Tor with VPN / SSH / Proxy.

For the sake of brevity, I will write VPN everywhere, because you are all great and you already know the pros and cons of VPN, SSH, Proxy, which we studied earlier here and here .

We will consider two options for connections:



I will also tell you about the Whonix distribution, which implements the most advanced achievements in the field of network anonymity, because, among other things, both the analyzed schemes are configured and work in it.

The previous parts are here:

Part 1: Methods of anonymity online. Just about the complicated .

Part 2: Methods of anonymity online. Data leaks .

Part 3: Methods of anonymity online. Firefox .



First, let's define some of the postulates:

1. The Tor network provides a high level of client anonymity while observing all the mandatory rules for its use. This is a fact: there were no real attacks in public on the network itself.

2. A trusted VPN (SSH) server ensures the confidentiality of the transmitted data between itself and the client.

Thus, for convenience in this article, we mean that Tor provides client anonymity, and VPN - confidentiality of transmitted data.



Tor through VPN. First VPN, then Tor.


A VPN server with such a scheme is a permanent entrance node, after which encrypted traffic is sent to the Tor network. In practice, the scheme is implemented simply: first, a connection is made to the VPN server, then a Tor browser is launched, which automatically sets up the necessary routing through the VPN tunnel.



Using such a scheme allows you to hide the very fact of using Tor from our Internet provider. We will also be closed from the entrance node of Thor, which will see the address of the VPN server. And in the case of a theoretical compromise of Tor, we will protect the VPN line, which, of course, does not store any logs.

Using a proxy instead of VPN is meaningless: without the encryption provided by the VPN, we won’t get any significant advantages in such a scheme.

')

It is worth noting that the Internet service providers invented the so-called bridges specifically for circumventing the ban on Tor.

Bridges are such Tor nodes that are not listed in the central Tor directory, that is, not visible, for example, here or here , and therefore more difficult to detect.

How to configure bridges, it is written in detail here .

Several bridges can give us the Tor site itself at .

You can also receive bridge addresses by mail by sending a letter to bridges@torproject.org or bridges@bridges.torproject.org with the text: “get bridges”. Be sure to send this email from gmail.com or yahoo.com.

In response, we will receive a letter with their addresses:

" Here are your bridge relays:

bridge 60.16.182.53:9001

bridge 87.237.118.139:444

bridge 60.63.97.221:443 »

These addresses will need to be specified in the settings of Vidalia - Tor proxy server.

Sometimes it happens that bridges are blocked. To circumvent this, the so-called “obfuscated bridges” are introduced into Tor. Without going into details, they are harder to find. To connect to them, you need, for example, download Pluggable Transports Tor Browser Bundle .



Advantages of the scheme:



Cons of the scheme:



VPN via Tor. First Tor, then VPN


In this case, the VPN server is a permanent exit to the Internet.



Such a connection scheme can be used to bypass the blocking of Tor nodes by external resources, plus it should protect our traffic from listening on the output Tor node.

There are many technical difficulties in establishing such a connection, for example, you remember that the Tor chain is updated every 10 minutes or that Tor does not miss UDP? The most viable practical implementation is the use of two virtual machines (more on this later).

It is also important to note that any output node will easily allocate the client in the general stream, since most users go to different resources, and when using such a scheme, the client always goes to the same VPN server.

Naturally, the use of conventional proxy servers after Tor does not make much sense, since traffic to the proxy is not encrypted.



Advantages of the scheme:



Cons of the scheme:



Whonix concept


There are many OS distributions whose main purpose is to ensure anonymity and protect the client on the Internet, for example, Tails and Liberte and others. However, the most technologically advanced, constantly evolving and effective solution that implements the most advanced security and anonymity equipment is the distribution kit of OS Whonix .

The distribution consists of two Debian virtual machines on VirtualBox, one of which is a gateway that sends all traffic to the Tor network, and the other is an isolated workstation that connects only to the gateway. Whonix implements the mechanism of the so-called isolating proxy server. There is also the option of physically separating the gateway and the workstation.



Since the workstation does not know its external ip-address on the Internet, this allows you to neutralize many vulnerabilities, for example, if the malware gets root access to the workstation, it will not be able to find out the real ip-address. Here is the scheme of Whonix, taken from its official website.



OS Whonix, according to developers, has successfully passed all possible tests for leaks . Even applications such as Skype, BitTorrent, Flash, Java, which are known for their ability to access the open Internet bypassing Tor, have also been successfully tested for the absence of leaks of deanonymizing data.

OS Whonix implements many useful mechanisms of anonymity, I will indicate the most important:



However, it is worth noting that Whonix OS has its drawbacks:



The Whonix project is developed separately from the Tor project and other applications that are included in it, therefore Whonix will not protect against vulnerabilities in the Tor network itself or, for example, 0-day vulnerabilities in the firewall, Iptables.



The safety of Whonix can be described as a quote from his wiki : “ And no, it’s not a problem. such . "

If you are looking for departments of "their three letters," you will be found :)



The issue of friendship between Tor and VPN is ambiguous. Disputes on the forums on this topic do not subside. I will give some of the most interesting ones:

  1. the section on Tor and VPN from the official Tor project page;
  2. Tails distribution forum section on VPN / Tor issue with Tails developers opinions. The forum itself is now closed, but Google has saved the discussion cache ;
  3. section of the forum of the Liberte distribution on the issue of VPN / Tor with the views of the developers of Liberte.

    Thanks for attention!

Source: https://habr.com/ru/post/204266/



All Articles