Browse code
Created a new FAQ entry about VPNs. Fixed an anchor.
Matt Pagan authored on 12/12/2013 23:46:22
Showing 1 changed files
| ... | ... |
@@ -177,6 +177,9 @@ uses.</a></li> |
| 177 | 177 |
</a></li> |
| 178 | 178 |
<li><a href="#RemotePhysicalDeviceFingerprinting">Does Tor resist |
| 179 | 179 |
"remote physical device fingerprinting"?</a></li> |
| 180 |
+ <li><a href="#VPN">What's safer, Tor or a VPN?</a></li> |
|
| 181 |
+ <li><a href="#Proxychains">Aren't 10 proxies (proxychains) better than |
|
| 182 |
+ Tor with only 3 hops?</a></li> |
|
| 180 | 183 |
<li><a href="#AttacksOnOnionRouting">What attacks remain against onion |
| 181 | 184 |
routing?</a></li> |
| 182 | 185 |
</ul> |
| ... | ... |
@@ -3170,6 +3173,47 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage. |
| 3170 | 3173 |
|
| 3171 | 3174 |
<hr> |
| 3172 | 3175 |
|
| 3176 |
+ <a id="VPN"></a> |
|
| 3177 |
+ <h3><a class="anchor" href="#VPN">What's safer, Tor or a VPN?</a></h3> |
|
| 3178 |
+ |
|
| 3179 |
+ <p> |
|
| 3180 |
+ Some people use Virtual Private Networks (VPNs) as a privacy solution. |
|
| 3181 |
+ VPNs encrypt the traffic between the user and the VPN provider, |
|
| 3182 |
+ and they can act as a proxy between a user and an online destination. |
|
| 3183 |
+ However, VPNs have a single point of failure: the VPN provider. |
|
| 3184 |
+ A technically proficient attacker or a number of employees could |
|
| 3185 |
+ retrieve the full identity information associated with a VPN user. |
|
| 3186 |
+ It is also possible to use coercion or other means to convince a |
|
| 3187 |
+ VPN provider to reveal their users' identities. Identities can be |
|
| 3188 |
+ discovered by following a money trail (using Bitcoin does not solve |
|
| 3189 |
+ this problem because Bitcoin is not anonymous), or by persuading the |
|
| 3190 |
+ VPN provider to hand over logs. Even |
|
| 3191 |
+ if a VPN provider says they don't keep logs, users have to take their |
|
| 3192 |
+ word for it---and trust that the VPN provider won't buckle to outside |
|
| 3193 |
+ pressures that might want them to start keeping logs. |
|
| 3194 |
+ </p> |
|
| 3195 |
+ |
|
| 3196 |
+ <p> |
|
| 3197 |
+ When you use a VPN, websites can still build up a persistent profile of |
|
| 3198 |
+ your usage over time. Even though sites you visit won't automatically |
|
| 3199 |
+ get your originating IP address, they still know how to profile you |
|
| 3200 |
+ based on your browsing history. |
|
| 3201 |
+ </p> |
|
| 3202 |
+ |
|
| 3203 |
+ <p> |
|
| 3204 |
+ When you use Tor the IP address you connect to changes at most every 10 |
|
| 3205 |
+ minutes, and often more frequently than that. This makes it extremely |
|
| 3206 |
+ dificult for websites to create any sort of persistent profile of Tor |
|
| 3207 |
+ users (assuming you did not <a |
|
| 3208 |
+ href="https://torproject.org/download/download.html.en#warning">identify |
|
| 3209 |
+ yourself in other ways</a>). No one Tor relay can know enough |
|
| 3210 |
+ information to compromise any Tor user because of Tor's <a |
|
| 3211 |
+ href="https://www.torproject.org/about/overview.html.en#thesolution">encrypted |
|
| 3212 |
+ three-hop circuit</a> design. |
|
| 3213 |
+ </p> |
|
| 3214 |
+ |
|
| 3215 |
+ <hr> |
|
| 3216 |
+ |
|
| 3173 | 3217 |
<a id="Proxychains"></a> |
| 3174 | 3218 |
<h3><a class="anchor" href="#Proxychains">Aren't 10 proxies |
| 3175 | 3219 |
(proxychains) better than Tor with only 3 hops?</a></h3> |
| ... | ... |
@@ -3178,10 +3222,10 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage. |
| 3178 | 3222 |
Proxychains is a program that sends your traffic through a series of |
| 3179 | 3223 |
open web proxies that you supply before sending it on to your final |
| 3180 | 3224 |
destination. <a href="#KeyManagement">Unlike Tor</a>, proxychains |
| 3181 |
- does not encrypt the connections between each proxy. An open proxy |
|
| 3182 |
- that wanted to monitor your connection can see all the other proxy |
|
| 3225 |
+ does not encrypt the connections between each proxy server. An open proxy |
|
| 3226 |
+ that wanted to monitor your connection could see all the other proxy |
|
| 3183 | 3227 |
servers you wanted to use between itself and your final destination, |
| 3184 |
- as well as the IP address that proxy hop receives traffic from. |
|
| 3228 |
+ as well as the IP address that proxy hop received traffic from. |
|
| 3185 | 3229 |
</p> |
| 3186 | 3230 |
<p> |
| 3187 | 3231 |
Because the <a |
| ... | ... |
@@ -3192,7 +3236,7 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage. |
| 3192 | 3236 |
<p> |
| 3193 | 3237 |
While Tor relays are run by volunteers and checked periodically for |
| 3194 | 3238 |
suspicious behavior, many open proxies that can be found with a search |
| 3195 |
- engine are worm-compromised machines, misconfigured private proxies |
|
| 3239 |
+ engine are compromised machines, misconfigured private proxies |
|
| 3196 | 3240 |
not intended for public use, or honeypots set up to exploit users. |
| 3197 | 3241 |
</p> |
| 3198 | 3242 |
|