Browse code

Created a new FAQ entry about VPNs. Fixed an anchor.

Matt Pagan authored on 12/12/2013 23:46:22
Showing 1 changed files
... ...
@@ -177,6 +177,9 @@ uses.</a></li>
177 177
     </a></li>
178 178
     <li><a href="#RemotePhysicalDeviceFingerprinting">Does Tor resist 
179 179
     "remote physical device fingerprinting"?</a></li>
180
+    <li><a href="#VPN">What's safer, Tor or a VPN?</a></li>
181
+    <li><a href="#Proxychains">Aren't 10 proxies (proxychains) better than 
182
+    Tor with only 3 hops?</a></li>
180 183
     <li><a href="#AttacksOnOnionRouting">What attacks remain against onion 
181 184
     routing?</a></li>
182 185
     </ul>
... ...
@@ -3170,6 +3173,47 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage.
3170 3173
 
3171 3174
     <hr>
3172 3175
 
3176
+    <a id="VPN"></a>
3177
+    <h3><a class="anchor" href="#VPN">What's safer, Tor or a VPN?</a></h3>
3178
+    
3179
+    <p>
3180
+    Some people use Virtual Private Networks (VPNs) as a privacy solution. 
3181
+    VPNs encrypt the traffic between the user and the VPN provider, 
3182
+    and they can act as a proxy between a user and an online destination. 
3183
+    However, VPNs have a single point of failure: the VPN provider. 
3184
+    A technically proficient attacker or a number of employees could 
3185
+    retrieve the full identity information associated with a VPN user. 
3186
+    It is also possible to use coercion or other means to convince a 
3187
+    VPN provider to reveal their users' identities. Identities can be 
3188
+    discovered by following a money trail (using Bitcoin does not solve 
3189
+    this problem because Bitcoin is not anonymous), or by persuading the 
3190
+    VPN provider to hand over logs. Even 
3191
+    if a VPN provider says they don't keep logs, users have to take their 
3192
+    word for it---and trust that the VPN provider won't buckle to outside 
3193
+    pressures that might want them to start keeping logs. 
3194
+    </p>
3195
+
3196
+    <p>
3197
+    When you use a VPN, websites can still build up a persistent profile of 
3198
+    your usage over time. Even though sites you visit won't automatically 
3199
+    get your originating IP address, they still know how to profile you 
3200
+    based on your browsing history. 
3201
+    </p>
3202
+
3203
+    <p>
3204
+    When you use Tor the IP address you connect to changes at most every 10 
3205
+    minutes, and often more frequently than that. This makes it extremely 
3206
+    dificult for websites to create any sort of persistent profile of Tor 
3207
+    users (assuming you did not <a 
3208
+    href="https://torproject.org/download/download.html.en#warning">identify 
3209
+    yourself in other ways</a>). No one Tor relay can know enough 
3210
+    information to compromise any Tor user because of Tor's <a 
3211
+    href="https://www.torproject.org/about/overview.html.en#thesolution">encrypted 
3212
+    three-hop circuit</a> design.
3213
+    </p>
3214
+    
3215
+    <hr>
3216
+
3173 3217
     <a id="Proxychains"></a>
3174 3218
     <h3><a class="anchor" href="#Proxychains">Aren't 10 proxies 
3175 3219
     (proxychains) better than Tor with only 3 hops?</a></h3>
... ...
@@ -3178,10 +3222,10 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage.
3178 3222
     Proxychains is a program that sends your traffic through a series of 
3179 3223
     open web proxies that you supply before sending it on to your final 
3180 3224
     destination. <a href="#KeyManagement">Unlike Tor</a>, proxychains 
3181
-    does not encrypt the connections between each proxy. An open proxy 
3182
-    that wanted to monitor your connection can see all the other proxy 
3225
+    does not encrypt the connections between each proxy server. An open proxy 
3226
+    that wanted to monitor your connection could see all the other proxy 
3183 3227
     servers you wanted to use between itself and your final destination, 
3184
-    as well as the IP address that proxy hop receives traffic from. 
3228
+    as well as the IP address that proxy hop received traffic from. 
3185 3229
     </p>
3186 3230
     <p>
3187 3231
     Because the <a 
... ...
@@ -3192,7 +3236,7 @@ ZKS's Freedom network could) -- but maybe that's a good thing at this stage.
3192 3236
     <p>
3193 3237
     While Tor relays are run by volunteers and checked periodically for 
3194 3238
     suspicious behavior, many open proxies that can be found with a search 
3195
-    engine are worm-compromised machines, misconfigured private proxies 
3239
+    engine are compromised machines, misconfigured private proxies 
3196 3240
     not intended for public use, or honeypots set up to exploit users. 
3197 3241
     </p>
3198 3242