Advanced Privacy and Anonymity Using VMs, VPN’s, Tor – Part 3

Begin Using JonDo

Advanced Privacy and Anonymity Using VMs, VPN’s, Tor – Part 1
I acknowledge the administrators and moderators for the venue, and for their care and guidance. Example of such OS is Tails. A simple solution is routing a VPN service through Tor. You get to choose how much memory your new VM will have and you get to create a new virtual hard disk for it. The approaches described there would probably protect against non-targeted surveillance by national-scale government agencies. One can circumvent blocks by connecting through bridge relays.

What is a Virtual Machine?

Combine VPNs, Tor and Virtual Machines for Advanced Internet Anonymity

Virtual machines are also very useful when it comes to testing operating systems or running legacy software. For example, if you have software that will only work in Windows XP, you can install a virtual machine on your modern system with the right operating system.

Most people think about the information they transmit over the internet on purpose when it comes to staying anonymous. There may be background processes or programs that leak information which could be traced back to you.

Logs, update request and other dribs and drabs no one could know about. In addition to this, there is unique hardware information, such as hard-drive serial numbers and other such IDs that could be traced back to your exact identity.

There are plenty of great free virtual machine applications you can download. Setting up a virtual machine is as easy as installing the VM software and running it. You need to load an operating system. Nothing stops you from using a free operating system such as Ubuntu Linux though. All of your internet data passes through this tunnel, which means that no one who is watching your internet connection can know what you are doing. All they see is a connection between you and the VPN server.

There are many advantages to having a VPN, but in terms of privacy an anonymity it obscures your real location, hides your activity from your service provider with encryption and makes it very difficult to trace any of your internet activity back to you. Getting your own VPN is as simple as signing up for one online and making a payment. Choosing the right one is much trickier.

All VPNs have their pros and cons. Some are better for privacy than others. Performance is always an issue and the top dogs are always fighting it out with their bonus features.

If you have a VPN-capable router , you can set up your new VPN on it and all devices that connect to the internet through that router will enjoy protection. The difference is that Tor is not owned by any one company or entity.

Instead, it is made up of a worldwide network of anonymous users just like you and me. Any information you send using Tor goes through that network before it gets to its destination and vice versa.

The downside is that Tor is very slow to use, but it has provided one of the only privacy equalizers, valued equally by democratic governments and normal citizens. Getting and using Tor is pretty easy. We wrote an entire article on Tor where you can get all the important details. Each one of these three technologies have positive attributes for internet anonymity, but none of them are perfect. VPNs are excellent at keeping just about everyone out of your business. However, the VPN itself still knows everything you have been doing it, which means you have to trust them.

That protects against deanonymization through user error, misconfigured applications or malware exploits. VPN services are popular for P2P file sharing, and using them arguably attracts less unwanted attention than using Tor, except where file sharing and dissent are both forbidden. Indeed, access to the Tor network is blocked in some places. One can circumvent blocks by connecting through bridge relays. However, as bridge relays are identified and blocked, users must switch to new ones.

Given the trial and error process of using bridge relays, they do not reliably hide Tor use. It would be safest to use both VPNs and obfuscated bridges , which obfuscate Tor traffic patterns. Some sites block all Tor exits, while others block only those that appear on various blacklists.

A simple solution is routing a VPN service through Tor. VPN connections are prone to at least two types of leaks. One type involves DNS servers. Normally, after a VPN client requests a connection, the server configures the tunnel, and pushes required information to the client. It may also reveal to the ISP what domains are being accessed.

In other words, the VPN would be compromised for that user. Preventing such DNS leaks may be nontrivial. The other type of leak involves traffic bypassing the VPN tunnel to reach the Internet directly. The operating system may not properly implement changes in network routing pushed by the VPN server to direct all Internet traffic through the VPN tunnel. Or the VPN connection may fail in some way. For example, VPN servers may go offline, or VPN client software may hang or die, perhaps after intermittent network outages.

Unfortunately, OpenVPN was designed to provide secure connectivity to remote networks, but not Internet anonymity. Some VPN providers use proprietary clients that reportedly fail closed. But generally, the only reliable protections are network routing and firewall rules that restrict network connectivity to the VPN tunnel. Setting Up Secure Host Machines. Advanced networking expertise is required to securely route one VPN tunnel through another, with no leaks, on an individual machine.

However, doing that is trivial by networking virtual machines VMs that serve as gateway routers. Creating VPN connections and preventing leaks is very easy in pfSense. And unless connections are end-to-end encrypted, they can eavesdrop and carry out man-in-the-middle MITM attacks. Both VPN tunnels are encrypted. With three or more nested VPNs, information about your Internet activity would be further fragmented, and harder to compromise. However, as VPN tunnels are nested more deeply, two factors limit usability.

First, each VPN level adds ms latency, and may also restrict bandwidth. Second, overall reliability being the product of the individual VPN reliabilities is lower. A Tor client, also routed through VPN 2 , provides Internet access through a cloud of frequently changing exit IP addresses that are shared by many other users.

Each VPN tunnel in a nested chain provides some degree of separation and anonymity. How much depends on such factors as the number of concurrent users, what the service logs, and the availability of any logs to adversaries.

Tor connections arguably provide far more separation and anonymity, so your risk of association through the Tor exit cloud is far less than through the VPN 3 exits. Routing VPN 4 through the Tor connection, however, weakens anonymity. But even free VPN services, with no such linkages, weaken Tor anonymity. Tor clients plan and test numerous circuits, with diverse paths and exit relays. They normally use multiple concurrent circuits to isolate application data streams, and they change circuits frequently.

However, using a particular VPN exit for multiple pseudonyms is somewhat counterproductive, given the shared IP address. Changes in IP address can trigger account-verification requirements by some providers, such as Facebook and Google, and may even lead to blacklisting. VPNs can be routed through Tor, but that decreases anonymity. Or consider a pseudonym created using VPN 4. Using that pseudonym without Tor, even through nested VPNs, permanently associates it more closely with you.

Multiple pseudonyms should never share a workstation VM, given the risk of cross-correlation through routine tracking, malware and active attacks. One workstation VM might serve for routine online activity.

Your Answer