4

I need some system to gain a high level anonymity - nobody should have the possibility to figure out my IP. I can use Tor, but I do not completely trust to it. So I have an idea for a system with high level anonymity:

My computer — VPS1 — Tor — VPS2 — Internet

I can register two Ubuntu servers - VPS1 and VPS2 (assume I do not expose my IP while registering the servers, servers and hosting service do not create logs). Then I set up a VPN between my computer and VPS1. Also I set up a VPN between VPS1 and VPS2 - this network works over Tor.

If I need to perform any actions that require anonymity - I connect to VPN (to VPS1). My traffic goes to VPS1, then to VPS2 through Tor, then to needed internet service. After the actions performed - I disconnect from VPN.

Does this system make sense? Do you have any suggestions how to improve this? What software best fits my needs? What are the main risks when setting up such a system?

forest
  • 65,613
  • 20
  • 208
  • 262
Victor Mezrin
  • 205
  • 3
  • 8
  • 1
    I think that just because you `do not completely trust` Tor doesn't mean that it leaks privacy information (lots of people trust it) or that you can do better than it. For example, it looks like your solution reduces security as all someone needs to do is trace you to VPS2. How about just running Tor over a VPN? That is likely no worse than running Tor on its own and maybe better. – Neil Smithline Aug 13 '15 at 22:58
  • 2
    How are you going to establish a VPN connection between the two VPS servers through Tor? Tor is designed for Internet traffic, so tunneling VPN traffic through it may be a challenge. – tlng05 Aug 13 '15 at 23:34
  • 1
    @tlng05 I agree with you, Tor relies on its own network so the schema the OP designed is not feasible –  Aug 14 '15 at 05:13
  • 1
    @tlng05 Tor is designed for any type of traffic. If a VPN can be established between `VPS1` and `VPS2` then a tunnel can be negotiated through a Tor circuit just fine. You just need to setup Tor correctly, and have the right routes established to push the traffic through Tor. – RoraΖ Aug 14 '15 at 13:32
  • 1
    [A related question and answer.](https://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn) – RoraΖ Aug 14 '15 at 13:35
  • @NeilSmithline I have no idea how to trace me from VPS2. VPS2 is just a VPN server that accept incoming VPN connections from the TOR network. But VPS2 can be additional barrier for someone who want to trace me. Also VPS2 hides that I use system with anonymity (exit nodes of the TOR are well known) – Victor Mezrin Aug 14 '15 at 14:27
  • @NeilSmithline I do not understand what is "Tor over a VPN" – Victor Mezrin Aug 14 '15 at 14:29
  • @raz I know it's technically doable, but don't they discourage people from sending traffic through the Tor network using anything other than the official Browser Bundle, due to the risks of information leakage from improper configuration? It sounds like OP is no longer using the Tor Browser with this setup, which I would say is quite dangerous. – tlng05 Aug 14 '15 at 14:45
  • @tlng05 It's true they highly recommend the Tor Browser due to autoconfiguration. But the only traffic they explicitly say Tor is designed for is torrents. But to say that it's *designed* for Web Browsing I believe is incorrect. – RoraΖ Aug 14 '15 at 14:56
  • @VictorMezrin - To run Tor over a VPN, choose a VPN provider that you trust ([see helpful comparison](https://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/), connect to VPN from your computer, then run Tor on that computer. If someone breaks Tor, they'll just find your VPN IP. They'll then need to break that too. Seems pretty secure to me. – Neil Smithline Aug 14 '15 at 16:17
  • @VictorMezrin - A big risk of traceability from VPS2 has to do with your establishing account and such with the provider. It doesn't matter if Tor protects your being traced from VPS2 if they can obtain your identity via account info or other. – Neil Smithline Aug 14 '15 at 16:19

3 Answers3

5

This actually decreases anonymity. If the final IP address you exit from is fixed, for example a VPN, then you lose a large amount of privacy and anonymity functionality that Tor provides via its rotating exit relays. The fixed exit IP would result in a persistent exit point. Additionally, you would be exposing your networking stack to TCP fingerprinting, rather than exposing that of the exit relay. VPNs are vulnerable to this kind of fingerprinting because they send networking packets assembled by your operating system to the destination server unchanged, revealing identifying information.

If you wish to avoid membership attribution (revealing the mere fact that you are using Tor), a VPN does not help. Tor sends traffic in bursts of 514 bytes called cells. Anyone who sees a VPN connection that is sending encrypted data in 514 byte bursts can infer that Tor is being used. If you want to hide the fact that you are using Tor, you could use pluggable transports which obfuscate the traffic between you and a bridge relay, making detection and blocking harder.

Tor is designed to be most effective when used on its own. It provides rotating exits to reduce inter-website fingerprinting. It provides persistent guards to mitigate sybil attacks. It allows the use of bridges to bypass censorship. Even ignoring the fact the VPNs in general are bad at resisting traffic analysis attacks, chaining it with any other networks can interfere with these security features.

forest
  • 65,613
  • 20
  • 208
  • 262
3

Paying for VPSs is pointless in the quest for anonymity since there is a payment trail leading back to you... Unless bitcoin is used, which is questionable at the moment.

I suggest you look at a Tor project called Tails. Its a read only, live bootable only operating system that is completely configured to route any internet access via Tor only and forgets everything when you shutdown.

forest
  • 65,613
  • 20
  • 208
  • 262
  • 1
    Exactly! The receiver of your communications would know you use VPS2, so they just need to find out who pays for the it and you are caught. This provides an additional method to deanonymize you, so it rather reduces your anonymity instead of improving it. – Philipp Aug 14 '15 at 09:27
  • 1
    Also, bitcoins are not untraceable. When you use bitcoins which you bought from a currency exchange, the blockchain tells who received the coins from a currency exchange and that currency exchange can be forced to reveal who paid them real cash for it. – Philipp Aug 14 '15 at 09:31
  • You can pass bitcoins through mixers before use it... – Victor Mezrin Aug 14 '15 at 14:07
  • 1
    @VictorMezrin Another flaw I would point out is that by using VPN2 as your "exit node", your apparent IP address (to websites) will not change; it'll always be the IP address of VPN2. Sure, it'll prevent websites from knowing you're using Tor, but it'll also allow websites to track your activity over time. If a site is able to figure out your name (if you accidentally log in, for instance), now they can permanently associate that IP with your name. With just Tor alone, you'll get a new exit node (and apparent IP) each time you use it. – tlng05 Aug 14 '15 at 14:51
  • 1
    @tlng05 I agree, it's a strong disadvantage. In case of any my accidental mistake all actions (not part of actions) will be associated with me – Victor Mezrin Aug 14 '15 at 15:03
  • @VictorMezrin Bitcoin mixers are of questionable reliability. – forest Sep 25 '18 at 06:43
  • 1
    This answer is in desperate need of an update. Specifically around suggesting BTC makes your payments anonymous . This is **harmful** advice. BTC is **not** anonymous. Even local PDs know how to trace transactions now. There are also plenty of tools which aid them in that. In addition, as mentioned by forest, bitcoin mixers at this point in time are basically useless. They might contribute a bit to more plausible deniability but they do not contribute to outright privacy increases. –  May 16 '21 at 17:09
-2

The best way to cover is indeed to bind VPN to VPN to VPN. Each VPN makes it more harder to track u down. The only way to have this done is to have servers in the middle. Personanlly I would make 3 virtual machines and let the virutal machines have diffrent VPN connections. All in my same home, in that way i tunnel my traffic through so many VPN's that it will almost be untraceable.

Adam Sitemap
  • 303
  • 2
  • 10
  • It should be noted that the VPNs have a threat model of payment. Anonymous payment methods do exist but can be quite exhaustive of time, but the payment method may be easier to deanonymise you than volumetric analysis. However, your approach is good. – safesploit Aug 05 '18 at 10:15