mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git
synced 2025-07-02 11:56:40 +00:00
updated
This commit is contained in:
nihilist
parent
dd3f5de9d8
commit
9e2e5b4608
6 changed files with 81 additions and 59 deletions
|
|
@ -117,67 +117,11 @@ you -> VPN -> Tor -> VPN -> service
|
|||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Use DAITA when trying to use VPNs for Anonymity</b></h2> </br> </br>
|
||||
<p>When trying to use VPNs for anonymity, take note that we need to prevent traffic correlation as much as possible, hence we want to protect against AI-guided traffic analysis, <b>in order to make sure our VPN traffic looks the same as with other users.</b> To do so we enable DAITA (Defense Against AI-guided traffic analysis) in the mullvad VPN:</p>
|
||||
<img src="18.png" style="width:250px;">
|
||||
<img src="19.png" style="width:250px;">
|
||||
<img src="20.png" style="width:250px;">
|
||||
<img src="21.png" style="width:250px;">
|
||||
<p>Once enabled this will prevent an adversary watching connections to and from a VPN server to figure out which VPN user (that is currently using a VPN server) is visiting which website, based on the packet size and traffic patterns. (see <a href="https://mullvad.net/en/vpn/daita">this article</a> for more details on how DAITA works)</p>
|
||||
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>First Goal: Accessing websites that block Tor</b></h2> </br> </br>
|
||||
<p>Great, you found out about Tor, you want to be anonymous while browsing the web, and now you start to use your favorite centralised services (google, youtube for example) <b>but you realize that they don't allow you to use their service while you use tor!</b></p>
|
||||
<img src="1.png" class="imgRz">
|
||||
<pre><code class="nim">
|
||||
You -> Tor -> Destination
|
||||
|
||||
</pre></code>
|
||||
<p>Keep in mind that <a href="https://metrics.torproject.org/rs.html#search/flag:exit">Tor exit nodes are all public</a>, it's easy for website administrators to block Tor exit nodes IPs by blocking their public IPs directly. So you can expect popular services that are openly hostile to both anonymity and privacy to block Tor traffic. </p>
|
||||
<p>So the constraint here is to access the service <b>without showing up as a tor exit node IP from their end.</b></p>
|
||||
<p>To get around that problem, the idea is to force a VPN to connect through Tor (VPN through Tor Setup):</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<pre><code class="nim">
|
||||
You -> Tor -> VPN -> Destination
|
||||
|
||||
</pre></code>
|
||||
<p>That way, we have the following result:</p>
|
||||
<ol>
|
||||
<li><p>Your ISP only sees Tor traffic</p></li>
|
||||
<li><p>The VPN provider does not know who's using their infrastructure</p></li>
|
||||
<li><p>The website administrators of popular services think you are using their service using a simple VPN</p></li>
|
||||
</ol>
|
||||
<p>A constraint here of course is to acquire the VPN connection anonymously, to do so we only use Tor and Monero as explained in my tutorial on <a href="../anonymity/index.html">Anonymity Management</a>:</p>
|
||||
<img src="6.png" class="imgRz">
|
||||
<p>If the popular service does not block VPNs, you're good to keep using their service while still maintaining Anonymity.</p>
|
||||
<p>/!\ Be warned that this setup takes into account that you're properly segmenting your <a href="../internetsegmentation/index.html">Internet Usage</a>, because initially when you use this setup (you -> tor -> VPN), you may be anonymous, but <b>depending on your usage over time, you are increasingly more likely to be deanonymized if you are improperly segmenting your internet usage.</b> (see details on <a href="../opsec/index.html">OPSEC</a> for more details)</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
|
||||
<!-- +++++ Second Post +++++ -->
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Second Goal: Hiding Tor usage from your ISP</b></h2> </br> </br>
|
||||
<h2><b>First Goal: Hiding Tor usage from your ISP</b></h2> </br> </br>
|
||||
<p>Another scenario is when you need to hide the fact that you're using Tor from your ISP, we have the following setup which is useful to prevent <a href="https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax">Tor usage correlation</a>.</p>
|
||||
<img src="5.png" class="imgRz">
|
||||
<pre><code class="nim">
|
||||
|
|
@ -190,14 +134,66 @@ You -> VPN -> Tor -> Destination
|
|||
|
||||
<p><u>DISCLAIMER ON VPNs:</u> Keep in mind that if you choose to use a VPN anyway, you must conduct a strict VPN selection, see <a href="https://www.privacyguides.org/en/vpn/">Privacy Guides' Recommendations</a> on that topic, out of which i recommend <a href="https://kycnot.me/service/Mullvad">Mullvad</a> because they accept Monero without any KYC.</p>
|
||||
|
||||
<p>By first connecting to a VPN instead of Tor, your isp can't easily tell that you are connecting to Tor, since you're not connecting to Tor nodes directly anymore. <b>However since Tor traffic is uniquely recognizeable even when hiding it behind a VPN, thanks to AI-assisted traffic observation</b>, we need to defend against that too:</p>
|
||||
|
||||
<p>When trying to use VPNs for anonymity, take note that we need to prevent traffic correlation as much as possible, hence we want to protect against AI-guided traffic analysis, <b>in order to make sure our VPN traffic patterns do not look like Tor traffic, in order to blend in with the other VPN users.</b> To do so we enable DAITA (Defense Against AI-guided traffic analysis) in the mullvad VPN:</p>
|
||||
<img src="18.png" style="width:250px;">
|
||||
<img src="19.png" style="width:250px;">
|
||||
<img src="20.png" style="width:250px;">
|
||||
<img src="21.png" style="width:250px;">
|
||||
<p>Once enabled this will prevent an adversary watching connections to and from a VPN server to figure out which VPN user (that is currently using a VPN server) is visiting which website, based on the packet size and traffic patterns. (see <a href="https://mullvad.net/en/vpn/daita">this article</a> for more details on how DAITA works)</p>
|
||||
|
||||
<p>And that's it! Now your traffic doesnt contact Tor nodes directly thanks to connecting to a VPN beforehand, nor does it look like Tor traffic either thanks to using DAITA.</p>
|
||||
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
|
||||
|
||||
<!-- +++++ Second Post +++++ -->
|
||||
<div id="anon1">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Second Goal: Accessing websites that block Tor</b></h2> </br> </br>
|
||||
<p>Great, you found out about Tor, you want to be anonymous while browsing the web, and now you start to use your favorite centralised services (google, youtube for example) <b>but you realize that they don't allow you to use their service while you use Tor!</b></p>
|
||||
<img src="1.png" class="imgRz">
|
||||
<pre><code class="nim">
|
||||
You -> Tor -> Destination
|
||||
|
||||
</pre></code>
|
||||
<p>Keep in mind that <a href="https://metrics.torproject.org/rs.html#search/flag:exit">Tor exit nodes are all public</a>, it's easy for website administrators to block Tor exit nodes IPs by blocking their public IPs directly. So you can expect popular services that are openly hostile to both anonymity and privacy to block Tor traffic. </p>
|
||||
<p>So the constraint here is to access the service <b>without showing up as a tor exit node IP from their end.</b></p>
|
||||
<p>To get around that problem, the idea is to force a VPN to connect through Tor (VPN through Tor Setup):</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<p><u>Disclaimer:</u> <b>Do not use this setup for any other reason than to access websites that try to block Tor</b>, this is a very niche setup, it is not to be used for the rest of your Anonymous online activities!</p>
|
||||
<pre><code class="nim">
|
||||
You -> Tor -> VPN -> Destination
|
||||
|
||||
</pre></code>
|
||||
<p>That way, we have the following result:</p>
|
||||
<ol>
|
||||
<li><p>Your ISP only sees Tor traffic</p></li>
|
||||
<li><p>The VPN provider does not know who's using their infrastructure</p></li>
|
||||
<li><p>The website administrators of popular services think you are using their service using a simple VPN</p></li>
|
||||
</ol>
|
||||
<p>A constraint here of course is to acquire the VPN connection anonymously, to do so we only use Tor and Monero as explained in my tutorial on what to do when <a href="../whentorisblocked/index.html">Websites block Tor</a>:</p>
|
||||
<img src="6.png" class="imgRz">
|
||||
<p>If the popular service does not block VPNs, you're good to keep using their service while still maintaining Anonymity.</p>
|
||||
<p>/!\ Be warned that this setup takes into account that you're properly segmenting your <a href="../internetsegmentation/index.html">Internet Usage</a>, because initially when you use this setup (you -> tor -> VPN), you may be anonymous, but <b>depending on your usage over time, you are increasingly more likely to be deanonymized if you are improperly segmenting your internet usage.</b> (see details on <a href="../opsec/index.html">OPSEC</a> for more details)</p>
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
</div><!-- /white -->
|
||||
<div id="anon2">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Third Goal: Hiding Tor usage (For Heavily Censored Countries)</b></h2> </br> </br>
|
||||
<p>A popular scenario people encounter, especially in <a href="https://rsf.org/en/index">heavily censored countries</a> (the prime example being <a href="https://iv.nowhere.moe/watch?v=QBp6opkcxoc">China with their "Great Firewall"</a>), is that the state blocks all VPN connections, on top of making them illegal.</p>
|
||||
<p><b>Citizens don't want their ISP to know that they are using the Tor network. Because otherwise they would be prosecuted for simply using the technology.</b> </p>
|
||||
|
|
@ -212,7 +208,7 @@ Several countries, including China and Iran, have found ways to detect and block
|
|||
<p><u>WARNING:</u> be aware that this setup may provide transient censorship circumvention, but <b>it does not protect against the threat where an adversary finds out, let's say 5 months later, that you connected to a tor bridge node in the past, and may prosecute you for it.</b> This scenario is to be considered only when <b>all VPNs are blocked or illegal in your country.</b></p>
|
||||
<p>Personally, if i were to live in a heavily censored country like china, i wouldn't try to be anonymous online, <b>to avoid the risk of being prosecuted for just using the technology</b>, as the risks are too high there.</p>
|
||||
<img src="4.png" class="imgRz">
|
||||
<p>Using this setup allows you to use the Tor network even if your government doesn't allow it, <b>but again, you run the risk that they find out later on, that you used tor in the past.</b></p>
|
||||
<p>Using this setup allows you to use the Tor network even if your government doesn't allow it, <b>but again, you run the risk that they find out later on, that you used tor in the past.</b> For a long-term way of accessing Tor from heavily-censored countries, check out the tutorial on how to use <a href="../v2ray/index.html">v2ray</a>.</p>
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue