Source
The Tin Hat ... lol https://thetinhat.com/tutorials/darknets/tor-vpn.html TOR vs VPN | WHICH TO USE Tor & VPN described as often conflated -- but Tor & VPN are different -- which is more suitable depends on context Essentially:
Tor: for activists & 'secret squirrels' / not for video downloads
[caution: not bullet-proof]
vs
VPN: for (not vital) everyday anonymity / good for downloads
VPNs -- take connection -- encrypt connection -- pass connection through server -- contact goes via VPN server to connection site sought -- ie: it provides encryption & diversion of your online traffic
A.
-- what you are doing & who you are connecting with not visible-- eg. public wifi: those watching get jumbled info sent to random server -- same applies to Internet Service Provider (ISP) B. -- site visited does not know your geolocation (privacy enhanced) -- this permits by-passing geographic restrictions on services Note: * what you do through VPN is know by operator of the VPN * VPN services claim not to log activity but this is only a representation that may be dishonoured * eg. if VPN provider is issued with a court order for info on your activities * VPN provider would likely find some way to link your activity back to you * So: VPN = good for low risk situations * BUT not so good for anonymity against a state actor Tor Browser -- works differently -- instead of connecting directly to server -- your connection is encrypted, bounced around x3 servers ('relays' or 'nodes') -- before being decrypted & sent to destination -- FIRST SERVER - knows your location -- SECOND SERVER - only knows data from FIRST SERVER -- THIRD SERVER - only knows that data from SECOND SERVER -- anonymity is provided as the third server cannot know origin of data -- majority of Tor servers not 'malicious' (do not log activity) -- nearly impossible to associate end-data of chain to origin -- very effective / takes significant state actor effort to de-anonymise -- bonus: encryption by Tor to prevent - eg. ISP from seeing your traffic -- caution: decryption at last server ('exit relay') = point of vulnerability -- it is at this point your data can be spied upon -- therefore regular HTTP unencrypted connection relay of data (a no-no) -- can be read in its entirety at the exit relay by the operator of the exit relay -- however, using an add-on like HTTPS-Everywhere -- equals safely encrypted data -- with HTTPS even malicious server could not de-anonymise * unless content contains personal info (email, name, address, etc) COMMENT: I'm confused. If HTTPS is supposed to be an encryption add-on -- how can a malicious server de-anonymise if personal data is included -- if encryption is supposed to be in place? -- makes no sense to me: that's not encryption TOR - HIGHER SECURITY PRIVACY BROWSING ANONYMITY vs SPEED -- much slower than VPN -- but far better re anonymity -- avoid watching videos or downloading torrents -- bad for entire network & extremely slow -- best for high level anonymity needs -- eg. high threat levels = law enforcement scenarios -- journalists dealing w. sensitive sources, whistleblowers, political activists -- those living under oppressive state surveillance etc [comment: all of us under US empire mass surveillance oppression ... LOL] -- use Tor if adversary is "more dangerous than a DMCA complaint" (copyright) -- promises provided by VPN companies = not enough. Use Tor. -- *do not treat Tor as if it were bullet-proof -- with enough time, de-anonymization is possible by agencies such eg. NSA -- using Tor = best bet, unless you are an NSA high-value target -- using tor for low bandwidth static sites helps 'populate' the Tor traffic -- & providing cover for those who need Tor for vital reasons -- note: Tor is only an ANONYMITY TOOL -- without operational security (see OPSEC), anonymity tools rendered useless -- watch bad habits - can reveal ID to the motivated adversary -- keep torrenting to VPN -- VPN - EVERYDAY BROWSING PRIVACY -- VPN good for low-risk/bandwidth-heavy purposes -- VPN's are good for VIDEOS & TORRENTS task OPSEC -- operational security https://grugq.github.io/ The Grugq -- teach operational security (OPSEC) -- ie good security habits http://grugq.tumblr.com/ Source: The Tin Hat https://thetinhat.com/tutorials/darknets/tor-vpn.html |
TOKYO MASTER BANNER
MINISTRY OF TOKYO
|
Showing posts with label OpSec. Show all posts
Showing posts with label OpSec. Show all posts
April 01, 2016
TOR vs VPN | WHICH TO USE
Subscribe to:
Posts (Atom)