Security wise, what's the deal with using VPN through Tor? Convenience stacks up very well, you get an IP that's less likely to get blocked/captcha'd, and you avoid evil relays (provided your VPN has pre-shared-certs). But, does it open you up to a whole new world of circumventing-tor's-security-hax pain?
Also, any guides out there to accomplish this? :) On 13/10/14 19:54, coderman wrote: > On 10/13/14, Travis Biehn <[email protected]> wrote: >> ... >> Interested in update mechanisms, interdiction resilience, trusted boot, web >> / other interfaces. >> >> These devices just change and expand your threat surface. > > > back in 2007/2008 we launched the Janus Privacy Adapter devices. first > on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro > hardware. both of these had a minimal footprint, two ethernet jacks > for transparent proxy in-line, and power via USB. > > updates deployed via hidden service, or yourself via command line ssh. > > the attack surface (on device) was minimal, as the control port was > not exposed to the network, etc. > > client risk is another story, considering untrusted exit relays and > insecure protocols. for this reason we applied a number of band-aids > blocking known risky ports. this is not an effective approach, and > EPICFAIL shows how a single request not behind Tor proxy unmasks > perfectly. > > best case you would use a Tor Browser on each of the hosts behind the > privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1 > before launching) and block any other application or service from > communicating over the network. this significantly impairs > functionality, however. > > as also mentioned in the article, there have been other variations on > this theme, with more or less robust security posture on device and > for the users behind. > > many of these considerations are outlined in the transparent proxy > page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy > > > best regards, > -- Twitter: @onetruecathal, @formabiolabs Phone: +353876363185 Blog: http://indiebiotech.com miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
0x988B9099.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
