On 04/25/2012 04:06 PM, Low-Key² wrote: > Recently, I'd come across some chatter that suggested that connecting to a > VPN via TOR was not a good idea and, rather, the better idea was to connect > to a VPN that then used Tor. I've not found any articles on the net that > really discuss this issue. My concern stems from more of a curiosity due to > an encrypted private web proxy I used to run for foreign activists. While > the proxy would have appeared entirely benign to anyone in their regime, a > number used Tor to connect to it. My larger question is, if there is a > security concern for using Tor to connect to a VPN which then connects to the > internet, would the same concerns apply to people who use Tor to connect to > an encrypted web proxy? Thanks in advance for any replies.
I think the main issue is that user needs to authenthicate to the VPN, so no matter where they came from via Tor, they are identifiable. That is true even if the credentials are shared, in that case it's known that the individual connecting via the VPN must be from a small group. On the other hand, if your goal is to hide location instead of identity from the VPN, connecting via Tor _might_ do the trick. I'm saying _might_, since some data inside the protocols transmitted over the VPN could contain your real IP or other identifying information (depends on the protocol(s) used inside VPN). In the case of the encrypted proxy the attacker might know that it's some group of people you gave access credentials to. So it depends on what the attacker can learn - e.g. the attacker will retrieve your name from whois and might attempt to find out from your communication which individuals belong to that group or attempt to compromise the proxy and view logs. Ondrej _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
