where has this come from? why does everyone seem to think that using a bridge and no vpn is the most secure option?
is this in a bible or tutorial somewhere? does tails instruct you to do it?
is getting wireguard working on tails hard?
im asking this because it's all wrong. bridges are weakening your anonymity.
i don't know if everyone is repeating some idiot's word as gospel or if this is a deliberately planted idea by feds to get people to make bad decisions?
when you are using tails does tor's data directory end up in persistent storage?
we need to get some answers to these questions, come to a consensus on what is actually the best setup and then spread the word because from what i'm seeing here - people are following bad practices.
/u/Dom0day · N/A votes · 26th April, 2023 - 03:15 · Link
You've made several claims that have already been debunked by many Whonix/Tor developers, myself included. I don't have the time to dive into each one right now and even if I did I don't wanna spend an entire evening debunking already debunked misconception.⚠️ Studies have found that using bridges can help get around censorship. However, contrary to what you may believe, it's generally impossible to completely conceal the use of Tor even if you're using a Bridge, VPN or SSH. I would urge you to consider learning how Tor architecture works instead of pasting ChatGPT's answers.
/u/occasionalbender · N/A votes · 22nd April, 2023 - 15:19 · Link
good questions, upvoting for visibility.
/u/Paris · N/A votes · 22nd April, 2023 - 16:32 · Link
Bridges are designed for censorship avoidance not an extra layer of privacy. When you use a regular bridge it will replace and act as your guard (except if you use meek transport). Bridges are just guard relays which are not published on the Tor network's main descriptor. You provide the information to your Tor process about where to find them and how to communicate. Bridges are like a VPN to avoid your ISP from restricting your connection to Tor relays. Generally speaking, if possible, the best and most secure option is the default option. You want to look like any other Tor user. More chains doesn't equal more privacy. It means more points of compromise. A VPN on your system will gather a lot of extra information that Tor bridges simply wouldn't have. Just due to your OS and other applications running on your system sending network traffic. Bridges are only used for the Tor network traffic which means less information is sent to them overall. Tor's anonymity is strong by default. It's not bulletproof but for the vast majority of people using it, it's good enough just using the default behavior.
/u/spacelasers · N/A votes · 22nd April, 2023 - 17:04 · Link
agreed, but a vpn is just taking all the data that an isp can access and moving it to the vpn provider instead. the vpn provider is almost always more privacy respecting than the isp so why wouldn't you want to use one? take the "recent" real world attack on tor as an example where a bad rend point was encoding the onion name in the cells via a side channel and then a bad guard could read out the onion name from this side channel. that was a real world attack performed by irresponsible security researchers but it could have been any other alphabet agency doing it. the result of that attack was that if you had a bad guard, then every time you connect to an onion service there was a chance the guard would be notified which service you connected to. in that **real world attack** that actually took place on the live tor network - it was known exactly what onion your home ip address connected to. nearly every single attack on clients comes in the form of misbehavior from the first node so why give them your real ip when you can give them an ip shared by hundreds of others that is a pain in the ass to deanonymize. edit: i must be remembering the details incorrectly rend point doesn't have any info on the service, just gets a cookie from the client to link the circuits. maybe it was the intro point but i'm sure you remember the one im talking about. it was the one they planned to present at a conference but backed out when they realized how irresponsible what they did was.
/u/Exalted · N/A votes · 23rd April, 2023 - 02:28 · Link
while using a VPN your ISP is going to stop collecting your data because... you think they should? Really makes no sense. You're adding another person to collect your information.
/u/spacelasers · N/A votes · 24th April, 2023 - 11:35 · Link
while using a vpn your isp can't collect anything useful. all they see is a single stream of encrypted udp packets.
/u/Exalted · N/A votes · 24th April, 2023 - 21:37 · Link
then by that same logic by using Tor your ISP shouldn't be able to collect anything useful, which is true. so your VPN is pointless.
/u/spacelasers · N/A votes · 25th April, 2023 - 10:48 · Link
you don't seem to want to understand. https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016 - required communication service providers (CSPs) to retain British internet users' "Internet connection records" – which websites were visited but not the particular pages and not the full browsing history – for one year; - allowed police, intelligence officers and other government department managers (listed below) to see the Internet connection records, as part of a targeted and filtered investigation, without a warrant; - placed a legal obligation on CSPs to assist with targeted interception of data, and communications and equipment interference in relation to an investigation; foreign companies are not required to engage in bulk collection of data or communications; https://en.wikipedia.org/wiki/Collection_of_Internet_Connection_Records As of March 2021, collection of Internet Connection Records is being secretly trialled by two major British ISPs as part of a technical trial for mass surveillance under the Investigatory Powers Act 2016. The Home Office and National Crime Agency are also participating in the trial. "Internet Connection Records" is a generic term for metadata records of UK Internet users' Internet access patterns. Data collected may include who they are, what sites they connected to and when, and what quantity of data was transferred, but does not include the data content of the transmissions. While the participants have been kept secret, the existence of the trial has been confirmed by the Investigatory Powers Commissioner’s Office. in case you can't read, internet service providers in the uk are required by law to keep every single citizen's connections records for a minimum of 1 year and upon request are required to assist with targeted interception of data. connections records means timestamps, ip addresses, dns records, and non-granular volume information. that is collected for every citizen and is enough for them to identify who uses tor, how often and at what times. then the second part allows them to pick specific individuals and get a pcap delivered every x hours with all your traffic - that would be the nail in the coffin for them to perform website fingerprinting or activity correlation which would give them an actual warrant to come take a look at your devices. if you don't think that this is going to be used to target tor users then you are plain stupid. bonus retard points if you don't think america are already further ahead in implementing something similar. the reason i advocate for a vpn is that the connection records metadata becomes absolutely useless when you use one, even a fucking pcap would be useless if you had a youtube video running in the background while browsing tor. they won't be able to tell the difference between you using a vpn to browse wikipedia or dread, and more than enough people use vpns that it isn't in the slightest grounds for suspicion.
/u/Exalted · N/A votes · 26th April, 2023 - 23:53 · Link
even a fucking pcap would be useless if you had a youtube video running in the background while browsing tor. nothing more to say really, keep doing what you're doing.
/u/spacelasers · N/A votes · 29th April, 2023 - 16:47 · Link
lol if you disagree speak your mind