13

Similar question (Tor and VPN only).

All these three technologies seem to share the same goal, i.e. making internet traffic anonymous. Does it make any sense to try to use them together to increase security? Or, as BrunoMCBraga pointed out in a different thread (see link above), "a security chain is as secure as its weakest link"?

Edgar Derby
  • 231
  • 1
  • 2
  • 3
  • 2
    Possible duplicate of [Is using Tor and VPN combination more secure?](http://security.stackexchange.com/questions/101809/is-using-tor-and-vpn-combination-more-secure) – ThoriumBR Oct 27 '15 at 12:12
  • 4
    I literally quoted that thread in my question... The two questions are different for multiple reasons, not last the fact I am asking about ProxyChains too. – Edgar Derby Oct 28 '15 at 14:36

2 Answers2

10

In theory yes, In practice maybe not but also yes at the same time.

If you were to use VPN and a Tor network you remove one of the security layers in the Tor network. tor uses relays and your path changes every time you use Tor by using a VPN you would be using the same end point (assuming you went Tor -> VPN)

If you went VPN -> Tor, You would encrypt all of your traffic to your start point (The VPN Out interface) and then the Tor network would take over, the issue here comes with the VPN service its self, they could very easily see you are using the Tor network, this would be your weak spot you want to be under the radar with everything.

To make it secure you would need to buy an anonymous VPN and pay for it in bitcoins after rolling your bitcoins via a tumbler (depending how you obtain the bit coins will determine your weak spot in the chain, but the tumbler should fix most of that issue). To also secure the purchase make bitcoin transactions and VPN transaction VIA Tor.

then once you have the anonymous VPN you would not want to connect to your VPN from your home address (though anonymous VPNs hold no data so technically you shouldn't be able to be traced from your home address). then once connected to the VPN you can use the Tor network that way.

Personally I wouldn't use proxy chains it would become pointless seeing as you are using Tor also proxy chains leave behind clues on your machine (they like to leave behind messages about how they connected to the proxy chains). also it really makes the process slow for very little benefit.

To summarise:

Using a VPN creates an issue with its self as to obtain the VPN you would use personal information. though any extra security would be nice as you mentioned the chain is only as strong as its weakest link. The VPN would be the weakest link with personal information following you back (using a free VPN would end up in records being kept of your activities).

Keeping data private is not the issue here, its keeping the data disassociated from the owner. 01/01/1970 is someones birthdate, asking someones birthday can be a security question...sadly I don't know who this birthday belongs to, following?

forest
  • 64,616
  • 20
  • 206
  • 257
TheHidden
  • 4,265
  • 3
  • 21
  • 40
5

It is difficult to say definitively which is more secure or anonymous, especially without knowing who your adversaries are (global/local, active/passive, etc.). But, here are some considerations:

  • Extra proxies provide mimimal extra security: Adding additional proxies to your chain provides minimal extra security given that the attacks against Tor generally involve endpoint correlation which can be performed just the same when a VPN and proxychains is involved.
  • Fingerprintable behavior: Consistently connecting to other proxies when exiting the Tor network might be a fingerprintable behavior, especially if you regularly use a small number of proxies. If it ever became possible to identify one of your connections, it then becomes possible to identify you as the source of all past and future connections using the same configuration.
  • Proxychains is not encrypted: Also, the Tor FAQ mentions that proxychains does not provide encryption over the connections, which could open you to more surveillance if the proxy operators are not trustworthy or if they are under scrutiny by a government agency, etc.
Austin Hartzheim
  • 1,581
  • 11
  • 15