-1

I would love to protect my privacy online. I thought of a setup when I connect through a VPN, get a Linux VM and use VPN on that, then use just a proxy on the browser in the VM.

My computer > VPN > VM > VPN/proxy > Destination

Would this be good enough privacy?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Steve Woods
  • 134
  • 1
  • From whom do you want to remain private? – schroeder Jul 12 '18 at 12:27
  • We cannot provide product recommendations, so that question will not be answered. There are lots of options for preventing browser fingerprinting here. – schroeder Jul 12 '18 at 12:28
  • Your chain of VPNs and proxies are not clear. You might need to explain that further. Feel free to edit the chain I added to your question – schroeder Jul 12 '18 at 12:29
  • This isn't enough to go on. Does your VPN account for DNS Leak? Many do not – DotNetRussell Jul 12 '18 at 12:38
  • Potential duplicate: https://security.stackexchange.com/questions/121733/how-can-meta-data-be-used-to-identify-users-through-chained-vpns – schroeder Jul 12 '18 at 12:44
  • 1
    *"Is this __good__ privacy? ... Would this be __good enough__ privacy?"* - so do you want good or good enough privacy? And would does either of these mean exactly - protection against ISP sniffing your surfing habits, against targeted advertisement, amazon knowing your shopping behavior ... ? – Steffen Ullrich Jul 12 '18 at 13:02

1 Answers1

1

Would this be good enough privacy?

Good enough for what? To shop online? Sure. To discuss controversial topics on a forum? Absolutely. To be absolutely anonymous? Probably not. Let me clarify.

Yours is a subjective question with a very wide playing field as everyone has a different defition of "good enough", so forgive me for offering a subjective answer. I'm a professional security practitioner, so my definition must be airtight. Someone else may care about a CC MITM attack, and for them this is more than sufficient. A third person is trying to overthrow an oppressive regime and their life may be at risk for their opinion. Context is everything.

What you are describing is adequate enough protection that it becomes difficult to track you unless someone had a need (or warrant?) to. (NOTE - difficult and "impossible" are NOT synonymous!!!) The remainder of my answer is intended to show how to be as "anonymous" as possible, and not so much determine if this is "good enough." You can choose to what length you're willing to go.

You are about 75% of the way there with this solution. What I would change to go from "good enough" to "as anonymous as possible" I would encourage you to use tails for your VM (or a windows 10 fresh install for EACH USE).

Then

My computer > VPN > VM > VPN/proxy > Destination

becomes

My computer > VPN > VM (Tails) > (Tor) > Destination.

Let me clear up some smaller details as well. Generally, there's no need to use a VPN on your host machine AND your guest machine, (although it wouldn't "hurt" if you did). When you connect your host machine to a VPN, your guest will usually use this interface either by NAT or bridged adapter. There are special instances where this isn't the case, but they're rare. I would also recommend here configuring all of your IP traffic manually to go through your VPN to avoid DNS Leaks or another, unrelated service reaching outside of your VPN and exposing you.

Tor is a type of proxy service as it is, so you don't need VPN AND a proxy AND Tor necessarily. When you connect to tor, there is an option to connect to a proxy service, and this is where you want to configure it to your proxy if you'd rather use that than the standard Tor network configuration. I can say anecdotally most people I know in the Western hemisphere are better off using the built-in Tor network rather than a proxy service, but that's purely anecdotal. It comes down to trust - do you trust your proxy service more or less than a Tor exit node?

Some other, smaller tips for anonymity:

  • Don't maximize your Tor window while browsing. Ever.
  • All anonymous software is based on trust. How well do you trust your VPN log policy, proxy policy, Tor exit nodes, Tails image, etc? Make sure you research ALL of it, run your checksums when downloading info, etc.
  • Anonymity is laborious and painstaking. Security/Privacy comes at the cost of convenience. If you get sloppy, you lose anonymity.
  • Never use your VM for anything other than your anonymous private browsing, and never use anonymous private browsing without your disposable VM. Check out "browser fingerprinting" and tracking to understand better for this and the next point:
  • Don't use Tor on your "daily driver" OS. It's too tempting to just hop on without the precautions because "I won't be doing anything risky."
  • Never use your CC. Always pay it bitcoin (this is another question outside of this scope, but bitcoin can usually be tracked and is rarely truly anonymous as well - again, security costs convenience).
  • Ensure your VPN and proxy services are paid in bitcoin and registered with a fake email. Cards can be traced.
  • Where/when you set up the email and VPN, use another VPN for that because the IP in use during account creation for these 2 can also be tracked. Use a free proxy service to create fake email and VPN accounts instead.
  • True, 100% anonymity is nearly impossible because exit nodes can always be tracked. They usually are not, but they can be.
  • Protect against WebRTC leaks

EDIT: I have never used it before, but Whonix offers another secure method of anonymity. It probably deserves more than a footnote but the link is there for more reading if you choose.

SomeGuy
  • 730
  • 3
  • 18