RTFM
andâŚ
RTFM
andâŚ
Generally speaking, we donât recommend using a VPN with Tor unless youâre an advanced user who knows how to configure both in a way that doesnât compromise your privacy.
However, you canât readily do this without using virtual machines. And youâll need to use TCP mode for the VPNs (to route through Tor). In our experience, establishing VPN connections through Tor is chancy, and requires much tweaking.
So, I think using virtual machines like Whonix which route all the traffic through Tor is safer than using Tor Browser Bundle on top of a host physical machine. There are more anonymity threats when you use Tor Browser on a host machine rather than you use virtual machine.
The main problem is that using
ISP â Tor â OpenVPN (TCP)/Proxy (Socks) â Website
scheme is very inconvenient and moreover it is very difficult to find a free of charge VPN/Proxy server which supports âdouble routingâ technology. It is better to implement Tor âexit bridgesâ approach as I suggested before. Anyway, these âexit bridgesâ should not be set up on hosting providers. Instead of it, they should be located within autonomous systems of municipal ISPs.
It canât. At least not given the current policy on publishing exit lists. That was my point. The technical part is already solved.
Yes. Even if we did away with the exit lists, and every exit had a separate exit address which was hidden from the consensus, many exits very well may still be discovered and blocked by other means. We just donât know for sure because we havenât tried it (and canât, because Tor Project doesnât allow it).
Using hidden services to replace exit nodes (aka. âexit bridgesâ) could potentially allow us to test the concept of unlisted exit addresses and see if it makes Tor more usable in the real world.
But this is the main problem which is being discussed in this thread.
Thatâs great! I have read the scientific paper about Tor exit bridges. Sounds nice.
I doubt it. Most of website administrators use DNSBL blocklists + Tor exit nodes list in order to block IP addresses which belong to hosting providers or VPN services or Tor. You can check https://dronebl.org/activity_log and you will see that 90% of all IP blocks belong to class 8, 9 or 19 (Open SOCKS proxy, Open HTTP Proxy and Abused VPN service). So, if the IP addresses are hidden from the consensus and have not been published yet, there will be no reason to put them into IP blocklists. Only published IP addresses are being blocked.
So, I guess this is the REAL reason why we still donât have Tor exit bridges.
No, itâs why regular exits canât prevent their exit addresses from being published in the exit list. Which is what you proposed originally.
Exit bridges are a whole different thing. Exit bridges arenât regular exits. From the Tor networkâs perspective, theyâre not exits at all, theyâre hidden services. Since theyâre not technically exits, their addresses arenât required to be published in the exit list.
It doesnât matter though. HebTor (the implementation described in the paper) seems to be abandoned. The domain is for sale and the browser extension is nowhere to be found.
We can use the same announcement scheme like bridges. Bridges are announced using their fingerprint hashes and nicknames but the IP addresses are still hidden from public. We can perform an announcement of Tor exit bridges the same way. Why not?
I suspect that the implementation of this would be tricky. Cataloging exit bridges would be fairly easy, unlike cataloging entry bridges since there would very few who operate as an exit bride. Their IP addresses would become known fairly quickly. How would you prevent this?
I suppose you could if you patched Tor and BridgeDB. Depending on the specifics, your patch may or may not have a chance of being accepted. Remember, Tor Project made the decision to publish exit addresses in the first place.
I think the premise here is that most site admins are importing the exits list into their block list and calling it a day. Weâre assuming most of them wonât actually go to the effort of requesting lots of exit bridges and harvesting their addresses unless they have a strong reason to.
I am one of those âpeople in those democratic nationsâ. I used to use TorBrowser for all my daily, normal, Web access (not to pirate, nor for any other illegal stuff). I do not think âItâs unnecessary and stupidly paranoidâ to use TorBrowser. I am concerned about privacy (and everyone should), trying to avoid applications from BUMMER (Behaviors of Users Modified, and Made into an Empire for Rent) companies. (GAFA and co.)
For now, while waiting for a solution, I just stopped using the TorNetwork, because is has become usable for me, for the reasons stated in the header of this thread. (And from what I gather from the comments, using a VPN doesnât seem to solve my problem either. So I use direct access now!)
I donât think this was in the inventorâs mind. And hope the TorProject will find a solution, survive, and make it usable for ânormal usersâ like meâŚ