mirror of
https://github.com/privacyguides/privacyguides.org
synced 2024-11-10 21:23:41 +01:00
Add additional links (#277)
This commit is contained in:
parent
910ed48c3f
commit
bd26a94321
@ -180,7 +180,7 @@ breadcrumb: "VPN"
|
||||
<p>In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like <a href="https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf">SSL Strip</a>.</p>
|
||||
<h4>Should I use encrypted DNS with a VPN?</h4>
|
||||
<p>Unless your VPN provider hosts the encrypted DNS servers, <strong>no</strong>. Using DOH/DOT (or any other form of encrypted DNS) with third party servers will simply add more entities to trust, and does <strong>absolutely nothing</strong> to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.</p>
|
||||
<p>A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for TLS certificates with <strong>HTTPS</strong> and warn you about it. If you are not using <strong>HTTPS</strong>, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.</p>
|
||||
<p>A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates">TLS certificates</a> with <strong>HTTPS</strong> and warn you about it. If you are not using <strong>HTTPS</strong>, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.</p>
|
||||
<p>Needless to say, <strong>you shouldn't use encrypted DNS with Tor</strong>. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you.</p>
|
||||
<h3>What if I need anonymity?</h3>
|
||||
</div>
|
||||
@ -188,9 +188,9 @@ breadcrumb: "VPN"
|
||||
<h3>Should I use Tor <em>and</em> a VPN?</h3>
|
||||
<p>By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. <a href="https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required">Read more about Tor bridges and why using a VPN is not necessary</a>.</p>
|
||||
<h3>What if I need anonymity?</h3>
|
||||
<p>VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use <a href="https://www.torproject.org/">Tor instead</a>.</p>
|
||||
<p>VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use <a href="https://www.torproject.org/">Tor</a> instead.</p>
|
||||
<h3>What about VPN providers that provides Tor nodes?</h3>
|
||||
<p>Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the <a href="https://en.wikipedia.org/wiki/Transmission_Control_Protocol">TCP</a> protocol. <a href="https://en.wikipedia.org/wiki/User_Datagram_Protocol">UDP</a> (used in WebRTC for voice and video sharing, the new http3/QUIC protocol, etc), <a href="https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol">ICMP</a> and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with <a href="https://protonvpn.com/support/tor-vpn/">ProtonVPN</a>. Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as <a href="https://www.whonix.org/wiki/Stream_Isolation">Isolated Destination Address</a> (using a different Tor circuit for every domain you visit).</p>
|
||||
<p>Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the <a href="https://en.wikipedia.org/wiki/Transmission_Control_Protocol">TCP</a> protocol. <a href="https://en.wikipedia.org/wiki/User_Datagram_Protocol">UDP</a> (used in <a href="https://en.wikipedia.org/wiki/WebRTC">WebRTC</a> for voice and video sharing, the new <a href="https://en.wikipedia.org/wiki/HTTP/3">http3/QUIC</a> protocol, etc), <a href="https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol">ICMP</a> and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with <a href="https://protonvpn.com/support/tor-vpn/">ProtonVPN</a>. Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as <a href="https://www.whonix.org/wiki/Stream_Isolation">Isolated Destination Address</a> (using a different Tor circuit for every domain you visit).</p>
|
||||
<p>Thus, this feature should be viewed as a convenient way to access the Tor Network, not to stay annonymous. For true anonimity, use the Tor Browser Bundle, TorSocks, or a Tor gateway.</p>
|
||||
<h3>When are VPNs useful?</h3>
|
||||
<p>A VPN may still be useful to you in a variety of scenarios, such as:</p>
|
||||
|
Loading…
Reference in New Issue
Block a user