Stop Using Tor With VPNs
Vložit
- čas přidán 15. 10. 2023
- In this video I discuss whether or not you should use a VPN before connecting to Tor and why this isn't a good idea in most situations.
My merch is available at
based.win/
Subscribe to me on Odysee.com
odysee.com/@AlphaNerd:8
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF - Věda a technologie
some people are asking me about Orbot in VPN mode. Using Orbot does NOT connect you to a VPN separate from the Tor network, it treats the Tor network like a VPN in the sense that it routes all traffic through Tor (Browser, message apps, games, etc) like a VPN app would, very similar to how TAILSOS routes all of its traffic through Tor.
Hey, what are your thoughts on Invidious?
How many times NordVPN got hacked?
I thought Orbot was considered a honeypot or some such these days??
Network Chuck? More like Fedwork Chuck, amirite u guys?
Iam behind 7 proxies iam protected
Mullvad stores nothing about you. They were raided recently on a warrant for customer information - any and all information about a specific customer - and they could not turn over anything and Swedish police walked away with nothing. If Swedish law ever changes to where they cannot operate like this, they will either move their HQ or shut down. They are extremely principled. If they are ever served with legal documents authorizing active/live wiretap that are enforceable in a country where a given server is, they will simply shut the targeted server down.
Is this actually the ultimate honeypot
@@49531they've been in buisness for a long time now, either they're really commited (honeypots usually aren't (as far as we know)) or they aren't honeypots
They also now run everything in RAM officially
@@49531 Tor is, it was compromised in 2013 in preparation for Operation Onymous. The download had all the security settings set to low by default when previously they were high and for months when security settings were changed to high, scripts were running on every site to assist law enforcement.
I even downloaded a exe from the site that contained a profiler trojan, but tor project ignored complaints.
Many exit nodes are compromised.
Don't use a VPN, they provide all your data to law enforcement and manipulate it. The reason people use a VPN and Tor is because they connect to a bridge to hide what they are doing.
Tor is not secure, not private and you can be uncovered at any time. Remember the DEFCON talk that was going to show how this worked - it was pulled and they went quiet.
VPNs might not directly log, but hosts that own equipment have to by law.
I recently found WeVPN was a honeypot, they vanished once people realised and the police operation was shut down. One server was on a UK police IP. If you connected in to Manchester, UK, the police were watching.
Some say these Encryption In transit email services like Proton are honeypots.
@@49531 Imagine.... - Hopefully not
Chuck has a history of advertising stuff in the guise of ‘tutorials’.
Yeah, I've been thinking the same thing. It was just a one big VPN provider commercial masquerading as a tutorial.
I can't stand that soft spoken shill.
Almost every video is "And to do that, we'll be using our sponsor..." and then some service that collects all of your data
@@danielrobinson3654For real, thats why I stopped watching him. Also he doesn't really care about questions on his comment section at all. His Instagram OSINT video has millions of views, but Osintgram doens't work anymore, because the author didn't update it and lots of people don't understand that. I tried to tell them and got blocked from his channel. He could atleast like make a pinned comment or something where he tells, that the video isn't up to date.
You know that production quality doesn't come for free, right? I don't blame people for wanting to make money by legitimate means. Some of his sponsors are genuinely useful.
the folding table in the back really adds to the atmosphere of this whole video
Correction: The entry node is a "guard node" which is selected from a limited, mostly unchanging list. The idea is that if even if you roll the dice over and over and eventually get two bad nodes, those nodes that never change will keep you safe.
That doesn't actually sound safer.
If you want to track tor connections and all of them route through a smaller list of nodes that doesn't often change that's the first target.
Is there more to the system? It sounds like it's just "trust me bro"
@@DERADI30 You have a point, I would assume that small group of nodes are from trusted sources and probably some other characteristics which would make it less susceptible to spying, but then again if one of those trusted nodes get breached, this would probably eventually get discovered and it would no longer be a trusted node, but until that happens you still have 2 other relays which are very very likely to not be controlled by mutual organisations which keeps it relatively safe, but it still all comes down to chance really
And by trust I don't mean each node has an assigned reputation because that would definitely make it an easy target but rather I would guess it comes down to heuristics on volunteer nodes.
@@jp46614 It would be concern from privacy point of view, but TOR is based on theory of "you can't trust ANYTHING at all". Your connection to between each node is encrypted with different encryption and only 1st node you connect to, knows your real IP or what comes from your computer. This means every node past first node, knows only from which node this traffic came from and what is next destination, if someone tries to track you from one of those never changing nodes, they would have to know what traffic from which source out of thousands of others they would have to follow.
More simply, even if someone tries to trace you from the first node your connection is going to, they would have to know at least the country you are at, ISP you are using and public IP address your computer is using, since they would have to screen through hundreds if not thousands of different connections coming all over the world at the same time, unless you are using something like a VPN to raise eyebrows, won't reveal anything other than you are just 1 among many people who use TOR.
Now even TOR isn't able to keep you 100% anonymous, I'm pretty sure there are ways to trace TOR users, it's just extremely resource and time consuming, so unless you do something that puts you under someones radar in the first place, your traffic is seen just like any traffic, regular encrypted traffic and hardly worth the time and effort to look into that deeply.
@@jp46614 Here: www-users.cse.umn.edu/~hoppernj/single_guard.pdf
Guard Node: Sees your IPS's IP address, not the content requested
Middle Node: Can't see shit, just moves traffic from Guard to Exit
Exit Node: Sees your requested content, cannot see who you are
Network Chuck has never mastered the "pullout framework" - dude has like 7 kids.
💀😭
Good for him, honestly
@@zaremol2779 I mean if he can afford it then - sure.
It’s cuz he’s crazy religious
He's weirdly religious, so yeah, condoms are evil, etc. It's the reason I don't support his channel.
Amazing video. No commercial bs and technically accurate. Just gained a subscriber. Keep it coming. Kudos from Panama.
as some one who lived in china for years at one point - VPNs not government approved are very popular. you usually have to have 3/4 of them since one or two might get blocked one day then come back the next while the other 2 are blocked another day, its like cat and mouse with the government and the vpn companies but the vpns always get through, either in a few days or a competitor does. hence why i had a subscription to 4 of them when i lived there.
Won't the government ever chase after the people there? Or are the VPNs located outside mainland china?
Im laughing at the image of the CCP playing whack-a-mole with VPN companies.
You putting yourself up there with KGB and CIA TOR relays is a level of confidence I wish I had.
Bro fears nothing
What KGB?
@@lolotrololo2275FSB
I think it's a joke. Also, the KGB is dead, the FSB is the current iteration. FAPSI seems to be their equivalent to the NSA. KGB seems to be mostly famous due to western movies using them as the other evil spy group, etc. Which, yeah, they, the CIA, they are all super evil.
@@lolotrololo2275 KGB is like a soviet FBI
Thank God there's somebody out there who doesn't just parrot a popular opinion. It is necessary to provide a reason you don't like something when you suggest not doing it. Otherwise all your doing is making noise.
new media is literally garbage. interesting that the guy in this video has something most new media lacks which is basic literacy and the slimmest margin of effort in actually making content. it's not common.
Yup 🙏
But all the points he brought up weren't valid for the vast majority of people using a VPN + Tor, most people watching this video aren't doing it from China or a middle-eastern country that have hijacked VPN providers. If you don't trust your ISP, use a VPN with Tor, that way your ISP won't know you're accessing the Tor network.
@@wiredfox3451good point
Popular opinion what the fuck may be popular with the troglodytes remember to update your windows proprietard
Love your logic bro 🙏 Came here after watching that Chuck video strangely. I did leave his video scratching my head a bit 😂 You make much more sense
Thanks a lot! Gotta educate myself more on Tor and VPS. Thankfully, you got vids on the subject.
Don't use VPN: Feds are checking edge node connections and get your IP address
Use VPN: Feds are checking edge node connections and get your VPN IP, then have to subpoena the VPN provider to potentially get your IP.
What am I missing here?
They probably also get your name, payment method, email,...
You're missing the fact that you are standing out from the crowd of folks that use tor browser as usual. What's the point of slightly overburdening the law inforcement if they otherwise know where to look?
Nord says they do not keep logs about users' timestamps and traffic destinations
They need to subpoena your IP too. Vpns have your payment options. Once at the vpn, they have you. Once at the ips, they have you. Ofc there is a case for this or that, what are your local laws and how are the local laws of your vpn. Which agencies are interested in tracking you and so on. But it ain't that simple
You're missing that feds already monitor vpns
Tor, as you said, provides a number of bridges to make the initial hop into the Tor network which effectively overcomes the concern that is supposedly addressed by using a VPN.
Anyone can run a Tor Snowflake bridge as a browser extension or, if they have the compute and WAN bandwidth, as a small docker container. This helps people living under restrictive regimes and, again as you said, the more Tor traffic the safer each Tor user is.
I have a Snowflake docker container running on a Raspberry Pi along with a bunch of other stuff and it's set and forget. I also have the Snowflake browser extension (overkill I know) and, apart from a tiny icon counting the number of connections you've facilitated, you wouldn't know that it's there and doing anything.
Damn, you're an online bunker! I used just Orbot occasionally with mobile TOR, on my stronger phone untill it recently burned battery from all the work. And a simple free VPN for PC. How would you rate these?
I would love info on what this browser extension is and if it takes away major bandwidth or whatever
@@xaxa-0x3F Just Google "tor snowflake" and you'll get all the info.
Snowflakes to jest drobnostka dla ludzi żyjących w wolnych krajach, nawet nie zauważą że ta usługa działa w tle. Jednak jest to bardzo ważna usługa dla ludzi którzy nie mieli tyle szczęścia i żyją w krajach objętych cenzurą. Każdy z nas powinien dołożyć cegiełkę do tej inicjatywy i przynajmniej zainstalować oraz włączyć rozszerzenie Snowlakes na swojej przeglądarce.
Chuck is all about monetization. Half of his "tutorials" are cloud based, require credentials to use, and usually only give "free trials". The dude monetizes everything, he even has a "guide" in the description down below, which is a link to his site which you have to pay for if you need any further information. My guess is Nord was probably sponsoring the video.
To be fair a lot of the time (or at least when I last him watched a couple years ago) he would often have two tutorials, one which shows running it on your own device and one running it is a cloud based server. At the very least if you have a bit of an understanding of it anyway, you can likely use the section of the cloud tutorial post-setup to have your own go at it
you are spot on...bro 😉😉
Why is this news or even interesting? Of COURSE he's monetizing. He is a CZcamsR. LOL
@@alfredcam5213 you missed the point. It's one thing to monetize, but it's another to monetize while not "adding" anything to whichever subject the influencer is talking about.
i completely disagree with him but why would nord sponsor a video about not using vpns? :q
Recently found Chuck's content after starting my career path and subbed him too, but you're the only one I clicked the bell on. Just wanted to leave that with you.
If you really want to use a VPN and ensure that your opsec is as tight as possible, use a VPN to connect to a remote server like a Windows or Linux desktop, ensure that the VM is wiped when done, and connect via tor browser that way. There are many services that will provide anonymous RDPs and if you use mullvad as your VPN provider generally speaking, you're good in this regard specifically.
never use Windows, always wipe any PC completely after each use with Privazer, a shellbag cleaner and bleachbit.
I spent years testing file and PC wiping software by running it and then examining PCs with EnCase. Evidence Eliminator was really good, but so is PrivaZer. Many others left multiple traces of activity. Your ISP records a lot about you and can provide police with access to your router as ALL of the commercial ones have a backdoor built in.
I'm forgetting what an RDP is in this and frankly I think there's probable to many definitions out there for me to look ghrought
@@casev799 Remote Desktop Protocol
Remote Desktop Protocol@@casev799
Remote desktop protocol lol
"Recommend them to just use Tor like a normal person"
- Mental Outlaw
What else could we possibly use... softether?
@@qlippoth13been forever since i've used softether, any new developements on it or anything interesting happen?
dawg no one uses Tor with good intentions its entire purpose for most is to be used safely for BAD intentions
@@qlippoth13 i2p
@@DOG_EATER_1887yep normal folk use Windows. Might use VPN. Some normal folk might use MAC OS. Linux or Tor. Normal folk do not.
Only players. You are 100percent correct.👍
thanks for making a video about this topic, have always heard that using a VPN alongside TOR is a contentious topic but never knew why.
eldo kim example is why tor may not be enough. he emailed bomb threat to harvard uni to avoid taking exam and when FBI checked logs from harvard network they found that only he was using tor at that time. certainly it is edge case, but it shows that there are use cases where vpn is desirable with tor.
Chuck's linux tutorials helped me a lot. It's very annoying when he disguises a sponsorship as a tutorial and crams hacking into everything he can. I don't think he really knows as much about security as he thinks he does.
everyone i try to follow chuck tutorial they never work and make me go down a rabbit hole 😂
@@obm_elijah7097100% -Dude speaks in bullet points. Interesting topics but makes me cringe when he say “hacking” over and over and over.
@@obm_elijah7097there always seems to be stuff missing between steps needed for them to work. At least that's been my experience
Dunning-Kreuger syndrome, where you think you know everything because you don't know what you don't know. Best way to be "confidently incorrect" lolz.
I think he probably knows more than you think, but its also a business for him not a platform to educate people about cyber. Which imo just makes it worse because he KNOWS he is giving bad information but that's the only way he can make as much money so he does it anyways.
Kenny having the peoples back, as usual. Alwsys sharing as much as he can to keep people with less knowledge than him safe... I really hope you continue to make videos like this... because privacy is a human right that is slowly being STOLEN from us by governments/large tech companies... so wr need people like you on our side, now and especially in the future.
Yes, but you can add private mercenaries, scammers and black-hat crackers to the list. Internet is fckd though, big time.
Or he's making you a victim. Claiming a VPN doesn't necessarily add to your privacy and makes you stick out more than just using tor.. are not valid reasons to not use a VPN imo and I actually find it suspicious he's claiming they are. I clicked on the video thinking he was going to give me some actual technical reasons of how a vpn breaks the privacy of Tor but I should have known better.
IMO there is like one good use case for Tor plus VPN, basically to cross the GFW of China using VPN before using Tor in your destination, using VPN to cross GFW can trigger less alarm than Tor, depends on how you set it up.
For clarification regarding China's firewall. (Also known as the Great Firewall) There is actually new technology involved with identifying VPNs. A connection to a VPN creates a TLS connection. Connecting to any normal website also creates a TLS connection. So now you are essentially doubling down on TLS connections. Shouldn't be a problem right? With machine learning, it's actually possible to detect overlaying TLS connections, and block them. This is how ALL VPN's in China have pretty much been stopped. There are some cavates but unless you have some serious Linux knowledge, and spend several hours learning, it is a really difficult to evade the GFW.
Nah. Lol
@@wetfart420 It is region based, and some VPN's will work, but thats not the main issue. The issue is payment. Almost all online payment is tracked in China, and as such, can easily be blocked. Crypto is also banned in China which doesn't help.
I do confirm what you say. For this reason, some VPN providers use innovative tactics (base64 in plain HTTP requests. The base64 is encrypted and does contain TCP traffic) instead of famous VPN protocols like openvpn
The vless proxy protocol's xtls feature can detect whether the traffic is tls encrypted and avoid double tls.
@@woodingot Yeah, XTLS is just difficult for people to set up without proper know-how. You need a client and a server. Setting up a server is quite hard while being in China, so usually you will purchase access to an XTLS server.
I have heard of a case involving a correlation attack. Which involved confirming that a suspect was showing up as "online" during chatting over a TOR service. Then the suspects ISP confirmed they were using the TOR network at the time.
Granted, they already had a lot of evidence on this person.
Estonian government (or specifically Estonian Police & Border Control) has performed network correlation attacks against local darknet vendors by sending a succession of messages to their messaging app and then requesting ISPs to disclose info what region received their sent succession/pattern of packets. They repeat this action to narrow down from region to city, street and finally address, where they get the final end user.
Similar case I know was when some government employee's credentials (or username) was seen by co-workers who thought it'd be funny to log in to her account. So they downloaded Tor and tried to log in via Tor Browser. They used TOR because they didn't want to get caught and thought using Tor would guarantee their safety. Government checked who, what IP in Estonia had downloaded Tor installer in the past few days. IIRC this was enough proof, that they downloaded TOR just recently and as the ISP also could prove they connected to Tor network around that time, but I could be misremembering that case, plus those guys went with a plea deal in the end anyway.
Source: public record court documents
If they had a lot of evidence on this person already, then this case is nothing to worry about.
Police can't arrest you over circumstantial evidence. Unless you're the kingpin of Silk Road or a mf international terrorist, chances are police aren't gonna have enough to prosecute you.
Silk Road ?
@@sultanhanga too long ago for me to recall now. I don't think it was.
Love your content but gonna have to disagree on this one. The main point I got from this was that there’s no point using a VPN because the way that TOR works is secure enough. If TOR works as intended, where you’ve got 3 different nodes operated by 3 different entities who don’t communicate with each other, then yea, having a VPN isn’t gonna change much because no one can tie you to the exit node in the first place. HOWEVER, is there a possibility that you connect to 3 nodes all controlled by a single agency? Getting into tinfoil territory here but yes, there is a CHANCE. And if that’s the case, it’s gonna be much easier to get your data from ur ISP than a reputable VPN provider like mullvad. I just don’t think it makes sense to criticise connecting to a VPN before accessing TOR on the basis that it doesn’t add any extra security. People use VPNS on the CHANCE that TOR isn’t as secure as you’d think.
If they compromised Tor, they might as well have compromised your VPN provider. At this point you are f-ed anyways. How far would you take this logic? There also is a chance that all 3 nodes, and the vpn are controlled by the feds, so should you always chain 2 VPNs together? Or 3, just to be sure?
and i hate this stupid fucking assumption that all vpns will just sell yo shit. Multiple vpns have been subpoenad and had NO evidence to hand out, im aware of PIA and Express currently, as for the "they can get your payment information" is only applicable if a single person is on the server, how would the feds distinguish me from the other 16 people routing through the server?
VPN isn't recommended because four relays would make the connection uncomfortably slow, i guess...
Plus, as Kenny mentioned, four-relay would just stand out in the Web. There is no point of the feds to hope for the whole Tor connection to fall on their servers if they can see a four-relay, subpoena the VPN provider on the end of it and sit hard on that connection.
@@user-sv6hv6ym1dhow does a 4 relay stand out? how would the feds actually know it was 4 connections without investigating data from each individual node until they realize there is 4? isn’t it encrypted again at each node to prevent investigating one node from revealing which connections data was sent to which node?
@@user-sv6hv6ym1d it doesn't "stand out", there isn't even a way they can count the hops. And on the VPN, that same IP is shared by a high number of users. The only thing they know on the VPN is that you are using Tor
When/If they do get the specific IP that is using Tor that is yours, they STILL have to request your info from your ISP
Maybe combine everything: proxy + reverse proxy, then Mullvad than tor, and just for in case a proxy or reverse proxy gets hijacked have a couple, and make em switch every so often, randomize it, make it a headache, even for your self to track where a traceroute begins and ends, than you know you are reasonably secure, you could of course add anything in the mix :)
And watch Three Days of the Condor 1975, good movie :D That work he did with those phones was just pure gold :D
Technically this would work right? But the internet speed would be slow as a snail or no?
"Your VPN provider will send us the traffic"
MENTAL OUTLAW IS A FED CONFIRMED!!!!
I work in cyber security. We can analyze netflow to and from an IP address using some very expensive tools. It's not 100% all of the traffic since it relies on nodes placed throughout the world. It still reveals the IPs with lots of traffic from your house or wherever. There are better tools than I use at work to link the IP's. There are plenty of ways to get around this. Use regular ports and protocols (think HTTPS TCP 443) and CDNs to blend in.
what if i turn my pc off then back on again
@@Akac3sh same public ip 🤣
I worked in cybersecurity for 5 years and you cannot analyze net flow, has to be a national threat. And still tracking has to be signed off by higher levels.
Yeah, I saw that video & found that confusing & actually believed he was coming from a "right" place but thanks for clearing this 🙌
you explained this very well, youve peaked my interest, i subbed. nice video
Don't use tor with VPN so u wouldn't stick out to the feds.... Don't forget to buy the "COME AND FIND IT MONERO HOODIE" 😂❤
lmao, every single time
Hey Mental Outlaw, we appreciate you. I think your suggestion at the end, to setup a middle Tor relay for 5$ a month so that as you use Tor you also lease bandwidth upto 1.5tb or so a month, is superb and hoping that people watching this, follow suit.
Newer DD-WRT firmware's have a TOR mode for a relay setup. I'm thinking about it since I have two of the same router flashed and capable. I'm also in the process of rebuilding my entire network to something more secure. Looking to start with a new hardware firewall (PFsense) first. Between the plugins.
Let me get this straight (and correct me if I am wrong in my understanding), you are PAYING Tor so that people can USE YOUR bandwidth? What do I get in return?
@@joer8386 it's about giving back, not just taking. When you use Tor, it's because volunteers are paying for the bandwidth you use.
So, knowing that you're indebted to the kindness and generosity of anonymous volunteers, you want to pay it forward, if you find it affordable.
You do it to help others, not just yourself.
@@joer8386are you one of those script kiddies. Open source is one of the main thing we defend and live for we don't get anything but 5$ donation will help t0re
@@joer8386 that's the point, you won't be paid for a good cause, like you don't pay for using tor
but you help millions (and eventually yourself), as hundreds of others help you
Glad someone said it. I really hate the thoughtless "Just add more layers" approach to security.
Thanks for this video, you didn't said something wrong but, the way you talk about quantum computing and cryptography, looks so much as the commercials show it as "a dangerous gouvernement weapon". Power and honor continue your videos💪
On my opinion, the best rout is :
Neighbours wifi -> OpenVPN on russian server -> tor
😅
hope you at least spoof your MAC if you're doing that
ANY AGENT WILL FIND YOU , THAT IS A RED FLAG MOVE .@@polinskitom2277
Tor over VPN is a good choice if you want to hide the fact that you are using Tor from your ISP/Government, especially if you are hosting onion sites, a lot of traffic to the Tor network is suspicious, even though nobody know what exactly are you doing there.
And in countries like Russia it's pretty much a necessity at this point because all tor IPs are banned and bridges are getting constantly banned too, so VPN is only reliable choice to access Tor network, in countries with little more freedom it might not be that necessary
vpns in russia are dpi banned too
😂😂😂
This is literally the reason Tor bridges exist...
Did you even watch the video....?
Tor works for me and i in Russia lol
And my isp uses dpi too
Last time I checked the entry node rarely changes (for specific reasons relating to attack vectors and how it was decided it's better to trust the entry node and gamble that it might be evil vs changing it constantly and increasing the odds of finding an evil one somewhere along the line). Not sure if that's been changed but if it hasn't it's only node 2 and 3 that change with a new identity as standard.
My intuition with VPN has always been that you're basically replacing your ISP with another one. Only useful to tunnel around whatever part of the network you don't trust / can't get through. The tunnel ends at the VPN provider, but the VPN provider still has all the info your ISP would normally have. If you trust the VPN provider more or give them less info about yourself than your ISP then I guess that's fair.
It makes a huge difference because your VPN provider is preferably located in a country with much stricter data privacy laws.
VPN providers are also financially incentivized to legally fight against handing out data while ISPs mostly don't give a shit.
Might as well just use a Proxy for hiding your IP to get around restrictions with less overhead and latency than VPN's. Also simpler to set up and cheaper too. VPN's used to be useful before HTTPS/TLS encryption of 99% of modern websites.
Using the stupid 'app' that comes with these VPNs is the first problem. Set up a custom router and configure an interface that routes ALL traffic through one of your VPN's servers, so that your endpoint running TOR is fully encapsulated. NordVPN supports this as does any other VPN worth it's salt.
Bottom line, kenny: VPN traffic is LESS SUS than TOR traffic. ISPs keep lists of their clients who use VPNs and who use TOR. Those lists are gonna be used against everyone on them someday. You really want your residential IP on the 'raw dogging TOR' list? Seriously?
If you think I'm nuts, fine, put it this way instead: your ISP does not deserve to know that you are connecting to TOR. Don't bend over and hand away that information. Let them think you're another dumb normie who fell for the "Hurr, it encrypts my why figh!" marketing.
Also kenny doesn't understand that "unnecessary" VPNs/proxies/tunnels are what keeps tor usable in countries where direct connection and connection through bridges is blocked. + In some countries it matters whether you connect to the tor network through VPN or directly, as it may grant you plausible deniability when giving answers to some questions from local authorities.
@@TV-vz8kv Could be true. But I can't really speak to that experience. I can only speak of the good ol' US of A where ISPs keep lists of everything their users are doing on the internet, and will hand them over to the feds at the drop of a hat if asked. And it's a question of when they'll ask, not if. When that day comes, the less your ISP knows, the better.
How do you set something like that up?
@@OceanicManiac That's a lot to type out and I can't post links, so hop over to your search engine of choice and search 'setup pfSense VPN client' and you'll get a mix of official documents and third party tutorials. pfSense is a FreeBSD firewall operating system that I run on an old gaming PC (with a few extra NICs) as a router. During setup you can leave a NIC un-mapped to LAN or WAN and instead map it as a hardware VPN interface so that anything you plug into it will have 100% of its traffic go straight thru the VPN instead of ever touching LAN/WAN
Pfsense is a lot of work at first, but once configured properly, it's very rewarding and low-maintenance
@@Ginfidel so then since your so concerned might I ask what your home network looks like
I just want to point out that in, 2020 I believe if not then 2021, in the winter it came out Tor Guard nodes were a quarter compromised if not more so.
That means that first node you use, the most important, is likely to be an enemy. The only reason to go for a Guard Node like that is to deanonymize people.
Any time this is brought up and how much is the same now (Unknown. Can be 1% can be 90%) means it can not be trusted. Would you trust a VPN that shown that large of compromised servers? No. No one in videos brings this up either. Or in forums. They go all quiet and ignore it, try to change the subject.
Here you don't even bring it up either, which is a shame as I wanted your input on this angle and factual evidence we have for how bad Guard Nodes are.
You are saying here to trust what we know for a fact has been compromised to an insane degree. Adding a VPN that has been proven in the courts to not keep data (Mullvad) means the Guard Node being an enemy doesn't matter nearly as much.
By the way the more popular it becomes for VPN-Tor means the less you stick out. With Network Chuck having that come out along with others wouldn't that be safer overall?
Very excellent critique.
Yes! Tor has been PROVEN compromised since 2013! When Freedom Hosting was shut down. The NSA made a whole speech about how they can de-anonymize Tor users, a tor darknet hoster was discovered and prosecuted, and it happened again in 2015 as well as 2020 just off basic googling.
Tor is NOT safe! The NSA (and thus the rest of the US government if they ask) can and will find you if you get on their radar. Tor will not protect you.
yes but network chuck use nord vpn and has 7 kids
Network chuck was paid to fo that video in that way. Completely insecure.
people have said in the past that there is a high chance that mental outlaw is a glowie, after all he is literally subtlety advertising illegal activities and has not been blacklisted by the algorithm, and has even gotten sponsored, he also talks like alot of CIA type people.
This video was my introduction to the existence of Tor. Thank you.
hey MO, can you please add shipping to Europe on based win? Thank you for your content ❤️
Exciting topic - will watch after my shift!
The practicality and reality of that $5 wrench method comic made me chuckle 😂 Absolutely that would happen!
Awesome!!! Great info, great delivery. Much appropriated
But I thought VPNs were 100% hackerproof because everyone said so.
It is, but you also need to be mounting an unicorn with rainbow coming out of his butt
lol VPNs are useless in the hands of 90% of the people who use them, but we need those people to keep using them. It normalizes VPN traffic. If 1000 more normies started using a VPN to keep themselves safe from the hackermans, that's 1000 more connections for the feds to waste their time decrypting.
The more idiots who use VPNs because they think it encrypts their heckin wifi, the better. They're subsidzing those of us who actually use them properly, both financially through normalization.
@@BabiIakthis is incorrect. The rainbow is optional.
Those sponsored ads for VPNs are bigger liars than infommercials for Testosterone boosting supplements 🤣
Same people that say tor is 100% hackerpoof.
Well it might make sense to create your private VPN in a country that has good privacy regulations and connect that way. You can make yourself sure that the data gets deleted that it can't be tracked back to you.
the vps gonna expose you
the issue is that you are the ONLY person routing traffic through it, so they theoretically have an infinite amount of time to slowly figure out who you are by habits, a public (paid / no log) VPN is much safer as its much harder to distinguish who is who
Something else VPNs do not help with is timing and packet order attacks, packet a comes into to VPN server at t, comes out at t+xns over and over again, if you are on the edge routers for that vpn server, you can easily monitor that and pair them up. Tor batches packets, randomises the order then sends them on a clock to the next node, this means that timing information gets scrambled with every other packet in a send window, so even if I'm monitoring connection between you and the guard node or bridge and the end node in question, matching up the packets can't be done based on time it took to pass through the network.
KGB server, dude you are absolutely hilarious. I have fallen in love with your informative content ♥
I would have to contest your reasoning. In theory a VPN shouldn't be able to see any more infomation about your Tor traffic than your ISP would. Additionally if more people used VPNs with Tor this would naturally make each individual stick out less, so it might actually be a good thing to promote.
It's more risky for your ISP to know you're using Tor than it is for a VPN because 1) An ISP has more identifiable infomation about you 2) An ISP must be located in the same country that you're in.
As you've just proved in your comment: there's no additional protection
And another: 3) An ISP is most definitely keeping your logs, either to sell your data or for legality purposes, whereas a VPN isn't *necessarily* keeping your logs (as long as it's a good one!)
This is true. Also, hundreds to thousands of users may share the same IP on a VPN and, despite Kenny being a doomer and believing all VPN's are fed honeypots logging and sharing your info, a good VPN provider probably isn't logging (whereas your ISP definitively is for some countries).
@@dedhorse5720correct me if I'm wrong, but your isp may know you're connecting to a vpn, but it has no knowledge of what's being transferred between
@@dedhorse5720 How do you know the ISP would be able to tell using this setup? Shouldn't it only be able to see the first layer of connection?
Tor with VPN is like entering a place in disguise accompanied with someone who knows your real ID. Your privacy will depend on how much you trust this third party.
I think there are many more trustworthy third parties (like Mullvad, and IVPN) than ISPs, many of which have very questionable privacy policies.
More like using tor with a VPN is like entering into a place in a disguise and having a friend who stops the other guy from coming into the building who knows your real ID.
this is exactly why networkchuck video stood out to me too, weird that a network security pro did this... happy you made this video
been looking good in the preseason bro excited for u to take home the chip this year
If you are being monitored, and you only open Tor to perform an activity you do not want tracked, and you connect via TOR to a compromised endpoint - then the times TOR traffic occurred on your internet connection will correspond to the times the endpoint sees your traffic. For example, compromised webserver sees a session from 14:05 - 14:55, and your ISP sees you were using TOR for that time, then that incriminates you. Your ISP is more likely to hand over this information to law enforcement. If you are running a TOR node 24/7, or running TOR through a VPN that doesn't cooperate with law enforcement, this does not apply.
The vpn connection at the same times does though, that has been used in a court case before to compromise one guy.
What i used to do on high school was routing SSH tunnels over ports 80 and 443. Because all other outgoing ports were blocked. So because i used those to route my 2 servers with SSH tunnels, i was able to use the TOR browser. But i didn't do it to hide the connection. Just to make the connection. :D
Normally just looking on the lab proctor's desk for a sticky note will yield a password for elevated access.
The admin password at my school was just the name of the school with no caps or spaces haha
I like your funny words magic man
@@qlippoth13 Well it was mostly bring your own device. But the network had those ports disabled for students, teachers and even the inhouse IT manager. So it didn't matter if you were on one of their computers or on your own computer plugged into the network with cable. Or connected to WiFi. Only ports 80 and 443 were open outgoing.
@@GameCode64 Ah yes, things have come a long way since the days of the PDP-11/70
The only thing I gathered from this video is that's a sick hoodie
Makes perfect sense to me thank you for clearing that up
Tor weakness is the exit node. I agree though the ISP like in China can see your connected. It would be best to hide these details.
Imagine having a personality test and one of the questions is: "If you have $5 dollars what would you buy?:
- VPN services
- A Relay
- A Wrench
This feels like a question Doc Mitchell would ask at the beginning of New Vegas
Thing is if someone wants to hide the fact they're using Tor from their ISP, a VPN isn't entirely necessary or really even a Valid option due to things like Super-Cookies some ISPs embed on the packet when it leaves your network.
Instead i would say obtain a private server or even an anonymous private server from a host that accepts XMR, and host an encrypted connection VNC to that server which you will run the TorBrowser or even a Tor node off of.
Super-Cookies? Wanna cite that, friendo? How is the ISP embedding this? Through the router they provide? You know, the one people should never be using if they care about security? Through the ONT? You know, the media translation box that has less CPU power than an arduino board? If they're waiting until the backbone to do it, they're gonna have a bad time appending anything customer-specific without bottlenecking it into oblivion.
@@Ginfidel it's an much older thing, some ISPs don't do it anymore. But yeah the ISP embeds the 'super-cookie' on the packet when it leaves your network, if i remember correctly it's after it leaves your home network it's done on the ISP level through their infrastructure.
If the super-cookie is embedded in http headers, using a vpn or even just https will prevent it from being added.
If the super-cookie is added at the transport layer, it would still be stripped at the vpn provider since it can only be applied to the outside of the tunnel, not the data contained within. That means at most your vpn provider will be able to see the ID, which is irrelevant because they have your IP, which is already more than enough for a capable adversary to identify you.
The same risk applies to renting a cheap vps since your vps provider can see this ID along with your IP, but this option is far easier to track via externally monitoring their network, since you are the only one connecting to it.
how the hell can a super cookie be placed into HTTP headers, if the HTTP request itself is encrypted with TLS? Please explain.
@@ModPapa The supercookie is placed after it leaves your network, you would need a external server for it. The full packet is not normally encrypted tho, as the WAN needs to be able to read the IP, and a couple other headers to know where it goes.
I loved your thoughts on this topic. I was just wondering if you feel the same way about using a proxy in tandem with Tor as well?
They only need to monitor the first and last hop to de-anonymize you. All VPNs are likely monitored, they don't have to go after the VPN company, they can go after datacenter, or one of the hops they use.
Tor has guard rotation. When you use a VPN you're effectively giving yourself another permanent first hop. If they compromise the VPN company, Tor's guard rotation feature becomes effectively useless (on the scale of a well-funded attacker).
Basically, on a large scale, it's easier for the feds to monitor every VPN connection than every ISP connection, or entry node connection. Decentralized is better. VPN undoubtedly decreases your anonymity.
Nord isn't monitored. They make that their biggest advertising pitch
@@aronm5329 LMAO
But the fed runs tor. They own it. They already know everything within tor
@aronm5329 nord lies. Fine print says they do and they've already given information over before. They're required by law to keep logs and give them over
@@LuciferArc1 Tor is open source, so everyone knows everything in tor. Feds doesn't run tor nodes though.
No, it’s a redundant layer of security to hide your IP if a Tor Relay Node is corrupted somehow
If a threat actor can gain complete control of a Tor relay node and deanonymize you, then gaining access to your VPN service is a walk in the park for them. If anything, it'll just provide more evidence they can corroborate against you.
@@williamrutherford553 How will the VPN service provide more evidence than just connecting through your isp?
@@williamrutherford553 that's not how this works.
Or at least if you're not shouting your private data out there.
@@williamrutherford553 The thing you are forgetting is a simple cost/benefit analysis - These things can take time; The challenge how difficult it is to bypass 1 layer; It's how difficult it is to bypass SEVERAL layers. Resources, Manpower and Time is limited - if you're just some random Joe looking at memes over Tor, it's not worth the cost in time to crack every single layer. What benefit do they gain? However - If you are on the powers'-that-be's list, they are much more willing to incur a larger cost, as the benefit justifies the means.
With that in mind, consider the following two scenarios
Scenario 1 - No VPN, using Tor to buy drugs on your favourite onion plug.
In this case you are one mistake/leak/disclosure away from total exposure. 1 Tor relay cracked, 1 failed bridge, a DNS leak, or any other leak of your traffic for that matter.
Scenario 2 - VPN, Using TOR
In this case, for your true IP to be exposed, they must gain info/crack traffic from your VPN provider, AND additionally get your TOR traffic.
On a final note - consider this; Not all users who want to anonymise themselves do so to avoid scrutiny from their local powers; It's additionally a solid option to protect your traffic from Cyberattacks, such as a Man-In-The-Middle attack (in the case of unprotected networks). It could be for say, CZcams Stars/Streamers who want to keep their identities private from their fans. Perhaps you don't want advvertisers going "Oh, this IP just bought a 18 inch dragon shaped dildo, Let's add "Sex Toys" and related tags to this IP and sell it to other advertisers!" when you live in a house share, student accomodation etc etc etc
The use cases are vast, varied and wild - But let's put summarise it in simpler terms:
When it's cold outside, do you go outside naked, because your skin should protect you from the elements? Or do you add socks.. a t-shirt.. perhaps a jacket, gloves., or a hat?
I think you get the idea :)
@@TheTweaker1 Your ISP likely only has your bank account number for the Direct Debit, Your name, and whatever email address you used to register with them. In the case of people trying to remain anonymous, they likely have a "Normie" email address, and a "Dirty" email address - usually several. If you register for your VPN using your dirty address, as you're trying to remain anonymous, if the VPN service handed that over, or it got hacked and leaked... then that address is burned, alongside the payment method, tying that payment method, bank account to that dirty address
Network chuck was sponsored by Nord VPN smh
you should make a tutorial about how to set up a tor relay and the differences between guard, middle and exit relay or bridges
Subbed for a no nonsense explanation.
Dude, there are all sorts of reasons why you might want to hide your tor traffic from your ISP. That alone is a good reason to use a consumer VPN.
1:15 "So why is he recommending a VPN?"
You're too nice... The real answer is he's trying to get that affiliate ad money 🤑
It's crazy that this guy hired an actor to mime his words.
Godlike levels of opsec.
Great video. I'd not thought about it like this before.
One should say, VPN usage in China is generally ONLY allowed under very strict regulations, company allowances usually (since that's where it's mostly used at the end of the day), besides state workers.
BUT the actual tech trying to combat the GFW out there is actually amazing, new protocols (or old ones newly used like SSH) header encryption, obfusciation, multi tunneling, etc, etc.
At the end of the day, it's what you trust more... but if you're not stupid about it, and mostly watch your opsec... it's usually too much of a hassle for anyone.
If you're paranoid, multitunneling is not a bad concept as of today, and you kinda get the idea which companies give you access to do it with another VPN service and which do not (or per se don't even allow it). So for the average paranoid, something like Mullvad to Cryptostorm, with token payments, is pretty high up there.
Message in general should be: Stop using bad connections and services.
I used to use tor with vpn in Russia since finding a bridge which isn't blocked was very hard. So there is some use for vpns with tor
Quantum resistant tunnels!
That is the most 21st century thing I have heard yet.
Jayson Tatum came through with that clutch information. Appreciate you big dawg ❤
Can you maybe do something about Lokinet or Zeronet?
Chuck made a video recently suggesting email users put a '+' character in their email address, but only lists the pro's of doing so and never mentions anything about the bad side if it. Please make a video about putting a plus symbol in email addresses. Needs to be done imo, since the biggest issue of doing that, is kinda a monumental fuck up if it goes wrong.
What would the duck up be? It seems like a generally good practice as long as your fine with maybe some sites erroring, or some stuff still getting sent to your normal non plus email
@@internetrules8522 Impersonation is alot easier for a bad actor to pull off if you use the plus symbol. It comes down to how certain servers internally would interpret the characters. There's alot more to it but thats the safest simple explanation I can offer.
What would be the issues with that? I use it all the time with proton to filter my emails into folders.
@@revelmonger I replied to this question above ^ ^ Better to err on the side of caution. My point really is simply the fact Chuck only states the pros and doesnt mention the cons, and thats not good imo.
for some reason you first reply to me was hidden so i had to find it by sorting comments in the newest first method. but ok ya if we assume the server treats plus like a dot or something, then there might be some potential attacks you could do to like reset password or some other things. any reccomended further reading or watching like a defcon or something? @@apIthletIcc
Personally I like Chuck he makes good content. To your question about why he would recommend you use a VPN I think is because usually on YT if you push a certain thing made by a certain company you get a little kickback. So if your channel had 500 thousand subscribers and say 1% of them bought the VPN and the kickback was $1.00 that would be $5000 dollars. THAT is why people plug company products. Thanks for the work you do. Now I have to subscribe to another channel :)
Great video.
Myth about using TOR with VPN was produced in the heads of content creators on CZcams.
It's invented and propagated by people who dont know anything about cyber security,but they think how they are smarter then professionals.
Even the people behind the TOR absolutelly denied this method as useful and explained how it goes totally against security measures that are build inside TOR software.
Nord VPN might as well be a honeypot by what ive heard, it would be like sending a private message to your FBI agent so it checks on you while on tor XD
VPN is used by over a billion people daily, while TOR is by a couple of millions. I can hardly see how can you stick out less by using TOR.
Using a vpn blocks tors own hob changing so u basically have a permanenr hob that can be tracked while using vpns
@nottifps but tor is literally ran by the feds
A VPN is another person's PC, there's nothing particularly special about it
When a cop see's an IP from a VPN, they can ask the VPN provider for info
When they see a Tor IP, they cry and run to their mom, because there's no way they will directly identify you or your traffic
@@nottifps All your Tor traffic would pass from the VPN first, but there isn't a relevant difference from all Tor traffic passing from your ISP either
Do you trust your ISP more than your VPN provider? If so, change your VPN, because it isn't doing anything for you
@@user-xl5kd6il6c"they can ask the VPN provider for info" And that "info" would consist to things: source addr will be the IP your ISP gave you and the destination IP will be the IP of the circuit guard. I don't see the problem here with VPN to be honest.
the ISP cant see you using a VPN going into tor network though, thats why its recommended in the first place?
The only way to get traced at that point is if 1 of the nodes are controlled, and if the VPN service you use save logs.
VPNs are just an extra layer of encryption that already has been had, I use it to bypass regional controls on Netflix though or show I am in a different state allowing different laws.
You haven't convinced me. How are they going to realize you are using a VPN with Tor any easier than they could figure out your IP address while using Tor without a VPN?
Did you even watch the video?
@@ToeTV247 give me a timestamp.
bro watched 1 minute of the video and says you haven't convinced me
@@ToeTV247if you think the answer is mentioned in the video why don't you actually cite it because it was not mentioned
@@vincenthills5024im 5 minutes in and i already got an answer. VPNs and tor bridges offer the exact same service except tor bridges are free and not run by a company approved by the government.
I work professionally in the internet industry and can clearly state that almost everyone who goes around shilling for VPN's - the government and their ISP are far less interested in their surfing habits then they seem to think. While it is possible for a government to monitor traffic on the wire, this is fairly uncommon because most of it is encrypted anyway (HTTPS for example) and there are better ways to get the end result - as you say through silly mistakes (poor Opsec). VPN companies - in particular a commonly shilled one - are very adept at making carefully worded statements which will hold up in a legal way - but are a distraction/red herring. One example of this is "we don't keep logs"... well, of course they don't. Because this is not required for an intercept. So its meaningless. The last point I will make is if someone is truly paranoid and they have basis for this - unless they live in a country like China - they should probably think carefully about what they are doing and whether its right or wrong.
AT last, someone with common sense and experience. I have seen many operations that have caught people and most of the time it was bad OPSEC. Simple mistakes people made. They identified themselves!
All your internet traffic passes through GCHQ in the UK and they do strip all encryption to have a look at it.
You're wrong, my professional industry friend. I don't know what part of the sector you work in, but it's a staggering oversight for you to not acknowledge the fact that ISPs quite literally have an **economic incentive** to gather as much data as possible about their customers' internet activities. The information they can gather and sell in bulk doesn't require cookies or pageloads - in certain fields it's superior to what even Google and Facebook can do.
The government only cares if you're a "person of interest" which it seems like anyone can become for any reason these days, so I'll leave that up to everyone else if they want to play around with that.
And your point about encryption is pointless. Packet contents are far less important than correlational data in modern network forensics. Guess who are uniquely positioned to get the MOST ACCURATE correlational data? ISPs and governments. And guess what is one of the few ways to increase the opportunity cost of establishing reliable correlational data? Eliminating as much reliability as possible by routing your traffic through a network that does NOT operate on an economic incentive to sell user data. Like a VPN.
Don't show them your ass for free, friend. Make them work for it.
Room 641A
@@GinfidelBut I'm gay. That's why I use Windows and only download closed source software.
I’m not doing anything wrong, but that doesn’t mean I’m going to live-stream my entire life for the government to watch whenever they want. And it’s not just three letter agencies, I also want big tech and advertising companies to leave me alone.
Thank you Printer_Pam for shoving this tip down our throats on the DNM subreddit back in the day. You were my favorite Fed! (iykyk...)
so for layer three, would you use that form or just Tails and Tor?
Idk how other servicers may work, but you can easily get VPNs out there that are purchasable and accessible from TOR itself initially and anonymously (there are anonymous payment methods), then can be connected to after the fact. You still have your public IP over WAN to the VPN server, but if they are an open source, no logs VPN and you take other measures to obfuscate, the playing field changes. If you have critical privacy needs and hoops to jump through, you either have to learn to do it yourself or have very trustworthy, opsec literate friends to help out.
And someone can still figure you out with dumb old school non-tech means.
Loving the vids bro keep it up
I’m glad you made this because I was under the impression it was a good idea to use a VPN when connecting. Made sense in my mind because of the first hop.
I at least used Mullvad :]
It does make sense. Kenny is wrong here. He's completely failing to live up to a basic "Don't trust your ISP" standard that anyone who endeavors for online privacy should strive for. Your ISP is the greatest enemy of any attempt to be anonymous on the internet. Do not let them know you are using Tor. Encapsulate that kind of traffic over a VPN instead.
@@Ginfidel waiting for his answer
Thank you! That video felt like such a joke - just one giant ad, masquerading as a tutorial, and that bothers me, since I know people believe a lot of the things they see, and won't understand that. It's good to see anyone actually suggesting to people not to use a VPN for this - it wasn't the first video I've seen recommending it ! The VPN sponsoring tuts are illegal when the channel doesn't say it's an ad. Nobody seems to care enough
Anyway, I think Tails would be the best thing to use. It all really does depend on your threat model - people dont talk about that enough on YT... i like that it was done a bit here
I use this analogy. Think of Tor as a castle, it protects the space that you're in but doesn't necessarily protect YOU. Think of a VPN as hardened armor. That is what protects you from the evil ISP Dragon that's lurking somewhere in the castle. You have maximum protection, but don't think you can't be eaten if you do something stupid (bad opsec).
I use a vpn with tor to browse reddit just to mess with the feds
Some say Chuck glows very brightly
I saw him in an agent suit just this morning
Don't forget if you're in a dark room with him he has a glowing outline
Yep, I let go of Network Chuck because 99% of his videos were advertising LINODE. Like everything required LINODE for some reason. "Can I do this locally?" YES BUT YOU CAN PAY LINODE INSTEAD!
Yea no thanks. Not watching an ad channel disguised as a tech channel.
Thank you for realism and truth Mental Outlaw. I appreciate you.
Some univeristies ban access to and traffic trough tor and you can get expelled for that so runing inital connection via vpn allows you to remain undetectable. And they use only basic monitoring
I already feel target by alphabet organizations just by watching your videos.
People still think that privacy exists 😂
I’d argue that using a VPN won’t make you stand out as a threat because almost everyone is doing it. Actual threats have a whole bunch of compromised computers which they use as proxies in a network. And these guys infect and change proxies every few minutes so it’s impossible to track them down.
Good video overall, but TOR still has bandwidth / latency issues that make good VPNs like mullvad the superior option for lower threat level uses like getting pass region locks, or is my info out of date?
apples and oranges