Linking together multiple VPNs and with randomness?

[HN-Matt]

Halpin later admitted that he lied about the CIA-Pando link, saying he did so in order to "prove" a larger point: that investigative journalism that follows the money—like reporting on Tor's government financing—is nothing but useless conspiracy mongering. Why? Because everything is "connected" so it's just silly (and a bit crazy) to make a connection between funding and influence. Halpin's editor added two corrections to the piece, including rewording my alleged CIA link to read "So one could argue that the CIA funded Yasha Levine..." And, yes, one could argue that, assuming one was happy to fabricate facts from whole cloth.

As it turned out, Halpin, like the Tor developers and their defenders, had other reasons to try to discredit reporting on funding and conflicts-of-interest.

Halpin is the president of LEAP, a small privacy/encryption outfit that gets most of its funding from various government sources—including more than $1 million from Radio Free Asia's "Open Technology Fund." This fund just happens to be a major financial backer of the Tor Network; last year alone, the Open Technology Fund gave Tor $600,000. The fund also happens to be run out of the Broadcasters Board of Governors (BBG), an old CIA spinoff dedicated to waging propaganda warfare against regimes hostile to US interests. The BBG—which until recently was called the International Broadcasting Bureau—has also been one of the biggest backers of Tor going back to 2007.

So... Halpin attacks me for reporting on Tor’s conflicted government financing—getting money from the very entities Tor purports to protect the public from—while his privacy startup is funded by same government agency that funds Tor. And in one of the craziest twists, Halpin—who lied about my and Pando's CIA ties—turns out to be funded by an organization that was founded by the CIA. No "one could argue" about it. It doesn't get more absurd than this—or more unethical.

No wonder all these people are so upset by my reporting. They've branded themselves as radical activists fighting The Man and the corporate surveillance apparatus—while taking money from the US government's military and foreign policy arms, as well as the biggest and worst corporate violators of our privacy. By branding themselves as radical activists, they appear to share the same interests as the grassroots they seek to influence; exposing their funding conflicts-of-interests makes it hard for them to pose as grassroots radicals. So instead of  explaining why getting funding from the very entitities that Tor is supposed to protect users from is not a problem, they've taken the low road to discredit the very idea of reporting on monetary conflicts-of-interests as either irrelevant, or worse, a sign of mental illness.

Who would've thought that many of the people we've entrusted with protecting our online privacy have the same values as sleazy K Street lobbyists.

 

[HN-Matt]

Guess I'll add that I have no argument re: the technical implementation of Tor or as to whether it is 'intentionally' a honeypot or not. I simply wouldn't know and am not interested in or capable of exploring it at that level.

With that in mind, I concede that Levine may have been talking out of his ass re: the honeypot angle, but at the same time I think it's hard to blame someone for speculating about such things when so much money from a single government is involved.

 

[drmike]

Government backing of ToR has always bothered me.

Nothing per se better to convince suspect minds about security than to say THE MILITARY USES IT / FUNDED IT.  Lots of bad actors fall for such civic pride / confidence.

I use ToR little as much gets blocked.  Creates a browsing hazard.  Further, any leak that might happens therein hinges that suspect network to use / terminal / IP etc.   I run clean limited use stations for some stuff just cause, but I fear leaking still.

Why does any of that matter?  Because eventually in sharpening this pencil of a privacy / anonymous layer, one would hope to perfect a formula that works.  Can't say I've achieved that goal sufficiently to point that I'd advise others follow the recipe.  Similarly, saying ToR = safe is a bad recommendation.    

Any single provider / single solution isn't going to cut it.  Things are a whole lot more complex than face value.

 

[HN-Matt]

Government backing of ToR has always bothered me.

Nothing per se better to convince suspect minds about security than to say THE MILITARY USES IT / FUNDED IT. Lots of bad actors fall for such civic pride / confidence.

Maybe Russians just have a completely different sensibility and aren't as easily persuaded when it comes to the thought of revoking cynicism re: government encroachments. Somehow I doubt that the practice of samizdat had anything resembling today's line-up of friendly neighbourhood government funded anti-surveillance media personalities to help disseminate it.

 

[drmike]

Government backing of ToR has always bothered me.

Nothing per se better to convince suspect minds about security than to say THE MILITARY USES IT / FUNDED IT.  Lots of bad actors fall for such civic pride / confidence.

Maybe Russians just have a completely different sensibility and aren't as easily persuaded when it comes to the thought of revoking cynicism re: government encroachments. Somehow I doubt that the practice of samizdat had anything resembling today's line-up of friendly neighbourhood government funded anti-surveillance media personalities to help disseminate it...

Americons are prone to such delusions, perhaps unlike any other.  Surely others fall for the sprung trap, but...

 

[HN-Matt]

Um, returning to the topic... might be considered crude, but could always create and save multiple X2GO sessions across an eclectic array of vps, then write a simple mouse & keyboard macro to open a random one. Do that a few layers deep and you'll have what the OP is asking for.

Or, get SummerHost V>9000 to do it for you as they offer a Premium Ready-Made Solution (they accept MoonPay too):

These Are Custome Qoutes and must be done over a Tor connection that is connected by Tor, connected to a Tor VPN then to a VPN thats passed through another tor connection with another Tor connection and a random Spoofer connected to 3 reverse proxies.

We included a simple Program to do so. Please open a Ticket at the link above. one of our 20 sales staff will help out <.< . . . . . . . . . . . . . . . . . . . . . . . . . .

 

[drmike]

Um, returning to the topic... might be considered crude, but could always create and save multiple X2GO sessions across an eclectic array of vps, then write a simple mouse & keyboard macro to open a random one. Do that a few layers deep and you'll have what the OP is asking for.

Or, get SummerHost V>9000 to do it for you as they offer a Premium Ready-Made Solution (they accept MoonPay too):

These Are Custome Qoutes and must be done over a Tor connection that is connected by Tor, connected to a Tor VPN then to a VPN thats passed through another tor connection with another Tor connection and a random Spoofer connected to 3 reverse proxies.

We included a simple Program to do so. Please open a Ticket at the link above. one of our 20 sales staff will help out <.< . . . . . . . . . . . . . . . . . . . . . . . . . .

That would be incredible on overhead and slow - just rule of any GUI.  I use X2GO, and it's tolerable at best.  Better than VNC, but still lacking.

Routing packets from local would be more approachable.  Simply, something like a Raspberry Pi, config'd as a gateway.  On that Pi, toss OpenVPN client which connects to a remote server in a datacenter.  

Now at one level of depth.

On your local desktop, make the Pi your gateway IP and one rule on the Pi to allow packets to flow back and forth. Iinstall OpenVPN client on the desktop, connect to another VPN / another provider.

Now at two levels of depth.

That's doable without any exotic and prone to breaking iptables rules.

--- trick is to connect to providers that perform well enough together with a really fast first layer, as the throughput will decline and latency will increase rapidly ---

From there, you could on that local desktop run something like sshuttle to provider a nested 3rd level.  3rd level and beyond gets complicated.  sshuttle messes with iptables, so might be best to connected to a HTTPS remote proxy on that third layer.

Downside of this approach is each layer upstream presents breakage where bandwdith goes offline.  Meaning you may find yourself manually restarting the nested layers from time to time. Quite a PITA, at least a first.

To keep it all sane, need to do something about DNS lookups which should get balanced to multiple public aggregation DNS servers and ideally over something like DNSCRYPT, although weary of the limited pool (there are some bigger providers like Cisco/OpenDNS in there, but downside with them is on center focus and data collection which we are all unsure of).

Yeah, this is essentially how I run multiple LANs 24x7.  I have DNSMASQ with a large domain block list on LAN also.

Won't win any throughput comptetitions with this... But it works.  Needs automated and some iptables rules to hard force everything into VPNs.. otherwise leakage will happen.

 

[joepie91]

I recommend reading up a bit more on these articles. Yasha Levine seems to be running some kind of bizarre feud against the Tor project, literally based entirely on fallacies. There's not a single factual or technical point to be found in any of the articles, that hasn't been widely made and understood before.

Clearly Levine had no interest in writing about the technical substrata of Tor so I don't really see how citing a lack of technical persepctive is a criticism here. His focus was generalized ideology critique and historical context for a broad audience, i.e. specifically non-technical analysis concerned with certain forms of ideological embeddedness. Within that rubric, I'm not sure what was fallicious or 'not factual'... and if everything he wrote had already been widely disseminated before, at the very least I had not known about it until stumbling upon those texts. In short there are different audiences / demographics / interest groups / levels of understanding out there. Not everyone travels at the cusp of relatively obscure tech development circles.

The whole point is that technical arguments are the only arguments that matter here, because of how Tor is designed. It is 100% technical security. If the background of those developing Tor matters in any way, then Tor as a project has failed - because it was designed specifically to not make that the case.

I'm not arguing that we should trust the Tor developers. I'm arguing that, from a security point of view, it literally doesn't matter whether the Tor developers are trustable or not. It does not affect the security of Tor.

Not really. People would complain (because where there's money/power, there's sockpuppets and a conspiracy theory), and that really was never the claim to begin with.

I didn't notice any conspiracy theory leanings in what I read. Pretty sure it was just casually confirming certain historical markers about the project and letting readers come to their own conclusions?

& now I'm reminded of A Scanner Darkly.

It isn't "letting readers come to their own conclusion". It's a manipulative propaganda piece. If it truly were intended to be a neutral informational piece, it would have been written in a wildly different tone.

"It may be that there are legitimate uses for Tor. For instance, Tor might provide a good way for people in foreign countries to circumvent Internet censorship. These people might not care that Tor is funded and compromised by the US government, because they're not hiding from the U.S. government. They are trying to hide from their own government."

And that is exactly the problem with Levine's pieces. Note the phrasing. "funded and compromised by" - one of the two is true, and it's not the latter. Yet they are grouped together to create the illusion that there is somehow a correlation between the two points, where there isn't. These kind of propaganda tactics are all throughout his articles.

 

[HN-Matt]

@drmike yeah, that seems like a better idea than X2GO eclecticism, although I still probably wouldn't risk it without a breathable full body Faraday suit. This is basically my current setup except I have a grenade bandolier of raspberry pis and I wear a tinfoil kippah rather than a garbage bin helmet:

 

[drmike]

@drmike yeah, that seems like a better idea than X2GO eclecticism, although I still probably wouldn't risk it without a breathable full body Faraday suit. This is basically my current setup except I have a grenade bandolier of raspberry pis and I wear a tinfoil kippah rather than a garbage bin helmet:

 

I use X2Go  It's just rather bulky to go nesting with it.

Was thinking for additional 3rd layer one could run VirtualBox on workstation and reach out from that nested and those 2 VPNs.  Throw a different technology on the Virtual instance to mix it up and make it less obvious / prone to fubar gotcha.   Perhaps a SSH tunnel.

What a photo

 

[HN-Matt]

The whole point is that technical arguments are the only arguments that matter here, because of how Tor is designed. It is 100% technical security. If the background of those developing Tor matters in any way, then Tor as a project has failed  [...]

And that is exactly the problem with Levine's pieces. Note the phrasing. "funded and compromised by" - one of the two is true, and it's not the latter. Yet they are grouped together to create the illusion that there is somehow a correlation between the two points, where there isn't. These kind of propaganda tactics are all throughout his articles.

Let me put it a different way. A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.

I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.

His critical point is that as a Tor user you are essentially saying: "My usage of Tor is a guarantee that the American government will have a greater chance of being anonymous on the internet. As Tor's userbase becomes more widespread and eclectic, the probability of government agents blending in increases, thereby invisibly augmenting American soft power."

Levine takes issue with contexts of internet anonymity whereby 'government presence in the software' is an unavoidable prerequisite of the software's functionality. He is simply asking, "is that what you want the meaning of your anonymity to be?"

As to whether the software itself is fool proof, that is beyond the scope of his writing.

 

[joepie91]

A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.

That is false. The presence of American agents is in no way required for the correct functioning of Tor.

I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.

His critical point is that as a Tor user you are essentially saying: "My usage of Tor is a guarantee that the American government will have a greater chance of being anonymous on the internet. As Tor's userbase becomes more widespread and eclectic, the probability of government agents blending in increases, thereby invisibly augmenting American soft power."

Levine takes issue with contexts of internet anonymity whereby 'government presence in the software' is an unavoidable prerequisite of the software's functionality. He is simply asking, "is that what you want the meaning of your anonymity to be?"

This is a prerequisite for technical anonymity as a concept, and is unrelated to Tor itself. You can either tolerate everything, or tolerate nothing. It is inherent to the model of 'anonymity', and is in no way related to the US in particular. There is no 'compromise' because there exist no other ways to accomplish the same goals - you cannot have anonymity without treating each actor equally, because in a well-functioning system, you cannot obtain the necessary information to remove 'undesirable' actors.

As to whether the software itself is fool proof, that is beyond the scope of his writing.

His writing and attitude suggested otherwise.

 

[HN-Matt]

A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.

That is false. The presence of American agents is in no way required for the correct functioning of Tor.

True, it obviously isn't 'required' and I never said it was. I'm not sure if you're intentionally misreading me but I'll try again. What I meant is that such copious public funding suggests the branding initiative known as Tor was constituted in large part by American soft power. A certain percentage of its 'real-time' throughput is probably representative of various American government agencies in a demographic context, although that is only speculation as I wouldn't know (blah blah 'following the money' is meaningless in post-post-neocapitalism or whatever).

I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.

His critical point is that as a Tor user you are essentially saying: "My usage of Tor is a guarantee that the American government will have a greater chance of being anonymous on the internet. As Tor's userbase becomes more widespread and eclectic, the probability of government agents blending in increases, thereby invisibly augmenting American soft power."

Levine takes issue with contexts of internet anonymity whereby 'government presence in the software' is an unavoidable prerequisite of the software's functionality. He is simply asking, "is that what you want the meaning of your anonymity to be?"

This is a prerequisite for technical anonymity as a concept, and is unrelated to Tor itself.

I disagree. I'm not very experienced or well versed in/on the subject but would wager that 'government presence in the software' is not necessarily a prerequisite for anonymity as a concept (although such 'technical prerequisites' might strategically vie to appear within dystopian niche-markets...). There may be instances of Tor within infinite universes that are not expressive of American soft power. Other Tor-like software may exist that was not produced by a government and will never announce itself to the public. The more or less guaranteed presence of a particular association of government agencies would not be a prerequisite for the emergence or reification of such software.

You can either tolerate everything, or tolerate nothing. It is inherent to the model of 'anonymity', and is in no way related to the US in particular.

'All or nothing' binary options regarding 'toleration' are probably not inherent to 'models of anonymity'. Tor is related to the US in particular, they view themselves as innovators and have proudly given it their imprimatur. On the other hand, I would imagine there are innumerable non-aligned instances of non-identity embedded in software that does not necessarily exist to make itself known to, or provide cover for, US agents. Such software could even exist without being hysterically perceived/sensationalized as anti-American!

There is no 'compromise' because there exist no other ways to accomplish the same goals - you cannot have anonymity without treating each actor equally, because in a well-functioning system, you cannot obtain the necessary information to remove 'undesirable' actors.

Such a concept would preclude anonymity that is invisible to certain 'actors' as a prerequisite of its becoming (whether intentionally or inadvertently). Its means of non-identity may even be relatively passive and oblivious, or may have had no knowledge of whether 'that which it could not help but appear as invisible in relation to' was 'undesirable' or not.

Boring, anti-climatic disclaimer: I connect 'directly' to the internet through a residential gateway most of the time.

 

[joepie91]

A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.

That is false. The presence of American agents is in no way required for the correct functioning of Tor.

True, it obviously isn't 'required' and I never said it was. I'm not sure if you're intentionally misreading me but I'll try again. What I meant is that such copious public funding suggests the branding initiative known as Tor was constituted in large part by American soft power. A certain percentage of its 'real-time' throughput is probably representative of various American government agencies in a demographic context, although that is only speculation as I wouldn't know (blah blah 'following the money' is meaningless in post-post-neocapitalism or whatever).

Not intentionally misread. It's very well possible that the US government uses Tor a lot. This is inevitable.

I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.

His critical point is that as a Tor user you are essentially saying: "My usage of Tor is a guarantee that the American government will have a greater chance of being anonymous on the internet. As Tor's userbase becomes more widespread and eclectic, the probability of government agents blending in increases, thereby invisibly augmenting American soft power."

Levine takes issue with contexts of internet anonymity whereby 'government presence in the software' is an unavoidable prerequisite of the software's functionality. He is simply asking, "is that what you want the meaning of your anonymity to be?"

This is a prerequisite for technical anonymity as a concept, and is unrelated to Tor itself.

I disagree. I'm not very experienced or well versed in/on the subject but would wager that 'government presence in the software' is not necessarily a prerequisite for anonymity as a concept (although such 'technical prerequisites' might strategically vie to appear within dystopian niche-markets...). There may be instances of Tor within infinite universes that are not expressive of American soft power. Other Tor-like software may exist that was not produced by a government and will never announce itself to the public. The more or less guaranteed presence of a particular association of government agencies would not be a prerequisite for the emergence or reification of such software.

Government presence is not required. Tolerance of government presence however, is. The whole point of a truly anonymous system is that you cannot identify actors, and if you cannot identify actors then you also cannot exclude them. It is, thus, inherently required for a correctly functioning anonymity system.

You can either tolerate everything, or tolerate nothing. It is inherent to the model of 'anonymity', and is in no way related to the US in particular.

'All or nothing' binary options regarding 'toleration' are probably not inherent to 'models of anonymity'.

They absolutely are. See above. It really is this binary - that is just how it works from a technical perspective. Wishing it to be otherwise doesn't change that.

There is no 'compromise' because there exist no other ways to accomplish the same goals - you cannot have anonymity without treating each actor equally, because in a well-functioning system, you cannot obtain the necessary information to remove 'undesirable' actors.

Such a concept would preclude anonymity that is invisible to certain 'actors' as a prerequisite of its becoming (whether intentionally or inadvertently). Its means of non-identity may even be relatively passive and oblivious, or may have had no knowledge of whether 'that which it could not help but appear as invisible in relation to' was 'undesirable' or not.

Boring, anti-climatic disclaimer: I connect 'directly' to the internet through a residential gateway most of the time.

Absolutely no idea what you're trying to say here.

 

[HN-Matt]

It was in response to your theory of 'correctly functioning' internet anonymity as a utopia of tolerance and equality.

In short, anonymity that is invisible to certain 'actors' as a prerequisite of its becoming would have very little to do with 'equality'. Seems likely that it would not emerge as anything other than a reaction to an absence of equality, whether consciously or not.

 

[joepie91]

It was in response to your theory of 'correctly functioning' internet anonymity as a utopia of tolerance and equality.

It's not a "utopia". It's a technical requirement.

In short, anonymity that is invisible to certain 'actors' as a prerequisite of its becoming would have very little to do with 'equality'. Seems likely that it would not emerge as anything other than a reaction to an absence of equality, whether consciously or not.

Again, really not sure what you're talking about. Correctly functioning anonymity protects your identity from all parties, not just some.

 

[KuJoe]

Anybody else remember back in the day when you didn't like something you just didn't use it?

 

[HN-Matt]

@KuJoe true, I recant.

I suggest reading Recantorium and substituting the author's biographical details with randomness, then replacing instances of "National Poetry Month" with "Tor" and "Poetry Commonwealth" with "Internet". Don't forgot to replace "Books of Accessible Poets" with "Anonymous Tor Connections" (or any phrase of your choosing) and so on.

 

[HN-Matt]

Autonomy Cube, a motherboard displayed under transparent glass that operates as a Wi-Fi hotspot, protected from government surveillance with Tor anonymisation software.

 

[HN-Matt]

From there, you could on that local desktop run something like sshuttle to provider a nested 3rd level.  3rd level and beyond gets complicated.  sshuttle messes with iptables, so might be best to connected to a HTTPS remote proxy on that third layer.

Wanted to return to this as I hesitantly tried sshuttle for the first time a few hours ago. Without getting technical, I don't like how its nesting functions as a single point of failure (thereby perma-infantilizing subsequent connections and putting them at risk). If the goal is connecting via randomized multiplicity, why would anyone want one nest along the continuum to...