# Linking together multiple VPNs and with randomness?



## SwitchBlade (Mar 14, 2015)

Is it possible to create a TOR like setup with vps servers used as a vpn? For example, connect to vps1 --> and vps1 connects to one or more additional vpses to send your traffic through? If not, someoen should make this. I see a lot of people do not trust TOR now for different reasons and this would do something similar and it would be your own personal private connection not used by others so it would be safer too.


----------



## KuJoe (Mar 14, 2015)

Yes, there's a tutorial on LET for this I believe. Essentially you're just running a VPN client and server on a single VPS, nothing fancy.


----------



## SwitchBlade (Mar 14, 2015)

KuJoe said:


> Yes, there's a tutorial on LET for this I believe. Essentially you're just running a VPN client and server on a single VPS, nothing fancy.


Do you have the url or remember what it was called so I can search for it?


----------



## MannDude (Mar 14, 2015)

Pretty sure I did something like this using SSHuttle ( ) but it was just a chain of two VPSes in the past. I always wanted to set it up so that I could (easily) switch the 'link' on the end the 'chain' when I wanted to use something else but never really bothered with it as it's rare I use a VPN to begin with unless travelling.

I don't think it'd really be all that hard in concept. Especially if you can live without the randomizing.


----------



## jamesvang86 (Sep 3, 2015)

Yes, you can . But it required some technical knowledge, not only to build it but also for using it.


----------



## joepie91 (Sep 3, 2015)

The point you're missing here, is that part of the safety of Tor is in it _not_ being a private connection. It works because you share the same relays with many, many other people, so individual traffic analysis becomes very hard. By setting up your own chain of VPNs, you're just making it a lot easier to deanonymize you.

Aside, there have always been concerns over Tor, most of them misguided (generally by VPN providers with a service to sell) or over-magnified (generally by media who want to score clicks). _Realistically_, the only real potential issue with Tor right now is traffic analysis. This can be defeated with padding, but that poses a bandwidth problem, and that's what people are trying to figure out right now.

More or less every "OMG Tor is broken!" article in the past 3-4 years has been either about Firefox vulnerabilities (which isn't Tor and not covered by the threat model), or about that traffic analysis (and it's a hell of a lot harder to pull off than people like to claim).

TL;DR: Don't worry about Tor too much. Rolling your own will likely just make you _more_ vulnerable. Contribute your resources to fixing the known traffic analysis issue with Tor instead. And if you're not capable of doing so, then you're also not capable of building your own, more anonymous alternative.

EDIT: And if you want to get more closely involved with Tor and the implementation details, contact the Tor project, and inquire about attending a meetup. I'm not sure how open-to-the-public they are, but I've been to one and it was very, very constructive.


----------



## drmike (Sep 4, 2015)

Well in fairness here, I think blinding your upstream with crypto, denying them DNS lookup info, and generally using nothing they understand / can plaintext read is the first step.

That first step for now remains a tunnel, be it VPN or another type.

Within that tunnel, have fun.  Open ToR up in there 

ToR has a place and does get negative PR.  It needs scrutinized and continued improvement.  Dealing with a stationary object, suspect code and engineering / data hurdles if it stagnates.

I remain on the fence about ToR.   I run such now and then as a non-exit node....  End user using the network.


----------



## wlanboy (Sep 4, 2015)

I am using VPN for two single reasons:


I don't trust public networks: Hotel, airport, train, customers, don't know if there is a proxy or any other sniffing rolling.
Some services need local ips ... bs like the region codes on DVDs
So for me it is just to secure my connection to the internet. No hiding, no cloaking at all.


----------



## drmike (Sep 4, 2015)

Well @wlanboy you points are most of why folks are on VPN    Those three words "I DON'T TRUST".  Be it public facility network or the public internet punched into your home or device, should make no difference.


----------



## wlanboy (Sep 4, 2015)

drmike said:


> Well @wlanboy you points are most of why folks are on VPN    Those three words "I DON'T TRUST".  Be it public facility network or the public internet punched into your home or device, should make no difference.



What I wanted to state is that I do not use VPN to hide my identity.
Basically using VPN and own DNS and Tor would not do anything to hide my identity if I afterwards log into my google mail account.


----------



## drmike (Sep 4, 2015)

Indeed!   Problem remains with net being what is (massive spy campaign) that it's just prudent to isolate and eliminate as much of your data as possible.

It isn't about the end human using this tech to behave or to be bad.  It's about the same layer in the middle with known bad behavior and intent to profile folks.

Like with anything else,  90%+ of all users are normal legit people exercising improved practices.  The other probably way less than 10% are the perpetual bad actors.

Of course VPN is being looked at more and more as some dirty thing.  That logic of 'if you weren't hiding anything, you wouldn't be using'.... Which I never liked as a social approach to dealing with humans.

Everyone around here should have multiple VPNs.


----------



## joepie91 (Sep 4, 2015)

wlanboy said:


> I am using VPN for two single reasons:
> 
> 
> I don't trust public networks: Hotel, airport, train, customers, don't know if there is a proxy or any other sniffing rolling.
> ...



That works, _if_ you operate the VPN yourself. If you're using a third-party VPN provider, then you've likely just moved the interception point. What better way to gain lots of data to intercept, than to attract people with the promise that you won't?


----------



## wlanboy (Sep 4, 2015)

joepie91 said:


> wlanboy said:
> 
> 
> > That works, _if_ you operate the VPN yourself. If you're using a third-party VPN provider, then you've likely just moved the interception point. What better way to gain lots of data to intercept, than to attract people with the promise that you won't?


Second that. I am of course using only selfhosted vpn services.


----------



## HN-Matt (Sep 18, 2015)

drmike said:


> Indeed!   Problem remains with net being what is (massive spy campaign)


On that note, a couple of articles placing Tor in an apposite historical context...

INTERVIEW WITH YASHA LEVINE: “IN 2013 TOR RECEIVED 90% OF ITS FUNDING FROM THE US GOVERNMENT”



Quote said:


> *According to your investigation, the developers of Tor have had connections with government agencies, the NSA amongst them.*
> 
> Well, it’s not just that some of the developers have ties to government agencies. The entire project was developed and continues to be actively funded by the U.S. National Security State: Pentagon, State Department, USAID and other federal government agencies that are dedicated to expanding U.S. power abroad.
> 
> ...


Further reading: Almost everyone involved in developing Tor was (or is) funded by the US government

I've used Tor infrequently before, more out of curiosity than anything, but was absolutely oblivious of its origins at the time. I guess it would be silly to suggest that its primary funding sources render it ineffective for uses beyond the scope of its original goals, but you might run into trouble if you start considering it through the lens of critical theory adages such as 'the medium is the message' and so on.


----------



## wlanboy (Sep 18, 2015)

Nice article - I am sure that those celebrity tech-hackers did not like that statement:



Quote said:


> *What is then, in your opinion, the objective of Tor?*
> 
> Well… there are several possibilities.
> 
> ...


----------



## joepie91 (Sep 19, 2015)

HN-Matt said:


> drmike said:
> 
> 
> > Indeed!   Problem remains with net being what is (massive spy campaign)
> ...





wlanboy said:


> Nice article - I am sure that those celebrity tech-hackers did not like that statement:
> 
> 
> 
> ...



I recommend reading up a bit more on these articles. Yasha Levine seems to be running some kind of bizarre feud against the Tor project, literally based _entirely_ on fallacies. There's not a single factual or technical point to be found in any of the articles, that hasn't been widely made and understood before. They're assassination pieces.

Who is funding Tor isn't relevant. At all. The whole point is that you can audit how it works for yourself, verify that it works as intended, regardless of who publicly(!) provides funding. If it were a honeypot, it could be funded behind the scenes as well, so in that sense it tells you nothing either. The funding behind Tor isn't secret, either.

Specifically, read this for a technical analysis on all of Levine's nonsense.


----------



## wlanboy (Sep 19, 2015)

joepie91 said:


> Who is funding Tor isn't relevant. At all. The whole point is that you can audit how it works for yourself, verify that it works as intended, regardless of who publicly(!) provides funding.


If the people who build TOR and getting 100k of $$$ from NSA and other Incs. would not hold the anti-establishment anti-NSA & we are the only right people flag - well - nobody would complain.


----------



## joepie91 (Sep 19, 2015)

wlanboy said:


> joepie91 said:
> 
> 
> > Who is funding Tor isn't relevant. At all. The whole point is that you can audit how it works for yourself, verify that it works as intended, regardless of who publicly(!) provides funding.
> ...


Not really. People _would_ complain (because where there's money/power, there's sockpuppets and a conspiracy theory), and that really was never the claim to begin with.


----------



## HN-Matt (Sep 19, 2015)

> I recommend reading up a bit more on these articles. Yasha Levine seems to be running some kind of bizarre feud against the Tor project, literally based _entirely_ on fallacies. There's not a single factual or technical point to be found in any of the articles, that hasn't been widely made and understood before.


Clearly Levine had no interest in writing about the technical substrata of Tor so I don't really see how citing a lack of technical persepctive is a criticism here. His focus was generalized ideology critique and historical context for a broad audience, i.e. _specifically non-technical_ analysis concerned with certain forms of _ideological embeddedness_. Within that rubric, I'm not sure what was fallicious or 'not factual'... and if everything he wrote had already been widely disseminated before, at the very least I had not known about it until stumbling upon those texts. In short there are different audiences / demographics / interest groups / levels of understanding out there. Not everyone travels at the cusp of relatively obscure tech development circles.



> Who is funding Tor isn't relevant. At all.


keep-calm-and-welcome-to-la-la-land-3.png



> Not really. People _would_ complain (because where there's money/power, there's sockpuppets and a conspiracy theory), and that really was never the claim to begin with.



I didn't notice any conspiracy theory leanings in what I read. Pretty sure it was just casually confirming certain historical markers about the project and letting readers come to their own conclusions?

& now I'm reminded of _A Scanner Darkly_.


----------



## HN-Matt (Sep 19, 2015)

> Specifically, read this for a technical analysis on all of Levine's nonsense.



Started reading it, doesn't really seem to be much of a rebuttal.
 



> Cloaking the online identity of government agents and informants is likely the reason that the DoD helps fund Tor--they depend on it as much as everyone else--but this is not the purpose of Tor.


Yes, that is what he was saying...
 



> Continuing on with Yasha’s hit piece, he goes on to cherry-pick the military and police uses of Tor, ignoring the rest of the users and then sets the stage for conspiracy nonsense


No, if you read what I excerpted above, you'll see that he specifically doesn't ignore the rest of the users. On the contrary, he lists various other uses as a way of emphasizing how the embeddeness he is critical of functions.
 



> He criticizes them for focusing on its ability to protect free speech from oppressive regimes.


I haven't read the Pando piece, but in the interview Levine doesnt offer such criticisms. In fact he says exactly the opposite:

_"It may be that there are legitimate uses for Tor. For instance, Tor might provide a good way for people in foreign countries to circumvent Internet censorship. These people might not care that Tor is funded and compromised by the US government, because they're not hiding from the U.S. government. They are trying to hide from their own government."_

Kind of hard to read on after that as Lee is clearly misrepresenting (or doesn't understand) Levine's intent.

Reading https://pando.com/2014/11/14/tor-smear/ now, pretty hilarious.


----------



## HN-Matt (Sep 19, 2015)

> Halpin later admitted that he lied about the CIA-Pando link, saying he did so in order to "prove" a larger point: that investigative journalism that follows the money—like reporting on Tor's government financing—is nothing but useless conspiracy mongering. Why? Because everything is "connected" so it's just silly (and a bit crazy) to make a connection between funding and influence. Halpin's editor added two corrections to the piece, including rewording my alleged CIA link to read _"So one could argue that the CIA funded Yasha Levine..." _And, yes, one _could_ argue that, assuming one was happy to fabricate facts from whole cloth.
> 
> As it turned out, Halpin, like the Tor developers and their defenders, had other reasons to try to discredit reporting on funding and conflicts-of-interest.
> 
> ...






> No wonder all these people are so upset by my reporting. They've branded themselves as radical activists fighting The Man and the corporate surveillance apparatus—while taking money from the US government's military and foreign policy arms, as well as the biggest and worst corporate violators of our privacy. By branding themselves as radical activists, they appear to share the same interests as the grassroots they seek to influence; exposing their funding conflicts-of-interests makes it hard for them to pose as grassroots radicals. So instead of  explaining why getting funding from the very entitities that Tor is supposed to protect users from is not a problem, they've taken the low road to discredit the very idea of reporting on monetary conflicts-of-interests as either irrelevant, or worse, a sign of mental illness.
> 
> Who would've thought that many of the people we've entrusted with protecting our online privacy have the same values as sleazy K Street lobbyists.


----------



## HN-Matt (Sep 19, 2015)

Guess I'll add that I have no argument re: the technical implementation of Tor or as to whether it is 'intentionally' a honeypot or not. I simply wouldn't know and am not interested in or capable of exploring it at that level.

With that in mind, I concede that Levine may have been talking out of his ass re: the honeypot angle, but at the same time I think it's hard to blame someone for speculating about such things when so much money from _a single government_ is involved.


----------



## drmike (Sep 19, 2015)

Government backing of ToR has always bothered me.

Nothing per se better to convince suspect minds about security than to say THE MILITARY USES IT / FUNDED IT.  Lots of bad actors fall for such civic pride / confidence.

I use ToR little as much gets blocked.  Creates a browsing hazard.  Further, any leak that might happens therein hinges that suspect network to use / terminal / IP etc.   I run clean limited use stations for some stuff just cause, but I fear leaking still.

Why does any of that matter?  Because eventually in sharpening this pencil of a privacy / anonymous layer, one would hope to perfect a formula that works.  Can't say I've achieved that goal sufficiently to point that I'd advise others follow the recipe.  Similarly, saying ToR = safe is a bad recommendation.    

Any single provider / single solution isn't going to cut it.  Things are a whole lot more complex than face value.


----------



## HN-Matt (Sep 19, 2015)

> Government backing of ToR has always bothered me.
> 
> Nothing per se better to convince suspect minds about security than to say THE MILITARY USES IT / FUNDED IT. Lots of bad actors fall for such civic pride / confidence.


Maybe Russians just have a completely different sensibility and aren't as easily persuaded when it comes to the thought of revoking cynicism re: government encroachments. Somehow I doubt that the practice of samizdat had anything resembling today's line-up of friendly neighbourhood government funded anti-surveillance media personalities to help disseminate it.


----------



## drmike (Sep 19, 2015)

HN-Matt said:


> > Government backing of ToR has always bothered me.
> >
> > Nothing per se better to convince suspect minds about security than to say THE MILITARY USES IT / FUNDED IT.  Lots of bad actors fall for such civic pride / confidence.
> 
> ...


Americons are prone to such delusions, perhaps unlike any other.  Surely others fall for the sprung trap, but...


----------



## HN-Matt (Sep 19, 2015)

Um, returning to the topic... might be considered crude, but could always create and save multiple X2GO sessions across an eclectic array of vps, then write a simple mouse & keyboard macro to open a random one. Do that a few layers deep and you'll have what the OP is asking for.

Or, get SummerHost V>9000 to do it for you as they offer a Premium Ready-Made Solution (they accept MoonPay too):



> These Are Custome Qoutes and must be done over a Tor connection that is connected by Tor, connected to a Tor VPN then to a VPN thats passed through another tor connection with another Tor connection and a random Spoofer connected to 3 reverse proxies.
> 
> We included a simple Program to do so. Please open a Ticket at the link above. one of our 20 sales staff will help out <.< . . . . . . . . . . . . . . . . . . . . . . . . . .


----------



## drmike (Sep 19, 2015)

HN-Matt said:


> Um, returning to the topic... might be considered crude, but could always create and save multiple X2GO sessions across an eclectic array of vps, then write a simple mouse & keyboard macro to open a random one. Do that a few layers deep and you'll have what the OP is asking for.
> 
> Or, get SummerHost V>9000 to do it for you as they offer a Premium Ready-Made Solution (they accept MoonPay too):
> 
> ...



That would be incredible on overhead and slow - just rule of any GUI.  I use X2GO, and it's tolerable at best.  Better than VNC, but still lacking.

Routing packets from local would be more approachable.  Simply, something like a Raspberry Pi, config'd as a gateway.  On that Pi, toss OpenVPN client which connects to a remote server in a datacenter.  

Now at one level of depth.

On your local desktop, make the Pi your gateway IP and one rule on the Pi to allow packets to flow back and forth. Iinstall OpenVPN client on the desktop, connect to another VPN / another provider.

Now at two levels of depth.

That's doable without any exotic and prone to breaking iptables rules.

--- trick is to connect to providers that perform well enough together with a really fast first layer, as the throughput will decline and latency will increase rapidly ---

From there, you could on that local desktop run something like sshuttle to provider a nested 3rd level.  3rd level and beyond gets complicated.  sshuttle messes with iptables, so might be best to connected to a HTTPS remote proxy on that third layer.

Downside of this approach is each layer upstream presents breakage where bandwdith goes offline.  Meaning you may find yourself manually restarting the nested layers from time to time. Quite a PITA, at least a first.

To keep it all sane, need to do something about DNS lookups which should get balanced to multiple public aggregation DNS servers and ideally over something like DNSCRYPT, although weary of the limited pool (there are some bigger providers like Cisco/OpenDNS in there, but downside with them is on center focus and data collection which we are all unsure of).

Yeah, this is essentially how I run multiple LANs 24x7.  I have DNSMASQ with a large domain block list on LAN also.

Won't win any throughput comptetitions with this... But it works.  Needs automated and some iptables rules to hard force everything into VPNs.. otherwise leakage will happen.


----------



## joepie91 (Sep 20, 2015)

HN-Matt said:


> > I recommend reading up a bit more on these articles. Yasha Levine seems to be running some kind of bizarre feud against the Tor project, literally based _entirely_ on fallacies. There's not a single factual or technical point to be found in any of the articles, that hasn't been widely made and understood before.
> 
> 
> Clearly Levine had no interest in writing about the technical substrata of Tor so I don't really see how citing a lack of technical persepctive is a criticism here. His focus was generalized ideology critique and historical context for a broad audience, i.e. _specifically non-technical_ analysis concerned with certain forms of _ideological embeddedness_. Within that rubric, I'm not sure what was fallicious or 'not factual'... and if everything he wrote had already been widely disseminated before, at the very least I had not known about it until stumbling upon those texts. In short there are different audiences / demographics / interest groups / levels of understanding out there. Not everyone travels at the cusp of relatively obscure tech development circles.


The whole point is that technical arguments are the only arguments that _matter_ here, _because_ of how Tor is designed. It is 100% technical security. If the background of those developing Tor matters in any way, then Tor as a project has failed - because it was designed specifically to not make that the case.

I'm not arguing that we should trust the Tor developers. I'm arguing that, from a security point of view, it _literally doesn't matter_ whether the Tor developers are trustable or not. It does not affect the security of Tor.



HN-Matt said:


> > Not really. People _would_ complain (because where there's money/power, there's sockpuppets and a conspiracy theory), and that really was never the claim to begin with.
> 
> 
> 
> ...


It isn't "letting readers come to their own conclusion". It's a manipulative propaganda piece. If it truly were intended to be a neutral informational piece, it would have been written in a wildly different tone.



HN-Matt said:


> _"It may be that there are legitimate uses for Tor. For instance, Tor might provide a good way for people in foreign countries to circumvent Internet censorship. These people might not care that Tor is funded and compromised by the US government, because they're not hiding from the U.S. government. They are trying to hide from their own government."_



And that is _exactly_ the problem with Levine's pieces. Note the phrasing. "funded and compromised by" - one of the two is true, and it's not the latter. Yet they are grouped together to create the illusion that there is somehow a correlation between the two points, where there isn't. These kind of propaganda tactics are all throughout his articles.


----------



## HN-Matt (Sep 20, 2015)

@drmike yeah, that seems like a better idea than X2GO eclecticism, although I still probably wouldn't risk it without a breathable full body Faraday suit. This is basically my current setup except I have a grenade bandolier of raspberry pis and I wear a tinfoil kippah rather than a garbage bin helmet:


----------



## drmike (Sep 20, 2015)

HN-Matt said:


> @drmike yeah, that seems like a better idea than X2GO eclecticism, although I still probably wouldn't risk it without a breathable full body Faraday suit. This is basically my current setup except I have a grenade bandolier of raspberry pis and I wear a tinfoil kippah rather than a garbage bin helmet:



I use X2Go   It's just rather bulky to go nesting with it.

Was thinking for additional 3rd layer one could run VirtualBox on workstation and reach out from that nested and those 2 VPNs.  Throw a different technology on the Virtual instance to mix it up and make it less obvious / prone to fubar gotcha.   Perhaps a SSH tunnel.

What a photo


----------



## HN-Matt (Sep 21, 2015)

> The whole point is that technical arguments are the only arguments that matter here, because of how Tor is designed. It is 100% technical security. If the background of those developing Tor matters in any way, then Tor as a project has failed  [...]
> 
> And that is _exactly_ the problem with Levine's pieces. Note the phrasing. "funded and compromised by" - one of the two is true, and it's not the latter. Yet they are grouped together to create the illusion that there is somehow a correlation between the two points, where there isn't. These kind of propaganda tactics are all throughout his articles.


Let me put it a different way. A quick look at the funding suggests that a _sine qua non_ of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously _guarantees_ their presence and _is constituted by it_. It has been that way since day one.

I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.

His critical point is that as a Tor user you are essentially saying: "My usage of Tor is a guarantee that the American government will have a greater chance of being anonymous on the internet. As Tor's userbase becomes more widespread and eclectic, the probability of government agents blending in increases, thereby invisibly augmenting American soft power."

Levine takes issue with contexts of internet anonymity whereby 'government presence in the software' is an _unavoidable prerequisite _of the software's functionality. He is simply asking, "is that what you want the meaning of your anonymity to be?"

As to whether the software itself is fool proof, that is beyond the scope of his writing.


----------



## joepie91 (Sep 21, 2015)

Quote said:


> A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.


That is false. The presence of American agents is in no way required for the correct functioning of Tor.



Quote said:


> I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.
> 
> His critical point is that as a Tor user you are essentially saying: "My usage of Tor is a guarantee that the American government will have a greater chance of being anonymous on the internet. As Tor's userbase becomes more widespread and eclectic, the probability of government agents blending in increases, thereby invisibly augmenting American soft power."
> 
> Levine takes issue with contexts of internet anonymity whereby 'government presence in the software' is an _unavoidable prerequisite _of the software's functionality. He is simply asking, "is that what you want the meaning of your anonymity to be?"


This is a prerequisite for technical anonymity _as a concept_, and is unrelated to Tor itself. You can either tolerate everything, or tolerate nothing. It is inherent to the model of 'anonymity', and is in no way related to the US in particular. There is no 'compromise' because there exist no other ways to accomplish the same goals - you _cannot_ have anonymity without treating each actor equally, because in a well-functioning system, you cannot obtain the necessary information to remove 'undesirable' actors.



Quote said:


> As to whether the software itself is fool proof, that is beyond the scope of his writing.


His writing and attitude suggested otherwise.


----------



## HN-Matt (Sep 21, 2015)

> Quote said:
> 
> 
> > A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.
> ...


True, it obviously isn't 'required' and I never said it was. I'm not sure if you're intentionally misreading me but I'll try again. What I meant is that such copious public funding suggests the branding initiative known as Tor was constituted in large part by American soft power. A certain percentage of its 'real-time' throughput is _probably_ representative of various American government agencies in a demographic context, although that is only speculation as I wouldn't know (blah blah 'following the money' is meaningless in post-post-neocapitalism or whatever).



> Quote said:
> 
> 
> > I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.
> ...


I disagree. I'm not very experienced or well versed in/on the subject but would wager that 'government presence in the software' is not necessarily a prerequisite for anonymity as a concept (although such 'technical prerequisites' might strategically vie to appear within dystopian niche-markets...). There may be instances of Tor within infinite universes that are not expressive of American soft power. Other Tor-like software may exist that was not produced by a government and will never announce itself to the public. The more or less guaranteed presence of a particular association of government agencies would not be a prerequisite for the emergence or reification of such software.



> You can either tolerate everything, or tolerate nothing. It is inherent to the model of 'anonymity', and is in no way related to the US in particular.


'All or nothing' binary options regarding 'toleration' are probably not inherent to 'models of anonymity'. Tor is related to the US in particular, they view themselves as innovators and have proudly given it their imprimatur. On the other hand, I would imagine there are innumerable non-aligned instances of non-identity embedded in software that does not necessarily exist to make itself known to, or provide cover for, US agents. Such software could even exist without being hysterically perceived/sensationalized as anti-American!



> There is no 'compromise' because there exist no other ways to accomplish the same goals - you _cannot_ have anonymity without treating each actor equally, because in a well-functioning system, you cannot obtain the necessary information to remove 'undesirable' actors.


Such a concept would preclude anonymity that is invisible to certain 'actors' as a prerequisite of its becoming (whether intentionally or inadvertently). Its means of non-identity may even be relatively passive and oblivious, or may have had no knowledge of whether 'that which it could not help but appear as invisible in relation to' was 'undesirable' or not.

Boring, anti-climatic disclaimer: I connect 'directly' to the internet through a residential gateway most of the time.


----------



## joepie91 (Sep 22, 2015)

HN-Matt said:


> > Quote said:
> >
> >
> > > A quick look at the funding suggests that a sine qua non of Tor is the presence of American agents. It would seem that Tor's anonymous motley simultaneously guarantees their presence and is constituted by it. It has been that way since day one.
> ...



Not intentionally misread. It's very well possible that the US government uses Tor a lot. This is inevitable.



HN-Matt said:


> > Quote said:
> >
> >
> > > I see you've become taken aback at Levine's suggestion that Tor is 'compromised', but he wasn't using that word in a technical sense. What he meant is that Tor is compromised by the presence of government agents in a context of American soft power.
> ...


Government presence is not required. _Tolerance_ of government presence however, is. The whole point of a truly anonymous system is that you cannot identify actors, and if you cannot identify actors then you also cannot exclude them. It is, thus, inherently required for a correctly functioning anonymity system.



HN-Matt said:


> > You can either tolerate everything, or tolerate nothing. It is inherent to the model of 'anonymity', and is in no way related to the US in particular.
> 
> 
> 'All or nothing' binary options regarding 'toleration' are probably not inherent to 'models of anonymity'.


They absolutely are. See above. It really _is_ this binary - that is just how it works from a technical perspective. Wishing it to be otherwise doesn't change that.



HN-Matt said:


> > There is no 'compromise' because there exist no other ways to accomplish the same goals - you _cannot_ have anonymity without treating each actor equally, because in a well-functioning system, you cannot obtain the necessary information to remove 'undesirable' actors.
> 
> 
> Such a concept would preclude anonymity that is invisible to certain 'actors' as a prerequisite of its becoming (whether intentionally or inadvertently). Its means of non-identity may even be relatively passive and oblivious, or may have had no knowledge of whether 'that which it could not help but appear as invisible in relation to' was 'undesirable' or not.
> ...


Absolutely no idea what you're trying to say here.


----------



## HN-Matt (Sep 23, 2015)

It was in response to your theory of 'correctly functioning' internet anonymity as a utopia of tolerance and equality.

In short, anonymity that is invisible to certain 'actors' as a prerequisite of its becoming would have very little to do with 'equality'. Seems likely that it would not emerge as anything other than a reaction to an absence of equality, whether consciously or not.


----------



## joepie91 (Sep 23, 2015)

HN-Matt said:


> It was in response to your theory of 'correctly functioning' internet anonymity as a utopia of tolerance and equality.



It's not a "utopia". It's a technical requirement.



HN-Matt said:


> In short, anonymity that is invisible to certain 'actors' as a prerequisite of its becoming would have very little to do with 'equality'. Seems likely that it would not emerge as anything other than a reaction to an absence of equality, whether consciously or not.



Again, really not sure what you're talking about. Correctly functioning anonymity protects your identity from _all_ parties, not just some.


----------



## KuJoe (Sep 23, 2015)

Anybody else remember back in the day when you didn't like something you just didn't use it?


----------



## HN-Matt (Sep 27, 2015)

@KuJoe true, I recant.

I suggest reading Recantorium and substituting the author's biographical details with randomness, then replacing instances of "National Poetry Month" with "Tor" and "Poetry Commonwealth" with "Internet". Don't forgot to replace "Books of Accessible Poets" with "Anonymous Tor Connections" (or any phrase of your choosing) and so on.


----------



## HN-Matt (Sep 28, 2015)

> Autonomy Cube, a motherboard displayed under transparent glass that operates as a Wi-Fi hotspot, protected from government surveillance with Tor anonymisation software.


----------



## HN-Matt (Nov 2, 2015)

drmike said:


> From there, you could on that local desktop run something like sshuttle to provider a nested 3rd level.  3rd level and beyond gets complicated.  sshuttle messes with iptables, so might be best to connected to a HTTPS remote proxy on that third layer.



Wanted to return to this as I hesitantly tried sshuttle for the first time a few hours ago. Without getting technical, I don't like how its nesting functions as a single point of failure (thereby perma-infantilizing subsequent connections and putting them at risk). If the goal is connecting via randomized multiplicity, why would anyone want one nest along the continuum to...


----------



## drmike (Nov 2, 2015)

HN-Matt said:


> Wanted to return to this as I hesitantly tried sshuttle for the first time a few hours ago. Without getting technical, I don't like how its nesting functions as a single point of failure (thereby perma-infantilizing subsequent connections and putting them at risk). If the goal is connecting via randomized multiplicity, why would anyone want one nest along the continuum to...



Sshuttle is easy, but it's damn slow.   Suitable for light browsing, text, etc.  Not suitable for file transfers and big data (will work, just super slow for folks use to more throughput).


Nesting in theory isn't putting anything at risk.  If a an upper nest gets offlined, then all the nested thereunder should cease to function.


It gets wonky on a single machine and more risk of suck a fail potential though.


I isolate things currently with a VPN gateway on center of the network.  This means  everything goes through there to get to the 'net.  If it's down, everything is.  On local machines I run whatever additionally depending on use.   That might be ToR on some machines or similar, that might be SSHuttle for spot nesting.  Usually it's another VPN instance though.


Obviously performance is an issue, so by tiering things, gives performance where wanted and slacky throughput and latency where higher level of concern applied.


----------



## HN-Matt (Nov 4, 2015)

drmike said:


> Nesting in theory isn't putting anything at risk.  If a an upper nest gets offlined, then all the nested thereunder should cease to function.



I was thinking of it the other way around. If a nest goes offline (upper or lower), in theory it should have no effect on the connectivity of any other nest. Shouldn't each nest be capable of functioning autonomously?


----------



## drmike (Nov 4, 2015)

HN-Matt said:


> I was thinking of it the other way around. If a nest goes offline (upper or lower), in theory it should have no effect on the connectivity of any other nest. Shouldn't each nest be capable of functioning autonomously?



Well it would be nice to have then be all independent, but nature of this is that if upper level breaks that cascades the outage downward or inward if you will.  It's a parent-child-child of child type arrangement.


Clearly this is a PITA approach where bandwidth is very bad and connections drop lots or where high latency is the norm.


Frankly with the amount of crap behavior, monitoring and even  data leaking by say 9 out of 10 sites:
http://motherboard.vice.com/en_uk/read/9-out-of-10-of-the-internets-top-websites-are-leaking-your-data


Plus toss on that all the hacks and outright leaks of data that can be inter-related.  Pfft, unique password per site?  How about unique username per site, anonymized content and tons of IP addresses


----------



## HN-Matt (Nov 4, 2015)

drmike said:


> Well it would be nice to have then be all independent, but nature of this is that if upper level breaks that cascades the outage downward or inward if you will.  It's a parent-child-child of child type arrangement.



Right, hence my usage of perma-infantilizing—the poor birds can never leave the nest!

Maybe 'anonymous' and _autonomous_ are too conceptually contradictory to be conflated at a theoretico-practical level. I guess it would require something like an [anony/autono]mous quantum superposition of sorts.


----------

