[OPSEC/Computer] Chaining VPN's

So we should all use a VPN if for nothing else a bit of privacy but...............

Even though we have VPN services that claim to keep no logs and use shared ip's I don't fully trust them. I am looking for a bit of extra security just in case a certain VPN company is infiltrated or otherwise compromised/ cooperating with big brother. So I figured layering VPN's may be an option.

I don't want TOR to leak my vpn ip through an exploit or weakness and then that vpn be forthcoming with my real ip.

Can anyone point me to some sort of layering concept outside of TOR? Still the softest point of failure will be the first VPN I connect to no matter what I do but if I were to layer vpns then it's likely that anyone looking would run into an uncooperative vpn service before they reach the ip of the "original" VPN.

I hope this makes sense. Basically I would like to build my own small onion outside or TOR, and then connect to TOR.

I have read some literature where this has been somewhat successful using Whonix-Gateway and Whonix-Workstation on a host machine but alas I'm not super computer fancy or smarts. I can however pay someone to set this configuration up for me and have it double checked by someone else.

I'm assuming there's no "simple" answer for this but the simpler the better.

Aside from using VPN->TOR (since you can't use a vpn with TAILS) is there another layer I could add between me and my real ip?


Comments


[3 Points] Vendor_BBMC:

You don't have to pay for TOR, so there is no track back to you. Its like a bunch of free VPNs chained together.

If you use two commercial VPNs first, at least one, statistically, will be cooperating with the government.


[2 Points] Ande2101:

Consider any paid-for VPN that claims not to keep logs is at the very least completely compromised by the NSA and most likely also working with LE. If you're not a spy or being targeted by world leaders (i.e. Assange, Snowden or DPR) then the NSA isn't a worry and Tor is probably strong enough protection.

If it isn't enough then your worst enemy is probably timing attacks. Your best protection here would be some hacked Linux boxes with SSH/SOCKS proxy plus Tor, then add a script that mixes traffic from other users while generating fake traffic of its own and relaying a recorded post to a site while you're not even connected.

If you just want to fuck about with linking proxies together to cross boundaries then proxychains is a nifty tool, you can make a SOCKS proxy from any SSH account you control and put Tor in the middle. Combine those two and you can bounce connections around the planet like in the movies, which is cool as fuck but probably uncalled for.


[2 Points] 666fun:

Why?

Vpn's are of no use around here except for preventing your ISp from knowing you're using tor. And if you're visiting hidden services with JavaScript turned off, your IP isn't getting revealed, unless you're being stupid and trying to run a hidden service from your house.

This sub vastly overrates the suitability of VPns fir their needs.


[2 Points] someoneknowsmynose:

Dear watched1, good question and yes, creating a chain of nested VPNs / Porxies which are finaly routed through TOR is the exact thing you want to do while browsing onions and not have to be concerned much about your privacy. WHONIX is by far the most easy solution to do this in a safe way. If you are in severe paranoia, you could even consider a layer of I2P inbetween to produce "fake traffic" ment to securely obscure your traffic for quantitative analysis. I know it is a wall of text, but it is not that hard to configure and since it is about privacy, please don't miss a good read:

Nested Chains of VPN's and Tor


[1 Points] None:

[deleted]


[1 Points] _BorisGrishenko:

You can use Oracle VirtualBox (freeware) to run a virtual/"guest" OS on top of your host OS with the virtual network adapter set to NAT and then run a VPN on your guest OS as well as your host OS to effectively chain VPNs. Then run TOR on your guest OS; traffic will go through Tor > VPN on guest > VPN on host. You can also use the "snapshot" feature to restore the guest OS to a clean state at each boot (similar to how TAILS is a clean slate at each boot).


[1 Points] PIXEL_MACHT_FREI:

This comment has been overwritten by an open source script to protect my privacy.

If you would like to do the same, add the browser extension TamperMonkey for Chrome (or GreaseMonkey for Firefox) and add this open source script.

Then simply click on your username on Reddit, go to the comments tab, and hit the new OVERWRITE button at the top.