After some difficulties, I was able to launch TOR for the first time. The browser took 18 seconds to display the general page of Wikipedia. This will obviously be impossible for my professional activities.
I’m thinking of using (at the same time) several ways to connect to the Internet, depending on my profiles:
without VPN, for activities where I want to be clearly identified; I may never use this profile;
with VPN, for activities for which I don’t mind being “a little” identified. It’s also useful to get around location-related obstacles.
with TOR, for activities for which I want to be totally anonymous.
Can you confirm that I will be able to use these 3 types of connection simultaneously? For example, I will not use a VPN for a personal activity (in qube 1); at the same time, I will use a VPN for my professional activity (in qube 2); at the same time, I will use TOR (whonix) for a secret personal activity (in qube 3).
Won’t these 3 simultaneous connections disclose my activity on TOR? My presence (true or false) in a country?
Another type of network would be a cascade of VPNs (with different suppliers and countries): more secure than a single VPN and a higher throughput than TOR.
I also wonder: How can a VPN provider have VPNs (for example in Germany) without being obliged to keep logs? Some providers claim that they do not keep any logs…
How are the big VPN providers independently audited? Open source? Audit tool? Is it really reliable?
Your setup should work for what you want to do. The idea of Qubes is to separate your computer into compartments, so one Qube for each type of connection is part of that idea.
That sounds worse than Tor. Tor will build a different circuit for each website you access, whereas a VPN cascade will leave you with a fixed IP.
Lots of people have been working on traffic analysis of Tor, but nothing works at the moment.
Don’t trust anyone. If they’re not keeping logs, their cloud provider (if they use one) probably is.
Having said that, for activities where I need to use my real identity, I will still use a VPN-free connection (or a VPN), because I really need a very high throughput. In such a case, the advantage of using a VPN is:
to avoid having products targeted for a country you are not interested in: for example, you are in Spain, but you want to be considered in the USA.
to hope to hide my geographical position (my IP address).
But let’s think about it to the end… Let’s say I take NordVPN… its headquarters is in Panama, its payment collector is in Wyoming, and its headquarters is in Cyprus. Still, it has the profile of a provider that seeks to preserve the anonymity of its customers: it therefore gives a certain amount of confidence … oops! Now let’s imagine that I add to the first VPN another VPN located in a tax haven. It is very likely that there will be no transmission of information. That said, we cannot be 100% sure. A new Snoden should not use this system
Another thought: it is strange that the countries in which providers are obliged to keep historical data … allow the purchase from the same providers that boast of not keeping historical data. In other words, the police states tell the suppliers “you are not allowed” … the suppliers tell their customers “we do not respect this obligation” … they can still buy the product! On the other hand, if we consider for example NordVPN, how does it manage to have servers for example in Germany?
I often sys-whonix > Restart Tor GUI until I get a faster connection.
This sounds like multi-hop. I know Private Internet Access has it. Nordvpn has Double Vpn which I assume is one hop. You set it up in their gui app.
I don’t understand the hype around logs. I’ve read they monitor traffic, so if that ability is there, a warrant can be obtained for it. I’m more concerned about this instead of logs.
I think the audits varies by company based on some searches I’ve read. Correct me if I’m wrong but open source doesn’t mean there’s a back door nobody knows about?
