TechSpot

TOR, VPN, Browsing Security Question

By okap1
Dec 21, 2014
Post New Reply
  1. Newbie looking improve security and privacy/anonimity a bit.. Always start with my browsing habits , browser settings (NoScript, Adblock Plus, Disconnect, etc), Hardware/sw configs (using KIS, MBAM Pro & other s/w for on demand). Also, update regularly...

    Question = Is the Tor portable browser or VPN's (eg: Private Internet Access...Cyberghost) any help and how does TOR differ from PIA? Is one preferable over the other/ ( won't even bother asking about Tails & Inverse Path).

    Just a regular guy looking to surf without leaving crumbs or revealing personal info.

    And them I hear about 'end to end encryption to avoid middleman attacks....how does a noob deal with this?

    Someone responded to me (re: TOR & VPN) with the below answer,, suggesting it's all essentially worthless. So, why do tech sites still recommend them? Also heard using TOR now raises red flags with NSA, etc... Confused...

    Thanks
    -------------------------------------------------------------
    "TOR or any other proxy should never be thought of as a security measure. Proxies are ran by any one many of whom do not have your security as a interest. Once your on a proxy they can do any thing they want such as presenting you with a fake log in page for your bank or paypal ebay etc. These fake pages can not be detected by normal anti phishing tools or methods. Do not ever go any where where security is a concern while behind any form of proxy that you do not control. Running your own squid proxy caching or not can be a boost to your security by removing things such as advertisements from 3rd parties on web pages etc. But and I speak from experience here a proxy can cache a web page say the one for pnc bank. At this point a person with only moderate coding skills can now make that page send them your username and pass word or in the case of a online store credit card information. And the bad part is it will or can be made to still allow you to log in or purchase the item etc. You would never know it happened until it was far to late.

    Proxies such as tor etc may have some small benefit to your anonymity but with the ability to finger print not only your browser but your os and even your computers hardware even that is questionable today. Even though in a server log it will show the proxies user agent or should web pages can use java script and other methods to gather information about your browser os screen res logged in user name video card even your real ip."
     
  2. learninmypc

    learninmypc TS Evangelist Posts: 6,596   +335

    I had the Tor browser on my W7 for a few months but removed it yesterday when it wouldn't launch. Yes, I clicked on it, waited several minutes & gave up.Good luck.
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    @oakp1 At least you are thinking about the issues and seeking inputs; BRAVO!

    First understand there is no silver bullet for ANY aspect of security - - no single solution solves all issues.

    The comments re PROXYs is all valid - - you give up control of what is accessed to some unknown 3rd party. Commercial business frequently use a proxy to control and monitor usage and data moving into & out of the company. When they configure the networks correctly, there is no direct path from the Internet to their servers and internal employee browsers on port 80 get nowhere.

    End-to-End encryption is very secure. However, the details matter.

    SSL connections are not e-t-e, but only client browser to webserver. E-T-E is application-to-application. A webserver has protected data from the connection BUT reads/writes unprotected data (most of the time[*]) to and from the server disks. Until data is read/written in encrypted form, the server HDs expose everything.
    ( [*]this is how Sony was hacked: once access was gained to the HDs, the game was lost.)

    The VPN is but another approach like SSL - - it protects only the over-the-wire visibilty.

    Back to your primary concern
    1. Personal Info
    2. leaving tracks
    On (1): Avoiding personal info is in the last analysis, entirely up to the user. Years past I had Norton Security and it claimed to protect all such - - *IF* you told it what to protect, eg SSN, birthday, address, phone number, credit cards . . . What a joke!! Give it all to Norton in the guise of privacy? It would be stored somewhere in some form and that's the tip of the iceberg. DON'T disclose xyz it you want xyz to be private and secure. Just because some program ASKS for data does not mean they have a right to, will protect, or even need it to enable the application. If it is required, then YOU make the choice to disclose and give up privacy and security OR give up the application. I had an issue with Verizon on this and refused to disclose some information and thus dropped their service and told them why too.

    Pesonal experience: I use online banking and credit card payments. I manage the logins and keep my system up-to-date. These are all SSL access and I need to keep the certificates uptodate. For record keeping on my PC, I encrypt critical files on the HD and keep backups, just in case the laptop goes for a walk [ie stolen].

    on(2): Tracking of access: Sorry, it's naive to think all traces can be under your control. No matter what browser settings you use or TOR like deep anonymous connections, every webserver you access has a file, naked as all heck, showing
    • source ip, date-time, server file accessed
    and even with TOR, there's a path back to your ISP address. If someone want's to known and willing to spend the time and money to get to it, YOU can always be found.

    There are good reasons to be cautious regarding privacy and security - - just don't get paranoid over it. Use good reasoning before you click or fill-in some online form. Remember; the only way to keep a secret is not to tell.
     
    nickc and SNGX1275 like this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...