Posted by overvalley in Privacy
One vpn explains that you can use port-forwarding between vpn hops to connect a near server, and then forward through their fast network to a remote server. The near connection and "internal" port forward can supposedly give a speed advantage with a simultaneous multi-hop privacy advantage.
Does the port-forward affect layered encryption? Is port-forwarding simply a standard feature of multi-hop connections?
smartypants wrote (edited )
hopping adds no real benefit, other than perhaps protecting you from COMPROMISED machines logging raw connections along the way. most VPN companies, excluding ExpressVPN, have been in the news as compromised by nation states, even NORD VPN last year.
HTTPS protocol, by design , prevents man in the middle, and not even VPNS or ISPs know anything about your URL you are using, not even the domain name, just the IP address and the fact that you are requesting a port 443 HTTPS connection.
DNS traffic deduces domain name target, but IP already zeros in target unless using VPNs.
HTTPS is secure, but sadly, once connected to https://ramble.pw or any https site, backdoor exploits added to tor browser , by NSA/CIA, in the form of "ACCIDENTAL CODE SUBMISSIONS" to tor browser used in TAILS, leaks your IP to the target. This means...
... that using one or even a chain of VPNS can have the ENDPOINT (https://ramble.pw or ISP of https://ramble.pw) exploit your TAILS tor browser via javascript (typically), or WebRTC (in the past) to LEARN YOUR ACTUAL TRUE IP ADDRESS!!!
This means that the HTTPS encrpyted traffic is still secure, end to end, but your IP address can still be logged using VPNS, by the endpoint.
Thse ways and means show up in federal court cases when FBI is forced to reveal tactics under a Judges order in court trials.
They for years tor browser in TAILS had hidden backdoors proven if you read the release notes of TAILS TAILS too? Yup, Even the famous https://tails.boum.org/
...had WebRTC enabled by accident (or by mossad on purpose) in past versions of TAILS, and if you read ALL THE CHANGE NOTES OF ALL VERSIONS you will learn I am telling the truth on the one little note they fessed up.
https://medium.com/@blackVPN/critical-windows-exploit-webrtc-can-expose-your-real-location-ip-address-even-when-using-a-vpn-4555d2fd280d
https://www.exploit-db.com/exploits/44403/
https://blog.ipvanish.com/webrtc-security-hole-leaks-real-ip-addresses/
https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html
https://www.reddit.com/r/VPN/comments/2tva1o/websites_can_now_use_webrtc_to_determine_your/
That is NOT the only weakness in Tor browser, there were other non-WebRTC leaks!!!! Javascript (required for every free speech social site) and (required for Cloudflare) had exploits in summer 2019 that leaked endpoint IP addresses, and even allowed kernel level OS alteration on Mac OS using TAILS!!!!!! Many years of tails exploits prior too.
NO large web browser should EVER be trusted not to divulge IP addresses over VPN
Anyone trusting using TAILS along with its graphical browser, is a patsy. The rest are in prison already if they were criminals.
Only use text messaging , not a graphical web browser, when using TAILS, or tor services and VPNs! No fancy web browsers!
Even better, use a "one time visit" concealing gait and face, to a coffee shop.
Remember TOR/TAILS often runs unstoppable javascript using exploits by FBI, such as the infamous recent noscript vulnerability!...
https://www.netsparker.com/blog/web-security/noscript-vulnerability-tor-browser/
javascript code can cause lots of problems for your anonymity, and even root your machine , as in summer of 2019.
HTML5 fingerprints and indestructible cookies also thwart SOME VPN users too :
https://33bits.wordpress.com/2010/02/18/cookies-supercookies-and-ubercookies-stealing-the-identity-of-web-visitors/
25% of sites fingerprint you using javascript (CloudFlare and others, require javascript to connect)
2020.08 : A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts! https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/
In 2021, hundreds of research papers on novel fingerprinting techniques of browsers exist, and even I designed some using html5 graphics, not yet widely known by other researchers and not yet stopped in Google Chrome.
TAILS? use HiddenVM too
If you must try t connect to a https web site anonymously, use a hidden privacy VM OS and a set of privacy tools, at a public wifi :
https://github.com/aforensics/HiddenVM
https://news.ycombinator.com/item?id=22492343
There are many reasons why you may want to use HiddenVM.
whonix OS! inside HiddenVM, for TAILS on a USB, for coffeeshops or libraries: ...
I SUGGEST if you do not need OSX or Windows, to install Whonix secure Tor anonymization and TAILS inside your HiddenVM !!!
https://www.whonix.org/
TL/DR : NO CONNECTIONS MADE FROM YOUR HOME ARE SAFE FROM FBI/NSA if using a BROWSER, vs text chat. Hopping does nothing to protect HTTPS more than it already provides