Jan 29

TOR vs VPN Services…. Who Wins?

English No Comments »

Finally, and as we promised some time ago :D, we will address this important question:

Why not use TOR, which is a free service, for providing anonymity and privacy online?

 

To the layman, TOR is defined as:

TOR is a free software and open network that helps protect you from all forms of online surveillance and threats to your personal freedom and privacy. Tor protects you by routing your communications through a network of servers distributed around the world and provided / managed by volunteers.

 

In this sense, the objective of TOR and a VPN service such as TUVPN.COM is the same. Protecting the security, privacy and anonymity of your communications. One of the differences, as you may have already noticed, is that there is usually a small fee attached to accessing a VPN service, while TOR is free. In this difference lies the core advantages / disadvantages of both options.

 

Let us now graphically look at the TOR network structure. It is important to emphasise again that this is a network created from servers offered and run by volunteers. Looking at the implications of this is point:

 

TOR vs VPN anonymity and privacy service

 

As we can see, our communication enters the TOR network through an entry node, then it tumbles from one server to another within the network and finally reaches a TOR exit node, and from there to our Internet destination. The communication is encrypted from your computer to the exit node that decrypts it before sending it to its destination.

Anyone can create a TOR node and add it to the network. This can be for honest and selfless reasons, or not. You can't choose whether your node will be an entry, exit, or intermediate node as this is random in each communication but it will probably go through all the roles at some point.

Imagine now that we are very bad and we decide to create our own TOR server node and add it to the network to serve our own purposes …  Let's see how much evil we can do depending on the role of our server in each communication. Lets use innocent "John" in this example. Remember, our server will go through all the server node roles according to TOR's random design:

 

1 - Our server acts as a TOR input node for John's communication.

As the communication we received from John is encrypted, the only thing we know is that John is connected to the TOR network (we can identify his IP). But knowledge of this alone is not important enough to feed our bad intentions.

 

2 - Our server acts as an intermediate node in John's communication on the TOR network.

Our evil intentions are not satisfied here either. The communication we recieve is encrypted and all we know is that it has come from a node on the TOR network before reaching us. Hopefully the next role our server can play on the TOR network will provide food for our evil appetite! ;)

 

3 - Our server acts as a TOR exit node for John's communication.

Now things get interesting for our evil intent! Our mission here is to decipher the communication through our exit node and send it to your destination. In so doing, we can see all data communication. We cannot know who sent the now transparent communication, we only know that we received it from an intermediate TOR node.

We can argue that by protecting the communication with the target (eg our bank or our e-mail or …) with SSL, there is no way for us to get to know the contents of John's communications.

Wrong again. As security researcher Moxie Marlinspike showed at the last  BlackHat Europe, we can mount a man-in-the-middle attack from our beloved TOR exit server and crack John's SSL communications.

Moxie gave a real-time demonstration of this attack that obtained a large number of passwords for all kinds of services from many users whose traffic was going through his TOR node. For more complete information about this topic: http://blog.phishme.com/2009/02/moxie-marlinspike-un-masks-tor-users/.

 

So we can see that the very nature of decentralised and distributed communication on the TOR network brings some problems.

 

Another drawback, in our humble opinion, of TOR vs a VPN service, is speed. Anyone who has used TOR for something more than just reading emails will know what we are talking about. Unfortunately, bandwidth has a price. Free and open services like TOR just cannot deliver this bandwidth.

By contrast, a VPN provider such as TUVPN.COM, has the resources to secure and supply this bandwidth for their services, and allow its customers to enjoy streaming and other bandwidth intensive activities. Something that is unthinkable with TOR.

 

There is no doubt that TOR has its uses, if one is aware of its limitations. All the same, VPN services also have their uses and , most probably, their limitations. It is just a matter of being able to choose and with the right information come the right decisions !

 

PS: Not to add fuel to the fire, but this week has seen TOR in the news. It has asked its users to upgrade their software as a result of attacks on its servers that run TOR directory authorities. More information:  http://news.zdnet.co.uk/security/0,1000000189,40004185,00.htm

 

TUVPN.COM Team

Go to TUVPN.COM

Jan 27

TOR contra Servicios VPN: Quién gana ?

Español 2 Comments »

Bien, finalmente y tal como prometimos ya hace un tiempo :D, vamos a abordar la crítica pregunta :

Y porqué no usar TOR para el anonimato y privacidad online, que además es gratis ?

 

Para los profanos en la materia, TOR se define como :

TOR es un software libre y red abierta, que ayuda a protegerte de toda forma de vigilancia online que limite y amenace tu libertad personal y privacidad. TOR te protege, enrutando tus comunicaciones a través de una red de servidores distribuida por todo el mundo y proporcionada/gestionada por voluntarios.

 

En este sentido, el objetivo de TOR o de un servicio VPN como TUVPN.COM, es el mismo. Proteger la privacidad y anonimato de tus comunicaciones. La diferencia principal, y de la que ya te habrás dado cuenta, es el hecho de que un servicio VPN generalmente es privado y de pago y TOR es libre y gratuito. En esta diferencia estriban las ventajas/inconvenientes de las dos opciones.

 

Centrémonos ahora gráficamente en la estructura de la red TOR, recordando que esta es una red creada a partir de servidores ofrecidos y administrados por voluntarios, y viendo las implicaciones de este punto :

 

tor contra servicio vpn de anonimato

 

Como podemos ver, nuestra comunicación entra en la red TOR a través de un nodo de entrada, luego va saltando de un servidor a otro dentro de la red y finalmente sale de TOR por un nodo de salida y de ahí a nuestro destino. La comunicación está cifrada desde nuestro ordenador hasta el nodo de salida que la desencripta antes de enviarla a nuestro destino.

Como también hemos dicho, CUALQUIERA puede crear un nodo TOR y agregarlo a la red, sea con fines honestos y desinteresados o no. No puede elegir si su nodo será de entrada, de salida o intermedio, esto es aleatorio en cada comunicación, pero probablemente pasará por todos los roles en algún momento.

Imaginemos ahora, que somos muy malos y hemos decidido crear nuestro propio servidor TOR para realizar nuestras maldades … lo creamos, instalamos software y se añade a la red TOR. Veamos cuanta maldad podemos hacer según el rol que le toque a nuestro servidor en cada comunicación de Juan (recordemos nuestro servidor pasará por todos los roles por el mismo diseño aleatorio de TOR!) :

 

1 - Nuestro servidor actúa como nodo TOR de entrada para la comunicación de Juan

Como la comunicación que recibimos de Juan está cifrada, lo único que podemos saber es que Juan se comunica con la red TOR (podemos identificar su IP), pero esto no lo consideraríamos una maldad suficientemente importante.

 

2- Nuestro servidor actúa como nodo TOR intermedio para la comunicación de Juan

Tampoco vamos bien por aquí. La comunicación que recibimos está cifrada y además solo podemos saber que viene del nodo TOR anterior. Esperemos tener más suerte con el próximo rol ! ;)

 

3 - Nuestro servidor actúa como nodo TOR de salida para la comunicación de Juan

El índice de maldad se pone interesante ! La misión de nuestro nodo aquí es descifrar la comunicación y enviarla a su destino. En este sentido podemos ver todos los datos de la comunicación. No podemos saber quién los envió (solo sabemos que nos llegó del nodo TOR anterior).

Podemos argumentar, que protegiendo la comunicación con el destino (p.e. nuestro banco o nuestro correo electrónico o …) con SSL, no habrá forma de que nos salgamos con la nuestra y podamos averiguar el contenido de la comunicación de Juan.

Falso de nuevo. Como el investigador de seguridad Moxie Marlinspike demostró en la pasada BlackHat Europe, podemos montar un ataque man-in-the-middle en nuestro querido servidor TOR de salida y romper las comunicaciones SSL de Juan.

Moxie hizo una demostración del ataque en tiempo real y consiguió una gran cantidad de passwords para todo tipo de servicios de muchos de los usuarios cuyo tráfico circuló por su especial nodo. Para información más completa sobre este tema: http://blog.phishme.com/2009/02/moxie-marlinspike-un-masks-tor-users/.

 

Así pues como vemos, la propia naturaleza distribuida y de control descentralizado de TOR acarrea sus problemas.

 

Otra de las desventajas, según nuestra humilde opinión, de TOR respecto a un servicio VPN es la velocidad. Cualquiera que haya usado TOR para algo más que leer correos … sabrá de que estamos hablando. El ancho de banda tiene un precio, y el hecho de usar un servicio libre y gratuito hace que las prestaciones del mismo sean limitadas.

En este sentido un proveedor VPN como TUVPN.COM, tiene más recursos económicos para contratar mayor ancho de banda para sus servidores y posibilitar p.e. su uso para streaming, cosa impensable de hacer con TOR.

 

TOR tiene sus usos, si se es consciente de sus limitaciones. Igualmente un servicio VPN tiene sus usos y muy probablemente limitaciones de otro tipo. En la oferta hay el gusto y con la información la elección acertada !.

 

P.D: No es para echar más leña al fuego, pero esta semana se ha descubierto un compromiso de los servidores de desarrollo de TOR, lo que podría haber comprometido la seguridad de sus usuarios si el software de TOR fué modificado. Mas información: http://informaniaticos.blogspot.com/2010/01/los-servidores-proyecto-tor-han-sido.html.

 

Equipo TUVPN.COM

Ir a TUVPN.COM

Jan 12

Why do I need a VPN? 3): “PROTECTION FOR WIFI CONNECTIONS (hotels, airports …)”

English 1 Comment »

In this post we'll start to see VPN Service applications that are not so well known but no less useful.

From our point of view, one of the most important applications delivered by our VPN service is the protection of communications over wireless networks (WiFi, WLANs, …).

With the proliferation of supply of wireless networks in hotels, airports, bars and countless other public places, and their increasing use by users of mobile devices (laptops, netbooks, PDAs, mobile phones …), the risks associated with use of such networks MUST to be considered.

Let us graphically show the risks associated with using public wireless networks:

 

 

Here we see two possible scenarios where our personal communications would be compromised. Let's look at each:

SCENARIO 1

In this scenario, 'Bad Boy', uses a device (can be a simple notebook with the right software or equipment much more sophisticated) to capture our traffic while he is under the wireless antenna (wifi access point).

The degree to which our communication may be compromised in this scenario depends on the configuration of the wireless access point and the wireless protocol supported etc. You can imagine that wireless network security is not the main concern of the owner of a bar, hotel, restaurant etc.

In general we can say that it would not be very difficult for 'Bad Boy' to get passwords for access to our mail services, examine our chats, get passwords for online services

SCENARIO 2

In this case, what has been created is a Fake Wireless Access Point. This attack is much more sophisticated and with much greater potential for harm.

For example; We're in a bar, we check if there is any wifi network and discover that we can connect to the WiFi network called 'TOM_BAR'. We assume that it´s the bar´s network. We access the wireless network and connect to our company´s webmail, our gmail, and to our bank.

With a set up like this, it is relatively easy to capture ALL our communications, even those protected by SSL (ie our bank) through a  man-in-the-middle attack (refer this link for more information on this; http://en.wikipedia.org/wiki/Man-in-the-middle_attack).

You can easily understand how dangerous a scenario like this is to our privacy, and it is not difficult to implement.

 

HOW DOES A VPN SERVICE PROTECT US?

Back to our graphical environment to see how a VPN service such as TUVPN.COM protects us against these scenarios:

 

 

As we can see, using a VPN service as we described in the post entitled PRIVACY, ANY traffic between our laptop and the VPN server (in this case Zurich) is encrypted.

This means that although 'Bad Boy' captures all the data he wants, he will not be able to ascertain its contents, because of the encryption offered by the VPN service.

Similarly, in the Fake Wireless Access Point scenario, the 'man-in-the-middle' cannot see anything more than an unintelligible string of zeros and ones because of the existing protections against such attackes within the VPN protocol.

We see that in this way we ensure privacy of your communications from ANY access place from which we connect to the Internet. You don't have to worry about your security, because YOU are providing your own security via use of a VPN service.

 

TUVPN.COM Team

Go to TUVPN.COM

Jan 11

Why do I need a VPN? 2): “PRIVACY”

English No Comments »

PRIVACY is the second key function of a VPN service.

What do we mean by PRIVACY and what are the differences compared with ANONYMITY?

In the previous post, when talking about anonymity, it was said that a VPN service protected our identity. That is, our IP. However, the fact that we are hiding our IP behind the VPN´s server IP DOES NOT in itself GUARANTEE that our communication cannot be intercepted and its contents examined (e.g by our ISP).

When using the real life example of the previous post i.e identity control when entering a building, it would be as if you enter the building and someone signs for you, BUT the guard at the door looks at you and recognizes you. Even if someone has signed for you, you´ve been reviewed and identified and obviously you can be kicked out.

Let´s see how a VPN provides PRIVACY :

 

As we can see, ALL TRAFFIC (emails, browsing, MSN / IM, Bittorrent / File Sharing, Skype / VoIP, online gaming etc..) we generate is ENCRYPTED between our computer and the VPN node to which we have connected (in this instance the Zurich server).

As an example, if we are John and live in Spain and we are connected to the vpn node of Zurich, because NOBODY BETWEEN SPAIN AND SWITZERLAND can examine our communication, nobody has any idea of its contents. This would make John very happy in the event that he felt his Internet access provider (ISP) was snooping on his communications.

Using the example again of entering a building, it would be as if your friend signed you in, and you were wearing an invisible cloak so the security guard could not see you. You need to use a little imagination now in this example!

We hope you understood. We accept any questions!

Because this post is becoming too long, the pros and cons of TOR compared to a VPN service will be left to the next post! We promise it is going to be very interesting. :D

 

TUVPN.COM Team

Go to TUVPN.COM

Jan 11

Why do I need a VPN? 1): “ANONYMITY”

English No Comments »

One of the two main uses of a VPN service is to provide ANONYMITY. The other is the provision of PRIVACY, which will be discussed in a separate post.

What do we mean by anonymity? Well, basically, to protect your virtual ID, i.e. your IP (Internet Protocol Address).

Everything is identifiable on the Internet through unique IP addresses. A VPN service hides your IP using one or more IPs belonging to the VPN service provider. Let's see it in a graphical way:

As we can see, with normal access to the Internet, most Web sites to which we connect receive a "signed" connection with your personal IP. This would mean in the real world that you would sign up at the entrance of any building you visit, show your ID, date and signature and off you go into the building! Maybe this is not something you want to do permanently, and everywhere!

In contrast, accessing the Internet through a VPN service such as TUVPN.COM, your identity, that is your IP, is hidden by the IP of the VPN server you have connected through (in the graphical example, Zurich the example of the real world, it's like someone signing for you at the door of the building and you get to enter the building.

The innocent question that many people ask is:

If I have nothing to hide why do I want to be anonymous on the Internet?.

The answer is that one does not need to be a criminal (as many people would want us to believe), for wanting to preserve his or her anonymity on the Internet. Some reasons:

  • Anonymous blogging -  understanding that your points of view can compromise you for work, religious, or cultural reasons.
  • Anonymous Instant messaging - for the same reasons.
  • Facilitate freedom of speech.
  • Avoid the risk that web pages we visit collect and trade our profiles and online behaviours.
  • Avoid the risk that web pages we visit gather private information during our connection ( your geographical location, operating system, type of browser, ISP, browser history…).
  • Anonymous email.
  • Geographical restrictions while travelling (content blocked by IP).

Once introduced to the concept of ANONYMITY and how it can be achieved through a VPN service, the more advanced reader will ask themselves the following question:

What is the difference between a VPN and a web proxy service / anonymous proxy?

Basically, and usually, a proxy ONLY anonymizes HTTP traffic (ie navigation). On the other hand a VPN service anonymizes ALL OUR Internet traffic, be it browsing, instant messaging, P2P, emails, IP voice mail etc. That is, a VPN service offers COMPLETE ANONYMITY without having to worry about the kind of traffic we generate on the Internet.

Finally, for expert readers (if any have had the patience to get here!), can ask another question:

Why not use TOR for anonymity and privacy online, which is also free?

This is a very good question to answer thoroughly in our next post on PRIVACY. Do not miss it!

 

TUVPN.COM Team

Go to TUVPN.COM

Jan 08

What is a VPN service?

English No Comments »

VPN or Virtual Private Network is an old concept in the world of computing. One possible definition is:

Safe communication method between two points through a public network

Security of your communication is ensured via encryption. Encryption algorithms are applied to the communication, making sure that nobody on the public network (Internet) can access the contents of your communication between two points. In effect it creates a private 'tunnel' between two points.

 

VPN

 

VPNs have many advantages and uses. Secure and low cost inter-office connection, secure remote access to systems, and private networking on the Internet to name just a few.

VPNs is becoming fashionable. VPN service providers such as TUVPN.COM , provide a solution to the growing concern the general public has about privacy and anonymity on the Internet.

Online privacy threats come from many fronts, starting with the Internet Service Providers (ISPs) that can analyze the traffic generated by users to create profiles of navigation and consumption. This information can then be sold to third parties for unsolicited marketing etc. Governments themselves create systems and organisations to collect and analyze massive amounts of Internet traffic. This is often argued to be done in the public interest, but where is the line drawn? How do we know where are information ends up? We can all remember cases of Government leakage of private information. There is a long string of companies and organizations who traffic our private data, collected through more or less transparent ways for all kinds of purposes. Do you wonder how spam emails end up getting to you?

VPN service providers such as TUVPN fit in this world? Generally we will put at your disposal one or more of our servers in different geographic locations to allow you to connect to the internet through our VPN client. ALL traffic between your computer and our VPN server that you are connecting to is encrypted and NOBODY can see or identify the content of that traffic. In this sense, the VPN service offers privacy between your computer and the VPN server chosen by you.

 

TUVPN VPN Service

 

Your Anonymity is provided via the concealment of your IP (Internet Protocol address), which is that unique signature/number that identifies you and your location. TUVPN.COM, like many VPN service providers, has a non-logging policy which means we do not store any information on the networking activity of our clients.

Through the careful selection of your VPN server provider, you can be sure that only you hold information on your Internet traffic…..browsing, emails, messaging etc.

Obviously, the key to using these services is trusting the integrity of the VPN provider and being comfortable that they deliver guarantees of anonymity and privacy. This is why a careful choice is necessary and highly advisable.

Many would say that if you do nothing wrong you have nothing to hide. This hits upon the eternal discussion on individual liberties and the limits and boundaries governments, corporations, and lobbyists continually debate. Ask yourself this question; Do you lock the door of your house when you leave? You would say, 'yes', and yet do you have anything to hide in your house? Probably not, but you want to make sure that what is private to you is secure and cannot be accessed by anyone without your control. Why therefore would we not want to put a lock on a part of our lives that is becoming more and more important in our day-to-day activities….banking, communication etc etc

Good uses of a VPN service are many and we will be detailing these in the following posts. As with so many things in life, VPN services can be perverted by users to other undesirable purposes, but why should this limit the availablity of such a service to the general public with legitimate uses.

 

TUVPN.COM Team

Go to TUVPN.COM

Jan 08

VPN Services - a guide: “Step by Step”

English No Comments »

Welcome !

Even if you are not yet a user of our VPN services, we hope you will find our blog on internet security and vpn services interesting.

We will try to reveal the details of the service we provide, why it is relevant to your life on the internet, and what technologies are hidden behind the service. In addition we will provide many more interesting facts and information about the world of VPN services, privacy and anonymity.

In our first post, we´ll dig down into the definition of a VPN Service, what types you can find and all the associated jargon.

We look forward to welcoming you as a customer and providing you with a first class service!

TUVPN.COM Team

Go to TUVPN.COM

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in