Tor or VPN - Any Security at All?

Hi All,

Whilst continuing on my never ending device security quest I stumbled upon this: :astonished:

( luckily before attempting to make OpeNyx phone clone after first flash of GrapheneOS on new Pixel ) :cold_sweat:

Are NordVPN users compromised?

Based on all available evidence, the answer appears to be no . NordVPN users have not been compromised by an attacker gaining access to one expired TLS key for a single server in Finland.

First, the hacker would not have any access to server logs because NordVPN is a no logs VPNprovider that does not store anything on its servers. NordVPN passed a third-party audit by PricewaterhouseCoopers verifying its no-logs policy.

Second, NordVPN utilizes perfect forward secrecy, which generates a unique key for every session using ephemeral Diffie-Hellman keys. This means that even with a TLS key there’s little a hacker could even do , since the keys are used for server authentication and not traffic encryption. As NordVPN pointed out above, the hacker would need direct access to the user’s device or network for an effective attack (extremely unlikely).

However more worrying is their article on Tor – though cannot ascertain if it ALL applies to LIVE USB usage. I knew about some of this, but not to this extent. Need to reassess my thoughts and consider withdrawing past recommendations – what do you guys think?

Of interest and note is the difference in tone between the two articles – NordVPN pay restoreprivacy for trade. Does auditing do anything but rubber stamp NordVPN and others? No – then how did the banking crises happen – with all those bundles of bad debt being eagerly bought, accounted for and audited – Ah questions…………

So you jump out of Tails+Tor and into a paid for VPN and you still get scr… :crazy_face:

Seem to be no further forward than when I started? So many blind alleys…
Is my quest futile? :thinking:

2 Likes

What is your end goal?
Is it to protect yourself OR conceal what you are doing?

There are other vpn services out there but in the end - the cost factor is always going to be there, in increasing amount - when you are sliding up the protection to concealment scale.

Hi @wadesmart Wade,

Well both really – just don’t like being spied upon at home or outside with every move that I make being analysed for threat or sales potential etc etc. Do not want any of my data such as medical records, insurance, banking, emails etc being sold on to third parties in the USA.

Quite happy with three computers but decided to improve my phone with disastrous security with pre-installed /e/ foundation phone. Have now installed GrapheneOS on a new Pixel phone – Yes I know it’s a Google brand! Was about to tweak it into an OpeNyx clone by installing Tor stuff on top when I discovered the articles above – Phew!

Put simply without any factual backup - are they promoting VPN for reward and therefore trashing alternatives like Tor? Please read their Mission Tab.

Having no personal VPN experience other than numerous widely known trust issues I was hoping members like your good self would help out. I take your point about cost but again as I have not tried out any service such as these tested items……

The one in first place comes in at much better value with their discount – what a surprise?

1 Like

I use a vpn occassionally, but I always use Nexus23’s blocklist with Peer Guardian.