In light of the various misunderstandings surrounding so called multi-hop VPNs, this short treatise will help define some definitions and document some important information.

Multi-hop Defined:
A multi-hop VPN is a VPN network where data traffic streams through at least two or more VPN servers. A multi-hop VPN is not the same as a VPN cascade whereby a VPN is chained to additional servers (another VPN, SOCKS5, et al.)
The latter VPNs are single server tunnels that must be rerouted by the user to stream data packets through two or more servers. Users must configure a chain or cascade the VPN to access additional servers such as SOCKS proxies or additional VPNs.

The former, so called multi-hop VPNs, are very different. Multi-hop connections are preconfigured by the VPN service operator to route streamed data traffic through two or more VPN servers in the network.



The above illustration demonstrates a network akin to an onion proxy, though with important differences.

According to IVPN, all the servers in the network are owned and operated privately by IVPN, a Maltese based VPN provider. Unlike onion routing, where encrypted data is peeled over two or more independently owned servers, VPN multi-hop routing makes little sense in the way of anonymity, since there is no peeling of data traffic. Since all the servers are owned by the VPN operator, there is one continuous stream of data, regardless of the amount of servers present. Whether data passes through two or more servers is irrelevant because the VPN operator can see all the network traffic. Thus, a VPN multi-hop is really ostensibly private (i.e. for show) and offers little to no additional anonymity over single tunnel VPN connections.

A multi-hop VPN is a step in the right direction—however, for true anonymity:
1. An Onion VPN is only possible if the servers are independent of the VPN operator.
2. Network traffic is decrypted and peeled through two or more independent servers.

Single tunnel VPNs may be cascaded for additional anonymity—but only if properly configured.

Single tunnel VPN cascades are generally liable to the same architectural problems as multi-hop VPNs. Because the server network is owned and operated by the VPN provider, all connections—whether via SOCKS proxies, SSH tunnel, Squid proxies, et al—are visible to the VPN operator. The only thing cascading accomplishes is create a slow linkable data stream. Indeed, cascading a VPN can only be anonymous if it chains to independent servers outside of a host provider’s network. However, cascading to two or more VPNs can be expensive. In addition, cascading to unknown servers may not be safe or secure, since operators may sniff data traffic. Ideally, a VPN should be cascaded to the Tor or JonDo networks for enhanced anonymity.

JonDonym VPN Onion Routing
For users who prefer or require the anonymity of onion routing with whole Internet encryption, a JonDonym VPN is recommended, as it offers architectural anonymity, whilst encrypting the whole Internet. However, a JonDonym VPN is by default impossible for a network proxy. Third party software—a so called socksifier—is required to tunnel data traffic to the JonDonym network. A JonDonym VPN furnishes total Internet protection—no IP leak is possible.

Conclusion
A properly configured multi-hop VPN would coalesce onion routing with an architectural network of independent private servers, operated by independent operators, in different jurisdictions than the servers. Onion network proxies have a better architectural network, with independent servers, operated by independent operators. However, network proxies are limited—by default they cannot encrypt the whole Internet. Third party software—i.e. a socksifier—can tunnel all data traffic, including plugins, through a network of servers and thereby encrypt all Internet communications.

Because JonDo offers a proxy, doesn't mean you can't use it as a VPN. It requires transparent proxying. Then it's already possible.

Not using VPN, but using a gateway, is what I am working on.
http://anonymous-proxy-servers.net/foru ... 000e07f3b9

The gateway offers essentially all the features you want from the VPN. Of course also VPN would be possible, but I see no need, gateway is more secure.

Also note, that a gateway (or VPN), which anonymizes everything, does not only have advantages. It doesn't only solve problems. It also introduces new problems. See for more info on that...
https://trac.torproject.org/projects/to ... ProxyLeaks
https://trac.torproject.org/projects/to ... orifyHOWTO

I don't think you understood me correctly. JonDonym is a network proxy...but if you configure it correctly, you can tunnel all network connections through the mix servers. This configuration generates what I like to call a "VPN Proxy," an "Onion VPN," or more specifically, a "JonDonym VPN." A JonDonym VPN is architecturally anonymous, as opposed to an OpenVPN which is a VPN based on a "promise not to spy on users."



Yes, I have been following your work.



With a JonDonym VPN, it is possible to configure it in such a way as to use it anyway a user desires. Once configured, it takes seconds to change it according to one's needs.

I always surf the Internet thus...

Indeed, unfortunately, I don't understand.

Can you briefly explain, what changes to the JonDonym network or what changes to JonDo you propose?

Or isn't it just some changes, is it a whole different network design?

I could understand, if you dislike the gateway method, which I explained above. It's not so convenient because it needs virtual machines or spare hardware.

Do you simply propose... Next or in exchange to the https/socks proxy feature... Add a feature "Allow to connect to the JonDonym mixes by VPN"?


So it would suffice if the first hop in the mix chain, allows you to connect using VPN?

I think VPN is misleading here. ***By design a VPN changes on the network level the operating system's routes, which ensures, that all traffic goes through the VPN server.***

VPN is not designed to run VPN over VPN. Does that even work? OpenVPN over OpenVPN (with only one client machine)?

That I wrote inside *** is the sticking point here. I guess, that is the feature, you actually care about?

Of course, that (***) feature is interesting, and JonDo could offer it, but it shouldn't be called VPN anymore.

No changes.



Neither one.



I do not dislike your method at all. Keep up the good work.



No.



No.

Let me clarify.

A JonDonym VPN is not a "true" VPN. A JonDonym VPN does not generate a virtual tunnel over the whole Internet; nor does it encrypt the whole Internet or all Internet communications.

A JonDonym VPN is based on the following idea:

Network proxies cannot encrypt the whole Internet...

Some applications do not allow for configuring network settings...

Some applications allow for configuring network settings but ignore or leak a proxy configuration...

You would need a third party software--a so called socksifier. This software allows you to reroute all applications through a proxy server.

A JonDonym VPN is a properly configured socksifier that tunnels all applications through the JonDonym mix servers so they can be anonymized. However, there are a few minor restrictions.

SOCKS5 has its limits...

And therefore the JonDonym VPN will be limited to SOCKS5 capabilities.

PM if you like.

Thanks for clarifying.

Indeed, that I why I started a project, do do something about it.


That sounds like a reasonable idea.

However, I wouldn't go the socksifier way. A socksifier injects into existing applications and in all socksifiers, leaks have been found.

What you propose could be better done with firewall rules. On Linux probable not so hard. Example: Local Redirection Through Tor. It redirects everything through Tor (or JonDo if modified) and rejects the rest, which can not be forwarded. I don't see why it wouldn't work with JonDo instant of Tor. No idea about Windows firewall rules, perhaps it's also possible.


Which practical limitations? What can not be done over socks5?

True but there is a potential for a leak in all connections; it is all about probabilities and more importantly, proper execution.



SOCKS5 supports UDP but how well is not really known. This may be problematic with certain apps. There may also be potential security issues--principally leaks--with SOCKS5 proxies with certain apps.

SOCKS5 supports IPv6 but how well is not really known.

SOCKS5 has many benefits but there are some limitations.

With a properly configured firewall, there should be no leaks possible. A bug in iptables, which is very unlikely, also could a leak could happen. Dunno about Windows. Only if malware tampers with the firewall, there will be leaks. You get only more security, if you use virtual machines or physical separation.


Ok, I don't know the answers. The right questions are:
1. Is this a theoretical consideration or are there any applications, which you can not use over socks5 at the moment?
2. Is it a weakness in JonDo's socks5 implementation?
3. Or is it a limitation of the socks5 protocol itself?

If the answer to 1) is only theoretical, there is no rush to update.

If the answer to 2) is yes, then JonDo should fix the bugs.

If the answer to 3) and 1) is yes, JonDo could implement a TransPort, just like Tor did. Both are open source, so it shouldn't be too hard to copy that feature.

Depending on the outcome of JonDoBOX (thread I linked above), what you request, will be also possible. Anonymizing middlebox or local redirection do not differ so much. With minor modifications, it could be used without extra virtual machines.

SOCKS5 was designed to provide support for UDP and IPv6, in addition to authentication (username and password).

All this was very much needed.

All Internet sites I have seen promote the notion that SOCKS5 can be used to anonymize Skype.

http://sockslist.net/articles/socks-skype-how-to-use

This may be true but if you tweak the network settings of Skype--Skype totally bypasses JonDonym or Tor. I have been successful in rerouting Skype through the JonDonym mix servers and through Tor but it makes me wonder if there is indeed a leak somewhere, somehow--though I have never seen it.

Tor, a SOCKS5 proxy, cannot handle UDP--why, I do not know. So I'm guessing when you "anonymize" Skype, UDP is not anonymized and therefore, probably causes a leak in the connection.

The same is true with P2P file sharing--a properly configured Tor connection can tunnel BitTorrent through the Tor nodes--but it cannot handle UDP--and BitTorrent has a lot of UDP traffic.

Let us not forget the whole IPv6 problem...

Now I did a test on a website:
http://www.checkmytorrentip.com/)

and it stated that my BitTorrent IP was anonymized and that UDP was not active; therefore, UDP was seemingly never processed.

However, there are reports that suggest that onion proxies cannot handle P2P and that there is a leak.

Whether this is a problem with SOCKS5 exclusively is not probable--whether this is a problem with network proxies exclusively is not probable--it is probably a mixture of both, though more so with the network proxies.

You have to figure something--network onion proxies were never designed for these purposes (Skype, P2P, and less so videos).

JohnHenry made a comment a long time ago that VPNs were never intended to be used for what they are used for today--the same is true with onion proxies and VoIP and P2P.

The whole point of VoIP is private and encrypted communications--not anonymous. Onion proxies, even if they could anonymize VoIp, are really not for this purpose.

One thing is sure--current technology is not where we would like it to be.

Quote myself:
https://trac.torproject.org/projects/to ... kssettings
"Proxy and socks settings are mostly implemented by programmers to improve connectivity, not anonymity.

Many people think developers implemented the applications proxy settings with anonymity in mind. That is a big mistake. They did not. See Bittorrent for example.
https://blog.torproject.org/blog/bittor ... -good-idea
"

They also posted guides how to anonymize bittorrent. And spread wrong information. It's not so hard to enter proxy settings anywhere and to write an article and share it.

Quote: https://blog.torproject.org/blog/bittor ... t-good-ide
"
so the developers of these applications had a choice between "make it work even when the user sets a proxy that can't be used" and "make it mysteriously fail and frustrate the user".
"

The applications are bogus. Not socks!


They don't state it's for being anonymous on that site.


Skype totally ignores any proxy settings. It has been made with absolutely no considerations about anonymity. It aggressively uses any possible connection, no matter which proxy settings.

The only way to be absolutely sure, that there are no leaks, is to prevent, that the application can find out the external IP in the first place. With a transparent proxy (anonymizing middlebox, TorBOX...), the applications can only find out the lan ip. They can't find out the external ip.

Another way to find out, there are no protocol leaks, is review.
- Review the protocol. Read the protocol design. - Pretty hard for Skype, as it's not public and very successfully hidden.
- Read the source code - not available for Skype.
- Read the disassemble then - 1. that's forbidden (by skype, I don't want to go into discussion, if that clause is valid in country xyz). 2. it requires too much skill (barely anyone who has the skill, bothers) and too much time 3. not much sense anyway, as they frequently update the program and then you would have to start over again
- Ask the developers then - 1. they should not be trusted as your only source, also other people should do the review 2. you probably don't even get a helpful answer
Conclusion: stay away from such applications if you care to stay anonymous. (There are even more reasons, I am not going into detail. You don't control the encryption keys. Closed source encryption etc.)

By the way, even thought I recommend against it, I tested Skype with TorBOX. It works quite well.


A Tor network limitation. The Tor network does not support UDP. They have a ticket to fix that, if it were easy, they were done.

Not a limitation of socks5.


Yes, it's leaking. Only way to stop, already answered above.


Same story like Skype. I posted a link above. Bogus applications. Not a socks5 limitation.


It will take a long time until IPv6 is widespread. And when it's the state of art, anonymizing networks will have to adapt. What will take even longer.


I wouldn't rely on that.


Yes, please do not use p2p over Tor. It's for free and they ask you, not to do it. Anyone: please don't be a fool


Yes, as discussed above in this post.


As far as now, not a socks5 problem.


It's a problem with the applications...


They were not designed for anonymizing. Rather filtering, caching... Anonyizing networks would like to support those use cases, but since you have to include several hops and not enough volunteers with fast high bandwidth servers, those applications are not working well.


They are also successfully used a lot for companies. Secure networks over insecure networks. That they do well.

For anonymizing well... Single hop VPNs, Multi hop VPNs... Do only offer very limited annonymity. VPNchains (chaining VPNs from different providers, custom setup yourself) are rarely used.


There are better solutions worth to invest into for p2p or voip. For p2p: i2p, off system, retroshare are good concepts. They do not work well yet, due to lack of user and developer interest. Existing solutions still work well enough. Users are not sufficiently frustrated yet.


Also voip encryption (ZRTP) is rarely used anywhere. Voip is mostly for cheap connections. Skype encryption is mostly used to circumvent firewalls. If Skype cared about security, they'd offer control over your keys.


Anonymizing voip is very difficult. It depends on your thread model. Even if the anonyizing networks could handle the load and were fast enough... Still difficult.

For people behind an onion proxy, who know each other, talking to each other (ZRTP), it could hide the fact, that they are talking with each other, from their ISP, goverment, exit nodes, mitm, etc. That wouldn't be anonymous, because they know each other.

You couldn't anonymously whistleblow over voip. Be a snitch or whatever. They record your voice and voice recognition works well. When you are having a phone call later over a non anonymous connection, they can correlate the two identities. You would have to use a voice scrambler and how good that works is a whole new field for research. You could type and let a artificial voice speak (like in anonymous videos), that could work. But is that the point? You better write a mail then.

It would also not be recommend to voice talk with other anonymous people. (Like you can talk in a forum.) That voice also could be correlated later, putting aside voice scrambler, or artificial voice, which wouldn't make sense.


Who is technology? Due to lack of user interest. Current solutions work well enough for them.