I assume that all US TLAs have (or could have) access to all data that my ISP logs (or could log). That's just how it is. Given government ~monopoly on force.
And that's why I use VPN services. But the same is true for VPN services, regarding US and/or other TLAs. So I use nested VPN chains, to make it harder to get complete data.
And when it really matters, I add Tor to the mix. Even if it's heavily infiltrated by US TLAs, there's at least the chance that it's also heavily infiltrated by TLAs of US adversaries. So, Dog willing, maybe they cancel each other out, at least somewhat.
I mean routing traffic to Tor entry guards through VPN services. The Tor Project does indeed not recommend that. They argue that using a VPN service is risky, because it can log everything. Where access to entry guards is blocked, they recommend using bridges (of one sort or another) run by Tor volunteers.
I don't agree with that argument. Because ISPs can already do that. And for most people, their ISP is far more likely to be cooperating with their local adversaries than some random VPN service is.
And for what it's worth, one of Tor's inventors (Paul Syverson) has agreed publicly that there are reasons to access Tor through VPNs. Basically, when you don't want your ISP to know that you're using Tor. Indeed, if I were a CIA agent using Tor in Iran, I probably wouldn't want the ISP to know that I was using Tor.
But I don't trust VPN services either. So I use nested VPN chains. That's basically the same approach that Tor itself uses, routing traffic through multiple (three) relays. So no one relay (or for me, VPN service) knows both who I am, and what I'm doing online.
There's also the issue of trusting the Tor network. Some argue that it's compromised by US TLAs. So with a nested VPN chain between me and entry guards, I'm less concerned that some TLA is running them. But even if that's just paranoia, there have been bugs that deanonymized users.
For example, some years ago, CMU researchers exploited the "relay-early" bug to allow malicious entry guards and exit relays to exchange information, and so learn that they were routing the same circuit. That allowed said CMU researchers to deanonymize Tor users. The FBI learned of this, and subpoenaed the data. And lots of people went to jail over it. Mostly drug dealers and child pornographers, but whatever.
However, routing VPN services through Tor is a totally different matter. If you do that, your anonymity depends entirely on how anonymously you've obtained, paid for, and used the VPN service. If you used an email address that's linked to you, you're screwed. If there's a money trail in paying for the VPN service, you're screwed. If you ever use the VPN account without Tor, you're screwed.
And even if you manage all that anonymously, the very fact of using a VPN through Tor decreases your anonymity. That's because Tor by default switches circuits at ten minute intervals. But when a VPN is connected through a Tor circuit, that circuit is pinned. So by using a VPN through Tor, you've blocked one way it increases anonymity.
It seems you take your privacy very seriously. But isn't it futile? I mean, the common layman response to privacy issues is something on the lines of "I'm not a criminal terrorist so what do I care". They have a point, the individual doesn't really bear direct consequences of losing privacy (unless he is a terrorist, criminal etc).
The privacy issue is a social one, only when masses of individuals are spied upon, then nasty stuff may happen.
So while your efforts are serious I'm wondering what is their point.
I don't see any solution for this surveillance society we ended up with other than regulations through our government representatives.
I don't think of myself as a criminal or terrorist. But then my moral code is fundamentally from Aleister Crowley. So I'm well aware of the possibility that others might consider me a criminal or terrorist.
Even if there were laws and regulations that better protected privacy, you couldn't count on that. You can't trust government agencies, because they stretch the limits, and outright lie about what they do.
Perhaps because downloading Tor (or even searching for it / visiting its website) demonstrates an active interest in thwarting surveillance.
Almost by definition, that means you're worth taking a closer look at.
Once you're under the microscope, you'd better hope your opsec is flawless or that your activities are completely boring, or else the $TLA knows exactly what you've been up to, TOR or not.
Disclosure: my activities are completely boring, and I don't use Tor, VPNs, or anything like them.
Self-interest rears its head, though. If you don't have anything to hide, running Tor is extra work you don't gain any benefit from. Arguably you just subsidize those who use the tools for evil.
I have yet to be convinced that full anonymity is actually a societal good.
As a pragmatic defense against corrupt governmental agencies, it is probably useful.
I'm not so sure it's a net gain for society as a whole.
And, in a nutshell, I suppose that's why I've never gone down this road.
There are many legitimate uses of Tor. Like opposition in oppressed regimes. But criminals probably make the most out of it. The thing is, it might be the most convenient tool nowadays for selling drugs, etc, but if you'll remove it, criminals will find other ways to connect. Some will be caught, but most won't. And good people might lose a valueable tool to defend themselves.
Except that you don't need to trust anyone, entirely.
That's the point of nested VPN chains. Let's say that you have three different VPN services in the chain. The first VPN knows your ISP-assigned IP address, and the IP address of the second VPN server. The second VPN knows the IP address of the first VPN server, and the IP address of the third VPN server. The third VPN knows the IP address of the second VPN server, and the IP address of the site that you're accessing.
An adversary would need information from all three VPNs, or from their data centers and/or ISPs.
You're still vulnerable at the operating system and hardware level. It doesn't matter what you do after booting up if you're computer has already successfully been infiltrated from the Hardware/BIOS/OS initialization that always happens before.
I don't use hardware that I've purchased using my meatspace identity. The machines mainly come from yard sales and swap meets. Typically nowhere near where I've lived. And all purchased with cash. So I'm pretty confident that they're not backdoored. I have purchased SSDs from stores, but also for cash.
I'm relatively confident that Debian hasn't been backdoored. Windows perhaps, but I rarely use it, and only in VMs.
I'm not sure that I see the point. I mean, the daemon would need to run somewhere. And it'd need to render stuff. I guess that there'd be less going on, so less that's exploitable.
But no, I haven't done that.
I mainly depend on compartmentalization. This VM runs on a host that contains no information about my meatspace identity. And the machine with that information is on a different LAN.
Edit: But upon reflection, I have done something like that. Sometimes I run remote dedicated servers. Accessed via Tor (via nested VPNs) and paid with well-mixed Bitcoin. With LUKS and dropbear, of course.
If I run VirtualBox, I can basically do the same thing I do locally. I use pfSense VMs as VPN gateways, to create nested VPN chains. And then Whonix instances, which hit Tor through those VPNs. And I access the remote VMs via VRDP via SSH via Tor etc.
My first reaction on reading this is that it sounds expensive and difficult to configure. It also reminds me a little bit of how I understand tor to work - is that accurate at all?
At a superficial level, it's exactly how Tor works. Except that there's a static chain, instead of a constantly churning mix of circuits. Each of which uses a different set of three Tor relays. Also, each socket from each app uses a different circuit. And circuits, by default, only last ten minutes, and are torn down and rebuilt whenever a socket resets.
It is expensive, I suppose. In that you must pay for multiple VPN services. I probably spend a few hundred dollars per year, on average. But that's ~nothing for me.
But it's not that difficult to configure. I use pfSense VMs as VPN routers. And pfSense has a very intuitive WebGUI. To create nested VPN chains, I just successively NAT one VPN router through another. Using VirtualBox internal networks. And pfSense optimizes MTU automatically.
Once it's setup, you just run the VMs, and it works.
In my experience, Tor through VPN services isn't substantially slower than Tor alone. I only know that from experiments using VPS, however, because I've never used Tor (or I2P or Freenet, for that matter) directly.
VPNs through Tor also aren't substantially slower than Tor alone. And indeed, one can use MPTCP to aggregate multiple VPN-via-Tor connections. But only between suitably configured devices, of course.
regardless of "substantially slower" it is indeed slower, I guess it depends on your VPN link, but at the very least your MTU has to be considerably smaller meaning more round trips for "large" objects (anything over 1KiB essentially)
And that's why I use VPN services. But the same is true for VPN services, regarding US and/or other TLAs. So I use nested VPN chains, to make it harder to get complete data.
And when it really matters, I add Tor to the mix. Even if it's heavily infiltrated by US TLAs, there's at least the chance that it's also heavily infiltrated by TLAs of US adversaries. So, Dog willing, maybe they cancel each other out, at least somewhat.