Nested VPNs, How many till you're safe?

So quick question here, how would one go about nesting VPN connections, and how many do you think is 'good enough'?

Both Edward Snowden and Jacob Applebaum have both said "If you're using a VPN and think you're safe, you are not." or something to that effect. So what do you think about nesting VPN connections, so you have a tunnel established from your PC to say a server in Dallas, then fire up a second tunnel which passes from your computer to the exit in Dallas and tunnels to say Brussels, etc.

Is this a possibility? And, if so, how many hops do you think it would take before you're connection is pretty much impossible to trace?

I know TOR uses this method of layering encrypted connections but there's always the exit node weakness inherent to TOR plus just googling that shit will put you on a watch list.

So thoughts? Ideas? Opinions?

Nothing is impossible to trace. It's a matter of how much effort someone is willing to put into to trace them. I would say 10+ is a good start but you're never "safe" on the internet.

1 Like

Well of course i'm not using impossible in the strictest absolute sense. I realize that given enough time and manpower even 25 nest VPNs can be tracked back.

I'm just speculating on how many connections would be needed before an agency would actually have to devote man-hours to the problem to gather any information, versus leaving a machine to flail endlessly trying to figure out the origin of the connection.

The only time I think they would invest man-hours is if you have done something truly terrible. Like being a known terrorist or hacking some government agency. I really can't see any agency devoting actual humans to investigate you if you're downloading illegal files or not.

Your asking the wrong question I think.

Good enough.. for what? Whats the goal? What threats are you trying to stop? You need to think about these types of questions because the answers will determine the security you need.

For example, if you need protection from detection sue to browsing habits, VPNs will do nothing for you at all. So the method of security you apply will differ depending on your needs.

Sorry for not being particularly clear on that front. I'm referring to safety in terms of minimizing digital footprint and tracks, essentially obfuscating one's movements around the web that can then be retro-actively used against you if say you like to torrent. Given enough time and expenditure i know that anyone's movements can be tracked, i'm just speculating what is 'Good Enough' to throw automatic data collectors from associating torrents being downloaded to you specifically versus just downloading them straight from your home IP with no mask. A secondary part of my question is whether this is even possible with "consumer" grade VPN services, IE: desktop VPN clients like TunnelBear or PIA.

VPNs will stop tracking from ISPs who are tracking without warrants or being provided letters for torrents. Which seems to be what you want.

Tracking behaviour wont be stopped by VPNs you need to be more sophisticated to reduce tracking, especially targeted tracking. You'd also need to implement a number of methods of going on the web, and probably give up a number of services forever.

The more you try to obscure the bigger target you are, not always true but something to think about.

ISPs and automated monitoring is what i most want to avoid. Comcast does not need to know how many times a day i search the word Guano... for example. I already avoid Google services including search like the plague and only really use them when i'm at work for work related things.

how many? Zero.

Turn your machine off.

Unplug yourself from the network

Shoot all your carrier pigeons

go and hide in the mountains

Now you're safe.

1 Like

Thank you for your thoughtful and constructive response.

You're welcome. I was actually being deadly serious. If someone with the tools and influence really has it out for you, they can find out stuff you didn't even think you'd written down or you thought you'd properly encrypted. Fact of the matter is, none of us really knows what kind of backdoors are in the machines we use on a regular basis. Government-mandated nerfs of the hardware RNG in CPUs, rowhammer-style hardware bugs and characteristics, you name it. Is it getting into uncanny territory of paranoia? hell yeah. Is someone going to come after you if you've pirated The Wizard of Oz? probably not. But if you're the next Snowden, damned right they're gonna come after you regardless of how many proxies and VPNs you shunt your signals through. if that's what you're going for, what I said is what you want to do. If you're just wanting to stop your ISP snooping around your internet habits... well, then there are some things you can do to make it quite a bit more difficult for them, to the point where they'll just leave you alone.

The closest thing we have to complete security now is something based off of Usenet I believe is what it was called.

Basically your entire machine is locked down and encrypted and only approved machines will have communications with it. That's what a lot of terrorist and crime groups use now. The only way someone you don't want in can get in is if they acquire one of the machines or trick an approved person to allow them into the network.

But you don't get an internet per say with that. So just live in paranoia and fear like the rest of us.

If you're just doing basic torrenting maybe some weird gore videos changing your DNS is good enough. Vpn as well if your country blocks on DNS levels.

2 Likes