|
|
|
|
|
|
by magicconch
2490 days ago
|
|
|
The OpenVPN configuration uses AES-128-GCM as the cipher, which itself is fine but the website claims it is using AES-256. More concerning is the 'Tor VPN' and bridge being offered. The Tor bridge here is not a proper bridge, instead the SOCKS port is being exposed on a public IP rather than the usual 127.0.0.1. SOCKS is an unencrypted protocol so everything being sent to the bridge is exposed on the wire, and your ISP can trivially see that you are connecting to a VPN over it. This is dangerous and misleading - Tor even warns you that the protocol is not encrypted when you expose the SOCKS port publicly. Real Tor bridges are simply relays not listed in the consensus file. Connections using them are still encrypted using TLS. The website incorrectly claims that by using the VPN over Tor configuration files, you are masking your VPN connection from your ISP. This free VPN is so misleading that I felt the need to make a HN account just to write about it. |
|
|