[OpenWireless Tech] Does using VPN services or Tor increase risk of scrutiny​

[Java Nut]

A lot of interesting comments about VPN, to which I reply below. But no one commented directly to the question of my post on whether using VPN or Tor out of the AP router (or anywhere else) would increase risk of scrutiny of the person using VPN or tor. (e.g. government seeing here's this user encrypting and blocking view of his traffic-is he up to something?)

Here are my comments on the responses….

>How do they know it's you?

>If the router uses WPA2 or equavilent, they can't even see which client it is that is using that VPN
>(unless they use timing attacks!) if they sniff the radio traffic.

I am considering a different situation - the VPN being used from the router sharing wifi to the Internet, so that all traffic of all users is anonymized, except to the extent that said users perform activities where they enter personal info or logins to their favorite sites. The point here, making it so that authorities could not trace any of the guest activity to the host router's internet account, and to protect the subscriber to that internet service from any wrong doing a bad guest could do on the network.

>In terms of know who is doing what, that data is contained/logged at the VPN
>concentrator/server if the spooks wish to know.

This is why this effort requires a commercial VPN that does not keep logs, the same kind of VPN that a pirate would want to use to hide their P2P activity. Or it requires the host router be configured to pass all activity through tor (but that would make for a slow wifi).

>The good thing about open discussions is that they clarify hypotheses as much as
>technical issues. John Gilmore's "nervous Nellie" comments clarified that
>Open Wireless is as much a political statement as a technical problem.
>And the statement is not, "lets make tracking easier for the secret police."

Agreed. That is why I am exploring the anonymity issue, so that police would not track anything down to the person or organization offering the free wifi. We do not want the hosts computers to be confiscated or looked through if some bozo does child porn, piracy, credit card theft/fraud, hacking or anything else bad on the wifi. 

>We should assume that open wireless is just that. People connect freely,
>and send whatever they want. People set the open network because they
>believe in freedom.

Agreed.

>The technical issues are clear: ease of deployment, isolation of guest from
>local resource, and bandwidth management. Let's stay there.

And one more concern should be included in the technical issues. How to achieve sufficient anonymity for the host router owner vis-a-vis the activity of the users. That's what all my VPN talk is about. Again, to keep the police away from router owner if a user misbehaves.

>The "other half" of the VPN idea is to promote a vpn server being already built into
>consumer APs. This is already done in openWRT-type alternate firmware: there's
>no technical hurdle.

>Then most people would use the roaming "VPN-only" access to simply connect
>back to their own home AP and go out on the internet from there using their own
>IP for free. The "first hop" details about the roaming AP will either not be logged
>or logged by the user's equipment only.

I would not want to require users VPN back through their home connection. Under my idea, seers should have to do nothing special, just log into a completely open AP, and that AP route everything through a commercial VPN that keeps no logs. (If no VPN can be trusted when they say they keep no logs, maybe the EFF needs to start one of their own.)

>"Anonymity" is a different and much tougher issue. Most people, most of the
>time, don't need anonymity, they will be content with the same traceability
>level as if they were at home on their own connection.

I am not assuming the users want or care about anonymity, but am interested in providing it in the infrastructure. Any user who avoids entering personally identifiable info during their session would achieve anonymity. But my motive for anonymity here is to protect the AP owner from and bad things a user might do.