In my country, the internet has been completely shut down nationwide for the past three weeks. Recently, the authorities introduced a “whitelist,” which only allows access to regime-approved websites and shows only the first page of Google search results. None of my VPNs work anymore, no protocol connects at all.
As a last resort, I tried enabling Tor on my flint. which is in Beta mode. After about 45 minutes, it finally connected, and I’m now able to access the internet and post here. The speed is very slow, but it’s better than nothing.
I’m not very familiar with Tor, so I wanted to ask: is it safe to use my real login credentials while connected through Tor? Also, is there anything I can do to improve my connection or stability? i also noticed i can not connect to any vpn anymore after tor is enabled.
Tor connections in countries or regions with strict network controls often have poor connection times and speeds, and I think this is difficult to be improved.
Since Tor functions like a VPN, connecting through an one more additional VPN can make speeds even slower and may hard to establish the VPN tunnel.
I see you’re using Flint2, it released an obfuscated-VPN firmware (beta v4.8.99) that supports AmneziaVPN. In some countries or regions this may allow to connect, but you need a subscription with an Amnezia-compatible provider such as AmneziaVPN or Windscribe. Give that a try!
thanks for the reply Bruce. Could you please explain how can i get this firmware? in simple language. i’m not very techy.
i have no issue with getting another VPN subscription. so far i have Expressvpn, PIA and few others. none do connect. im willing to try Amnezia VPN, only if i know if i need to mess with setting in Luci or is it added by default to latest firmware?
To awnser is tricky, I'm gonna say yes Tor can be unsafe, because most of the donated exit nodes can also be 'evil' ones, meaning they could eventually de-anonmize you, so can a regime do it to.
But they are aswell able to sniff data, tampering with non https traffic.
To get back wether your login credentials are safe, this highly depends on the criteria, if a site is smart enough to invalidate cookie hijacking, is able to use https you should be fine most of the time, I would encourage to always double check the https certificate and avoid AV's root certs taking over, because otherwise the trust of chain is broken.
for apps on mobile phones, the correct way should be that it generates an 'app' password or better names: open password /oauth behind the scenes, these passwords only allow you to use the service but not for changing important credentials often a app only asks the real login criteria once and then uses the different oauth password, even irl when device theft happens this is a really useful one because you are at least one step ahead, most apps should do it but there are always a few which don't do it, its not always clear, my expectation is that this should be the norm, luckily alot of apps i see also come with google sign up, it works with the same principle.
Also if the ip mismatch the app password get revoked, I know that Microsoft does that with outlook.
thanks for the reply xize! so Tor is unsafe. i noticed i can connect to VPN on my laptop or phone, when tor is conencted on my flint. would the VPN derisk the Tor’s side effects? Thanks again for your time
Yup that is correct, they will only see encrypted traffic then, as for the handshake exposure I do know that wireguard is protected against replay attacks, openvpn may need some additional google searches it looks to me there needs to be small replay window configurated so the packets drop.
If anyone is the same situation, i will be happy to help. i can not write it here, in case the regime terrorists will find and block this approach too. just PM me if you need.
