Don't use a VPN

[ioerror]

In the New Yorker diagram, it is suggested that the journalists will use a VPN - I suggest that you use a Tor hidden service, specifically, a stealth hidden service with authentication. This ensures that all required systems only touch the network with Tor - no need for other third party code and no need for higher privileges (eg: pppd, etc) when that code touches the network.

[Taipo]

Using TOR Hidden Services certainly goes a long way to obscuring the location of the webserver, ensuring encrypted communications between the browser and the webserver, it presents all visitors to the webserver as 127.0.0.1, and there are up to 5 or 6 hops between source and server, and, if the user/source is using the TOR Browser Bundle, then there will be no log files left on the computer they used.

Except for the fact that they had installed Tor in the first place ( if they are not tech savvy enough to use TAILS ).

Imagine a company/adverary has 10 possible suspected authors of a leak. A scan of the source/users logs show that at least one or two of them have accessed the torproject.org website to download the TOR Browser Bundle. This will shortlist them significantly.

It is also still possible to view and interact with hidden service installed Dead Drop without having the TOR Browser Bundle installed. The various Tor2Web proxy sites allow this and this lowers the security of using DeadDrop over TOR due to the insecure configurations of the standard un-secured web browser.

But I guess going back to the subject line, VPN while not as secure as TOR but at least a user would not have to download an application and install it in order to use VPN, however on the flip side of that, because of the MS-CHAP hand shake I would consider VPN quite broken.

[dolanjs]

the journalist now accesses the document server interface via an authenticated tor hidden service.