[HN Gopher] Is Tor still safe to use?
___________________________________________________________________
Is Tor still safe to use?
Author : Sami_Lehtinen
Score : 736 points
Date : 2024-09-18 18:41 UTC (1 days ago)
(HTM) web link (blog.torproject.org)
(TXT) w3m dump (blog.torproject.org)
| roetlich wrote:
| For context, here's the NDR report:
| https://www.ndr.de/fernsehen/sendungen/panorama/aktuell/Inve...
|
| And more info here: https://lists.torproject.org/pipermail/tor-
| relays/2024-Septe...
|
| Edit: The NDR alleges a timing attack (no further explanation)
| that allows "to identify so-called 'entry servers'" Very little
| information is actually available on the nature of the attack.
| The NDR claims this method has already lead to an arrest.
| LinuxBender wrote:
| Might one mitigating possibility be to use a VPN that uses
| padded and rate limited packets, so that it is always sending
| and receiving _user_defined_ bit rate and your real traffic
| would be traffic shaped to take priority but not exceed the
| padded streams? _Maybe_ this assumes one is running their own
| tor daemon on a server somewhere and the vpn terminates on that
| node. I assume this could be done with _tc sch_htb_ class
| shaping _or perhaps sch_cake_ and tagging packets with iptables
| mangle rules and two never-ending bi-directional rsync streams
| reading /dev/urandom or big random files.
|
| e.g. Port 873 (native rsync) bulk traffic,
| low priority Port 3128 (squid mitm ssl-bump proxy) high
| priority
| cubefox wrote:
| This should be the article linked at the top.
| cubefox wrote:
| Why is this downvoted?
| trustno2 wrote:
| Also relevant - wikipedia for Boystown, the pedo site in
| question
|
| https://en.wikipedia.org/wiki/Boystown_(website)
| yieldcrv wrote:
| This isn't written in the most confidence inspiring way
|
| But the things that do inspire confidence:
|
| Tor is updated against vulnerabilities pre-emptively, years
| before the vulnerability is known to be leveraged
|
| Tor Project happens to be investigating the attack vector of the
| specific tor client, which is years outdated
|
| They should have just said "we fixed that vulnerability in 2022"
|
| with a separate article about the old software
| immibis wrote:
| The vulnerability is mitigated by shifting the economic
| incentives, not fixed by making it impossible. It can't be
| fixed without a completely different network design, like in
| Mixminion or Katzenpost. Someone suggested I2P, but it's mostly
| fundamentally the same as Tor. It uses unidirectional tunnels,
| which might help.
| birdman3131 wrote:
| To quote the article. " To the best of our knowledge, the
| attacks happened between 2019-2021." and " This protection
| exists in Ricochet-Refresh, a maintained fork of the long-
| retired project Ricochet, since version 3.0.12 released in June
| of 2022."
|
| While it has been fixed for years it was not a case of using
| old software from what I am reading.
| qwery wrote:
| > confidence inspiring
|
| I don't want them to try to sell me something. If they were
| making bold claims as you suggest I would be _more_ concerned.
| yieldcrv wrote:
| The truth isn't confidence inspiring, the truth can be even
| without selling something, its not here.
|
| There is a risk that the network is compromised at any moment
| and cannot be relied upon, except for your own personal risk
| tolerance on the activity you are interested in.
| basedrum wrote:
| Yeah, but the problem is that they cannot say that with 100%
| confidence, because the details were not shared with them (why,
| I have no idea)
| jstanley wrote:
| The best attack against Tor is convincing people not to use it.
|
| If anyone tries to convince you Tor is not safe, ask yourself:
| cui bono?
| dijit wrote:
| Same was true of Truecrypt.
|
| After the core team disbanded there was a full security audit
| which uncovered some very minor issues.
|
| People never really trusted Veracrypt though. Quite interesting
| how that turned out.
| hypeatei wrote:
| > People never really trusted Veracrypt though
|
| Can you expand on this? It was my understanding that
| Veracrypt is the new de-facto standard.
| dijit wrote:
| Bitlocker, LUKS and FileVault are the new standard(s).
|
| Veracrypt is a curiousity, not beloved the way truecrypt
| was.
|
| I'd love to see hard numbers for this, just my outside
| impression.
|
| In fact, when trying to find old forums that I was part of
| during that era, I failed; and found only this:
| https://discuss.privacyguides.net/t/why-people-still-
| believe...
| UberFly wrote:
| This is complete conjecture. Like Truecrypt, Veracrypt is
| open source, has been audited and has been actively
| maintained. Could it use another audit? Sure but so could
| Bitlocker but that isn't happening for even the first
| time any time soon.
| dijit wrote:
| I read this as intended to be some kind of rebuttal
| but... Where did I say it wasn't conjecture?
|
| I was stating facts about the ecosystem. People didn't
| trust it at the time.
|
| I never said there was a definite reason for that
| distrust.
| trompetenaccoun wrote:
| Never heard of any credible reasons to distrust
| Veracrypt. Don't know who these "people" are either, none
| of the comments named anything more concrete than what
| sounds like online rumors.
| fencepost wrote:
| IIRC there were a lot more options by the time of the
| Truecrypt-Veracrypt shift. Truecrypt was around when drive
| encryption was otherwise an expensive enterprise software
| thing, but I think Bitlocker was included with Pro versions
| of Windows by the time of Veracrypt so that probably became
| the easiest free option - and probably with better
| compatibility as well.
| no-dr-onboard wrote:
| this presumes that anyone would trust bitlocker.
|
| https://pulsesecurity.co.nz/articles/TPM-sniffing
| bri3d wrote:
| Being able to sniff a key as it transits a local bus is a
| very different kind of compromise of "trust" than
| believing that something is preemptively backdoored by a
| threat actor. It is deeply mysterious that Microsoft
| don't simply use TPM encrypted sessions to prevent this,
| though.
| dylan604 wrote:
| Isn't this yet another example of if they have your
| physical machine, it's already game over?
| bri3d wrote:
| No? Any modern disk encryption system with a strong
| passphrase (basically, anything but default-BitLocker) is
| very effective against "they have your physical machine
| and it's off" for any known, current adversary. And, the
| basic cryptography in use is common, robust, and proven
| enough that this is probably true even if your tinfoil
| hat is balled quite tightly.
|
| Where modern research effort goes is into protecting
| against "they HAD your physical machine and they gave it
| back to you" or "they got your machine while it was
| on/running" - these are much more difficult problems to
| solve, and are where TEE, TPM, Secure Boot, memory
| encryption, DMA hardening, etc. come into play.
| uncanneyvalley wrote:
| Disagree. If one has physical access to your machine,
| they also have physical access to you. Practically
| everyone is vulnerable to rubber hose cryptanalysis.
| andrewflnr wrote:
| Right, because every stolen laptop automatically comes
| with an abduction of the owner? No, getting "hardware
| access" to a human is much harder (more expensive in the
| best case and riskier in terms of drastic punishment)
| than for a laptop, even more so if you want to go
| undetected.
| dylan604 wrote:
| You're talking much more hypothetical than the actual
| situation that was linked up stream from here. Context is
| crucial
| input_sh wrote:
| How's it free if it's not available in the Home edition of
| Windows?
|
| In fact it's pretty much the only difference between Home
| and Professional editions of Windows these days, so I'd
| price it as the difference between the two (about $60).
| cainxinth wrote:
| The best attack against Tor is creating entrance and exit nodes
| that monitor traffic. That was the biggest risk factor when Tor
| was invented and it still is today.
| theonionrouter wrote:
| How does that work technically, if I am connecting with SSL?
|
| The only thing I see is seeing which IP addresses are using
| Tor, when, and how much traffic exchanged, but mostly it will
| be a bunch of reused residential IPs? If you know who you are
| looking for anyway better to work with their ISP?
|
| With the exit nodes, you know which IP addresses are being
| looked up. You might get an exit node IP when investigating a
| crime say. Raid that person, but can you find anything more?
|
| This isn't an argument, but a question.
| cainxinth wrote:
| They don't use encrypted data. They look at the metadata
| like packet size and timing and perform traffic
| correlation, which defeats Tor's primary purpose: hiding
| the connection between the source and destination of
| traffic.
| no-dr-onboard wrote:
| After the Snowden revelations regarding FOXACID and QUANTUM
| going largely undressed in the tor project, people have every
| right to feel sketched out with using ToR for anything. "We're
| still helping people" just isn't a good enough argument for
| most people.
|
| https://www.schneier.com/blog/archives/2013/10/how_the_nsa_a...
| https://blog.torproject.org/yes-we-know-about-guardian-artic...
| xyst wrote:
| Wonder what has replaced "Xkeyscore" given the wide adoption
| of TLS. I know ISPs, especially national ISPs like AT&T (see:
| titanpointe - 33 thomas st, nyc) would feed data to NSA since
| traffic at the time was mostly via http (rather than https).
| I suppose the unencrypted dns queries are still useful
| (although DNSSEC is supposed to defend against snooping/deep
| packet inspection)
| xenophonf wrote:
| DNSSEC is an authentication mechanism. It does not encrypt
| queries or responses.
|
| You might be thinking of DNS-over-HTTPS (DoH) or DNS-over-
| TLS (DoT).
|
| There's also DNSCurve.
|
| https://en.wikipedia.org/wiki/DNSCurve
| no-dr-onboard wrote:
| DoH and DNSSEC don't use ECH (encrypted client hello)
|
| From what I remember, only DoT uses ECH
|
| https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-
| securit...
| SubzeroCarnage wrote:
| ECH can be used regardless of DoT, DoH, dnscrypt, or
| plain as long as your resolver passes HTTPS queries.
|
| You can easily test this: dig @8.8.8.8 https
| pq.cloudflareresearch.com
| bornfreddy wrote:
| A lot of pages are now behind CF, hosted on AWS,... It
| would surprise me if these providers didn't share their
| data with the 3-letter agencies.
| tonetegeatinst wrote:
| I'd argue any data center of cloudflare is just as
| valuable to fiber tap, just like the undersea fiber
| cables.
| greyface- wrote:
| Lots of juicy Internet protocols are still running in
| cleartext. OCSP, for example, and DNS, as you noted. And
| the IP-level metadata of TLS connections is still enough to
| uniquely identify which entities are communicating with
| each other in many situations. I very much doubt XKeyscore
| has been retired.
| yupyupyups wrote:
| >Wonder what has replaced "Xkeyscore" given the wide
| adoption of TLS.
|
| Cloudflare is a US-based company that does MITM attacks on
| all traffic of the websites that it protects. It's part of
| how their DDoS mitigation works.
|
| Many people still use large US-based mail providers such as
| Outlook or Gmail.
|
| Many large services use AWS, GCP or Azure. Perhaps there
| are ways for the NSA to access customers' virtual storage
| or MITM attack traffic between app backends and the load
| balancer where TLS is not used.
| tonetegeatinst wrote:
| Worse is how most email providers require SMS
| confirmation or a secondary email.
| sophacles wrote:
| It is MITM, but is it an attack? Literally the website
| owner hires Cloudflare explicity to decrypt and filter
| the traffic. Attack implies that it's unwanted behavior,
| yet the reality seems to imply that its wanted behavior
| by the site owner at a minimum, although continued use of
| the site by visitors also suggests that they want that
| behavior (or they'd go elsewhere).
| EasyMark wrote:
| Isn't the attack assuming that NSA/FBI/TLO has full
| access to the MITM connection at will? I mean that
| doesn't seem too far fetched does it give various
| revelations over the years and things like The Patriot
| Act actually passing when it's obviously unconstitutional
| snewman wrote:
| Often the connection between the load balancer and app
| backend also uses TLS. I've operated a large / complex
| service on AWS and all internal communications at each
| level were encrypted.
|
| Of course, in principle, a cloud provider could tap in
| anywhere you're using their services - ELB (load
| balancer), S3, etc. I presume they could even provide
| backdoors into EC2 instances if they were willing to take
| the reputational risk. But even if you assume the NSA or
| whoever is able to tap into internal network links within
| a data center, that alone wouldn't necessarily accomplish
| much (depending on the target).
| itscrush wrote:
| Load Balancing && WAF or CDN enablement usually suggests
| at least a decrypt step or two in the HTTP(s) chain. WAF
| for layer7 payload inspection, or the default wildcard
| cert'ing your Cloudflare site for instance.
|
| There's also significant aggregation of traffic at
| handfuls of service providers amongst service categories,
| all generally HTTP(s) type services too ... Mail, CDN,
| Video, Voice, Chat, Social, etc. Each of these are still
| likely to employ Load Balancing & WAF.
|
| Most WAF/Load Balancing providers have documentation
| about when/where to perform decrypt in your architecture.
|
| How many Cloudflare sites are just using the Cloudflare
| wildcard cert?
|
| From there, plenty of 3 letter agency space to start
| whiteboarding how they might continue to evolve their
| attack chain.
| treebeard901 wrote:
| >> Wonder what has replaced "Xkeyscore" given the wide
| adoption of TLS.
|
| A nationwide invisible firewall, with man in the middle
| decryption and permanent storage of all unencrypted data.
| All run by the major backbones and ISPs.
| yencabulator wrote:
| > man in the middle decryption
|
| How would that work?
| ARandomerDude wrote:
| Start an NSA cutout called Cloudflare. Configure sites to
| use an SSL/TLS connection to Cloudflare, then a separate
| SSL/TLS connection from Cloudflare to your actual
| machine. Then have the marketing team call it "Strict"
| encryption. Make it free so everyone uses it.
| treebeard901 wrote:
| It is also a lot easier since ceetificate pinning has
| fallen out of favor. Many sites use LetsEncrypt. The
| Certificate Authority system itself is not reliable.
|
| In a way it is the perfect solution from a Govt
| perspective. Other countries have systems at this scale
| and larger. China for example.
| yencabulator wrote:
| What makes the CA system reliable is browsers insisting
| on Certificate Transparency before trusting a cert. If an
| attacker creates an evil cert by stealing the ACME
| verification traffic, there's a permanent record of it.
| Big corps can monitor the ledger to see what certs have
| been handed out to their domains.
| zaik wrote:
| DNSSEC does NOT protect against snooping.
| tptacek wrote:
| DNSSEC is a replacement for the commercial WebPKI that is
| run by world governments.
| stavros wrote:
| I'll ask the inverse: if Tor is unsafe, who benefits from
| telling you to use it?
| appendix-rock wrote:
| Especially "the solution to an unsafe Tor is more Tor!" it
| feels like I'm at a charity drive.
| theonionrouter wrote:
| "Unsafe" is not enough data.
|
| Safer or unsafer than ISP or VPN, is the question.
|
| (I presume safe means private here)
| pphysch wrote:
| The groups that primarily fund The Tor Project, i.e. the US
| State and Defense Departments.
| supportengineer wrote:
| Society benefits when people refrain from illegal and immoral
| activities.
| barbazoo wrote:
| Are you implying that Tor is primarily used for illegal or
| "immoral" purposes?
| fsckboy wrote:
| are you implying that Tor is not used for illegal or
| immoral purposes? (I took out the primarily that you threw
| in to make your argument stronger because that made my
| argument stronger, and I took out your scare quotes because
| morality doesn't scare me)
| barbazoo wrote:
| I have no idea who is using Tor other than that I heard
| it can be used by people requiring privacy from
| governments, e.g. whistleblowers. It also seems to have
| broad support from the tech industry so I'd be surprised
| if it was in fact primarily used for illegal or "immoral"
| purposes. That's why I'm asking.
| alt187 wrote:
| What's a scare quote?
| fsckboy wrote:
| did your search button break? lmgtfy
|
| https://www.urbandictionary.com/define.php?term=scare+quo
| tes
|
| this is a helpful answer, downvoting it would be
| extremely bad form
| lukan wrote:
| I would assume very likely yes?
|
| There definitely are legit use cases for it and in an ideal
| world, I think all traffic should go over onion routing by
| default to protect them.
|
| But in reality today besides a handful of idealists (like
| me some years ago), and legitimate users, like protestors
| under oppressive regimes - I would assume the biggest group
| with a concrete interest to hide would be indeed pedophiles
| and other dark net members and therefore use it.
| yupyupyups wrote:
| I'm pretty sure many people use Tor for other things than
| journalism and CP.
|
| Tor is a privacy tool. Much of what we do in our lives is
| on the internet, and privacy is important. Tor helps
| people enjoy privacy in a medium that they are
| increasingly dependant on.
| bmicraft wrote:
| Tor also helps you to increase your average loading time
| of a webpage to 10x. That's a very good deterrent against
| using it if you don't _need_ it for _some reason_
| edm0nd wrote:
| You would assume wrong then. The majority of Tor traffic
| is just normal people, not illegal stuffs.
|
| The regular internet aka clearnet has far more malicious
| activity and traffic.
| lukan wrote:
| Can you link to some data, that proofs this?
|
| I have no data, just assumptions.
| BLKNSLVR wrote:
| Politicians and the powers-that-be benefit from slowly adding
| to the existing pile of what's considered illegal and
| immoral. They build that pile as a levee against threats to
| their power; to maintain the status quo.
|
| Immoral is as subjective as it gets and is therefore an awful
| yardstick.
| jancsika wrote:
| A question before I enter your Manichean universe:
|
| Does Tor Browser Bundle currently ship with Ublock Origin
| installed and on by default?
| duskwuff wrote:
| It would be irresponsible for it to do so. Ad blocker lists
| can inject scripts into web pages which could compromise user
| privacy.
| jancsika wrote:
| In that case we're talking at cross-purposes, so I'll
| reserve judgment.
|
| I'm concerned with what let's call Gorhill's Web-- that is,
| the experience glued together by gorhill's Ublock Origin
| that is viewed by the vast majority of HN commenters on a
| day to day basis.
|
| What you're describing is the Web-based Wasteland that is
| experienced by the vast majority of non-technical users who
| view the web without an ad blocker.
|
| Encouraging Wasteland users to use TBB may well be an
| overall improvement for them. But there are more and more
| popular parts of the web that are practically unusable
| without an ad blocker-- e.g., fake download buttons, myriad
| other ad-based shenanigans, multiple ads squeezed into
| short pieces youtube content that ruins the music, etc. And
| there's an older segment of the population who at I cannot
| in good conscience move away from Gorhill's Web.
|
| If Tor uptake somehow spikes to the point that some
| services can no longer get away with discriminating against
| exit nodes, then great! But in the meantime, I and many
| others have solid reasons for encouraging more and more
| Ublock Origin use among a wide variety of users.
|
| And as you point out, there are _technical_ reasons why the
| ad blocker lists are at odds with TBB design goals. Thus, I
| find the top poster 's "cui bono" comment low effort and
| unhelpful.
|
| Edit: clarification
| umanwizard wrote:
| I don't think it's true that the vast majority of HN
| users use ad blockers. I don't, and I don't find the web
| "practically unusable".
| wood-porch wrote:
| Being the exception to the rule doesn't disprove the rule
| umanwizard wrote:
| Indeed, but I doubt I'm so exceptional. I've seen a lot
| of tech savvy people not using ad blockers.
| bmicraft wrote:
| Well then ship a version that can't inject js and only
| block network requests. Could it be that hard?
| knodi123 wrote:
| > If anyone tries to convince you Tor is not safe, ask
| yourself: cui bono?
|
| It could be for insidious reasons, or because the speaker
| legitimately believes it. "If anyone tries to convince you you
| shouldn't use Rot13 as an encryption scheme, ask yourself- cui
| bono?" Silly example, but the point is, just about *everything*
| could be explained equally by either evil lies or honest
| warnings.
| andai wrote:
| Someone tries to convince you a room totally isn't bugged and
| that you should have private conversations in it. (A room
| designed by the US military, incidentally...)
| orthecreedence wrote:
| > cui bono?
|
| You look for the person who will benefit, and uhh...uhh you
| know, uhh, you know, you'll uhh, uhh. Well, you know what I'm
| trying to say.
|
| - VI Lenin
| rolph wrote:
| https://github.com/blueprint-freespeech/ricochet-refresh
|
| ...We are writing this blog post in response to an investigative
| news story looking into the de-anonymization of an Onion Service
| used by a Tor user using an old version of the long-retired
| application Ricochet by way of a targeted law-enforcement attack.
|
| ...From the limited information The Tor Project has, we believe
| that one user of the long-retired application Ricochet was fully
| de-anonymized through a guard discovery attack. This was
| possible, at the time, because the user was using a version of
| the software that neither had Vanguards-lite, nor the vanguards
| addon, which were introduced to protect users from this type of
| attack. This protection exists in Ricochet-Refresh, a maintained
| fork of the long-retired project Ricochet, since version 3.0.12
| released in June of 2022.
| nickphx wrote:
| not when you consider the level of monitoring at critical
| internet exchange points..
| andirk wrote:
| That's why we need more bittorrent-like decentralized internet,
| like they were making on the show Silicon Valley.
| nixosbestos wrote:
| Is it possible to "break" the protocol in such a way that Hidden
| Services cannot be used without some version of vanguards? It
| almost seems worth doing?
| valianteffort wrote:
| Federal agencies operate enough exit nodes to make Tor use risky
| at best. I have no idea if they have since implemented some
| feature to prevent this but if not I would stay far away from Tor
| if you're planning to do illegal things. There's also the risk of
| trusting service operators to secure any PII you expose on
| marketplaces.
|
| Not that I think the Fed's would blow their cover to hunt down
| people buying drugs but still seems stupid to trust.
| drexlspivey wrote:
| If they run just the exit node they still can't de-anonymize
| you right?
| system33- wrote:
| Depends on the content of your traffic.
|
| If "deanonymize" strictly means perform a timing attack using
| info you have from the beginning and end of the circuit, then
| by definition you're correct.
|
| But if you visit an identifying set of websites and/or ignore
| TLS errors or ... they can still deanonymize you.
| iluvcommunism wrote:
| What role do TLS errors play in de-anonymizing onion
| traffic?
| system33- wrote:
| My comment is strictly about exit nodes which are not
| used as part of connecting to onion services.
|
| Ignoring TLS errors might mean you're ignoring the fact
| your exit relay is MitM attacking you.
| midtake wrote:
| Monitoring exit nodes does not necessarily reveal hidden
| services, though.
|
| Edit: Never does, exit nodes are not part of the circuit,
| thanks to commenter below.
| system33- wrote:
| Monitoring exits is completely irrelevant to onion services,
| in fact.
|
| Completely.
|
| Exits aren't a part of the circuit. Ever.
| system33- wrote:
| "The western governments run most of the exits" is one of those
| things everybody "knows" but rarely backs up.
|
| The list of all relays is public knowledge by design. There's
| contact information attached to relays. The big operators are
| known individuals and organizations. They contribute. Interact.
|
| Which ones are actually the governments doing bad things
| against their citizens? It's hard to tell? Then why do you make
| such claims?
|
| Relays that observably do bad things are removed from the
| network all the time. Are those ones the government? Tor
| seemingly has a reasonable handle on the situation if that's
| the case.
|
| If the fed is doing correlation attacks, why would they run
| relays at all? "Just" tap the IXPs near major hubs of relays.
| Or heck, get data from the taps you already had. Silent and
| more widespread.
|
| Pushing people away from tor potentially makes it even easier
| to deanonymize them, depending on the adversary model assumed.
| Spooky23 wrote:
| Tor was literally developed by the intelligence community.
| I'm sure there are a variety of means to gather actionable
| intelligence from it, with or without the cooperation of the
| exit node volunteers.
|
| Beyond a principled stance re communications, I can't think
| of a reason to use it. If you're planning to resist some
| regime that controls telecom infrastructure, the fact that
| you're using it is both uncommon and notable.
| system33- wrote:
| Tor was literally developed by the Naval Research Lab. Not
| a part of the IC.
|
| I know because I work there. AMA (edit: about tor. Because
| people say a lot about it without actually knowing much.
| But now I should put my phone down so... too late!)
|
| To protect our most sensitive communications and vulnerable
| communities , Tor usage should be normalized so it is
| common and not notable.
| Nathanael_M wrote:
| Unrelated to Tor, what was your favourite project to work
| on that you're allowed to talk about? That must be a
| fascinating job.
| system33- wrote:
| Unfortunately the tor part is the part I can most
| obviously talk about. Not that I work on anything
| classified. I just need to be mindful.
|
| I got to travel to Canada, Mexico, and Europe (from the
| US) for tor meetings and privacy-enhancing technology
| conferences.
|
| More or less every single cell that goes through the tor
| network today is prioritized and scheduled by the cell
| scheduler I wrote.
| amatecha wrote:
| I think if the Tor Project wants to boost their network
| they might try putting anything about how to do so on
| their website, easily-accessible. I'm trying to figure
| out how to run a relay and having a pretty challenging
| time finding anything at all about this. They just really
| want me to download Tor Browser, it seems.
|
| Edit: I finally found it![0] I had to go to Donate,
| Donation FAQ, "Can I donate my time?" , "Learn more about
| joining the Tor community.", and then "Relay Operations"
| -> "Grow the Tor network" at the bottom right. I would
| really hope there's a more direct path than this...
|
| [0] https://community.torproject.org/relay/
| system33- wrote:
| Sorry that it is hard to find. This is the root link to
| point you towards.
|
| https://community.torproject.org/relay/
|
| Thanks for considering to run a relay.
| amatecha wrote:
| No prob - and thanks! Looks like I found it right as you
| were drafting this message. It would be really useful to
| add some call to action about "Help grow the Tor
| network!" anywhere on the home page. Partly just to
| increase the "welcoming-ness" but mostly to reduce
| friction for ppl who want to contribute, and help make it
| clear that the network needs support from whoever :)
| Jach wrote:
| I still think the IC, and especially the state
| department, benefits from having Tor fulfill its actual
| design goals most of the time. There are operations and
| state department goals that can benefit from Tor working
| properly. It's the same with encryption in general -- the
| IC benefits from there being strong and bug-free crypto
| implementations. That they have in the past backdoored
| some of them doesn't change that they've also hardened
| others. I'm sure they come up with and deploy various
| attacks on Tor all the time, same with foreign nations
| (whom the state department would like to thwart). I'm
| skeptical though that they can do working attacks at any
| time and against any set of people.
|
| For your AMA, if you want: How's the job? What keeps you
| working there? How's patriotism these days?
| system33- wrote:
| The job these days is boring but secure. Tor stuff was
| more exciting, then I switched teams because grass-is-
| greener.
|
| At least for the teams I have been on and my view of
| leadership, there is very little political talk.
|
| But patriotism isn't politics... lol. The higher you get
| the more "hoo rah America!" is a part of the motivational
| speech or report or whatever. Down here in the streets
| it's just another job. Pride in the country isn't much of
| a driver. At least for me.
| pushupentry1219 wrote:
| > Tor was literally developed by the intelligence
| community. I'm sure there are a variety of means to gather
| actionable intelligence from it, with or without the
| cooperation of the exit node volunteers.
|
| These two statements make little sense together. It was
| originally developed by the Navy. Okay. So why would they
| design it from the get-go with such a fatal flaw that would
| risk their own adversaries gathering "actionable
| intelligence" from it?
|
| I'd like to stress if we're talking about the Navy's
| involvement, then you're questioning the design of the
| whole thing from the very beginning, not just the current
| implementation.
| llm_trw wrote:
| People saying that the government funds Tor so it's
| insecure is like saying that the government funds the
| army which kills people on purpose, so any government
| hospital will also kill people on purpose
| lcnPylGDnU4H9OF wrote:
| > "The western governments run most of the exits" is one of
| those things everybody "knows" but rarely backs up.
|
| Thanks for pointing this out. Seems obvious in retrospect but
| I don't really recall seeing a lot of evidence for this
| despite seeing the claim quite commonly. That said, the use
| of "rarely" makes me wonder what evidence has been presented
| in such rare instances. Just curious. (Of course it's also
| fine if the phrasing was just communication style.)
| 0xggus wrote:
| Please read the blog post:"It is important to note that Onion
| Services are only accessible from within the Tor network, which
| is why the discussion of exit nodes is irrelevant in this
| case."
| LouisSayers wrote:
| You'd be surprised how much crime goes on in plain sight. There
| are literally people on Instagram making stories of themselves
| showing off their drugs and stacks of money.
|
| Given that a lot of law enforcement doesn't even bother with
| the low hanging crimes, the chance of them prosecuting anyone
| using Tor is extremely low unless you get big enough or go far
| enough to warrant the attention.
| pc86 wrote:
| This brings up a couple questions I've always had about Tor. I
| played around with it a bit maybe a decade ago and it seemed it
| was used for drugs, CSAM, and getting yourself honeypotted
| trying to buy illegal guns or murder-for-hire.
|
| I always assumed if you were doing things where your threat
| model included governments trying to kill you that Tor wouldn't
| be all that useful even if it was secure.
| smileson2 wrote:
| Depends on your risk, if are are trying to avoid censorship and
| political repression in say Iran or china you are probably fine
|
| If you are an enemy of the United States you probably aren't but
| that's a high bar
| Yawrehto wrote:
| Maybe. I think the real distinction is reach. Are you consuming
| content passively, or are you creating content for many people?
| If you're creating content on torture China's doing, they
| absolutely will track you down. If you're in North Korea and
| revealing what life is really like in South Korea, or in Russia
| exposing the realities of the Ukraine war, Tor is probably
| unsafe.
|
| But there is also an element of resources. Even if you're
| sowing distrust in, say, the Comorian government, I don't think
| they have the resources to go after you unless you are truly
| destabilizing and not just annoying.
| smileson2 wrote:
| Yes fair point
| GaggiX wrote:
| It depends, are you dealing with Mossad or not Mossad?
| 0xf00ff00f wrote:
| Hah, I was reminded of that essay while reading about recent
| events.
|
| "If the Mossad wants your data, they're going to use a drone to
| replace your cellphone with a piece of uranium that's shaped
| like a cellphone."
| teddyh wrote:
| You're leaving out one very important class of actors, which I
| will call the NSA: The NSA, and others like them, unlike
| Mossad, are not after you personally, in that they don't want
| to do anything to you. Not immediately. Not now. They simply
| want to get to know you better. They are gathering information.
| All the information. What you do, what you buy, how you vote,
| what you think. And they want to do this to everybody, all the
| time. This might or not bite you in the future. You seems to
| imply that since nothing immediately bad is happening by using
| slightly bad security, then it's OK and we shouldn't worry
| about it, since Mossad is not after us. I think that we should
| have a slightly longer view of what allowing NSA (et al.) to
| know everything about everybody would mean, and who NSA could
| some day give this information to, and what those people could
| do with the information. You have to think a few steps ahead to
| realize the danger.
|
| (This has been a partial repost of a comment written four years
| ago: <https://news.ycombinator.com/item?id=23572778>)
| alasdair_ wrote:
| Here is what I don't understand: Let's say I as a private
| individual fund 1000 tor nodes (guard and exit nodes included)
| and have them all log everything. This could cost less than $5000
| for a month, with some time needed to get guard node status.
|
| I want to find a certain kind of person so I look for people that
| access a specific hidden service or clearnet url.
|
| Surely eventually I'm going to get a hit where all three nodes in
| the circuit are my nodes that are logging everything? It will
| take a long time, and I can't target a specific person, but
| eventually I can find someone who has all three bounces through
| tor nodes I control, no?
| gaba wrote:
| Tor Project has a team that looks at relays and checks if
| relays are engaging in bad practices or any suspicious activity
| like a lot of nodes run by one operator.
|
| https://community.torproject.org/relay/governance/
| alasdair_ wrote:
| Iran probably has enough money that it could pay a thousand
| different isps in a thousand different ways with a thousand
| different os versions and tor versions. This could all be
| automated pretty easily.
| krunck wrote:
| When you think about countries that have the resources to
| "pay a thousand different isps in a thousand different ways
| with a thousand different os versions and tor versions"
| your first thought was Iran?
| alasdair_ wrote:
| My first thought was actually "I could probably do that
| myself given some motivation"
|
| Hiring people on something like fiverr could take care of
| most of the manual part.
|
| My point is that if I could do it, a nation state
| cracking down on dissidents could likely do it too.
| hnisoss wrote:
| how do you protect yourself from botnets? lets say just
| monkrus release was infected and now N-thousand teens are
| running infested windows installations and software tools..
| construct0 wrote:
| Yes, there aren't that many tor nodes. It's not the safe haven
| protocol or transport suite people make it out to be.
| system33- wrote:
| It's then best we've got for achieving actually meaningful
| privacy and anonymity. It has a huge body of research behind
| it that is regularly ignored by those coming up with sexy or
| off-the-cuff alternatives.
|
| It's the most popular so it gets the most attention: from
| academics, criminals, law enforcement, journalists, ...
| beeflet wrote:
| Why not just have greater number of relays by default?
| Internet bandwidth tends to increase over time, and the
| odds of this correlation attack are roughly proportional to
| the attacker's share of relays to the power of the number
| of relays used.
|
| So latency issues permitting, you would expect the default
| number of relays to increase over time to accommodate
| increases in attacker sophistication. I don't think many
| would mind waiting for a page to load for a minute if it
| increased privacy by 100x or 1000x.
| system33- wrote:
| If you're advocating for a bigger network... we need more
| relay operators. Can't wave a magic wand. There's like
| 8000 relays. Haven't looked in a while.
|
| Or if you were arguing for increasing the number of
| relays in a circuit, that doesn't increase security. It's
| like one of the OG tor research papers deciding on 3. Bad
| guy just needs the first and the last. Middle irrelevant.
| beeflet wrote:
| >Or if you were arguing for increasing the number of
| relays in a circuit, that doesn't increase security. It's
| like one of the OG tor research papers deciding on 3. Bad
| guy just needs the first and the last. Middle irrelevant.
|
| Because of timing attacks? There are ways to mitigate
| timing attacks if you are patient (but I think clearnet
| webservers are not very patient and my drop your
| connection)
| system33- wrote:
| Yes timing attacks.
|
| And yeah mitigation gets you into a huge body of research
| that's inconclusive on practical usability. Eg so much
| overhead that it's too slow and 10 people can use a 1000
| relay network and still get just 1 Mbps goodput each.
| Contrived example.
|
| People need to actually be able to use the network, and
| the more people the better for the individual.
|
| There's minor things tor does, but more should somehow be
| done. Somehow...
| meowfly wrote:
| Any idea what consideration keeps the tor team from
| making the client also act as a relay node by default?
| system33- wrote:
| Clients aren't necessarily good relays. Reachability.
| Bandwidth. Uptime. I'll-go-to-prison-if-caught-and-idk-
| how-to-change-settings-this-needs-to-just-work.
| Edman274 wrote:
| > we need more relay operators. Can't wave a magic wand.
| There's like 8000 relays. Haven't looked in a while.
|
| The reason that there are so few relays and exit nodes is
| that everyone that runs an exit node believes, for very
| good reason, that they'll be opening themselves up to
| subpoenas and arrest for operating one. You know who
| never has to worry about getting arrested? Surveillance
| agencies tasked with running exit nodes.
|
| Consider the two classes of relay and exit operators:
|
| 1. People who operate relays and exit nodes long term,
| spending money to do so with no possibility or
| expectation of receiving money in return, and opening
| themselves up to legal liability for doing so, whose only
| tangible benefit comes from the gratification of
| contributing to an anonymous online network
|
| 2. Government agencies who operate relays and exit nodes
| long term, spending government allocated money to operate
| servers, with no material risk to the agencies and whose
| tangible benefit comes from deanonymizing anonymous
| users. Crucially, the agencies are specifically tasked
| with deanonymizing these users.
|
| Now, I guess the question is whether or not you think the
| people in group 1 have more members and more material
| resources than the agencies in group 2. Do you believe
| that there are more people willing to spend money to run
| the risk of having equipment seized and arrest for no
| gain other than philosophical gratification than there
| are government computers running cost and risk free,
| deanonymizing traffic (which is their job to do)?
| yupyupyups wrote:
| >It's then best we've got for achieving actually meaningful
| privacy and anonymity
|
| ...while being practical.
|
| One could argue that there is i2p. But i2p is slow, a
| little bit harder to use, and from what I can remember,
| doesn't allow you to easily browse the clearnet (regular
| websites).
| appendix-rock wrote:
| These sort of "Tor evangelism" comments are so tiring,
| frankly. There are quite a few like it in this thread, in
| response to...not people poo-pooing Tor, or throwing the
| baby out with the bathwater, rather making quite level-
| headed and reasonable claims as to the shortcomings and
| limitations of the network / protocol / service / whatever.
|
| One should be able to make these quite reasonable
| determinations about how easy it'd be to capture and
| identify Tor traffic without a bunch of whataboutism and
| "it's still really good though, ok!" replies which seek to
| unjustifiably minimise valid concerns because one feels the
| need to...go on and bat for the project that they feel some
| association with, or something.
|
| The self-congratulatory cultiness of it _only_ makes me
| quite suspicious of those making these comments, and if
| anything further dissuades me from ever committing any time
| or resources to the project.
| llm_trw wrote:
| The issue is that the people making 'level headed' claims
| have read none of the literature and their mathematical
| ability seems to end at multiplying numbers together.
|
| It sounds reasonable to anyone who hasn't read the
| papers, to anyone that has these comments are so wrong
| that you can't even start explaining what's going wrong
| without a papers worth of explanation that the people
| don't read.
| basedrum wrote:
| it was used by Snowden to leak documents...
| AyyEye wrote:
| Snowden got caught.
| ObsidianBreaks wrote:
| I wholeheartedly agree, the 'dragnet' methodology is already
| documented and well-known and that should factor into your
| security assessments.
| scraptor wrote:
| If your nodes disclose their affiliation that's fine but the
| client will avoid using multiple. If you try to do this in
| secret the tor project will attempt to catch you by looking for
| suspicious nodes that use the same isp and update their tor
| version at the same time and things like that, to questionable
| success.
| pushupentry1219 wrote:
| But an adversary with enough money could just buy servers
| from multiple ISPs, right?
| vkou wrote:
| State-level actors (five eyes) should have no problem with
| avoiding that kind of detection.
| donmcronald wrote:
| > Surely eventually I'm going to get a hit where all three
| nodes in the circuit are my nodes that are logging everything?
|
| If you're looking for static assets, why would you need to see
| the whole chain? Wouldn't a connection to a known website
| (page) have a similar fingerprint even if you wrap it in 3
| layers of encryption? Does Tor coalesce HTTP queries or
| something to avoid having someone fingerprint connections based
| on the number of HTTP requests and the relative latency of each
| request?
|
| I've always assumed that, if a global adversary attack works,
| you'd only need to watch one side if you're looking for
| connections to known static content.
|
| I don't know much beyond the high level idea of how Tor works,
| so I could be totally wrong.
| whimsicalism wrote:
| ? tor reroutes the packets so how would you identify who is
| visiting who? it's not just 'layers of encryption' it is
| layers of redirection
| donmcronald wrote:
| If I visit facebook.com it's about 45 requests and 2.5MB of
| data. Are you saying that if I did that via Tor I would get
| a different circuit for each request or each individual
| packet?
|
| Eventually the guard has to send the whole payload to me,
| right? Wouldn't that look similar every time if there's no
| obfuscation?
| whimsicalism wrote:
| you mean inferring the website based on packet traffic
| pattern if you are the guard? yeah maybe possible, not
| sure how distinct each website footprint would be in
| practice
|
| seems like it would also be challenging to hold up in
| actual legal proceedings
| donmcronald wrote:
| > you mean inferring the website based on packet traffic
| pattern if you are the guard?
|
| Yeah, basically, but I was thinking that if you're
| analyzing a pattern going to the client, all you'd need
| is any point between the guard and the client (ie: an
| ISP).
| alasdair_ wrote:
| If I don't know the whole chain (or I don't use a timing
| attack with a known guard and exit node) then I don't see how
| I'd know who sent the packet in the first place. The person
| in the chain would connect to a random tor guard node, which
| would connect to another random node which would connect to
| my evil exit node. My evil exit node would only know which
| random TOR node the connection came from but that's not
| enough to tell who the original person was.
| donmcronald wrote:
| Say there are only 2 sites on Tor. Site 'A' is plain text
| and has no pages over 1KB. You know this because it's
| public and you can go look at it. Site 'B' hosts memes
| which are mostly .GIFs that are 1MB+. You know this because
| it's also a public site.
|
| If I was browsing one of those sites for an hour and you
| were my guard, do you think you could make a good guess
| which site I'm visiting?
|
| I'm asking why that concept doesn't scale up. Why wouldn't
| it work with machine learning tools that are used to detect
| anomalous patterns in corporate networks if you reverse
| them to detect expected patterns.
| alasdair_ wrote:
| The point is that there aren't only two sites available
| on the clearnet. Is the idea that you find a unique file
| size across every single site on the internet?
|
| My understanding (that may be totally wrong) is that
| there is some padding added to requests so as to not be
| able to correlate exact packet sizes.
| donmcronald wrote:
| > Is the idea that you find a unique file size across
| every single site on the internet?
|
| Not really. I'm thinking more along the lines of a total
| page load. I probably don't understand it well enough,
| but consider something like connecting to facebook.com.
| It takes 46 HTTP requests.
|
| Say (this is made up) 35 of those are async and contain
| 2MB of data total, the 36th is consistently a slow
| blocking request, 37-42 are synchronous requests of 17KB,
| 4KB, 10KB, 23KB, 2KB, 7KB, and 43-46 are async (after 42)
| sending back 100KB total.
|
| If that synchronous block ends up being 6 synchronous TCP
| connections, I feel like that's a pretty distinct pattern
| if there isn't a lot of padding, especially if you can
| combine it with a rule that says it needs to be preceded
| by a burst of about 35 connections that transfer 2MB in
| total and succeeded by a burst of 4 connections that
| transfer 100KB combined.
|
| I've always assumed there's the potential to fingerprint
| connections like that, regardless of whether or not
| they're encrypted. For regular HTTPS traffic, if you
| built a visual of the above for a few different sites,
| you could probably make a good guess which one people are
| visiting just by looking at it.
|
| Dynamic content getting mixed in might be enough
| obfuscation, but for things like hidden services I think
| you'd be better off if everything got coalesced and
| chunked into a uniform size so that all guards and relays
| see is a stream of (ex:) 100KB blocks. Then you could let
| the side building the circuit demand an arbitrary amount
| of padding from each relay.
|
| Again, I probably just don't understand how it works, so
| don't read too much into my reply.
| sigmoid10 wrote:
| >Surely eventually I'm going to get a hit where all three nodes
| in the circuit are my nodes that are logging everything?
|
| The word "eventually" is doing a lot of heavy lifting here.
| Let's say you actually manage to add 1000 servers to the tor
| network somehow without getting detected. The network currently
| sits at just under 8000 nodes. For simplicity, lets also ignore
| that there are different types of nodes and geographical
| considerations and instead just ask what is the probability
| that someone randomly chooses three nodes that you own. The
| answer is less than 0.14%. If that someone decided to use 4
| nodes to be extra-safe, that number goes down to 0.015%. And it
| decreases exponentially for every additional relay he adds.
| Combine this with the fact that tor nodes are actively
| monitored and regularly vetted for malicious behaviour[1], and
| these attacks become increasingly difficult. Could someone like
| the NSA with limitless resources do it? Quite probably, sure.
| But could you or any other random guy do it? Almost certainly
| not.
|
| [1] https://gitlab.torproject.org/tpo/network-
| health/team/-/wiki...
|
| Edit: For all the cynics and doomsayers here, consider this:
| Tor has been around for a long time, but there has never been
| an uptick in arrests that could be correlated to cracking the
| core anonymity service. If you look closely at the actual high
| profile cases where people got busted despite using tor, these
| people always made other mistakes that led authorities to them.
| whimsicalism wrote:
| > Could someone like the NSA with limitless resources do it?
| Sure
|
| Yes, this is obviously the sort of adversary we would be
| discussing.
|
| > , lets also ignore that there are different types of nodes
|
| causing your number to be an underestimate
|
| > The answer is less than 0.14%.
|
| So almost certainly thousands of people
| sigmoid10 wrote:
| >Yes, this is obviously the sort of adversary we would be
| discussing.
|
| OP explicitly asked about himself, not some government
| organisation.
|
| >causing your number to be an underestimate
|
| Not necessarily. It might even be an overestimate if the
| attacker fails to supply enough nodes of the right kind.
|
| >So almost certainly thousands of people
|
| We're talking about a targeted attack. Of course the
| statistics game works better when you don't target specific
| people and just fish randomly. But there are probably more
| cost effective methods as well.
| whimsicalism wrote:
| > We're talking about a targeted attack
|
| From OP: " I can't target a specific person, but
| eventually I can find someone who has all three bounces
| through tor nodes I control, no"
|
| > Not necessarily. It might even be an overestimate if
| the attacker fails to supply enough nodes of the right
| kind.
|
| Assuming they match the existing distribution of nodes,
| they will only have better results.
| sigmoid10 wrote:
| That's assuming a lot given the rest of the statement.
| mzs wrote:
| So if there are greater than only 357 people on topics the GP
| is interested in that's better than 50/50 odds.
| alasdair_ wrote:
| >The answer is less than 0.14%.
|
| Is this per circuit? So if someone switches circuits every X
| hours, the chance of being caught after a year is actually
| quite high?
|
| And even catching 0.14% of pedophiles would probably be worth
| it to the FBI or whatever, nevermind Iran catching dissidents
| or whatever.
|
| My point is that is seems very cheap to do this (I as a
| random staff engineer could do it myself) and catch _some_
| people. A nation state could easily catch a much higher
| percentage if they increased the number of logging nodes
| slowly and carefully and deliberately did things like use
| many isps and update the servers gradually etc.
| whimsicalism wrote:
| The happy equilibrium is that if you have enough adversary
| nation-state intelligence services doing this and not
| sharing information, they'll cancel each other out and
| provide free node hosting.
| qwery wrote:
| You're misusing probability and ignoring critical
| information.
|
| There's 1000 red marbles added to a jar with 8000 blue
| marbles (9000 total). Take three marbles from the jar
| randomly, one at a time. The odds of getting three red
| marbles is ~0.14%. That's all.
|
| Tor nodes are not randomly picked marbles. The Tor network
| is not a jar.
| whimsicalism wrote:
| they're using probability correctly. if you have a
| critique state it clearly
| PeterisP wrote:
| If someone would do the thing-to-be-detected (e.g. accessing
| CSAM) every day, then that 0.14% probability of detection
| turns out to be 40% for a single year (0.9986^365) or 64%
| over two years, so even that would deanonymize the majority
| of such people over time.
| sigmoid10 wrote:
| That assumes you could run thousands of malicious tor nodes
| for several years without being detected. Unless you have
| vast resources and time, this is unlikely.
| mistercheph wrote:
| I can't think of anyone with vast resources and time that
| would want to deanonymize cybercriminals
| sigmoid10 wrote:
| Top commenter specifically asked about himself.
| colechristensen wrote:
| Outside of 3 letter agencies which is obvious, I have
| known people who would do this for fun or whatever other
| personal motivation.
|
| A lot of "hacker" mentality projects involve putting a
| tremendous amount of effort into something with
| questionable utility.
|
| People climb mountains because they're there.
| worldsayshi wrote:
| But it doesn't seem unfeasible for a state actor that
| wants to track their population then?
| ziddoap wrote:
| The comment that spawned this chain starts with:
|
| > _Let 's say I as a private individual_
| worldsayshi wrote:
| Yes that's why I said 'but'. It still seems relevant to
| the discussion and I wasn't aware that such attack was
| possible.
| alasdair_ wrote:
| My point is that it doesn't require "vast resources". A
| VPS is $5 a month. A thousand of them would be in the
| disposable income budget of a single FAANG engineer never
| mind a nation state.
|
| Pay people on Fiverr to set them up for you at different
| ISPs so that all the setup information is different. You
| can use crypto to pay if you want anonimity (this is
| actually the main reason I used to use bitcoin - I'd pay
| ISPs in Iceland to run TOR exit nodes for me without
| linking them to my identity).
|
| This isn't a difficult problem. A single individual with
| a good job could do it.
|
| And sure, each connection only has a very small chance of
| being found, but aggregate it over a year or two and you
| could catch half of the users of a site if they connected
| with a new circuit one time per day.
|
| I honestly can't see why a nation state or two hasn't
| already done this.
| jiveturkey wrote:
| > A VPS is $5 a month.
|
| With insignificant data caps. To get the data needed I
| believe you're looking at a couple hundred a month, to
| start.
| judge2020 wrote:
| Running exit nodes is also likely to result in getting
| booted from most VPS or even bare metal providers, maybe
| unless you BYOIP.
| AstralStorm wrote:
| And if you BYOIP, and run a large node, Tor volunteers
| will try to contact you and verify...
| Spivak wrote:
| But given the attack is just logging the cleartext at the
| ends how are you going to detect that the servers are
| malicious?
| AndyMcConachie wrote:
| What detection? A malicious node is only different from a
| non-malicious node because all the traffic is being
| logged. If that's our definition of a malicious node in
| this case then there is no way to detect one.
| ziddoap wrote:
| > _What detection?_
|
| Not speaking to the effectiveness of the detection (it's
| hard!), but there's information available, for example:
|
| https://blog.torproject.org/malicious-relays-health-tor-
| netw...
|
| https://gitlab.torproject.org/tpo/network-
| health/team/-/wiki...
|
| https://gitlab.torproject.org/tpo/network-
| health/team/-/wiki...
| bawolff wrote:
| That is why in tor it picks a specific guard node and
| sticks with it. To prevent this kind of attack where you
| change nodes until you hit a bad one.
| immibis wrote:
| The attack Germany is thought to have actually used was
| to flood the network with middle nodes and wait until the
| victim connects to their middle node. Then, it knows the
| guard node's IP. Then, it went to an ISP and got logs for
| everyone who connected to that IP.
| posterboy wrote:
| technicly this is the only comment in this chain that is
| relevant to the featured article, but it's technicly so
| incomplete that it's almost wrong, I can tell from having
| read the thread and knowing next to nothing else about
| how TOR works.
|
| They don't have plausible evidence to subpoena the guard
| node if a middle node only sees encrypted traffic. They
| would also need to control the exit nodes which
| communicate with the target's host or they simply control
| the host as a honeypot.
| dumbo-octopus wrote:
| You don't need all the middle nodes. Just the entry and exit,
| and enough data to do packet timing analysis to correlate
| them. It's in fact shockingly easy for a well provisioned
| actor to trace tor traffic, and this is something the TOR
| project openly admits.
|
| They're financed by the US Government after all...
| basedrum wrote:
| Tor does have padding defenses to protect against that.
|
| Also, according to their latest blog post on their
| finances, while it is true they have money from the US
| Government, that was only ~50% of their income (I think
| that was 2023). For the FUD part of that comment, see the
| "U.S. Government Support" section of
| https://blog.torproject.org/transparency-openness-and-
| our-20...
| dumbo-octopus wrote:
| "Only half" is hilarious. Thanks for that.
|
| And if you trust the NSA can't overcome correlation in
| the presence of "padding defenses", then sure: TOR is
| secure.
| 867-5309 wrote:
| I wonder how many tor users actually know this. tor would
| probably not exist in the same capacity without that
| funding
| tru3_power wrote:
| Sounds like https://arxiv.org/abs/1808.07285
| alphan0n wrote:
| Onion sites do not utilize an exit node.
| dumbo-octopus wrote:
| There is a node that delivers your packet to the target
| server, is there not?
| alphan0n wrote:
| If the server is on the Tor network, an onion server,
| then it is encrypted end to end and no traffic or
| identity is exposed to either the onion server or any
| intermediary.
|
| That is to say, if I started an onion server on one side
| of the world, then connected to it from somewhere else,
| my connection to it would be anonymous and encrypted to
| any external entity.
| dumbo-octopus wrote:
| How are you imagining the penultimate node in the chain
| connects to the target server without knowing anything
| about them?
| alphan0n wrote:
| This is well understood public knowledge.
|
| https://community.torproject.org/onion-services/overview/
| dumbo-octopus wrote:
| Hook, line, and sinker.
|
| https://www.sciencedirect.com/science/article/pii/S266729
| 522...
|
| https://www.usenix.org/system/files/raid2019-iacovazzi.pd
| f
|
| https://www.ndss-symposium.org/ndss-paper/flow-
| correlation-a...
| oconnore wrote:
| > Could someone like the NSA with limitless resources do it?
| Quite probably, sure.
|
| If you're not worried about a fairly well-resourced
| government agency uncovering whatever network activity you
| believe needs to be anonymized, why would you be using Tor at
| all?
| echoangle wrote:
| Depends on what you're doing. The NSA isn't going to expose
| themselves by tipping off law enforcement about small time
| drug deals. If you're sharing CSAM or planning terrorist
| attacks, it might be different.
| stackghost wrote:
| >If you're sharing CSAM or planning terrorist attacks, it
| might be different.
|
| They'll just employ parallel construction to avoid
| exposure.
| CapitalistCartr wrote:
| Because you're an enemy of the Iranian, Saudi, North
| Korean, etc. gov't.
|
| Because your ex-spouse wants to murder you.
|
| Because you just escaped Scientology, or another cult.
|
| Because you're a criminal. The NSA doesn't handle that.
|
| Because you're a journalist talking to sources in the
| industry you're investigating.
| adamrezich wrote:
| Those second and third points are pretty laughably
| paranoid-fantasy reasons to use Tor--even if one found
| oneself in either situation.
| throwme0827349 wrote:
| Respectfully, a large number of people rightfully fear
| for their lives, safety, and freedom due to being stalked
| or abused by a current or former partner. I have
| personally known several.
|
| Using victims' devices and communications in order to
| locate, and then harass, trap, or attack them, is
| commonplace for stalkers.
| adamrezich wrote:
| How many of these people are justified (by evidence, not
| merely paranoia) in thinking that Tor would circumvent
| whatever communications interception may or may not have
| been put in place?
|
| And of those people, how many people have ever even heard
| of Tor, let alone know how to use it?
| throwing_away wrote:
| I think you just unintentionally highlighted the need for
| the tor project and outreach to inform people about it.
| adamrezich wrote:
| Not to make too much light of a morbid topic but the idea
| of someone having a murderous yet tech-savvy ex who has
| methodically installed all sorts of elaborate digital
| surveillance measures in their former spouse's personal
| tech stack in service of premeditated homicide, sitting
| in a dark room somewhere, howling in anger upon realizing
| his murder plan has (somehow...?) been thwarted by said
| former spouse unexpectedly using Tor is pretty funny
| (because of how outlandish it is). "I almost got away
| with it too, if it weren't for you kids and that onion
| routing software!"
| yazzku wrote:
| It's like a series of onions!
| throwme0827349 wrote:
| Stop thinking about cloak and dagger shit and start
| thinking about things ordinary people could do if they
| had a psychotic obsession, and nothing better to do with
| 120 hours a week of their time.
|
| Stalkers want to make it impossible to live a normal
| life. They try to make it impossible to go to work or
| school, to use phones, email, messaging services, etc.
| Already knew my contact info, and got new ones by asking
| mutual friends. Called the the landline and cell and work
| phone and hung up or heavy-breathed into the phone
| hundreds of times a day. Telco won't help with this or
| admit who's doing it w/o a subpoena, which I couldn't
| realistically get. They tried to get various online
| accounts, including employer provided, to be
| flooded/brigaded/spamed/banned.
|
| You don't have to be a leet haxor to do social
| engineering, sim swapping, and other crying on the phone
| to customer service type of attacks on other people's
| accounts. You just have to be pissed off and risk
| tolerant.
|
| Not saying tor is a good-fit solution to these problems,
| just saying that "Because your ex-spouse wants to murder
| you", and also you have a day-to-day practical necessity
| to find a secure, hard to block way to communicate on, or
| access, the internet is not actually an exotic problem.
| adamrezich wrote:
| > Not saying tor is a good-fit solution to these problems
|
| I'm glad we agree!
| IggleSniggle wrote:
| You are lucky to have not experienced stalking. It's not
| like some big nefarious plan, it's a relentless obsessed
| hunter who will use whatever the lowest-hanging fruit is
| to get to you. If they have IT savvy they will use that.
| If they are charming they will use that. If they are
| brutal they will use that. They don't need to be
| murderous obviously, just obsessed with you.
|
| Knowing that there's one thing they _can 't_ get to you
| on is huge peace of mind. Not _needing_ to think about
| your stalker, because there 's no way for them to hunt
| you there.
| throwme0827349 wrote:
| What fraction of domestic violence shelter occupants are
| paranoid rather than reasonably fearful? What fraction
| are paranoid, vs. those who are reasonably afraid of
| being spied on in general? Probably some, but I believe
| many have well founded reasons to want to be anonymous
| and in hiding.
|
| I concede that tor is probably not a useful tool in
| general for these people. I meant to point out only that
| one needn't be paranoid to fear one's spouse.
| viraptor wrote:
| If you can use victim's device, then Tor or any network
| level protection will not help you. If you can use their
| network, then just about everything uses https these
| days... and you still need to know their location to
| snoop in the first place. GP raised a good point of Tor
| not helping in those two cases.
|
| Those are situations that people deal with, but
| suggesting they use Tor is not going to help them. (Apart
| from some _very specific_ situations)
| rockskon wrote:
| The second to last point is laughable since it's long
| been authorized in executive order that if the NSA
| stumbles upon information relating to criminal activity
| while searching for other stuff that they can report that
| info to the FBI.
|
| Heck - FBI is allowed to do the same damn thing with the
| data they're given by the NSA. Y'know, the whole
| "backdoor search loophole" which amounts to laundering
| authorities across agencies to get access to data they
| wouldn't otherwise be permitted to have.
| yencabulator wrote:
| tor-browser comes with other privacy-boosting features,
| beyond its method of talking to the network. That might
| make a difference too, if someone is likely to look at
| your browser history etc.
| goodpoint wrote:
| Because your ISP is selling your traffic logs.
|
| Because you want to avoid creepy targeted ads.
|
| Because you live in a country that blocks many legitimate
| websites.
|
| Because you are looking for information about abortion
| and live in countries like Iran or US
| derefr wrote:
| You know what's easier than waiting around to get really
| lucky?
|
| Using those same network-health dashboards as DDoS target
| lists, to temporarily degrade/shut down the whole network
| except for your own nodes.
|
| Also, big nodes route more Tor circuits each. Costs more to
| run them, and they intentionally don't function as exit nodes
| (to avoid the "obvious" attack) -- but just having a bunch of
| these big nodes in the network handling only middle hops,
| biases the _rest_ of the network _away_ from handling middle
| hops, toward handling end hops. Which means that if you then
| run a ton of tiny nodes...
| alasdair_ wrote:
| >Edit: For all the cynics and doomsayers here, consider this:
| Tor has been around for a long time, but there has never been
| an uptick in arrests that could be correlated to cracking the
| core anonymity service. If you look closely at the actual
| high profile cases where people got busted despite using tor,
| these people always made other mistakes that led authorities
| to them.
|
| Yeah, the stated reason is always something else. But this
| just reminds me of "parallel construction" - what if they
| were found in on way and then (to hide the source) the claim
| was that they were found in another way?
| throwaway37821 wrote:
| 75% [0] of all Tor nodes are hosted within 14 Eyes [1]
| countries, so it would actually be quite trivial for the NSA
| to de-anonymize a Tor user.
|
| It baffles me that Tor Browser doesn't provide an easy way to
| blacklist relays in those countries.
|
| [0] Here, you can do the math yourself:
| https://metrics.torproject.org/rs.html#aggregate/all
|
| [1] https://en.wikipedia.org/wiki/Five_Eyes#Fourteen_Eyes
|
| > Edit: For all the cynics and doomsayers here, consider
| this: Tor has been around for a long time, but there has
| never been an uptick in arrests that could be correlated to
| cracking the core anonymity service. If you look closely at
| the actual high profile cases where people got busted despite
| using tor, these people always made other mistakes that led
| authorities to them.
|
| Maybe someone, somewhere, has decided that allowing petty
| criminals to get away with their crimes is worth maintaining
| the illusion that Tor is truly private.
|
| It's also worth noting that it's significantly easier to find
| the mistakes someone has made that could lead to their
| identity _if you already know their identity._
| DabbyDabberson wrote:
| Its important to realize that TOR is primarily funded and
| controlled by the US Navy. The US benefits from the TOR
| being private.
|
| It provides a channel for operatives to exfiltrate data out
| of non-NATO countries very easily.
| try_the_bass wrote:
| > The US benefits from the TOR being private.
|
| Slight correction: The US benefits from TOR being private
| to _everyone but the US_
| wheelerwj wrote:
| I'm glad I didn't have to scroll too far to see your
| comment.
|
| In fact, A major power wins by creating a mote just big
| enough that only they can cross.
| fuzztester wrote:
| everybody does such shenanigans, bro.
|
| you don't have to be a major power to do such stunts.
|
| everybody and their uncle are already doing it. look into
| your life to see the truth of this.
| firen777 wrote:
| > It provides a channel for operatives to exfiltrate data
| out of non-NATO countries very easily.
|
| I'm not convinced this is the case. For example China's
| gfw has been very effective at blocking TOR traffic, and
| any TOR connection in other countries is like announcing
| to the government that you are suspicious.
| literallycancer wrote:
| How do they see TOR traffic in a TLS tunnel?
| GuB-42 wrote:
| If you can find TOR nodes, so can the Chinese government.
| They can then just block these addresses.
|
| Furthermore, the great firewall is quite advanced, they
| use machine learning techniques to detect patterns, so
| even if it is TLS on port 443, they may be able to detect
| it after they have gathered enough traffic. There are
| workarounds of course, but it is not as simple as just
| using a TLS tunnel.
| snowwrestler wrote:
| It's a little silly to say "for example" and then
| intentionally pick what is widely known as the most
| sophisticated and pervasive system for controlling
| Internet traffic ever created.
|
| The parent said "non-NATO countries"... there are 162 of
| those that are not China.
|
| (It's also a little silly to specify "non-NATO" since
| U.S. intelligence services have to exfiltrate data from
| NATO countries too...)
|
| To get data out of China, the U.S. undoubtedly has
| special systems, which are worth the special investment
| because it's China.
| rvba wrote:
| If weight it by population and importance then China is
| probably in the top though.
|
| I bet western spies spend more time on China than some
| micro island in the middle of the ocean. Same for Chinese
| spies probably focus on USA first.
|
| Also realistically probably everyone spies everyone and
| they spy on those micro islands too. But priorities are
| clear...
| HDThoreaun wrote:
| I dont see how TOR is better than just spinning up a
| server on the public cloud for each asset. Since each
| asset would have a different IP they couldnt use one
| assets knowledge to catch the others. Non-NATO countries
| tend to monitor internet traffic and so would know if you
| access TOR.
| DrillShopper wrote:
| Servers in the public cloud are a lot easier to do
| traffic analysis on.
| godelski wrote:
| > the US Navy
|
| Tor was made for spies. But you know what's really bad
| for spies? If accessing a certain IP/protocol/behavior
| reliably reveal your spy status.
|
| For Tor to be effective for hiding spies it has to be
| used by the public. Even if it's only nefarious actors
| (say spies + drug dealers + terrorists) it adds noise
| that the adversary needs to sort through.
|
| What I fucking hate about many of these conspiracies is
| how silly it is once you ever work with or for any
| government entities. You can't get two police agencies in
| neighboring cities to communicate with one another. The
| bureaucrats are fucking slow as shit and egotistical as
| fuck.
|
| It's important to remember that the government and even a
| single agency (like the NSA) is just as chaotic,
| disconnected, and full of competing entities as any big
| tech company has (if not worse). Yeah, most of the NSA is
| focused offense, but there's groups working on defense.
| Those groups are 100% at odds. This is true for the 18
| intelligence agencies. They have different objectives and
| many times they are at odds with one another and you bet
| each one wants to be getting credit for anything.
|
| The US involvement should warrant suspicion and with any
| technology like Tor you should always be paranoid. But
| it's not proof. Because guess what, the US wants people
| in other countries to use high levels of encryption to
| hide from their authoritarian governments while the US
| can promote democracy movements and help put a friendly
| leader into a position of power. AT THE SAME TIME they
| also want to spy on their own people (and there are
| plenty of people in the gov that don't want this).
| Inconsistency is the default because it's a bunch of
| different people with different objectives. So the US gov
| both wants Tor to be secure and broken at the same time.
| autoexec wrote:
| > It's important to remember that the government and even
| a single agency (like the NSA) is just as chaotic,
| disconnected, and full of competing entities as any big
| tech company has (if not worse).
|
| And yet even as early as 2003 they were taking a copy of
| every single bit that ran over the AT&T backbone
| (https://en.wikipedia.org/wiki/Room_641A). It's amazing
| how effective these "chaotic, disconnected, and full of
| competing entities" can be. We're entirely dependent on
| whistleblowers willing to risk their lives and freedom to
| learn about what they're doing to us.
| godelski wrote:
| Yes, they can be very effective. There's no denying that.
| The proof is in the pudding as they say, since we have
| governments and businesses. But that's tangential to the
| point I was making.
| majorchord wrote:
| You know what else was funded by the US government?
| Computers, the Internet and GPS. Also Signal (via OTF
| funded by Congress).
| ClumsyPilot wrote:
| > petty criminals to get away with their crimes
|
| Like human rights activists, journalists and dissidents in
| totalitarian countries.
| alphan0n wrote:
| This entirely ignores the fact that traffic to and from
| onion sites never leaves the Tor network, never utilizes an
| exit node. It doesn't matter if a bad actor has control of
| every exit node if your communications are within the
| network unless the underlying encryption protocols have
| been compromised.
| dunghill wrote:
| But not all traffic goes to onion sites.
| amy-petrik-214 wrote:
| TOR as it exists now is a honeypot simple as. Same as that
| documentary called "Benedict Cumberbniamnatch's Great Work"
| where they cracked the radio signals of the Frenchmen but
| they had to let the submarine sink so that they knew that
| the other guy doesn't know that they knew. NSA uses ROT
| which is TOR-inspired but takes the techniques and
| incognito aspects 7 or 8 steps ahead.
| Imustaskforhelp wrote:
| What? Tor is a honeypot? I don't think so. What do you
| instead expect me to use instead of tor?
| hkt wrote:
| I2P, possibly
| widforss wrote:
| You do know Hitler was the German Reichskanzler, not
| French?
| hnbad wrote:
| I'm assuming the "documentary" was the movie _The
| Imitation Game_ staring Benedict Cumberbatch. If that 's
| an intentional mistake, I'd guess by "French" they meant
| Austrian (as Hitler was born in Austria).
| keepamovin wrote:
| The original purpose of TOR was to provide agents and
| handlers with a means of secure communication, allowing
| them to organize subversive or espionage activities. It was
| created by the Department of Defense to propagate their
| interests and spread democracy around the world using these
| secure capabilities. Given this context, it's not
| unreasonable to assume that TOR is still being used in a
| similar manner today.
|
| Because of its origins, access to the identities of users
| on the TOR network--even if they could be de-anonymized--
| would likely be extremely restricted, compartmentalized,
| and classified. This would make it much more difficult for
| such information to be used in law enforcement proceedings.
| Perhaps that, rather than a technical limitation, is the
| reason most high-profile arrests related to TOR involve
| criminals making some other mistake, rather than the
| security of the network itself being compromised.
|
| Additionally, it's interesting to speculate that some of
| the secure private defense and intelligence networks--
| parallel or classified world internets--could themselves be
| implemented as possibly enhanced forms of TOR. It would
| make sense that nation-states, through shell companies and
| other disguises, might run and control many seemingly
| innocuous machines acting as secure relays in these
| parallel networks. While I have no data to back this up, it
| seems logical, given that TOR was originally created by the
| DoD and then open-sourced.
|
| Why wouldn't they keep something that works, build on it,
| and enhance it as a means to secure their own global
| communications?
| headsupernova wrote:
| Ah yes, 'spread democracy around the world'
| keepamovin wrote:
| I appreciate your appreciation of that statement. Thank
| you. :)
| Xelbair wrote:
| >spread democracy
|
| i have to say that i love that phrase, it is peak
| propaganda that just works.
| keepamovin wrote:
| Yes, I boldly inserted that deliberately aware of its
| potential provocative effect. So I am truly glad you
| derive some enjoyment from it. I did too! Comrades in
| arms? Or at least in Internet nodding hahaha! :)
| Aerbil313 wrote:
| Indeed old timer commies of HN might get irritated by
| that phrase, but in this corner of the world we love
| Democracy. This summer would pretty dry in my region
| because of global warming, but thanks to Democracy we had
| plenty of precipitation in the form of MK-84s. I wonder
| which neighboring country is going to get her share next
| year, it's a gift that never stopped giving since some 20
| years.
|
| https://en.wikipedia.org/wiki/War_on_terror
| DrillShopper wrote:
| After talking to my Democracy Officer I have to say I
| love managed democracy!
| keepamovin wrote:
| Un, Thank you I guess? Seems we are... Winning?
| jrochkind1 wrote:
| > The original purpose of TOR was to provide agents and
| handlers with a means of secure communication, allowing
| them to organize subversive or espionage activities. It
| was created by the Department of Defense to propagate
| their interests and spread democracy around the world
| using these secure capabilities.
|
| Do you think the EFF was in on it, duped, or just thought
| multiple competing interests could be served?
| keepamovin wrote:
| Well, I could be wrong historically here, but I think you
| need to recall a previous age where the interests of the
| state department pushing noble American values into
| disintegrating but strategically valuable locales might
| actually have been something that the EFF felt highly
| aligned with and wanted to support through its electronic
| and advocacy Capacities. For instance, why would they not
| support Internet and communicative freedom under a
| repressive regime?
|
| I haven't looked closely and I wasn't there at the time
| so it makes it hard to say for sure but let's speculate.
| I think the people involved in EFF are most likely
| slightly cynical, savvypolitical maneuverers themselve
| who, like you said realize the utility of multiple not
| necessarily overlapping objectives, where all involved
| parties could derive some benefits.
|
| Certainly not an implausible situation that you lay out
| autoexec wrote:
| > Perhaps that, rather than a technical limitation, is
| the reason most high-profile arrests related to TOR
| involve criminals making some other mistake, rather than
| the security of the network itself being compromised.
|
| I have no doubt that the government doesn't want to
| demonstrate how weak Tor is to the public, but it's also
| got to be dead simple to find those kinds of "other
| mistakes" they can use when they've identified the person
| they're looking for and can monitor whatever they do.
| keepamovin wrote:
| What you're claiming is not necessarily correct, but it's
| an avenue of interesting speculation. Nevertheless, let's
| clarify a few of your possible misunderstandings or
| points of confusion:
|
| I'm not saying TOR is weak, nor that the reason for its
| concealment is to project a false sense of government
| strength.
|
| What I am saying--and what you seem to have misunderstood
| --is that the TOR network is most likely used, precisely
| because of its strength, for highly sensitive clandestine
| operations. This results in blanket classification of all
| involved identities, making them inaccessible to law
| enforcement. Law enforcement likely understands this,
| which is why they don't pursue it--knowing it's a dead
| end. Instead, they rely on side-channel effects or
| mistakes made by criminals.
|
| To my mind, this explains the public information we see.
|
| Now that I've clarified, what do you think?
| sangnoir wrote:
| > What I am saying--and what you seem to have
| misunderstood--is that the TOR network is most likely
| used, precisely because of its strength, for highly
| sensitive clandestine operations.
|
| Tor seems to be a poster child of the "Nobody But Us"[1]
| principle the NSA likes so much: it's strong when used by
| American spooks, but weak when used _against_ them. If a
| country developed body armor that 's impervious to all
| rounds _except their own special alloy rounds,_ their use
| and promotion of that armor is not evidence of its utter
| robustness.
|
| I don't doubt a lot of darknet busts involve a lot of
| parallel construction - the intelligence community
| doesn't have to give detailed logs; summaries are enough
| (IP addresses, dates and times). This is before
| considering that the FBI is involved in both (counter)
| intelligence and law environment.
|
| 1. https://en.wikipedia.org/wiki/NOBUS
| majorchord wrote:
| > Maybe someone, somewhere, has decided that allowing petty
| criminals to get away with their crimes is worth
| maintaining the illusion that Tor is truly private.
|
| This is what I believe. If they do have a way to track
| people, it wouldn't be worth blowing their cover for small
| stuff that wasn't a ridiculously huge national security
| threat that they could afford to throw away 20+ years of
| work for.
|
| In fact there have been court cases that were thrown out
| because the government refused to reveal how their
| information was obtained... I think that usually means
| they're hiding it on purpose for a bigger cause. I also
| wouldn't be surprised if multiple SSL CAs are secretly
| compromised for the same reason.
| halfcat wrote:
| > _there has never been an uptick in arrests_
|
| If it was effective, would there have been a down tick in
| arrests at some point?
|
| Or if the arrest rate stayed the same, would that suggest it
| never "worked" to begin with?
|
| It's like the movie trope of the detective who finds out the
| truth via some questionable means which isn't admissible in
| court. When you know the truth you can push harder and call
| every bluff until you get admissible evidence.
| AstralStorm wrote:
| Or you can use more... underhanded means that never result
| in an arrest.
| panarky wrote:
| _> what is the probability that someone randomly chooses
| three nodes that you own. The answer is less than 0.14%._
|
| You calculated the probability that _a specific person_
| randomly chooses three nodes of the 1,000.
|
| But that's not the scenario you're responding to.
|
| _> > I can't target a specific person, but eventually I can
| find someone who has all three bounces through tor nodes I
| control_
|
| Tor estimates that 2.5 million people use the network per
| day.
|
| Let's assume that in a month, 10 million people use it.
|
| Let's also assume that 80% of monthly users are not
| committing crimes, while the 20% who are criminals make an
| average of four Tor connections per month.
|
| With those assumptions we could expect a malicious operator
| who controls 1,000 nodes could capture the sessions of 10,940
| criminals in a given month.
|
| Spending less than fifty cents per suspect is less than
| trivial.
| ClumsyPilot wrote:
| > could capture the sessions of 10,940 criminals in a given
| month
|
| Let's say to do that, and now you have found 10k people
| accessing pirate bay in countries where it is blocked.
|
| Also you captured someone who lives in Siberia and watches
| illegal porn, now what?
|
| Many of these will not be actionable, like not criminals
| you would have interest in.
| panarky wrote:
| An autocratic regime of a large nation locks up its
| critics and other undesirables in camps.
|
| 100,000 activists who haven't been caught yet switch to
| Tor for anonymity.
|
| For $60,000, the regime monitors Tor for a year,
| identifies 6,500 activists, and marches them off to the
| camps.
|
| And by discrediting Tor the regime pushes the other
| 93,500 activists even farther underground, constraining
| their ability to recruit, limiting their ability to
| coordinate with each other, and reducing what they can
| publish about what's happening to their country.
| hkt wrote:
| > reducing what they can publish about what's happening
| to their country.
|
| To what audience? It isn't quite what you're getting at
| in your post but this is worth saying: graffiti, zines,
| contact with journalists, radio operations like pirate
| radio, all of it is much more established and less
| uncertain in risk profile than being online. Crucially it
| may also be more effective.
| Eisenstein wrote:
| > could capture the sessions of 10,940 criminals
|
| What does that mean? The way I understand it you would be
| getting traffic correlations -- which means an IP that
| requested traffic from another IP and got that traffic back
| in a certain time period. What does that tell you, exactly,
| about the criminal? If you aren't looking for a specific
| person, how would you even know they are doing crimes?
| panarky wrote:
| Activists fighting an autocratic regime use a large
| social media site to recruit, coordinate and publish so
| they can reach the broadest number of people possible.
|
| The billionaire owner of the site supports the strongman
| leader and provides IP addresses for those who post
| wrongthink on his platform.
|
| Now the regime can link social media activity of
| anonymous activists to their real IP addresses, devices
| and locations.
| itake wrote:
| 1/ if a user sends 10,000 requests, you're saying 14 of them
| might see 3 compromised nodes?
|
| 2/ Police can use parallel construction. Although, given
| enough time (in theory) parallel construction is eventually
| exposed.
| avidiax wrote:
| > given enough time (in theory) parallel construction is
| eventually exposed.
|
| Parallel construction has existed for decades. It's even in
| "The Wire". It has never been tested in court, probably
| because it is nearly impossible to discover outside of
| being the agents that implement it.
| fragmede wrote:
| it's not been tested in court, but it's not some crazy
| Internet theory. https://arstechnica.com/tech-
| policy/2013/08/us-drug-agency-g...
| itake wrote:
| The police used self-powered GPS devices[1] to track
| criminals. These devices are used in various situations,
| such as when someone violates parole. The police don't
| need to report the violation immediately. Instead, they
| wait for the person to re-enter their jurisdiction, then
| catch and arrest them.
|
| Parallel construction wasn't tested, but the means of
| them catching criminals this way was tested in court.
|
| [0] - https://www.gps.gov/news/2012/01/supremecourt/
|
| [1] - if the device got power from the vehicle, it would
| be considered "break and entering" and thus would require
| a warrant.
| yencabulator wrote:
| 1/ tor-browser by default sticks to the same circuit for
| one origin for the session, so that'd have to be 10,000
| separate sites or 10,000 separate sessions.
| verbify wrote:
| > Edit: For all the cynics and doomsayers here, consider
| this: Tor has been around for a long time, but there has
| never been an uptick in arrests that could be correlated to
| cracking the core anonymity service. If you look closely at
| the actual high profile cases where people got busted despite
| using tor, these people always made other mistakes that led
| authorities to them.
|
| During WW2, the British cracked the German codes. They would
| create pretexts for "discovering" where German ships would
| be, so that the Germans wouldn't suspect that they cracked
| their codes.
|
| It's impossible for us to know if the US government have
| cracked Tor, because the world would look identical to us
| whether they had or hadn't. If the only evidence they have is
| via Tor, and the individual is a small fry, they will prefer
| they get away with it rather than let people know that Tor
| has been cracked.
|
| I just assume the NSA are spending their budgets on
| something, although maybe it is stuff like side channel
| attacks.
| avidiax wrote:
| These pretexts for "discovering" are a "bedrock principle"
| in law enforcement called parallel construction.
|
| The NSA sharing data with the DEA becomes a "routine
| traffic stop" that finds the drugs. The court would not
| allow the NSA evidence or anything found as a result, but
| through parallel construction, the officer lies in court
| that it was a "routine stop", and judicial review never
| occurs.
| chiefalchemist wrote:
| > these people always made other mistakes that led
| authorities to them.
|
| Says who? The intelligent community entity that busted
| them? If they're using a tool to discover X or Y they're
| not to let anyone know that.
|
| For example, I live in the NYC area. A couple of times per
| year there's a drug bust on the New Jersey Turnpike of a
| car headed to NYC. The story is always a "random" police
| stop ends up in a drug bust.
|
| Random? My arse. Of the thousands of cars on the NJTP the
| cops just happened to pick the one loaded with drugs? A
| couple times a year? I don't buy it. But what are they
| going to say? They have someone on the inside that tipped
| them off? That's not going to happen.
|
| The intelligence community doesn't deal in truth and facts.
| It deals in misinformation and that the ends justify the
| means. What they're doing and what they say they're doing
| are unlikely the same.
| habinero wrote:
| You're ironically vastly overestimating the cops. It's
| not that they have good intel, it's that it's copaganda.
|
| They'll just make something up for publicity if they
| don't get something useful.
| chiefalchemist wrote:
| Evidently, you don't know what the NJ Turnpike is like in
| terms of volume of traffic.
| Eduard wrote:
| > If you look closely at the actual high profile cases where
| people got busted despite using tor, these people always made
| other mistakes that led authorities to them.
|
| Assuming tor always was or became broken and is exploitable
| by law enforcement, authorities would try to maintain a false
| believe of tor's integrity so as to crack high profile cases
| for as long as possible.
|
| Within this scenario, it is plausible to assume that
| authorities can decipher and discover information that can be
| used as the official pretextual charge / minor reason ("they
| made the mistake to use their public email address on the
| dark net forum") in order to not spill the beans on the
| actual means (here, tor being broken).
| moss2 wrote:
| I think the FBI/CIA/NSA could afford 8000 nodes if they
| wanted to.
| jrochkind1 wrote:
| What you say is reasonable and I agree and hold that
| position.
|
| > Tor has been around for a long time, but there has never
| been an uptick in arrests that could be correlated to
| cracking the core anonymity service.
|
| If I were an intelligence agency that had "cracked" tor --
| I'd probably make sure nobody would notice I had access, so I
| could keep eavesdropping. Not do anything that could expose
| my access.
|
| It certainly could be happening. Nothing is 100%. Nothing.
| Just a fact. Tor is probably pretty good at what it does.
|
| (and keep in mind, for what we're talking about in this kind
| of attack, all I get access to is network contacts, not the
| actual messages, right?)
| jeffbee wrote:
| This attack is quite practical. In 2007 I controlled a huge
| chunk of Tor traffic from 2 racks of cheap servers in a
| basement on Folsom Street in SF. It was easy to arrange and
| nobody noticed. Yeah those were early days for Tor but I don't
| think scale changes anything. If you're using Tor because you
| think it is private, you have fooled yourself.
| londons_explore wrote:
| You only need to control the entry and exit node - since you
| know the next and previous hop for all traffic you touch, and
| default chains are 3 long. With circuits changing every 10
| mins, within a few days you would have deanonymized at least
| some percentage of traffic for nearly every user.
|
| I'd call tor broken against any adversary with a little
| technical skill and willingness to spend $5000.
|
| I'm 80% sure Tor is designed as a US supported project to focus
| those needing anonymity into a service only governments with
| global security apparatus (who can grab a good chunk of
| internet traffic) can access.
| k__ wrote:
| How do you control an exit node?
|
| I had the impression, with onion services they are a thing of
| the past.
| londons_explore wrote:
| https://blog.torproject.org/tips-running-exit-node/
| k__ wrote:
| Ah, there are people who use Tor to access non-onion
| services. Got it.
|
| Seemed like onion services were created to solve the
| security issues that exit nodes bring, so I assumed
| people stopped using them and started running onion
| services instead.
| AstralStorm wrote:
| For the more scummier or illegal elements on the network,
| that is true. For onion services, lasering attacks and
| takeovers plus honeypot are the chief danger.
| bdw5204 wrote:
| I imagine most exit nodes are likely controlled by the US
| government and/or its close allies. Who else wants to have
| their IP address banned from most of the internet and
| potentially get visits from their country's equivalent of the
| FBI?
|
| If most Tor users ran exit nodes and most people used Tor, it
| would effectively make internet traffic anonymous. But
| without those network effects, it is vulnerable by design to
| deanonymization attacks by state actors.
| basedrum wrote:
| I run an exit node, and I know several people who do, I
| dont suspect any of them to be anything but people who care
| about privacy, surveillance, and helping people get access
| to the free internet from restrictive locations. I admit, I
| bristled at your comment, because I do not like myself, the
| EFF, and many of my close friends being imagined as part of
| the US Government.
| londons_explore wrote:
| I ran an exit node for a while, and found myself auto-
| banned from so many services that I stopped running the
| node and threw away my IP range (which now would be worth
| $$$ - oh well!)
| iancarroll wrote:
| I ran Tor nodes, had a bunch of blacklisted IPs, and just
| stopped running them and it was fine? Blacklisting Tor
| nodes requires updating the data often, so it falls off
| pretty quickly. To discard an entire /24 would be pretty
| funny over that!
| noirscape wrote:
| Most people just use a DNSBL to block Tor exit nodes.
| They're pretty trivial to find online and presumably,
| very easy to set up because the list of Tor exit nodes is
| publicly available.
|
| This also means the expiry time is usually tied to
| however long a Tor exit node stays on the DNSBL + 3 or so
| days (depends on how long the software is configured, but
| 3 days is typically the assumed default for IPs that tend
| to get mixed up with automated spam, of which Tor is also
| a massive purveyor.)
| immibis wrote:
| It's recommended to put an exit node on its own dedicated
| IP address.
| UniverseHacker wrote:
| The skilled labor to set that all up, especially in a way that
| TOR won't notice and shut you down will be worth much much more
| than $5k.
|
| People that have such a sophisticated and resourced team
| actively hunting them down, likely know about it, and are using
| many additional layers of security on top of TOR. Even just for
| personal use out of curiosity to "see what the darkweb is," I
| used 1-2 additional methods on top of TOR.
| lcnPylGDnU4H9OF wrote:
| > used 1-2 additional methods on top of TOR
|
| Curious: what did you do and what were you hoping to
| mitigate?
| UniverseHacker wrote:
| Just playing around, not mitigating anything. I think it
| would be poor practice to share my ideas/techniques- think
| of your own! Contrary to popular philosophy- obscurity is a
| powerful security method. People still rob houses with
| expensive locks... nobody robs secret underground bunkers.
| jiveturkey wrote:
| It'd be ten times that cost, easily. You have to buy data
| volume.
|
| Also since you aren't targetting specific people, rather
| specific interests, it'd be easier to setup an irresistible
| site serving content of the vice of interest. It can even be a
| thin wrapper on existing sites. Do you only need to control
| entry nodes in that case? You'll return user-identifying data
| in headers or steganographically encoded in images and since
| you control the entry node you can decrypt it. It doesn't work
| for a normal (unaffiliated) entry node but since your entry
| node is in collusion with the server I think this works.
| prisenco wrote:
| Using Tor, like all security and privacy tools, must be
| balanced against what it is being used for. We will always live
| in a world of limited resources for policing, and systems of
| privacy work by increasing the difficulty and cost to
| deanonymize someone. They don't have to be perfect, they just
| have to be expensive.
|
| If you want basic anonymity while researching someone powerful
| or accessing information, it's extremely unlikely anyone is
| going to go the lengths people are bringing up here as a way to
| compromise Tor. The intersection of expertise, funding and time
| required is too great for such a low value target.
|
| If you're an international terrorist leader wanted in multiple
| countries, a prolific criminal, or enemy #1 of an authoritarian
| state though? Those who can go to those lengths absolutely will
| go to those lengths.
| slg wrote:
| >If you want basic anonymity while researching someone
| powerful or accessing information, it's extremely unlikely
| anyone is going to go the lengths people are bringing up here
| as a way to compromise Tor. The intersection of expertise,
| funding and time required is too great for such a low value
| target.
|
| Doesn't a solid VPN service also satisfy this exact need? Tor
| seems to occupy a narrow niche in which you have to care much
| more about privacy than the average person, but not at a
| nation state level. I think that is how it got associated
| with that 2nd tier of internet crime like buying drugs on the
| dark web or sharing CSAM. The truly sophisticated internet
| criminals probably know better and the people who only really
| care about anonymizing themselves are probably doing
| something simpler.
| bawolff wrote:
| > Doesn't a solid VPN
|
| Finding a solid one is the hard part. With tor, you kind of
| know what you are buying. The risks are in the open. With
| VPN maybe the operator is selling your data to advertizers.
| Maybe they are keeping logs. You kind of have to just trust
| them and have no way to verify.
| slg wrote:
| This hypothetical was about "a low value target" looking
| for "basic anonymity". Just get Mullvad and assume the
| entire company wasn't a 15 year long con set up to better
| target ads at you specifically.
| thewanderer1983 wrote:
| The problem with this assumption, that all possible attacks
| have been narrowed down to expensive only attacks i.e nation
| station level. These are complex systems and its not possible
| to prove that the only form of attacks are within these
| overton Windows. There may be much simpler forms of attack
| that aren't expensive, but the experts aren't aware of them,
| and therefore not focusing on. This is one of the big reasons
| for provably secure systems like Sel4 and other functional
| programming paradigms. We can't prove that all the problems
| are in this expensive box we put ourselves in, and all it
| takes is a 12 year old to discover one of these cheap attacks
| with a tooth pick or kids toy undermine very expensive
| defence systems.
|
| Take for example, John Draper who discovered in the 60's that
| a Captain Crunch whistle toy could be used to make free phone
| calls on the telephone systems. Or the discovery of Side
| Channel attacks by an engineer at Bell Telephone company who
| noticed that a Bell Telephone model 131-B2 would produce
| distinct spikes for each key pressed on the oscilloscope
| across the room. Therefore not requiring nation station level
| expense to break the encryption used by Navy and Army's
| encryption systems. Or during the Afghan war, the US was
| deploying armored vehicles that they assumed would provide
| good protection, and would be expensive to attack by the
| enemy. Turned out they could make IEDs from inverted copper
| cheaply and within locals kitchens. That proved very
| successful. Or the kid who discovered he could bypass the
| mint screensaver by smashing random keys on the keyboard
| (https://github.com/linuxmint/cinnamon-
| screensaver/issues/354). The list of these types of cheap
| attacks are throughout history.
| bragr wrote:
| >This could cost less than $5000 for a month
|
| I ran a bunch of nodes for a couple years and that's optimistic
| by perhaps an order of magnitude. No $5 a month VPS provides
| enough bandwidth to sustain the monthly traffic of a Tor node,
| and nodes need to be continuously online and serving traffic
| for about 2-3 months[1] before they will be promoted to guard
| relays. Throttling traffic to stay in your bandwidth allocation
| will just get you marked as a slow node and limit the number of
| connections you get. Sustaining just 1 Mbps will blow your
| monthly transfer allocation on the cheap tiers of both Digital
| Ocean or Linode.
|
| [1] https://blog.torproject.org/lifecycle-of-a-new-relay/
| teaearlgraycold wrote:
| Still easily within the budget of the US, Russia, China,
| Israel, etc. I wouldn't be surprised if a _majority_ of nodes
| are ran by intelligence agencies.
| bawolff wrote:
| I think the threat model is that the majority are not run
| by _cooperating_ malicious parties.
|
| Russia, china and usa all dont like each other much so are
| probably not sharing notes (in theory).
| aftbit wrote:
| Or perhaps they _are_ sharing notes about tor users with
| each other, as part of a global club of intelligence
| agencies (a sort of new world order) who would rather not
| be overthrown. How are we to know?
| anticorporate wrote:
| Because if they each only have incomplete information,
| they each wouldn't know whether the information they have
| is relevant to preventing overthrow of their collective
| order, or intelligence that is only going to help their
| geopolitical adversary.
|
| Basically, a variation of the prisoner's dilemma.
|
| Also, those nukes we have pointed at each other are a
| pretty healthy hint.
| Imustaskforhelp wrote:
| the last sentence really just gave me a chuckle
| jrochkind1 wrote:
| Or perhaps someone with secret quantum computing can
| break all our encryption and has full transparency on all
| communications on the internet. Perhaps extraterrestrials
| are eavesdropping on everything I say in my living room,
| and sharing it with the KGB. How are we to know?
| rrrix1 wrote:
| Occam's Razor definitely applies here.
|
| _" The simplest explanation is usually the best one."_
|
| Conspiracy theories are a logical reasoning black hole.
|
| I personally feel it's generally best to avoid the mental
| Spaghettification.
| darby_nine wrote:
| In fact, you should assume they are. This doesn't imply the
| network doesn't have utility for a given actor.
| andai wrote:
| They say the internet is just someone else's computer. With
| Tor it's the computer of a person who wants you to think
| it's not their computer, and also that they aren't paying
| attention to (or somehow can't see) what you're doing on
| it.
| chr_1 wrote:
| Before 2020 when /r/privacy stimulated conversation that
| was worthy of good discussion you learned Tor the software
| made less available nodes accessible with newer
| deployments, that's why it got faster. Regardless of how
| many nodes existed. The routing shifted. Now it's way
| faster and there's specifically designated guard nodes
| seemingly pinged repeatedly out to the same allied nations.
| giantg2 wrote:
| The interesting thing is, the more agencies that run
| relays, the more they interfere with each other. So having
| something like US, Russia, and China a each running 25% of
| the network reduces the chances of any one getting all
| three relays.
| droopyEyelids wrote:
| This would help negate that interference.
| https://en.wikipedia.org/wiki/Five_Eyes
| giantg2 wrote:
| Specifically what I chose US (allies implied), China, and
| Russia. These should be three competing factions.
| pasabagi wrote:
| I think even Russia and the US still do intelligence
| sharing on a lot of stuff - and that's before you
| consider that the US seems to be in everybody's networks
| anyhow, so non-sharing is probably just sharing with a
| bit more skullduggery.
| giantg2 wrote:
| I don't think they share on the bulk data. I would highly
| doubt they routinely cooperate on cyber crimes given
| Russia's stance on the matter (basically encouraging it).
| trompetenaccoun wrote:
| Russia and China are allies. And I'm not sure if Beijing
| would even be interested in spying on TOR users since
| it's blocked so thoroughly it's basically unusable for
| Chinese residents.
| giantg2 wrote:
| I don't know they are that aligned to be sharing bulk
| data like that. I don't think the are considered formal
| allies.
| bluGill wrote:
| China is for sure interested in spying on people in the
| US. I'm not sure if TOR users are of special interest
| though.
| Workaccount2 wrote:
| China and Russia are decidedly _not_ allies.
|
| They are neighbors with some overlapping interests and
| sort of similar goals if you squint. It wasn't very long
| ago that they were killing each other over border
| conflicts and annexed territory.
|
| China right now is just using Russia for cheap energy,
| they don't actually care about the health of the state.
| trompetenaccoun wrote:
| >It wasn't very long ago...
|
| If that's how geopolitics worked China would still be an
| American ally, vice versa. But alliances can change. Once
| an enemy always an enemy isn't a thing.
|
| >they don't actually care about the health of the state
|
| That's true but it's not a requirement for Xi to care
| about Russia. In fact I'm very sure he doesn't care about
| the Chinese people either. Russia needs China and the CCP
| uses Russia, not just for cheap energy but for fighting a
| war that many Westerners haven't even realized that it
| has begun already. Russia and China have a common enemy,
| that enemy is NATO.
| Aerbil313 wrote:
| I get scared reading that wiki page. The fact that the
| Australians are powerless[1] to stop US operating Pine
| Gap on their own soil, says something about how important
| the stuff the NSA & co. is doing there. (Surveillance)
| Horrors beyond our understanding.
|
| 1: A good video explaining history & status quo:
| https://www.youtube.com/watch?v=XHMa-Ba-2Mo
| belorn wrote:
| Now to add additional problems. 1000 tor nodes on a single
| platform would be very noticeable and geographically limited.
| Platforms also have different weight attached to them in the
| consensus, which adds further time requirements before a node
| is promoted. The developers do not want a single platform
| provider to be able to observe a large portion of all the
| traffic, so there are counter measures.
|
| The attacker could try to create a handful of accounts on
| hundreds of platforms in as many countries as possible,
| assuming one verify that the platforms accepts tor and do not
| share underlying providers and data centers. The cost would
| then be the average price of said providers, which is going
| to be a fair bit more than the cheapest providers out there.
| Managing and spreading them out is also going to cost a lot
| of man hours. Also the secops need to be fairly on the point
| and need to be maintained quite strictly across all the
| providers.
| qb1 wrote:
| Pagers and the next day handheld radios exploded on their
| users! This can be done.
| aesh2Xa1 wrote:
| I think the news about that particular counter example is
| too recent to be easily understood.
|
| https://www.schneier.com/blog/archives/2024/09/remotely-
| expl...
|
| Still, I think your point is excellent. The sort of group
| interested in tracking someone(s) over Tor certainly
| might have the capability to do so despite the
| difficulty.
| maicro wrote:
| Yeah, too recent to understand (though I've also been out
| of the loop a bit) - so thank you, that's...a good one.
| hiatus wrote:
| > Let's say I as a private individual fund 1000 tor nodes
|
| Was the operation against Hezbollah funded by a private
| individual? Otherwise I'm not sure the relevance of your
| statement to the comment that started this thread.
| ranger_danger wrote:
| Considering multiple world governments have already shown
| in leaked documents that this is exactly what they do, I
| personally wouldn't trust my secrets with tor.
| halJordan wrote:
| But and God forbid you read TFA, those leaked techniques
| were all done before the latest mitigations that the Tor
| Project is writing the blog about.
| chatmasta wrote:
| You don't technically need separate nodes, just separate IP
| addresses. Although Tor has some marginal protections against
| circuits sharing relays with similar IP, so you couldn't just
| get a /24 and hope they all get the same circuit.
| Terretta wrote:
| This is what providers such as https://www.vultr.com/ are
| for:
|
| https://www.vultr.com/features/datacenter-locations/
| tga_d wrote:
| Not only would you need the node to expose IPs with a wide
| enough distribution to allow the right path selection,
| you'd also need to have enough bandwidth available to look
| like distinct hosts, and ensure any losses in connectivity
| aren't correlated enough to draw attention (people monitor
| metrics.torproject.org pretty diligently, and would notice
| if there was a chunk of bandwidth coming and going in
| lockstep). At that point, the difference in cost to just
| actually running legitimately separate hosts is negligible.
| All empirical evidence points towards the status quo that
| has existed for most all of Tor's existence: if you want to
| identify Tor users, there are cheaper ways to do it than
| dominating the network (and those ways are expensive enough
| to be outside most people's threat models).
|
| That said, any bandwidth anyone wants to contribute to
| mitigate such attacks is always appreciated, even if it's
| more useful for performance reasons in practice. ;)
| alfiedotwtf wrote:
| If it's that expensive to run Tor nodes, who is actually
| paying for them? I've heard individuals getting doors kicked
| in for participating in the network, so it's not individuals.
| Corporates too wouldn't want this type of burden... so is it
| really just spy-vs-spy
| 0points wrote:
| > I've heard individuals getting doors kicked in for
| participating in the network, so it's not individuals.
|
| It's individuals
| autoexec wrote:
| Unless something has changed, one of the issues with Tor
| is that it tries to send traffic through servers that
| have the most bandwidth which are pretty much certain to
| be servers owned by the state a lot of the time because a
| random person's residential cable modem is going to be a
| lot less capable.
| input_sh wrote:
| Run by individuals doesn't necessarily mean run on potato
| hardware. I ran a highly reputable (non-exit) node on a
| beefy but underutilised dedicated server for at least
| half a decade.
| p4bl0 wrote:
| Many individuals contribute to running relays. And there
| are non-profit organizations collecting donations to
| operates Tor exit nodes:
|
| - https://www.torservers.net/
|
| - https://nos-oignons.net/
| idiotsecant wrote:
| This is probably strictly true but it smacks to me of
| 'many people say'. I wonder what % of TOR nodes are run
| by people with an ideological allegiance for the network
| vs how many are run by nation-state actors.
| akimbostrawman wrote:
| only exit nodes get there door kicked in and they are the
| minority and not needed for the tor network to function
| zerd wrote:
| They are pretty essential, without them you can only
| access onion services.
| immibis wrote:
| I run a non-exit node any time I have the spare resources.
| I2P too. This means they're on the same popular providers
| that have too many other nodes, though.
|
| Sometimes I set it up as a bridge (hidden entry node)
| instead.
| voldacar wrote:
| I started a tor relay on a spare vps about a month ago and it
| got guard status around 2-3 weeks in, so that info seems to
| be out of date.
| arktos_ wrote:
| Pardon my ignorance, but I thought it fruitful to ask: Are
| there any issues that can arise by doing this on a VPS?
|
| I ask because I know of stories of law enforcement sending
| inquiries to owners of, say, exit nodes requiring certain
| information about given traffic. I don't know if this
| happens for middle-nodes (or whatever they're called).
|
| Moreover, are there any issues with associating a node to,
| you know, your name and billing information?
|
| I don't know much about this, and although I could look it
| up, I think that my questions - and your respective answers
| or those of others - might do some public service of
| information sharing here.
| voldacar wrote:
| I'm not an exit node.
|
| You can buy a vps with xmr if you're worried about
| privacy from law enforcement.
| Imustaskforhelp wrote:
| most vps don't support xmr though. any suggestions to
| whom I can trust (I basically only trust hetzner in vps
| space)
| voldacar wrote:
| https://monerica.com/
|
| ctrl-f for web hosting
| beeflet wrote:
| Some do though. I got started a minecraft server the
| other month that i paid for in xmr. You can go to like a
| VPS aggregator like serverhunter.com and filter those
| that allow altcoins as payment
|
| https://www.serverhunter.com/#query=stock%3A%28in_stock+O
| R+u...
| akimbostrawman wrote:
| >I basically only trust hetzner in vps space
|
| https://notes.valdikss.org.ru/jabber.ru-mitm/
| ranger_danger wrote:
| What's more alarming to me is that they (the jabber
| operators) seemingly stopped caring about it. Whatever
| this intercepting proxy did (including from the sound of
| it, spoofing ACME challenges from their domain to get a
| certificate) could be illegal and they didn't even
| attempt to do anything about it, AND they are assuming
| that continuing to use the service after the attack
| stopped is somehow safe now.
|
| Either they are grossly negligent/incompetent (IMO
| unlikely given the extent of their research), or they
| knew it was intercepted on purpose (either by law
| enforcement, the provider itself or one of their
| upstreams) and intentionally aren't saying so. They could
| also be withholding or lying about any number of things,
| including the exact response from the hosting providers.
| GTP wrote:
| I never operated a TOR node, but as far as I know and
| heard from other sources, TOR realays don't get much
| attention from law enforcement, it any attention at all.
| Which makes sense: all they're doing is getting encrypted
| traffic in and giving encrypted traffic out. It would
| hard for them to link a relay node to a specific
| connection, and even if they do, you can't help them in
| any way: even you as the node operator are only able to
| see encrypted traffic.
|
| Edit: there's a youtuber called "Mental Outlaw" that
| published a while ago some videos about setting up and
| operating TOR nodes. He sometimes gives inaccurate
| information regarding more theoretical topics, so I don't
| follow him much. But I think he can be trusted for this
| practical topics.
| WHA8m wrote:
| Just a quick note on the Youtube channel you mention: I
| follow his videos for a while and it seems to me, that
| he's half a shill. My impression is, that he re-models
| popular HN threads into Youtube videos. Just watch the
| latest video on the MrBeast topic and you'll basically
| get the same info as all the popular 'root' comments (was
| on HN front page last week). Not the first time I noticed
| a suspicious connection.
| GTP wrote:
| It would be funny if he makes a new video about TOR and
| ends up mentioning your comment :D
| PawgerZ wrote:
| Wow, I was about to comment the same thing. Glad to have
| my assumptions validated by someone else.
| maxrecursion wrote:
| While that is a crappy thing to do, I bet tons of
| YouTubers are doing just that. Hell, most political
| YouTubers just read articles and make stupid comments
| about them.
|
| It would be impossible to create daily content if you
| weren't just rehashing, or taking, information from
| somewhere. Again, not defending it at all, just saying
| it's probably a very common thing. Like how some crappy
| news articles are just a bunch of reddit comments, like
| that qualifies as news.
| Workaccount2 wrote:
| If you ever fall into "hustler-get-rich-quick"
| shorts/reels/tik-toks, it is full of people laying out
| the same exact scheme:
|
| Make a channel
|
| Find popular reddit/social media post
|
| Use AI tools for text to speech
|
| Use AI tools to generate pictures
|
| Stitch it all together
|
| Post on channel.
| WHA8m wrote:
| Agreed. Extra: I'd generally say, that comments on HN are
| often interesting and insightful (that's why we're here,
| no?). With the current state of social media, I'd wish
| for a little more HN flavor. But at least credit your
| source. The information you provide doesn't get less
| valuable only because someone else did the work.
| gspencley wrote:
| > While that is a crappy thing to do,
|
| I haven't watched this particular channel so maybe it's
| obviously shady, but I'm curious: why is this
| conceptually a crappy thing to do?
|
| I mean, if you take the IP of others and redistribute it
| verbatim then I definitely see the ethical issue. So if
| the claim is that he's reading peoples' comments or posts
| verbatim without credit then yeah that's crappy. Don't
| get me wrong.
|
| But if all we're talking about is "mining" websites like
| HN for topics and then creating original content that
| covers those topics in a different format for a different
| audience... where's the issue?
|
| A few years ago I was feeling pretty burned out in the
| tech industry and created a tongue in cheek "luddite"
| channel called TechPhobe where I took an overly
| pessimistic view of the industry. At the time Elizabeth
| Holmes was on trial and a lot my videos involved me
| reading ArsTechnica articles on the subject (credited)
| while offering my personal opinions on the matter. While
| not successful, those videos got more views than anything
| else I ever created. Was that a crappy thing to do? I
| didn't think so at the time and I don't think so now.
|
| I didn't stick with the channel because I realized pretty
| quickly that if I'm dealing with burnout the last thing I
| should be doing in my spare time is focusing on tech
| content lol
| digging wrote:
| > But if all we're talking about is "mining" websites
| like HN for topics and then creating original content
| that covers those topics in a different format for a
| different audience... where's the issue?
|
| Plagiarism, generally. I really enjoyed the semi-recent
| hbomberguy video on why it matters, and a later response
| (from another channel) on "The Somerset Scale of
| Plagiarism" for a more rigorous explanation of what the
| different kinds of "content reuse" can be. Those are
| generally where my current model of plagiarism comes
| from.
|
| A specific concern would be the inaccurate telling of
| information that isn't understood. A video saying, "Here
| I will summarize this HN thread," is perfectly ok, and a
| good thing. A video saying, "Here I will tell you how
| $thing works," should be well researched and cited.
| Doesn't matter if the content's entirely from an HN
| thread for from 40 different SEO farms, it's low-quality
| content and it's wasting everyone's time at best, and
| probably actively misinforming people. (Because how true
| and complete is information gleaned from HN comments
| anyway?)
| immibis wrote:
| Non-exit nodes are generally considered safe to run. it's
| only exit nodes that system enforcement keeps trying to
| shut down.
| dunghill wrote:
| There was a recent HN topic where person running exit
| nodes run into quite a lot of issues because of it.
| INTPenis wrote:
| I ran tor exit nodes on Linode and Digitalocean for
| years. No real issues, but you will get regular abuse
| complaints.
|
| The support teams always understood once I explained it
| was a tor exit node. I co-operated with the Cloud
| provider and added any IP-address that requested it to my
| list of exempt addresses.
| ranger_danger wrote:
| > The support teams always understood
|
| But they don't have to. It could also be against their
| ToS, and many other providers would not have been ok with
| it. Accounts and domains have been taken away for much
| less.
| jrochkind1 wrote:
| Right, which is why it's informative to hear a report
| that DO and linode did!
| layer8 wrote:
| So read the ToS and ask support beforehand?
| ForHackernews wrote:
| These costs explain why most of the nodes are probably run by
| the FBI.
| zorrn wrote:
| We also recently saw the xz backdoor wich was worked on for
| many years so I think it could be possible if you really have
| on target.
| plorg wrote:
| You didn't think someone would notice if the Tor network has
| 1000 new nodes setup similarly? Or, I suppose, if you find
| enough heterogenous people and pay them to log their nodes,
| you're not going to get noticed?
| edm0nd wrote:
| Your 1000 Tor nodes would quickly be detected as bad relays and
| be removed from the network. It would also cost you far more
| than $5,000 a month.
| voldacar wrote:
| With v3 hidden services, relays can no longer see the plaintext
| of the hidden service's url.
| giantg2 wrote:
| Wasn't there a thing years ago where the NSA only needed 2 out
| of the 3 nodes if they got the right ones? Not sure if that was
| fixed with guard nodes or is still a thing.
| EmilyHughes wrote:
| This came out yesterday:
| https://www.youtube.com/watch?v=Gs0-8ZwZgwI
|
| Apparently in germany they caught a pedo like that. Watching
| certain nodes and the sizes of files that are sent between them
| to identify the admin of a pedophile image sharing forum. Took
| them 1 1/2 years to identify the specific person, but they got
| him.
|
| Considering this I would imagine it's pretty safe for the
| average user since they have to specifically target you for a
| long time, however it seems like with enough effort it's
| possible to identify someone even without Clearnet slip-ups
| like it was the case with Silkroad.
|
| Once they have your address they will just storm your house and
| catch you on the computer, then you are done for.
| Refusing23 wrote:
| But the more who use it and/or host tor nodes...
| cookiengineer wrote:
| The issue that TOR has is that it's a layered routing concept
| that won't respect ASN based spreading/scattering of traffic.
|
| Circuits are temporary but the traffic is not scattered across
| the network to make MITM fingerprinting of request/payload
| sizes/timestamps impossible.
|
| A typical MITM like the FBI surveillance van next door can
| identify you by observing the network packets and by _when_
| they were requested and by _how large_ the payloads were. There
| was a famous court case where this was enough evidence to
| identify a user of an onion service, without the FBI having
| access to the Wi-Fi of the user. But they had access to the
| exit node logs that were encrypted, the pcap logs to the onion
| service from that exit node, and the encrypted Wi-Fi packets of
| the user.
|
| (Also TLS lower than 1.3 and SNI related problems are relevant
| here, because DNS TTL 0 effectively makes everyone's privacy
| compromised, shame on you if you set a DNS TTL to 0)
|
| My point is that with more randomized hops across the network
| and across ASNs it would be less likely that a threat actor can
| control both guard and exit nodes.
|
| (Assuming that they parse RIR datasets to map organizations
| across ASNs, which the datasets already provide)
| runamuck wrote:
| Would an Ethernet cable plugged into your ISP router defend
| against the above mentioned surveillance (i.e., no WiFi
| snooping)? Or did the FBI PCAP at the ISP?
| cookiengineer wrote:
| The problem is also that different network stack
| implementations have different MTU values and different TCP
| headers.
|
| There's a lot of tools available that can fingerprint
| different applications pretty well these days. For example,
| Firefox and TOR Browser can be fingerprinted because of
| their custom network library that's OS independent.
|
| It gets worse if you use a DSL2 connection with scaling
| because that will uniquely make your packets
| fingerprintable because they have a specific MTU size
| that's dependent of the length of the cable from modem to
| the next main hub. Same for cable internet, because the
| frequencies and spectrums that are used are also unique.
|
| (I'm clarifying this, because an FBI van not having access
| to your Wi-Fi still has access to the cable on the street
| when there's a warrant for surveillance / wire tapping
| issued)
|
| [1] https://github.com/NikolaiT/zardaxt (detects entropies
| of TCP headers and matches them with applications)
|
| [2] https://github.com/Nisitay/pyp0f (detects the OS)
|
| [3] https://github.com/ValdikSS/p0f-mtu (detects the VPN
| provider)
| taneq wrote:
| If you thought of this in 10 minutes (or 6 months, or...) as
| one smart individual, I'd assume any government of any country
| you've heard of has been doing this for a while.
| jrochkind1 wrote:
| I think so.
|
| And of course for a state-level actor, they can afford a couple
| orders of magnitude more spend prob too.
| MagicMoonlight wrote:
| Yes it's 100% going to be compromised if you are an enemy of
| the US government.
|
| The primary purpose of tor is for their own use, which is why
| they have developed and funded it. So the underlying principle
| is secure, but they'll definitely be paying for enough of the
| nodes to compromise it for you.
| 2OEH8eoCRo0 wrote:
| It's safe if you ain't a pedo or terrorist.
|
| Sometimes I wonder wtf y'all are doing with such crazy security
| expectations and paranoia.
| mass_and_energy wrote:
| The implication of the right to privacy being unnecessary
| because you have nothing to hide is akin to declaring the right
| to free speech unnecessary because you have nothing to say.
|
| The ability to maintain privacy and anonymity is not for today,
| it's for tomorrow.
| ciiiicii wrote:
| I don't think many people seriously think that terrorists
| planning attacks to maim and kill people, and pedophiles
| sharing child sexual abuse imagery with each other, have an
| absolute right to privacy in such communications, nor that
| doing so is an example of free speech.
|
| Really it's a good thing that the "global adversary" is -
| almost certainly - keeping tabs on Tor traffic and tracking
| down who is responsible for the worst abuses within this
| network.
| lapphi wrote:
| You sound like a stalin era communist. The secret police
| are spying on you for your own good!
| ciiiicii wrote:
| Not sure what you mean. Gathering evidence is a vital
| part of investigating criminal activity. In the age of
| the internet, this includes evidence generated on
| computer networks, such as connection metadata from
| distributed systems like Tor.
|
| Why, in your view, is this akin to Stalinism? It's just
| standard police work adapted for modern technologies, not
| an indication of totalitarian governance.
| 2OEH8eoCRo0 wrote:
| Where do I say it's unnecessary?
| nurumaik wrote:
| Not everyone lives in a country where government is a friend
| bornfreddy wrote:
| And even if it is today, a fiend is just one bad election
| away.
| o999 wrote:
| Noone does..
| RiverCrochet wrote:
| 1. It's fun. Playing with these technologies is entertaining
| and will learn you some good stuff about the networking and the
| encryption and what not.
|
| 2. Tor allows reception of unsolicited TCP/IPv4 traffic if you
| are behind a NAT you can't open ports for, because your
| connection to the network is initiated on your side. This is
| nice, especially with increasing prevalence of CGNAT.
|
| 3. Something my niece stated when I talked to her about it, who
| I disagree with: Many countries have a notion of upstanding
| citizen enforced by well funded and maintained violence-
| monopoly actors (R) that are not equivalent to what the
| majority of citizens actually do (S). R minus S is T - the
| tolerance gap. Things that allow T to exist include lack of
| will to prosecute, general social acceptance of things that
| were not acceptable years ago, etc. All things that are quite
| mutable. If your activities fall into T, privacy-enforcement
| tech benefits you if R and S might change in the future.
|
| FWIW I am firmly in the "if you have nothing to hide you have
| nothing to fear" camp and I looked at her funny when she said
| this. Maybe she is a criminal or just crazy, idk.
| spl757 wrote:
| I'd like to place a camera in every room of your house and
| stream them on my website. Surely you won't mind because you
| have nothing to hide. Right?
| Naturally wrote:
| Your niece's reasoning sounds excellent to me, I am pleased
| you have included it.
| WolfeReader wrote:
| You believe you have "nothing to hide" from 1. your own
| government, 2. the government of a nation you happen to be
| visiting or communicating with, 3. corporations who slurp up
| and sell personal data, 4. organized crime, 5. con artists
| and phishers looking for an easy mark, 6. people who
| personally want to harm you or exploit you, 7. people who
| want to harm others in your life and would use you as a means
| to do so, 8. people who want to harm your
| race/gender/religion/etc and identified you as a member of
| their targeted group.
|
| Really?
|
| End-to-end encryption technologies (of which TOR is one) help
| prevent entire categories of attacks which would otherwise be
| available to all of those groups, to use against you and
| others.
| ObsidianBreaks wrote:
| I think it's prudent to point out that the article's title is
| quite 'clickbaity', but to address it directly, the correct
| answer is (as it usually is) is 'it depends'. In my view, it
| depends on the answer to the question 'safe for who?', i.e. what
| is the threat model to which you are trying to guard against? If
| it's the US, then of course not, as the code is well-known to the
| US and I would expect that they have known vulnerabilities that
| they can leverage to ascertain the users of their service. The
| fact that TOR is, 'on paper', non-governmental doesn't really
| matter these days with the merging of private and public (and
| non-affiliated open-source communities) inside the security
| community. I would say that even the fact that it's open source
| isn't much of guard against such attacks, given that it relies on
| proficient oversight (which many eyes may not guarantee). Against
| other 'nation state' type adversaries - I'd wager that the more
| prominent who have the capacity to host a large number of relay
| nodes, and have access to very large computational power, will
| find it possible to decode portions of the TOR traffic. Against
| less technically proficient adversaries, such as 'run of the
| mill' police forces and minor nation states I'd go so far as to
| say it _might_ be secure but only if you are using it for
| something uninteresting to them, but I ask 'how hard is it
| really to do a man in the middle a TOR relay?', and in terms of
| the most general case, 'what about the endpoints?' which of
| course aren't secured via TOR. Ultimately the best defense
| against 'snooping' in my view is to use a pre-agreed
| communication protocol which is undocumented and is known only
| between the communicators and is unusual enough to be hard to
| recognize or hard to work out what it means (preferably with a
| key to those communications known only to the two parties), but
| then I suppose you could use any communication protocol...
| oytis wrote:
| Don't quite get it - why doesn't CCC share information with the
| Tor Project maintainers?
| solarpunk wrote:
| curious about this as well
| some_random wrote:
| I suspect that the reporter has a bone to pick with Tor and the
| CCC members that were given the documents were compelled
| legally or socially to not share them further.
| notepad0x90 wrote:
| Maybe they want to reveal it on the CCC in december?
| vaylian wrote:
| It's unlikely that they want so save the technical details
| for the conference. It would put people at risk if the tor
| project would not be able to fix the issue in the meantime.
| cubefox wrote:
| The information comes from the NDR (link im neighboring
| thread), not the CCC. The CCC only got to see the documents via
| the NDR.
| DonnyV wrote:
| Tor has never been safe to use.
| vixen99 wrote:
| How am I any further forward reading that?
| argentier wrote:
| you have the truth - it was cooked up by US Naval
| Intelligence - why would you think it was safe?
| toby- wrote:
| Wait until you learn about the creation of the Internet and
| the World Wide Web. Better disconnect.
| o999 wrote:
| Old Ricochet used onion v2, that has stopped working long ago as
| far as I know, or I am missing something
| basedrum wrote:
| You are right. The lack of details or time window when this
| happened make it difficult to know what the actual compromise
| was, or if it is still something that can be used. However, if
| they compromised a Ricochet user, then this attack was a long
| time ago, and from what Tor's blog says that client didn't have
| the defenses that would have prevented the attack they think it
| is. Without the actual details, it seems like this attack was
| mitigated some time ago and is no longer something that can be
| done in the same way.
| toby- wrote:
| We have a rough timeframe: "To the best of our knowledge, the
| attacks happened between 2019-2021."
|
| The hidden service targeted[0] had completely ceased to exist
| by April 2021, so that time range makes sense.
|
| [0]: https://www.ndr.de/fernsehen/sendungen/panorama/aktuell/
| Inve...
| sathackr wrote:
| based on the article I think this is old news just now being
| reported
| tonetegeatinst wrote:
| AFAIK v2 has stopped working. Iirc were up to v3 or something.
| edm0nd wrote:
| no v2 onion urls resolve or work. It's been v3 since 2021.
| gigatexal wrote:
| Was it ever safe? Wasnt it created by the AirForce or something?
| I've always thought of it as a honeypot.
| knodi123 wrote:
| > Wasnt it created by the AirForce or something?
|
| No, don't be silly, that's ridiculous! It was the Navy.
| archsurface wrote:
| The more privacy the better as far as I'm concerned, but I've
| never used tor. What are people using tor for? General comms,
| piracy (mild illegal), other (very illegal), ...?
| ziddoap wrote:
| > _other (very illegal), ...?_
|
| I will be waiting patiently for people to admit that they do
| very illegal things over Tor.
| knodi123 wrote:
| It's okay, you can safely confess to felonies and crimes
| against humanity on HN. Our usernames are meaningless and our
| traffic is SSL encrypted!
| archsurface wrote:
| They don't have to be admissions, reports are an option.
| marc_abonce wrote:
| Besides regular browsing (basically a free VPN), a pretty nice
| use case of Tor is that some news sites have non-paywalled
| onion addresses.
|
| The Guardian:
| https://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3...
|
| New York Times:
| https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2l...
|
| BBC:
| https://www.bbcweb3hytmzhn5d532owbu6oqadra5z3ar726vq5kgwwn6a...
| lifeisstillgood wrote:
| I am interested in the "legitimate" uses for tor. I have not kept
| up with this but I understand it was designed by US Navy to make
| it hard for oppressive regiemes to track their citizens use of
| web.
|
| What do we want Tor for except as a hope that Russian citizens
| might be able to get to the BBC site?
|
| I am asking honestly - and would prefer not to be told my own
| government is on the verge of a mass pogrum so we had better take
| precautions.
| tonymet wrote:
| Anonymous publishing
| whimsicalism wrote:
| most governments retaliate to some degree against journalists,
| whistleblowers, etc. - no pogrom needed
| knodi123 wrote:
| For the same reason we have SSL on this site, despite the fact
| that it has no sex, no storefront, nor any access to my banking
| or private information.
|
| If everything is SSL secured, then we don't have to explain why
| any specific thing is SSL secured. The same reason can be
| applied to use of TOR.
| fragmede wrote:
| The point ranking on comments, which is private, would be of
| interest to parties training an LLM and want the data
| annotated, but your point stands.
| judge2020 wrote:
| I'm not sure how much more useful that is than just using
| HN's automatic ranking for comments, at least outside of
| parent comments on posts; As far as I can tell, child
| comments are always ORDER BY score DESC.
|
| Even for top level comments, HN's algorithm for ranking is
| pretty useful for assigning "worth"
| fragmede wrote:
| On posts there's an attempt to suface later comments
| (with fewer points) so the comment section isn't
| dominated by earlier posts.
|
| Ordering by score DESC only gives you relative point
| information, not absolute. Theres additional signal if
| the top comment has 100 points vs only having 3 (and the
| bottom post also having 100 vs 1).
| pc86 wrote:
| "Every site having SSL is a Good Thing because it means you
| don't need to defend your use of SSL. If more people used
| Tor it would mean you didn't need to defend your use of
| Tor."
|
| "Yeah but Y Combinator made a decision that makes it harder
| for me to auto-generate spam."
| 0xggus wrote:
| >This is a collection of anonymous user stories from people who
| rely on Tor to protect their privacy and anonymity. We
| encourage you to share their experiences with your network,
| friends and family, or as part of your work to promote the use
| of privacy-preserving technologies like ours and help us defend
| strong online protections.
|
| https://community.torproject.org/outreach/stories/
| smoe wrote:
| Don't know if it is still used much. There is SecureDrop to
| facilitate communication between investigative journalists and
| sources/whistleblowsers via Tor that was at some point deployed
| by several prominent news organizations.
|
| https://en.wikipedia.org/wiki/SecureDrop
| andai wrote:
| Are there legitimate arguments in favour of privacy, and
| private communications? It seems to be largely the same issue.
|
| We've come to accept (as a normal mainstream thing) end to end
| encryption in several popular messaging apps (which seems to be
| largely thanks to WhatsApp?), but the same idea applied to web
| browsing is still considered fringe for some reason. That
| distinction seems arbitrary to me, like just a cultural thing?
|
| It might be a UX thing though. WhatsApp is pleasant. Trying to
| use the internet normally over Tor is horrendous (mostly thanks
| to Cloudflare either blocking you outright, or sending you to
| captcha hell).
| sureIy wrote:
| How would you feel if a stranger came up to you in the street
| and said they appreciated the wiki article you were reading
| last night?
|
| I think everyone wants "privacy by default", they just don't
| make the connection between this hypothetical and real life. In
| real life you're still spied but nobody confronts you directly.
| cubesnooper wrote:
| I browse social media sites like Facebook and Reddit using
| their onion services. I was sick of seeing ads pop up that were
| clearly based on tracking my general browsing activity through
| IP correlation, tracking pixels and embedded "like" buttons. So
| now I block all cleartext Facebook/Reddit traffic completely.
|
| Using Tor this way doesn't anonymize me--on Facebook at least,
| I'm logged in under my own account--but it limits the profile
| Meta builds on me to the union of what it directly observes on
| Facebook and what it can purchase through data brokers. Ever
| since I started doing this, I've noticed a huge drop in
| relevance in my Facebook ads, so apparently it's working. When
| the ads become suddenly relevant again (which has happened a
| few times), it exposes an information leak: usually a credit
| card purchase that Meta must have obtained from either my bank
| or the shop vendor and tied to my identity.
|
| Using a VPN could theoretically provide the same benefit, but
| in practice Facebook tended to temporarily lock my account when
| using a VPN and Reddit blocks VPN traffic completely. So I
| stick to the onion services, which are run by the websites
| themselves and so are less likely to be treated as malicious
| traffic.
|
| If you use these platforms, I recommend bookmarking their onion
| sites in Tor Browser and using it as your primary interface to
| them for a while. Then, if you don't find it too inconvenient,
| start blocking the non-onion versions of the sites on your
| network.
|
| https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqn...
|
| https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg...
|
| (P.S.: You shouldn't trust the links I just posted; I could
| have posted fake ones! I recommend double-checking against
| https://github.com/alecmuffett/real-world-onion-sites which
| links to proofs of onion site ownership under their usual
| domain names.)
| USiBqidmOOkAqRb wrote:
| NAT traversal, on both sides!
| pc86 wrote:
| Let's not discount the validity of making it easier for
| Russians, or Chinese, or North Koreans, to get western media.
| gen2brain wrote:
| Because how else would they know that Kamala used to work in
| mcdonalds. Pure gold in western media.
| pc86 wrote:
| If you think my comment can in any way be construed as
| saying all western media is great, please get help.
| moogly wrote:
| Representing the letters "nsa" in "unsafe" since 2006.
| cypherpunks01 wrote:
| Remember the Harvard student that emailed in a bomb threat via
| Tor to get out of a final exam in 2013?
|
| He got caught not by the FBI breaking Tor, but just by network
| analysis of university network traffic logs showing a very narrow
| list of on-campus people using Tor at the time the threat was
| communicated. He quickly confessed when interviewed.
|
| https://www.washingtonpost.com/blogs/the-switch/files/2013/1...
|
| Just another factor to consider when using Tor - who's network
| you're on.
| MDJMediaLab wrote:
| I recall this situation well as it interrupted an exam of mine.
| iirc, it was the MAC address of his machine being
| known/registered to the Campus network that nailed him.
| Vegenoid wrote:
| If he simply didn't confess, they likely could not have proven
| it was him - but yes, it is best to avoid suspicion altogether.
| pc86 wrote:
| As relevant today as it has ever been:
| https://www.youtube.com/watch?v=d-7o9xYp7eE - "Don't Talk to
| the Police" by Regent Law professor James Duane (2012). 19M
| views for a reason, it's a great talk that I've watched a
| couple times now. And a former cop who was an L3 at the time
| of the video also speaks very convincingly on the topic, and
| about how the only times people who they knew were guilty but
| couldn't prove it got away were when they lawyered up and
| shut up immediately.
|
| As always there are caveats that he goes into regarding how
| to assert the right and all that but the major thrust is if
| the police want to talk to you for any reason, just don't.
| Lots of great stories, too.
|
| You are under no legal obligation to assist police in their
| investigations. Give only the information you are legally
| required to (varies by state and whether it's a consensual
| encounter, detainment, arrest, etc.), and no more. If you're
| arrested say you want an attorney and you will not answer
| questions until they arrive.
| ocean_moist wrote:
| If your threat model includes western nation states, there are
| much bigger threats to your opsec than Tor. If your threat model
| does not include western nation states, Tor is safe to use.
| smm11 wrote:
| Still?
| notepad0x90 wrote:
| From what little I've heard, de-anonymization of Tor users is
| largely done by targeting their devices with zero-day exploits.
| That is still a valid method, I wouldn't trust Tor personally,
| but I'm with the Tor project that there is no credible evidence
| of a large scale de-anonymization attack.
| toby- wrote:
| Why wouldn't you trust Tor? Do you mean you wouldn't trust it
| at all, or wouldn't trust it completely?
| notepad0x90 wrote:
| I mean at all, but I don't have any reasons worth mentioning
| here, that I'm willing to defend on a public site.
| toby- wrote:
| Fair enough. Was just curious. :)
| tomcam wrote:
| Sincere question. This was created with US government funding. Is
| there any reason to believe it is safe?
| hnisoss wrote:
| Even if you had your own SMT how can you be sure no one fiddled
| with your lab? If you can't trust your own stack 100% how can
| you trust ANYTHING else then?
|
| So my answer to your sincere question: no reason to believe it
| is safe, no.
| toby- wrote:
| So was the Internet at DARPA (or its modern foundation). And
| the WWW at CERN.
|
| Tor's development team aren't on the payroll of the US gov't,
| and their funding comes from many sources.
|
| If having received funding from a government agency is enough
| to earn your distrust, you'd quickly become a paranoid
| schizophrenic.
| oldgradstudent wrote:
| > Tor's development team aren't on the payroll of the US
| gov't, and their funding comes from many sources.
|
| That's not serious. From the Tor official blog:
|
| > U.S. Government (53.5% of total revenue)
|
| > Individual Donations (28.5% of total revenue)
|
| > Non-U.S. Governments (7.5% of total revenue)
|
| > Foundations (6.4% of total revenue)
|
| > Corporations (3.4% of total revenue)
|
| > Other (0.6% of total revenue)
|
| https://blog.torproject.org/transparency-openness-and-
| our-20...
| toby- wrote:
| It's true that a majority is from the US government through
| various funding schemes and grants. They're very
| transparent about their funding and ongoing efforts to
| diversify. But a little over half coming from US government
| sources isn't the same as their devs literally being on the
| gov't payroll; people often talk about Tor as if the
| developers themselves earn a government salary.
|
| (Funnily, Signal also received major funding from US
| government sources but very few people seem to question
| that when lauding Signal.)
| tomcam wrote:
| Neither the Internet nor the Web were designed for anonymity.
|
| And I cannot name an organization I would trust to tell me
| the truth if doing so will jeopardize its funding.
| ementally wrote:
| https://spec.torproject.org/vanguards-spec/index.html
|
| >A guard discovery attack allows attackers to determine the guard
| relay of a Tor client. The hidden service protocol provides an
| attack vector for a guard discovery attack since anyone can force
| an HS to construct a 3-hop circuit to a relay, and repeat this
| process until one of the adversary's middle relays eventually
| ends up chosen in a circuit. These attacks are also possible to
| perform against clients, by causing an application to make
| repeated connections to multiple unique onion services.
| ggm wrote:
| Absolutist statements about services like TOR or VPNs are often
| not helpful. It's highly contextual to the threat. If the threat
| is a state actor it's likely nothing, TOR included, can preclude
| them from determining things about you that you would prefer them
| not to know.
|
| Some specific state actors operate TOR entry and exit routers and
| can perform analysis which is different to others who just have
| access to the infra beneath TOR and can infer things from traffic
| analysis somewhat differently.
|
| I have never been in a situation where my life and liberty
| depended on a decision about a mechanism like TOR. I can believe
| it is contextually safe for some people and also believe it's a
| giant red flag to a lead pipe and locked room for others.
| edm0nd wrote:
| I'm being pedantic but it's simply just Tor, not TOR.
|
| https://support.torproject.org/about/why-is-it-called-tor/
|
| >Note: even though it originally came from an acronym, Tor is
| not spelled "TOR". Only the first letter is capitalized. In
| fact, we can usually spot people who haven't read any of our
| website (and have instead learned everything they know about
| Tor from news articles) by the fact that they spell it wrong.
| MR4D wrote:
| I'm a tor novice, so please excuse the simplistic question...
|
| Couldn't a national security organization just modify a node to
| route traffic to other nodes it controls instead of uncontrolled
| nodes?
| tg180 wrote:
| No!
|
| The client controls path selection, and each hop is verified
| using its encryption keys.
| bobbylarrybobby wrote:
| You're saying that if you modify the tor software, other
| clients will be able to tell before connecting to you? And
| you can't trick them into sending to a bad node?
| mrln wrote:
| It is not the node that chooses the next one, but the
| client. A bad node cannot "fake" a good node, because it
| cannot cryptographically authenticate to be the new node
| the client selected (the client knows the public key of the
| newly selected node).
| kevincox wrote:
| If you run a node that forwards traffic to any node other
| than the one requested by the client then that node won't
| be able to decrypt the traffic.
|
| The client encrypts traffic to each node on its selected
| path in turn. If the traffic doesn't reach every desired
| node in order the traffic can't be decrypted.
| deviantbit wrote:
| No. It is not. More than 1/3 of the Tor servers are run by US
| Federal Govt as does other members of the Five Eyes. Israel has a
| large number as well. Cases are built backwards or in parallel
| that are from the fruit of the poisonous tree. If you don't know
| what that term means, look it up.
|
| Use Tor with extreme caution.
| ec109685 wrote:
| Or just hit onion services that don't require exit nodes.
| loup-vaillant wrote:
| How is that even possible? Unless you keep to hidden services
| underneath you do need an exit point to talk to the regular
| internet.
| pushupentry1219 wrote:
| Comment is saying: never use regular internet ONLY use
| hidden services so you never need to exit the network
| through an exit node
| toby- wrote:
| >More than 1/3 of the Tor servers are run by US Federal Govt
|
| Source? People repeat this claim and nobody every provides
| evidence.
| hannasm wrote:
| If enough governmental bodies can get behind running Tor nodes
| then couldn't we theoretically protect the bulk of humanity from
| spying on Internet access? Truly an advance in the Internet
| technology. It's kind of like if a single nation does it they
| control everything, but once all the nations compete then
| everyone wins.
|
| But at planetary scale would Tor scale in an environmentally
| friendly way?
| perlgeek wrote:
| Most governments value their law enforcement obligations and/or
| desire for surveillance more strongly than an Internet that is
| protected from spying, so good luck with that.
| berkes wrote:
| Ironically, most of these same sectors in the same
| governments have strong need to be protected from spying
| themselves.
|
| So in many cases it's really a case of "we want a monopoly on
| secrecy".
|
| Which should be a massive red flag for everyone, from left to
| right, from liberal to conservative, from anarchist to
| communist and so on. But somehow isn't picked up by any of
| these. I presume because they all believe somehow they either
| won't be targeted or will be exempt?
| pc86 wrote:
| Several of those ideologies you mention are just different
| flavors of authoritarianism, and one of an ideological
| authoritarian's primary goals is power. Hell, take out
| "anarchist" and you could make a convincing argument
| they're all authoritarians in their own way. You don't get
| power by giving the populace - or helping them to keep - a
| free, secure Internet. It's just completely antithetical to
| someone who wants to hold power by nondemocratic means.
| berkes wrote:
| That was deliberate: a way of saying "probably even those
| who align with authoritarianism won't like governments to
| have a monopoly on secrets".
| perlgeek wrote:
| I don't see government monopolies as immediate red flags.
|
| In most nations it's widely accept that the state has a
| monopoly on violence (usually through the police force),
| and it's not clear to me what a good alternative to that
| would be.
|
| I also want my government to have a monopoly on taxation, I
| don't want any private company or gang to be able to just
| collect taxes from me, without any repercussion.
|
| As for secrets? We probably have to distinguish a bit
| between secrets/data at rest vs. secrets/data in transit. I
| could well imagine that a good balance between security and
| privacy could require some tradeoffs when it comes to data
| in transit.
| berkes wrote:
| Good point. And while I too accept a state to have a
| monopoly on things, especially those you mention, secrets
| aren't those.
|
| Because we all have them, need them, and because a
| society cannot function without them - there are many
| books and papers written about the "nothing to hide
| fallacy". We all really need some privacy. How much, is a
| different question, though. So in this discussion: maybe
| we don't need the level of "TOR by default for everyone",
| IDK.
| arminiusreturns wrote:
| I doubt it, it's too vulnerable to relay or 50% style attacks. I
| stopped using it in 2011/12-ish.
| burningChrome wrote:
| I remember Adrian Crenshaw doing a speech at Def Con 22 about how
| people got busted using Tor. Even then he point out in most of
| the cases, it was bad OpsSec by the person, and had nothing to do
| with Tor.
|
| How applicable do people think this information is now 9-10 years
| later?
|
| DEF CON 22 - Adrian Crenshaw- Dropping Docs on Darknets: How
| People Got Caught https://www.youtube.com/watch?v=eQ2OZKitRwc
| zoobab wrote:
| TOR critics like Len Sassaman said the same years ago, with
| traffic analysis it is possible to detect where the source is
| coming from.
|
| https://en.wikipedia.org/wiki/Len_Sassaman
| toby- wrote:
| Timing attacks are a well-known weakness. There's a lot of
| research into timing attacks and proposed countermeasures.
|
| Also, it's just Tor - not 'TOR'.
|
| >Note: even though it originally came from an acronym, Tor is
| not spelled "TOR". Only the first letter is capitalized. In
| fact, we can usually spot people who haven't read any of our
| website (and have instead learned everything they know about
| Tor from news articles) by the fact that they spell it wrong.
|
| https://support.torproject.org/about/why-is-it-called-tor/
| vbezhenar wrote:
| Here's imaginary attack with adversary. Just push as much traffic
| as possible from many hosts to the given hidden service. Now
| observe traffic metadata from high level network operators. With
| enough filtering it should be possible to detect where traffic
| spike is terminated.
| remram wrote:
| It would be "terminated" at all the points that can't keep up,
| way ahead of the hidden service (or even rendez-vous node).
| loup-vaillant wrote:
| To get past the self signed certificate:
| https://web.archive.org/web/20240918195838/https://blog.torp...
| dinkelberg wrote:
| The certificate for blog.torproject.org should not be self-
| signed. For me it is an extended validation certificate issued
| by DigiCert Inc.
| snailmailman wrote:
| I don't think you should be seeing a self-signed certificate?
| I'm getting a valid Digicert-signed certificate on my end.
| toby- wrote:
| It isn't a self-signed cert.
| 3np wrote:
| You're MitM'd yo.
| 2d8a875f-39a2-4 wrote:
| Was Tor ever safe to use? I don't think so.
| toby- wrote:
| Yes. Why wouldn't it be?
|
| The fact that adversaries need to rely on zero-days, or people
| running massively outdated and unsupported software, strongly
| suggests the network is safe and robust.
| NoGravitas wrote:
| "Safe for what?" has always been a valid question.
| argentier wrote:
| safe as it ever was
| taneq wrote:
| "Safe" doesn't have a meaning until you define your threat model.
| haolez wrote:
| Here is an awesome DefCon talk about this topic from the
| perspective of a darknet vendor. It's amazing:
|
| https://youtu.be/01oeaBb85Xc
| alecco wrote:
| Nice presentation. Ironically the ?si= parameter is for
| tracking. You should remove it.
| giancarlostoro wrote:
| Is it sad that when someone else gives me a video with an si
| parameter or similar, I keep it on when passing it forward,
| in my eyes, this feeds garbage to their backend.
| loceng wrote:
| New tool idea: a si parameter tracking "mixer"?
|
| Crowdsource making tracking useless?
| digging wrote:
| > this feeds garbage to their backend
|
| How is a timestamped chain of communication between persons
| interested in a particular topic "garbage"?
| haolez wrote:
| Thanks. I was on mobile and didn't notice it.
| alecco wrote:
| happens
| flufluflufluffy wrote:
| As knowledgeable users of the Internet in 2024, we would do well
| to assume that _nothing_ is 100% "safe" (I.e. there's no such
| thing as perfect security /privacy).
|
| However, some things, like Tor, can make your use of the Internet
| _safer_.
|
| If all you're doing is arguing that Tor shouldn't be used because
| it isn't/was never "safe", then you might as well not use the
| Internet at all.
| toby- wrote:
| Agreed - you can never truly be completely "safe", but Tor
| remains the most privacy-preserving tool we've got.
|
| When people say they're distrustful of Tor (for various
| reasons) to the extent they refuse to use it, they seldom
| suggest alternative tools/measures that provide anywhere near
| the level of safety offered by Tor.
| dev1ycan wrote:
| The argument is that using "privacy" tools makes it easier
| for a party to single you out, and they do have a point.
| AnthonyMouse wrote:
| They have the opposite of a point. The logical conclusion
| of that line of reasoning is that everyone should use
| privacy tools so no one can be singled out. And that
| ordinary users with "nothing to hide" should be the _first_
| to start using them.
| horsawlarway wrote:
| I mean, sure. And while we're at it pigs should fly.
|
| Functional security means understanding your risks, and
| using privacy tools _is_ a risk - in the sense that it
| does single you out in the current environment.
|
| Your actual communications can be secure, but that
| doesn't stop a bad actor/government from picking you up
| and beating you with a wrench until you talk - if they
| get suspicious enough.
|
| Just saying "everyone should use these tools!" is not
| actually a counter-argument. It's a fine long term goal,
| but it's not addressing the real risk that some folks
| might be in.
| AnthonyMouse wrote:
| > I mean, sure. And while we're at it pigs should fly.
|
| Pigs have significantly higher density than birds and
| lack wings. Getting them to fly under their own power
| would be quite a challenge. By contrast, installing Tor
| Browser is actually pretty easy.
|
| > Your actual communications can be secure, but that
| doesn't stop a bad actor/government from picking you up
| and beating you with a wrench until you talk - if they
| get suspicious enough.
|
| In general this is not what happens in e.g. the United
| States. The act of installing or using Tor doesn't in and
| of itself cause anyone to beat you with a wrench. Try it.
| Visit HN using Tor Browser. No one comes in the night to
| put a bag over your head.
|
| > Just saying "everyone should use these tools!" is not
| actually a counter-argument. It's a fine long term goal,
| but it's not addressing the real risk that some folks
| might be in.
|
| If you live in an authoritarian country and actively
| oppose the government, you are already doing something
| that will get you punished if you're caught and then the
| question is, which is more likely to get you caught? Tor
| has several measures to reduce the probability that
| you're detected. Private entry guards, pluggable
| transports, etc. You might still get caught, but these
| things reduce the probability, whereas if you openly
| oppose the government without using any privacy
| technology, you're much _easier_ to catch. Using it in
| this case is pretty clearly to your advantage.
|
| If you live in a country that has a modicum of respect
| for fundamental rights like privacy and due process, then
| you can use Tor when you're not breaking any laws and are
| just trying to avoid being tracked across the internet by
| Google and Facebook, because using Tor isn't in itself
| illegal. And doing this not only benefits you, it
| benefits the people in the first group who need it even
| more than you do, because it makes them stand out less.
|
| So who are the people who shouldn't be using it?
| roofoos wrote:
| > Visit HN using Tor Browser. No one comes in the night
| to put a bag over your head.
|
| HN used to often not create new user accounts when
| connecting from Tor.
|
| Twitter doesn't let a new user account to pass the prove
| you're human AI challenge. It says it passes but then
| shows an error message that there was a technical issue.
|
| By using Tor I'm cut off from Twitter. Twitter is my
| social media of choice. By using Tor I'm cut off from
| social media.
| TylerE wrote:
| Why should ordinary users do something that provides no
| meaningful benefit and makes their experience
| substantially worse?
| belorn wrote:
| Anyone who search for medical information online should
| always use a VPN and a browser that cleans itself before
| and afterward. Health status is one of the most valuable
| user data available to data brokers and is heavily
| collected and sought after.
|
| I also use tor in my work in order to get a third-party
| perspective on a website, or when inspecting suspicious
| links.
| friendzis wrote:
| But that's half the point. If someone has an intention to
| undergo some illegal activities with full intention not to be
| caught, only 100% "safe" solution works for them. Normally we
| talk about risk tolerance, but this particular use case is a
| bit special.
| GunlogAlm wrote:
| There are no "100% safe" solutions. There will always be
| weaknesses and vulnerabilities in any system. The sort of
| criminal who requires or expects 100% safety is quickly going
| to be caught due to being a dullard. Knowing you're never
| truly "safe" is what good criminals are keenly aware of at
| all times: you can plan and prepare for certain
| eventualities. Once you think you're "safe", it's the
| beginning of the end.
| red-iron-pine wrote:
| Security is a process, not a "state".
|
| You don't do something, once, and then are good to go
| forever. Banks don't just put cash in a safe and forget
| about it; they have audits, security guards, cameras,
| threat intelligence profiling criminal gangs, etc.
| ziddoap wrote:
| The entire conversation _has_ to be about risk tolerance,
| because that 's all there is. There never has been, and never
| will be, a 100% safe solution.
| mtlmtlmtlmtl wrote:
| As someone who's actually used Tor for illegal
| activities(buying drugs) this is completely missing the
| point. Criminals generally are not thinking about doing
| something completely risk free. The dumb ones don't consider
| risk at all, because they're desperate/addicted, and just
| hope/assume they won't get caught. More clever ones assume
| they'll be caught and try to make conviction less likely.
|
| For instance, for buying drugs, the ordering isn't the risky
| bit. Receiving it in the mail is. Even if tor was magically
| "100% safe" the crime overall wouldn't be. The point of using
| tor is not to eliminate all risk, it's just to decouple
| payment from reception. I had my drugs intercepted by customs
| once, but they couldn't prove I ordered them, so they dropped
| the case. I'm sure it might've been possible for them to
| prove it if they spent a lot of resources trying to trace
| crypto transfers and so on, but police only do that if the
| fish is big enough because they're resource constrained.
|
| Tor is just another tool criminals can use to reduce risk.
| It's not perfect, but for most things it's the best thing
| available.
| saghm wrote:
| If there were a way to 100% avoid getting caught when
| committing illegal acts, no one would ever get caught because
| everyone would do it
| gambiting wrote:
| Well no, there are loads of precautions criminals can use
| to avoid being caught already, and they just don't do them
| - most criminals are just not that smart.
| wildzzz wrote:
| The only 100% safe method is to not do the illegal activity
| at all. There's always a risk/rewards analysis to be
| performed when committing any act that could have negative
| consequences whether you're playing the stock market or doing
| credit card fraud. For any major criminal that gets caught,
| you can usually read the arrest affidavit which offers a
| pretty interesting look into how the criminal was caught
| despite the careful measures they took. The one for DPR is
| interesting to read and shows how despite taking careful
| measures, DPR left a trail of breadcrumbs that investigators
| used to track him down. His use of Tor was pretty solid
| (assuming the whole affidavit isn't complete parallel
| construction fiction) but it was everything else he did
| outside of it that got him in the end. There's another story
| of a university student that sent threats to his school to
| get out of an exam or something through anonymous emails over
| Tor. They only caught him because he was the only person
| using Tor on the school network at the time the email was
| sent. If he was off campus, he may have remained anonymous.
|
| An analog crime I think about is the murders in Moscow,
| Idaho. The criminal did take some careful measures like
| wearing gloves but he left a knife sheath behind that
| contained DNA evidence. Everything else they had on him was
| circumstantial, he owned a similar car to what police thought
| they saw on people's doorbell cameras and his phone went
| offline during the time of the murders and also pinged a
| tower close to the crime scene hours afterwards. Police found
| a partial genealogy match to his DNA which I'm sure they
| compared to similar car owners and cell tower records. If he
| hadn't left the sheath behind, wore something like a Tyvek
| suit, and simply left his phone at home, the suspect pool
| would have likely been too large. His careful measures
| (turning off his phone, making multiple passes in his car)
| likely contributed to police focusing on him once the DNA
| proved a link.
| AnthonyMouse wrote:
| > The only 100% safe method is to not do the illegal
| activity at all.
|
| Nope. Not even that is 100% safe because you can be falsely
| convicted of a crime you never even committed. Many privacy
| tools reduce that risk as well, because you're less likely
| to be convicted by e.g. a lazy prosecutor willing to take
| things out of context if you provide them with less source
| material to trawl through.
| pbhjpbhj wrote:
| On the other hand "he was using the dark-web Tor browser
| beloved of criminals and widely used amongst drug
| sellers" is probably pretty convincing to jurors.
| AnthonyMouse wrote:
| What jury? Only 2% of criminal cases go to trial. The
| goal is to give them nothing they can use to bring you up
| on (false) charges. Using Tor isn't a chargeable offense
| in free countries.
| jboy55 wrote:
| I think the point was that you aren't being "charged"
| with using Tor, you are being charged with buying drugs
| online. You have Tor installed and unfortunately a very
| small percentage of people have Tor installed. That might
| be enough to convince a jury, or be enough pressure for
| you to plead down to a lower crime to reduce that risk.
| PurestGuava wrote:
| > Nope. Not even that is 100% safe because you can be
| falsely convicted of a crime you never even committed.
|
| That's so exceptionally unlikely as to be something you
| can discount as a possibility, providing you don't
| _actually_ commit crimes.
| taco_emoji wrote:
| > If someone has an intention to undergo some illegal
| activities with full intention not to be caught
|
| As opposed to... people who undergo illegal activities with
| the intention to BE caught???
| jandrese wrote:
| I wish the people back in the 90s understood this when trying
| to set up encrypted email.
| takeda wrote:
| As someone who used Internet in the 90s I don't follow. There
| was almost nothing encrypted.
|
| SSL/TLS was introduced for POP3/IMAP, but I don't think that
| was bad.
| jboy55 wrote:
| I remember reading on here years ago that people were
| concerned that the government was reading their "private"
| emails. I've always just considered email to be sent in
| plain text. Just 10 years ago only 30% of emails from Gmail
| were encrypted. Even though now its 99% of outgoing email
| is encrypted, but all those emails sent before are probably
| sitting in a database somewhere. And it still reverts to
| unencrypted if the recipient doesn't support TLS.
| kreims wrote:
| Well, for the sake of clarity I would say Tor is safer only if
| it's not a honey trap. That is not knowable as a user, but I
| think that suspicion is well-deserved.
|
| I think the Middle East gave us a very clear example of how
| state actors may target channels in unexpected ways.
| glenstein wrote:
| >If all you're doing is arguing that Tor shouldn't be used
| because it isn't/was never "safe", then you might as well not
| use the Internet at all.
|
| Exactly, and this same form of spurious argument came up in an
| hn post yesterday about cavity prevention, centering on an
| argument that a new advance in cavity treatment "cannot
| guarantee" to end cavities forever. [0]
|
| I feel as though I've never been fooled by these arguments,
| although surely I have different types of weaknesses that are
| unique to me. But it seems to stand out as a form of argument
| that somehow has persuasive power among intelligent types whom
| I would never expect to fall for other forms of obviously
| fallacious arguments.
|
| 0. https://news.ycombinator.com/item?id=41573550
| halJordan wrote:
| This misses the point, the user in question was fully
| deanonymized. This blog post is saying that those successful
| techniques are no longer usable.
|
| It's entirely appropriate to pursue a defense in depth strategy
| while questioning any particular layer.
| randymercury wrote:
| At the most basic level we're talking about a very public service
| that has been around for a long time that is a potential
| weakness/ enormous target for the best funded and most
| technically proficient intelligence agencies in the world.
| puppycodes wrote:
| The question is always and forever who are you hiding from and
| how strong is their will?
|
| Assume if the will is strong and the resources are strong you
| will be eventually identified. If your not worth it then your not
| worth it.
|
| become not worth it
| nortonham wrote:
| http://yashalevine.com/articles/tor-spooks
|
| http://surveillancevalley.com/blog/fact-checking-the-tor-pro...
___________________________________________________________________
(page generated 2024-09-19 23:01 UTC)