It’s meant for you to be completely anonymous. Logging in to stuff would defeat the whole purpose of TOR, as it would associate your activity with the account you logged into. When browsing sites without really needing to interact, it’s good, as the sites cannot track you easily.
The reason why Tor is publicly available is to get lots of people using to better hide western intelligence agency traffic. So this article is basically stenography for the CIA. It may be secure or whatever, but you’re essentially helping US assets hide their internet traffic.
There is a strong suspicion that the TOR network has been turned into a NSA honeypot by virtue of the NSA running more than half of the TOR exit nodes. Do you really want to take that chance?
Not to mention, pretty much the only thing most honest people use TOR for is to defeat geoblocking, and most geoblocked sites of any importance blacklist TOR exit nodes. So it’s not even that useful.
Idk if the NSA runs all those exit nodes but this is definitely not the first time I’ve heard that it isn’t secure. Luckily I have nothing to hide so I use Google for everything and send them a daily summary of my offline activities in case they missed anything.
I said suspicion, not evidence. The suspicion arises when you try to answer the following 2 basic questions:
Who wants to deanonymize TOR users the most?
Who has the resources to run TOR servers and provide the service for free and why?
Or put another way, apart from a few idealists like the Calyx Institute, nobody in their right mind would foot the bill to run servers mostly used by hackers and pedos. Therefore, the most likely operators are law enforcement and nefarious barely-constitutional three-letter agencies.
TLAs, LEOs and criminals are both Tor end users and have an interest in attacking Tor users.
Everybody has the resources to run Tor relays and even exits, though the latter can become a massive legal nuisance. Servers are cheap. Read the Tor mailing list archives.
As to ‘mostly used by hackers and pedos’, please provide the evidence. Factual one, not non-sequiturs based on faulty assumptions.
Ok so the CIA, NSA, and FBI are running the majority of Tor nodes. Is there evidence that the data is being used to prosecute/harass/intimidate people?
Wouldn’t there be unusual IP addresses on exit nudes?
Is there evidence that the data is being used to prosecute/harass/intimidate people?
So you’re okay with the TLAs snooping around and watching what you do provided they don’t act on it? I’m not, if only as a matter of principle. To quote the great movie Anon, it’s not that I have something to hide, it’s that I have nothing I want them to see.
Besides, remember, this is the United States: just say terrorism or national security, and due process and habeas corpus go out the window - in which case, you may not hear about somebody being harassed or prosecuted at all.
Regarding your second point, I worked in IT at a large university about 15 years ago and set up an exit node briefly on a spare system I had. The IT security team tracked it down fairly quickly because of the sudden flurry of malicious traffic associated with it. So I had to shut it down fairly soon after I fired it up.
Most networks are likely going to have a similar reaction if running an exit node results in malicious activity on those networks. Ask yourself - who would willingly allow that to happen? It wouldn’t surprise me if the answer is organizations that want to monitor that traffic for one reason or another.
I typically don’t have the time to watch videos but I did in this case. It’s not wrong. The question is: what is your threat model?
First, Tor is not designed to protect you from a global passive adversary nevermind an active one. Global network probes can be used to identify individual sessions by traffic timing correlations. Locating hidden services is quite easy that way, since they’re sitting ducks. It is fairly easy to remotely compromise hidden service marketplaces for TLA players and/or use physical access to hardware and/or operators to make them cooperate with LEOs.
If you are trying to avoid ISP level snooping and blocking, advertisers, Google and national scale actors then Tor is the right tool to use. And by all means, do run your own relays to help the network. The more relays we have, the harder the attack.
Note: even though it originally came from an acronym, Tor is not spelled “TOR”. Only the first letter is capitalized. In fact, we can usually spot people who haven’t read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.
No. Use it for everyday tasks. If Tor is used by only people who need them, they will be easily detected. The whole reason US Navy released Tor to public was so normal users can scramble the usage detection. One more advantage is that right now lot of website block tor users if more users will use tor then they might stop it.
This is an incorrect, unrealistic way to view this. By using the Tor network normally (you argument certainly applies to doing overly traffic intensive tasks like torrenting over Tor) you are normalizing its use, protecting those who really rely on it. If the only people using Tor were criminals and people who needed the protection, listening on Wifi networks for connections to Tor could lead to immediate prosecution (look what the UK is trying to do with encrpytion, and that French case where all of the evidence against a suspect was use of open source technology like Tor.) By default, Tor does not hide the fact its being used from your network (thats what a bridge is for), so the more people use Tor, the safer everyone is.
If you really want to help those that need Tor’s protection, run Snowflake on your desktop or Orbot’s ‘kindness’ on Android. This allows users to use your device as a bridge, bypassing censorship in other countries / networks.
I just don’t think Tor Browser is currently suited as a primary browser for most people. You lose things like staying logged into websites, you can’t (or at least shouldn’t) really add extensions like a good content blocker, you generally can’t tweak or customize the browser to your liking, etc. Plus factor in things like the slow speeds, being blocked by websites, bombarded with captchas everywhere, etc, and it just becomes a harder and harder sell for a lot of average people.
Tor Browser’s great and it absolutely has its need and purpose, I’m not trying to knock it for that at all because it works damn well for what it is and what it tries to do, but I just think its hard to be using as a primary browser and daily driver in its current form, at least for a lot of people.
I dont think this article is suggesting everyone use Tor Browser as their main browser (and if they are, thats obtuse), but that people use Tor / Tor Browser at all, even for just sensitive searches or websites that dont require a login.
I’ve always wondered what it would be like, but I’ve also heard so many creepy stories about it I just don’t want someone hacking my bank because I’m an idiot. So I stay away from it. I wish I was more tech savy.
Are you confusing Tor and something like deep/dark web? Because Tor itself is just a webbrowser, it’s basically a Firefox with some modifications for stricter privacy.
Possibly, I know Tor is a browser but because it can be used to access deep/dark web I don’t trust myself with it. 100% out of acknowledged ignorance yes
As long as you stay off of any .onion sites, there won’t be any difference w.r.t. dark/deep web access. If a domain doesn’t end in .onion, then it can be accessed with a regular web browser anyway.
I promise you that like 90% of the creepy stories you've heard are people either exaggerating or just straight-up lying to sound cool on the internet. The kind of stuff that actually needs to operate over the TOR network doesn't exactly want to be easily discoverable by normal people.
You're no more likely to accidentally stumble across illegal / dangerous content while using TOR than you are while using any other browser.
Isn’t the problem was that back then everyone used to be a node (was it exit node?), but I heard today it’s not the case anymore so no one can actually link you to other bad things other people do.
To simply use TOR you do not need to run any kind of guard/middle/exit relay (this has always been the case), but yes there is the risk of being held accountable for other users data while hosting an exit relay.
This hasn't gone away thanks to any legal precedent as far as I'm aware, so I imagine it all depends on the tech literacy of your local jurisdiction & how good of a lawyer you can afford.
There's a TOR browser, but calling tor "just a browser" is really odd and not really correct. The TOR project is the routing protocol that bounces your traffic around. You can do so through the TOR browser, but the browser isn't TOR. It also isn't the only way to use TOR.
Also, while HTTPS is close to universal now, it's still possible to use HTTP and theoretically a malicious exit node could modify any unencrypted traffic.
Hate to burst your bubble but many of the stories are just that, stories. Vast majority of the onion sites out there are either forums like 4chan or hobbyist sites like the old days of the internet.
Illegal websites do exist but they’re rare and hard to find, they also are subject to being taken down. They’re nothing like the stories though. In fact majority of the websites that exist when you search for these topics are just bitcoin scams, i.e. a livestream website that asks you to pay $200 in bitcoin to enter, almost certainly a scam because livestreaming over Tor is terrible due to low spead and it breaks the anonymity due to generating tons of unique traffic.
TL;DR Tor is a tool that can be used for privacy on the clearnet it can also be used to host your own onion sites. Dark web stories do have a small element of truth to them but are mostly scary stories to tell in the dark.
Why, no, thank you, I don’t have any appreciation for this bubble you are bursting. I figured some had to be just tales but it’s hard to know exactly how much of it is bs. So thanks.
In my experience it’s a bit slower but not by much, I usually only access text based websites over Tor though with minimal images, streaming over YouTube can be horribly slow but it’s generally worked okay for me.
Might also be a good idea to use something like Ublock origin and Portmaster as well, don’t just try to curate ad targeting, block them, if you want to still support websites you can use something like adnauseam which clicks the ads.
I’m not trying to say that Tor isn’t a good idea because they should be blocking ads, I think more people should absolutely use it for better anonymous browsing, I only bring up ad blockers because if people don’t want to be targeted ads they should be blocking them.
Bonus: Add anti-adblock filters to ad-block, it helps significantly with sites that try to detect them, also spam and malware filters are essential.
Operating nodes is expensive, offers no reward, and comes with a serious legal risk.
This won’t stop the NSA from operating a few. I assume that a significant portion of Tor nodes is run by intelligence agencies. If they control all nodes used for a connection(i believe three are used), they can probably piece together what connections a user is having.
engadget.com
Active