I hate musicals mostly. I think the original Annie was the only one I liked (because I was a kid and didn’t know better :P). I find musicals are a sign that the writers are running out of ideas and it’s the last season but this episode blew my expectations all away. It felt like an episode with singing, and not singing to skate by for an episode.
It’s already in the local Whole Foods. I totally don’t trust it, and probably never will. At some point I’m sure they’ll make it impossible to shop anywhere without it but I plan to hold out indefinitely. No thanks.
Good for you. When I say I won’t use stuff like this my friends and family mock me for being paranoid. It’s disturbing how quickly people will just do something because it seems cool and/or convenient.
You can change your password if it gets compromised. You can’t change your bio-metrics. Once a digital version of your retina, fingerprint, palm print, whatever gets leaked…you’re screwed.
I know they claim these things are locked away in HSM devices, but I don’t care. You’re trusting every single engineer, coder, tester, and mid-level manager with access to these things. It’s a long chain of trust in the typical “rush it out the door” corporate environment.
Real security and QA are the last things on their minds when they develop this stuff.
So when I first learned about TOR almost 10 years ago in uni, it was said to be compromised to a significant extent by secret services holding entry and exit nodes.
I’ve hear something similar. I think I read that the US Air Force has a bunch of nodes or something.
Additionally I don’t really understand what I would use it for if I already have a vpn and how it might put me a risk of legal trouble if I’m using it and someone routes something bad through me while I’m using it…
I’m not even sure how to talk about it.
I am decently technical, I just don’t know this tech.
Disclaimer that I haven’t used Tor in a while, do your own research, etc
The US navy designed and open sourced the Tor network. If all the traffic meant to be anonymous was coming from the US navy it doesn’t work well as an anonymizer. There’s been various claims that they have backdoors over the years, but to my knowledge none have held water.
Unless you’re running an exit node (which requires different software than the Tor browser) other people’s traffic isn’t getting routed through you so you’re fine legally.
VPNs are not very good at protecting you from the websites or services you connect to. They’re best used to hide where you’re connecting to from your ISP. Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.
The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot
The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot
That’s why I never continued to use it after the times I experimented with Tor.
Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.
But can’t you just spoof most of that if you really want to? If you’re putting in the effort to be concerned with anonymity.
Iirc holding both the entry and exit of a routed connection, you can in theory match traffic going through, which would let you connect a user to the server/site they are connecting to. It might still be encrypted at that point, idk the details anymore.
I also heared that bit about the secret service owning nodes a few years ago. It was trough a teacher that’s also really in the stuff outside of teaching, and has a network of non-teaching proffesionals in the field.
It’s something to keep in mind, at the very least. Tor already has some weaknesses anyways. You shouldn’t trust it blindly just because it’s Tor. If anything, I think it more has a false rep for how strong it is over struggling with a stigma.
I don’t think a single credible source has shown this to be a vulnerability. You’re talking about an attack that would cost, what, millions of dollars to run per day?
Can anyone speak on the state of this game? I’ve never been that curious about it but with all the additions of cult classic characters, I’m starting to get intrigued
I am not sure what he’s hinting at. Just using Tor doesn’t bear any legal risks. Hosting an exit node is different, as depending on the country you might get into serious trouble if certain traffic goes through it.
Yes exactly, and I think there have been stories recently where the exit node host has been held liable for content that’s gone through it.Which is complete bullshit, but the unfortunate reality is that the legal system doesn’t need to understand technology to regulate it.
It’s not bullshit. If A has proof your system launched an attack, or sent CSAM, to another system, but your only defense is “I let anyone use my system in that way”, then at the very least you’re an accomplice.
It is bullshit, because it puts the onus of policing everything on any service provider. If a TOR exit node provider is responsible for all traffic through their node, then an ISP is responsible for all traffic through them to their users - yet it is not reasonable for ISP’s to do this. Nor should it be acceptable by law and even less so if the purpose is for law enforcement to bypass the warrant system by having private parties do the investigation for them.
Well, the law enforcement ship has sailed a long time ago, it’s more of a flotilla by now. Data communication service providers (including ISPs) have some customer identification and data retention requirements in exchange for immunity from the data itself, but otherwise —reasonabke or not— there are more and more traffic policing laws that get introduced for ISPs to abide. By starting a Tor Exit node, you become a service provider, and the same laws start to apply.
It’s no joke that we live in a surveillance state, just that some go “full surveillance” like China, while others go “slightly less in-your-face surveillance” like the US/EU.
Would it be possible to allow exit nodes to blacklist specific kinds of traffic and somehow privately verify that the traffic is not one of the blacklisted kinds (zero knowledge proof perhaps sorry not a CS person)?
An exit node can put in place any filters, blacklists, mitm, exploit injection, logging, and anything else it wants… on unencrypted traffic. Using HTTPS through an exit node, limits all of that to the destination of the traffic, there is no way to get a ZK proof of all the kinds of possible traffic and contents that can exist.
To give you an idea, last time I used Tor, I suddenly started to get a bunch of connection attempts from the FBI. Was I doing anything illegal? Nope. Was TOR a legal liability? You betcha.
I was using peerblock and one of the blocklists contained known governmental IP addresses. Those blocked connections began quickly filling the logs.
Spooked the crap outta me. It’s been a few years since I did that, so I could have that detail wrong. I know it was for sure one of the three letter acronyms, DOD, FBI, CIA, but they were definitely incoming.
That does not sound plausible to me. Typically, your own computer would be behind a router that is either doing NAT or has a firewall (probably the former). Any incoming traffic would be directed to the router without any chance of reaching your computer. Whatever you saw was either outgoing traffic or incoming traffic in response to connections initiated by your own computer.
Consider this, the Tor software was accepting connections from government IPs.
Regardless of whether it was active intrusion or a significant portion of the Tor network, (at that time) had a number of governmental IP ranges in it, It’s enough to dissuade my use, at least without more significant OpSec.
I use peerblock and had some good blocklists set up. The hardest part should be finding peerblock or a more modern fork, the blocklists are mostly public. Helps keep from connecting to known bad actors.
It’s meant for you to be completely anonymous. Logging in to stuff would defeat the whole purpose of TOR, as it would associate your activity with the account you logged into. When browsing sites without really needing to interact, it’s good, as the sites cannot track you easily.
The reason why Tor is publicly available is to get lots of people using to better hide western intelligence agency traffic. So this article is basically stenography for the CIA. It may be secure or whatever, but you’re essentially helping US assets hide their internet traffic.
engadget.com
Active