I’ve always wondered what it would be like, but I’ve also heard so many creepy stories about it I just don’t want someone hacking my bank because I’m an idiot. So I stay away from it. I wish I was more tech savy.
Are you confusing Tor and something like deep/dark web? Because Tor itself is just a webbrowser, it’s basically a Firefox with some modifications for stricter privacy.
Possibly, I know Tor is a browser but because it can be used to access deep/dark web I don’t trust myself with it. 100% out of acknowledged ignorance yes
As long as you stay off of any .onion sites, there won’t be any difference w.r.t. dark/deep web access. If a domain doesn’t end in .onion, then it can be accessed with a regular web browser anyway.
I promise you that like 90% of the creepy stories you've heard are people either exaggerating or just straight-up lying to sound cool on the internet. The kind of stuff that actually needs to operate over the TOR network doesn't exactly want to be easily discoverable by normal people.
You're no more likely to accidentally stumble across illegal / dangerous content while using TOR than you are while using any other browser.
Isn’t the problem was that back then everyone used to be a node (was it exit node?), but I heard today it’s not the case anymore so no one can actually link you to other bad things other people do.
To simply use TOR you do not need to run any kind of guard/middle/exit relay (this has always been the case), but yes there is the risk of being held accountable for other users data while hosting an exit relay.
This hasn't gone away thanks to any legal precedent as far as I'm aware, so I imagine it all depends on the tech literacy of your local jurisdiction & how good of a lawyer you can afford.
There's a TOR browser, but calling tor "just a browser" is really odd and not really correct. The TOR project is the routing protocol that bounces your traffic around. You can do so through the TOR browser, but the browser isn't TOR. It also isn't the only way to use TOR.
Also, while HTTPS is close to universal now, it's still possible to use HTTP and theoretically a malicious exit node could modify any unencrypted traffic.
Hate to burst your bubble but many of the stories are just that, stories. Vast majority of the onion sites out there are either forums like 4chan or hobbyist sites like the old days of the internet.
Illegal websites do exist but they’re rare and hard to find, they also are subject to being taken down. They’re nothing like the stories though. In fact majority of the websites that exist when you search for these topics are just bitcoin scams, i.e. a livestream website that asks you to pay $200 in bitcoin to enter, almost certainly a scam because livestreaming over Tor is terrible due to low spead and it breaks the anonymity due to generating tons of unique traffic.
TL;DR Tor is a tool that can be used for privacy on the clearnet it can also be used to host your own onion sites. Dark web stories do have a small element of truth to them but are mostly scary stories to tell in the dark.
Why, no, thank you, I don’t have any appreciation for this bubble you are bursting. I figured some had to be just tales but it’s hard to know exactly how much of it is bs. So thanks.
Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity.
The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there’s no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University.
I don't know if it's even possible, but it would be cool if I could use the fediverse over TOR just for the sake of supporting TOR. Not sure if there would have to be specific .onion instances, if normal instances could just be mirrored with a .onion address, or if a .onion instance would even be able to federated in the first place. I just don't know how it works.
Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.
I'm certain an all-out legislative war would be waged against TOR if it were to become popularized for most of those reasons, under the more convenient guise of "criminals and children!"
Well any instance owner could also get an onion link and host the instance over tor.
Of course the instance itself can't really hide. Since it needs to federate with others that are not onions. But your accesses would all show as from localhost.
I’m certain an all-out legislative war would be waged against TOR if it were to become popularized for most of those reasons, under the more convenient guise of “criminals and children!”
I guess we’ll have to see what happens after that right wing Twitter account posted CSAM, Twitter suspended the account, then Elon said they removed the posts and reinstated the account 🤷🏽♂️
Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity
Also, this isn’t true. MANY sites and services block access from Tor, including major ones that people use everyday.
I've noticed that just as the most aggressive ad blocker blockers are news media websites, the most aggressive tor-exit-node blockers are retail sites such as lowes.com. My working hypothesis is that they view anonymous transactions (or perhaps even anonymous window shopping) as stealing. When it comes to actionable data for market research, data about actual finalized transactions where actual money changed hands is the holy grail. It's the data that has skin in the game. As for window shopping online, you know the drill, you do that, you hear about it on Fecebook. Until recently I searched retail sites with the site: filter of a search engine (the one that works on Tor, of course), but until recently, most site searches were even more enshittified than most of the two search engines. Now search engines are out and Tor is out. Perhaps offline shopping is in. BTW, just for shits and giggles, try carrying a clipboard next time you visit a brick and mortar retail establishment and see what happens, or better yet, whip out your cell phone and start photographing not merchandise but shelf tags. Information is power, my friends.
the most aggressive tor-exit-node blockers are retail sites such as lowes.com.
Lowes doesn’t care about anonymous window shopping - they care about the transactions. Transactions coming from a tor exit node are more likely to be fraudulent than those from a regular shopper not trying to mask their origin.
The cost of implementing a tor exit node blocker is much less than the costs associated with fraudulent orders (and the corresponding increase in chargebacks from those fraudulent orders and the impact that has on the usage fees from the credit card processing companies).
I’ve also found that many ones that are blocked aren’t completely blocked, I can access them by using a new circuit (lots of these sites seem to really hate European Exit nodes but anything else has typically worked).
Is that what it is? Every once in a while I have to Ctrl+Shift+L it to get into something, but I’ve never watched that closely. What did Europe do to these guys?
I think it might have something to do with the fact that much of Europe has privacy laws that protect their citizens and also makes it so people running nodes there don’t have to kiss up to US companies. Hence why they block those nodes or just give them a huge amount of challenges to solve in hopes to frustrate them. Same with how they put annoying privacy pop-ups on the website in European locations which re-appear every time you login or visit the site.
I know they require them, it’s is the way that they’re implemented that I’m referring to. Like they made it deliberately frustrating. Some of them one a few websites even pop up twice or even three times and you have to click them multiple times to get them to go down.
The best site to read about what is actually mandated and to see how they implement it is gdpr.eu … which has a privacy pop up on it that shows up each time.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
If you read it a bit, it pretty much lays out what you see everywhere. They can only make you use strictly necessary cookies, and everything else has to be easily opted into or out of. I’m not sure why their own website is different, maybe it has no trackers in the first place.
Now, that doesn’t mean it has to be presented in a series of popups.
Last I tried you couldn’t access social media, Google constantly forces you through captchas because it thinks you’re a bot, and anything on a CDN will either constantly force captchas or just doesn’t work. Financial institutions absolutely are all inaccessible.
Also. Those running an exit node can and do sniff traffic.
It’s bad practice to login to stuff that’s important (like banking) over tor. Or login to anything over for you have logged into over the clear.
Also, nation states can track you using a variety of techniques from fingerprinting to straight up working together to associate connection streams. A large number of tor nodes are run by alphabet agencies. Hell the protocol was developed by the us navy.
Also. Those running an exit node can and do sniff traffic.
Sure, but if you stop there with that statement you’re just FUD-scaring people from using the service that does more for their privacy than conventional direct clearnet usage. Every connection that matters uses TLS so the exit node honeypot only sees where the traffic is going, not what’s in the traffic and not where it comes from. IOW, the exit node knows much less than your ISP.
It’s bad practice to login to stuff that’s important (like banking) over tor.
It’s the other way around. You should . It’s a bad practice to let your ISP track where you do all your banking.
Also, nation states can track you using a variety of techniques from fingerprinting to straight up working together to associate connection streams.
And your thesis is what, that we should make snooping easier for them by not practicing sensible self-defense?
A large number of tor nodes are run by alphabet agencies.
Let them work for it - and let them give the Tor network more bandwidth in the process.
Every connection that matters uses TLS so the exit node honeypot only sees where the traffic is going, not what’s in the traffic and not where it comes from. IOW, the exit node knows much less than your ISP.
That’s not a magic bullet for secuirty. There are so many ways to exploit connections. Look at what happened here on lemmy with vulns leading to takeovers of instances with xss of session cookies . Or what happened to Linus Sebastian and his YouTube channel, which has one of the largest, most security conscious companies backing it.
The primary difference is your ISP is not generally actively hostile. They may want to sell metadata but they aren’t actively trying to exploit you. And all it takes is a bad auto fill page, or even a fake/spoofed one on an account without mfa or a service with xss vulns etc.
And your thesis is what, that we should make snooping easier for them by not practicing sensible self-defense?
To your own point. Everything is TLS now right? That argument swings both ways. If your ISP (or in some cases a nation state is your isp) is actively tracking you, then there are other alternatives that may be better. Mullvad would sooner be used for banking than tor. Tor is also not all that often used en masse. If my township only has a single tor user (me) that makes me less private. An ISP can easily see who is enterting tor unless you are using more obfuscation like bridges and obfsproxy. It’s the same reason why checking the do not track box in your browser is less privacy oriented. It adds entropy to your fingerprint there.
But to answer my your question my thesis is tor is not necessarily a privacy panacea. The threat model an American or European has is much different than someone from Vietnam or turkey or China, which is also much different than someone from the Nordic countries.
It wasn’t presented as such. Good security comes in layers (“security in depth”). TLS serves users well but it’s not the only tool in the box.
There are so many ways to exploit connections. Look at what happened here on lemmy with vulns leading to takeovers of instances with xss of session cookies.
Tor Browser includes noscript which blocks XSS.
The primary difference is your ISP is not generally actively hostile. They may want to sell metadata but they aren’t actively trying to exploit you.
Selling your metadata is exploiting you. And this exploit happens lawfully under a still-existing Trump policy, so you have zero legal protections. Contrast that with crooks stealing money from your bank account, where, if it’s a US account, you have regulation E legal protections.
If your ISP (or in some cases a nation state is your isp) is actively tracking you, then there are other alternatives that may be better.
Different tools for different threat models. If you are actually targeted by a nation state, Tor alone is insufficient but it’s still in play in conjunction with other tech. But from context, you were giving general advice to the general public telling them not to use Tor for banking, thus targeting is not in the threat model. But mass surveillance IS (i.e. that of your ISP).
But to answer my your question my thesis is tor is not necessarily a privacy panacea.
Tor is an indispensable tool to streetwise users. Of course it is a tool among other tools & techniques.
The threat model an American or European has is much different than someone from Vietnam or turkey or China, which is also much different than someone from the Nordic countries.
Those threat models all have a common denominator: mass surveillance. It is safe to assume mass surveillance is in everyone’s threat model as a baseline. Of course there are a variety of other threats in each individual threat model for which you couldn’t necessarily anticipate.
Good security comes in layers (“security in depth”). TLS serves users well but it’s not the only tool in the box.
Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation. Tor browser isnt the only way to access tor and if you are talking about making tor more accessible using things like phones is going to be needed. There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.
And on a device with something like CalyxOS (or built with the app structure like calyxOS android based apps) that opens up a LOT more applications to using tor, some of which arent going to be locked down or configured appropriately. Its riskier. You seem to implicitly agree as you only pointed to a single example of XSS and just ignored other examples I provided…Surely we dont need to iterate through every attack vector out there? Because the point isnt those minutia there.
The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays. They are actively malicious and often looking to exploit anything they can. Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive. Even having your banking comprimised is a giant show stopper and theres no “well i have protections” flag to waive. You still have to deal with getting your funds back and paying for stuff to live in the interim. Its a very invasive process. Comparing that to an ISP selling your DNS queries (which im not even sure happens) is literally apples and orances
Those threat models all have a common denominator: mass surveillance. It is safe to assume mass surveillance is in everyone’s threat model as a baseline.
Thats a bad assumption. MOST people arent really concerned with it in the western world. Its why the apparatus exists. And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them. Its why Snowden is still in exile to this day. Further trying to make this about “party” sides is a bad idea. Its something all parties, including most countries are not only a party to, but actively collaborating against. And there are some areas where straight access TOR is illegal and can get you in trouble. ANd the mass surveillance one country does (ie: US) is much different than another (ie China) so again its not just a giant brush to paint with there. Piping all data through Tor would make you look more suspicious in some of those latter countries and could increase your risk to fingerprinting or tracking, rather than selectively using it where and only when needed.
Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation.Tor browser isnt the only way to access tor
TLS is useful very specifically in the case of banking via Tor Browser, which is the most likely configuration the normal general public would use given the advice to access their bank over Tor.
There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.
I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.
The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays.
And again, those hostile nodes get less info than ISPs. They have to work harder to reach the level of exposure that your ISP has both technical and legal privilege to exploit.
Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive.
Wow did you ever get twisted. You forgot that I excluded targeting by nation states from the threat model as you should. If someone has that in their threat model, they will know some guy in a forum saying “don’t use Tor for banking” is not on the same page, not aligned with their scenario, and not advising them. You don’t have to worry about Snowden blindly taking advice from you.
It’s naive to assume your ISP is not collecting data on you and using it against you. It’s sensible to realize the risk of a honeypot tapping your bank account and getting away with it and regulation E protections failing is unlikely enough to be negligible.
You still have to deal with getting your funds back and paying for stuff to live in the interim.
If you’re in the US, you have ~2-3 bank accounts on avg, and 20 credit cards (US averages). Not to mention the unlikeliness of an account getting MitM compromised despite TLS in the 1st place. Cyber criminals choose the easier paths, just as 3 letter agencies do: they compromise the endpoint. Attacking the middle of a tunnel is very high effort & when it’s achieved they aren’t going to waste it on some avg joe’s small-time bank acct. At best you might have some low-tech attempts that result in no padlock on the user side. But I’ve never seen that in all my years of exclusively banking over Tor.
Thats a bad assumption.
Not in the slightest. Everyone is subject to mass surveillance & surveillance capitalism.
MOST people arent really concerned with it in the western world.
Most people don’t even have a threat model, or know what it is. But if you ask them how they would like it if their ISP told their debt collector where they bank so the debt collector can go do an unannounced legal money grab, you’ll quickly realize what would be in their threat model if they knew to build one. A lot of Corona Virus economic stimulus checks were grabbed faster than debtors even noticed the money arriving on their account.
And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them.
You missed the source I gave. Obama banned the practice of ISPs selling customer data without their consent. Trump reversed that. That is wholly 100% on Trump. Biden did not overturn Trump, so if you want, you can put some of the fault on Biden.
W.r.t history, echelon predates Snowden’s revelations and it was exposed to many by Nicky Hagar in the 80s or 90s. But this all a red herring because in the case at hand (banking customers accessing their acct), it’s the particular ISP role of mass surveillance that’s relevant, which Trump enabled. Or course there is plenty of other mass surveillance going on with banking, but all that is orthogonal to whether they use Tor or not. The role of Tor merely mitigates the ISP from tracking where they bank, and prevents banks from tracking where you physically are, both of which are useful protections.
Further trying to make this about “party” sides is a bad idea. Its something all parties
You can’t “both sides” this when it’s verifiable that Obama banned the practice and Trump overturned it. While Obama’s hands are dirty on a lot of things (e.g. Patriot Act continuity), it’s specifically Trump who flipped the switch to ISP overcollection. Citation needed if you don’t accept this.
And there are some areas where straight access TOR is illegal and can get you in trouble.
The general public knows your general advice to use/not use Tor is technical advice not legal advice, and also not specific to their particular jurisdiction.
There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.
I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.
again, the article is about “normies” using tor to get it to lose its stigma… The only way it gets de-stigmatized is for “normies” to use it. The way “normies” access things is vastly different. There are risks to that. And its not just banking. Getting your email account hacked because you used it on a malicious exit node for one reason or another is just as bad, if not worse. Tor exit nodes are wholesale more malicious than your ISP.
I dont know why you are getting hyper fixated on specific use cases that were used as broad examples. Banking isnt the point its the general use of TOR and the risk it brings. Forest for the trees my guy.
What effect would using Tor browser to access a non onion site have over using a different, privacy-focused browser? Honest question. I assumed Tor browser was no different than other browsers in that aspect.
The difference is that your ISP doesn’t know where your packets are headed, and the destination doesn’t know where your packets came from. The ISP sees you connect to the entrance node and the destination sees you connect from the exit node, and it’s very difficult for anyone to trace the connection back to you (unless they own both the entrance and exit and use traffic coorelation or some other exploit/fingerprint). Regardless, both parties are generally able to tell that you are using TOR if they reference lists of known entrance/exit nodes. Also the anti-fingerprinting measures taken by TB are a bit more strict than other privacy-focused browsers
Thank you for the detailed answer. I’m surprised more people aren’t talking about using tor browser, considering how privacy-minded the community tends to be.
No problem! And yeah, it’s good to see people talking about it over here. I think it’s the best tool for online privacy OOTB (depending on your threat model), and it gets better the more people use it.
It is confusing, Tor is an excellent privacy tool if used properly (don’t log in to stuff), but I guess it’s still a technical hurdle to most. Probably also from a lack of marketing.
I think in countries where the government is decidedly more authoritarian it’s more known. On my relay right now I see a ton of russian and a smaller amount of German connections.
I mean, I’ve used it. It works. But I don’t get why you would bother most of the time. It’s slow as hell and while I’m generally fairly concerned about my privacy there is a point where I can’t be bothered.
There is a strong suspicion that the TOR network has been turned into a NSA honeypot by virtue of the NSA running more than half of the TOR exit nodes. Do you really want to take that chance?
Not to mention, pretty much the only thing most honest people use TOR for is to defeat geoblocking, and most geoblocked sites of any importance blacklist TOR exit nodes. So it’s not even that useful.
Idk if the NSA runs all those exit nodes but this is definitely not the first time I’ve heard that it isn’t secure. Luckily I have nothing to hide so I use Google for everything and send them a daily summary of my offline activities in case they missed anything.
I said suspicion, not evidence. The suspicion arises when you try to answer the following 2 basic questions:
Who wants to deanonymize TOR users the most?
Who has the resources to run TOR servers and provide the service for free and why?
Or put another way, apart from a few idealists like the Calyx Institute, nobody in their right mind would foot the bill to run servers mostly used by hackers and pedos. Therefore, the most likely operators are law enforcement and nefarious barely-constitutional three-letter agencies.
TLAs, LEOs and criminals are both Tor end users and have an interest in attacking Tor users.
Everybody has the resources to run Tor relays and even exits, though the latter can become a massive legal nuisance. Servers are cheap. Read the Tor mailing list archives.
As to ‘mostly used by hackers and pedos’, please provide the evidence. Factual one, not non-sequiturs based on faulty assumptions.
Ok so the CIA, NSA, and FBI are running the majority of Tor nodes. Is there evidence that the data is being used to prosecute/harass/intimidate people?
Wouldn’t there be unusual IP addresses on exit nudes?
Is there evidence that the data is being used to prosecute/harass/intimidate people?
So you’re okay with the TLAs snooping around and watching what you do provided they don’t act on it? I’m not, if only as a matter of principle. To quote the great movie Anon, it’s not that I have something to hide, it’s that I have nothing I want them to see.
Besides, remember, this is the United States: just say terrorism or national security, and due process and habeas corpus go out the window - in which case, you may not hear about somebody being harassed or prosecuted at all.
Regarding your second point, I worked in IT at a large university about 15 years ago and set up an exit node briefly on a spare system I had. The IT security team tracked it down fairly quickly because of the sudden flurry of malicious traffic associated with it. So I had to shut it down fairly soon after I fired it up.
Most networks are likely going to have a similar reaction if running an exit node results in malicious activity on those networks. Ask yourself - who would willingly allow that to happen? It wouldn’t surprise me if the answer is organizations that want to monitor that traffic for one reason or another.
I typically don’t have the time to watch videos but I did in this case. It’s not wrong. The question is: what is your threat model?
First, Tor is not designed to protect you from a global passive adversary nevermind an active one. Global network probes can be used to identify individual sessions by traffic timing correlations. Locating hidden services is quite easy that way, since they’re sitting ducks. It is fairly easy to remotely compromise hidden service marketplaces for TLA players and/or use physical access to hardware and/or operators to make them cooperate with LEOs.
If you are trying to avoid ISP level snooping and blocking, advertisers, Google and national scale actors then Tor is the right tool to use. And by all means, do run your own relays to help the network. The more relays we have, the harder the attack.
Note: even though it originally came from an acronym, Tor is not spelled “TOR”. Only the first letter is capitalized. In fact, we can usually spot people who haven’t read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.
No. Use it for everyday tasks. If Tor is used by only people who need them, they will be easily detected. The whole reason US Navy released Tor to public was so normal users can scramble the usage detection. One more advantage is that right now lot of website block tor users if more users will use tor then they might stop it.
This is an incorrect, unrealistic way to view this. By using the Tor network normally (you argument certainly applies to doing overly traffic intensive tasks like torrenting over Tor) you are normalizing its use, protecting those who really rely on it. If the only people using Tor were criminals and people who needed the protection, listening on Wifi networks for connections to Tor could lead to immediate prosecution (look what the UK is trying to do with encrpytion, and that French case where all of the evidence against a suspect was use of open source technology like Tor.) By default, Tor does not hide the fact its being used from your network (thats what a bridge is for), so the more people use Tor, the safer everyone is.
If you really want to help those that need Tor’s protection, run Snowflake on your desktop or Orbot’s ‘kindness’ on Android. This allows users to use your device as a bridge, bypassing censorship in other countries / networks.
Might also be a good idea to use something like Ublock origin and Portmaster as well, don’t just try to curate ad targeting, block them, if you want to still support websites you can use something like adnauseam which clicks the ads.
I’m not trying to say that Tor isn’t a good idea because they should be blocking ads, I think more people should absolutely use it for better anonymous browsing, I only bring up ad blockers because if people don’t want to be targeted ads they should be blocking them.
Bonus: Add anti-adblock filters to ad-block, it helps significantly with sites that try to detect them, also spam and malware filters are essential.
I always have Tor installed and I often use it instead of incognito browser sessions when researching stuff. It’s sometimes slow and Cloudflare made it a lot more annoying to use than ~5-10 years ago, but I’m glad it exists.
I’m sure it’s still more useful to US interests though, or it wouldn’t be funded anymore.
If they don’t control most of the nodes in-between they can control all the exit nodes they want. If you connect though 3 Tor nodes, as soon as one of them is not controlled by them they likely can’t identify you.
That’s not to say that they don’t control most of the nodes, and your traffic likely goes through NSA nodes exclusively
The CIA, not the NSA. Tor is a great way for agents deployed abroad to phone home with plausible deniability: “I’m sorry Mr. Chinese Officer, I got homesick and really wanted to watch some BBW porn…”
In theory yes, but practically speaking trying to access a lot of the modern web over TOR would be at best painfully slow and at worst almost impossible thanks to DDoS protection providers like cloudflare.
This right here. A very large part of the web is inaccessible from TOR. Last I tried you couldn’t access social media, Google constantly forces you through captchas because it thinks you’re a bot, and anything on a CDN will either forces captchas or just doesn’t work. Financial institutions absolutely are all inaccessible.
Privacy is important, but most of the places you want to go with TOR to stay private won’t let you in because malicious actors want to use it for the same reasons.
While I agree with you, I’m wondering what the benefit is of watching youtube and posting/reading lemmy/mastodon through a tor network. Because those are the main things I do. While I do understand that in some countries and also in public wifi networks the chances of traffic being intercepted and man in the middle attacks are higher, I do not expect that to happen to my fibre connection in my western country.
Unless you browse Geocities sites from 1998, intercepting and MITMing is simply not an issue. Everything built nowadays uses https, which fully protects you against those.
Yeah people when they discuss Neworking and VPNs I’ve noticed are either illiterate to the existence of https or are deliberately not mentioning it for the purpose of misleading people in some way (in the case of VPN sponsorships it’s to get people to buy them).
I’d rather not waste my time reading an article about a program I’m not currently using to find out if I should use it our not. I’d rather see a post that has bulletpoints with pre’s and cons. My time is limited enough as it is.
[edit] I realise that my comment will probably come across as unfriendly so I will add some explaining to it.
I am currently in a western country using a fibre landline and I trust my internet provider to not intercept my data or use things like a man in the middle attack. Am I right for assuming that and if so, would tor prevent that? Will tor slow down my internet? I mostly watch youtube videos and read/post on lemmy/mastodon. I am not against using tor at all, but my energy and time are limited so I don’t feel like reading a whole article just for an app I do not feel the need to use. I am currently very happy with my firefox browser and all the add-ons I use. And with all the modifications I have put into it to make it work just the way I like. Would I loose all that by switching to tor? I am prepared to change to tor but I am not in the camp of “protect privacy at all costs, even if it greatly inconveniences me”. Especially if the risks of not using tor seem quite low in my situation.
okay. perhaps instead of wasting your time writing an entire paragraph, you should read the article and you’ll find out that that entire paragraph was irrelevant
it’s actually not an article about the pros and cons of tor. it could not be summed up in bullet points about the pros and cons of tor
i’ll admit to being a little facetious before, but i implore you to read articles before commenting on them
Thing is… if I have to do that for every time someone linkdrops an article, I’ll have no time left in my day.
if you spent less time writing comments about articles you haven’t read, you might have more time. do you do this in other walks of life? wander into restaurants you’ve never eaten at and announce “i don’t think there’s really any reason to order the fish”?
And it seems I was right that I have no real reason to use tor.
okay, i’ll sum the article up for you. the more people that use tor, the more it protects vulnerable people. journalists writing exposés about corrupt governments, refugees trying to flee, etc. the more normal people using tor, the more they get lost in the crowd. it’s nothing to do with whether you have any reason to use tor, that’s irrelevant. by using it, you’re helping those in vulnerable positions. happy? now go write something inciteful
…I mean, it’s more like the web browser makes it easy to use the Tor network. The network is the slow part. Your requests are getting ping-ponged all over the world intentionally taking the long way around.
It’s great for anything low bandwidth that isn’t tied to your identity, and helps for peace of mind, despite its issues. You do run into captcha or DDOS protection issues occasionally, but the new tor circuit for this site button sometimes works. Also it uses letterboxing to prevent resolution-based fingerprinting, which isn’t very pretty, but leaving it at its default size (or locking the size using the WM) works well and is good for privacy.
It’s great when you want to connect two devices behind NAT without relying on any specific third-party server or service. I ssh to my laptop from my phone with it when away from it.
It’s also useful to circumvent censorship, though it depends on the country. Also, websites employing wide-range IP blocks, in my experience, more often than not still allow Tor.
You run a Tor Hidden Service with sshd on one device. Knowing the .onion address, the correct port and having the corresponding private key on the other device (all of that not really subject to change), you can run the Tor daemon on it (for Android, you can use Termux) and connect with ssh, using torify nc %h %p as ProxyCommand.
On the other hand, there’s no way to track you. Useful for looking up medical info in a way that search engines and such can’t relate back to you. Often I’ll keep browsing in it once I’ve opened it because it’s just basically Firefox.
This is only true if you have the most “paranoid” security level selected, and at that point anything that relies on Javascript (or any of the other features that get blocked) will break. Enabling Javascript or the other blocked Web features will make it fairly trivial to track you especially the more you browse, so at that point you might as well just be using a regular VPN.
Tor itself isn’t the problem in this equation, it’s the browser, and they tend to leak information like a sieve
I’ve been using it since the early days and ran relays and exits. It’s good for anonymity against your ISP, advertisers and lesser adversaries than being targeted by TLAs. Can be a bit slow. Make sure to use encryption to protect against bad exit nodes.
Quick question: How does one set up encryption while using the Tor browser for things like searches and regular browsing (research, etc)? Would be useful to know. Appreciate.
You just use https. There are extensions like HTTPSEverywhere, but they potentially add bits to your fingerprint. DuckDuckGo also offers their search interface as a hidden service, perhaps worth bookmarking.
So when I first learned about TOR almost 10 years ago in uni, it was said to be compromised to a significant extent by secret services holding entry and exit nodes.
I’ve hear something similar. I think I read that the US Air Force has a bunch of nodes or something.
Additionally I don’t really understand what I would use it for if I already have a vpn and how it might put me a risk of legal trouble if I’m using it and someone routes something bad through me while I’m using it…
I’m not even sure how to talk about it.
I am decently technical, I just don’t know this tech.
Disclaimer that I haven’t used Tor in a while, do your own research, etc
The US navy designed and open sourced the Tor network. If all the traffic meant to be anonymous was coming from the US navy it doesn’t work well as an anonymizer. There’s been various claims that they have backdoors over the years, but to my knowledge none have held water.
Unless you’re running an exit node (which requires different software than the Tor browser) other people’s traffic isn’t getting routed through you so you’re fine legally.
VPNs are not very good at protecting you from the websites or services you connect to. They’re best used to hide where you’re connecting to from your ISP. Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.
The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot
The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot
That’s why I never continued to use it after the times I experimented with Tor.
Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.
But can’t you just spoof most of that if you really want to? If you’re putting in the effort to be concerned with anonymity.
Iirc holding both the entry and exit of a routed connection, you can in theory match traffic going through, which would let you connect a user to the server/site they are connecting to. It might still be encrypted at that point, idk the details anymore.
I also heared that bit about the secret service owning nodes a few years ago. It was trough a teacher that’s also really in the stuff outside of teaching, and has a network of non-teaching proffesionals in the field.
It’s something to keep in mind, at the very least. Tor already has some weaknesses anyways. You shouldn’t trust it blindly just because it’s Tor. If anything, I think it more has a false rep for how strong it is over struggling with a stigma.
I don’t think a single credible source has shown this to be a vulnerability. You’re talking about an attack that would cost, what, millions of dollars to run per day?
I don’t see anything immediately wrong with verification. There are cases where people reach out to companies for support, and having them be verified helps. Tech enthusiasts like us might be less susceptible to phishing/scams, but regular folks aren’t.
However, after everything Reddit has done recently, there’s no stopping them from turning this into a status symbol thing like “the website formerly known as Twitter”. They could tweak their algorithm to boost comments of “verified” accounts, degrading the quality of conversation there.
Who needs reddit? Now I go to Imgur for memes, and Lemmy for news.
The only thing reddit is still better at is finding an answer to a very specific question (adding site:reddit.com to your Google searches works wonders), but that’ll improve with time as more and more people get tired of Spez’s bullshit and migrate here. Can’t wait to see the death of reddit. Was a member since the beginning and it’s sad to see it go the way of Digg.
engadget.com
Newest