Patriot Mobile

Anyone using Tor?

The #1 community for Gun Owners in Texas

Member Benefits:

  • Fewer Ads!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • Sapper740

    TGT Addict
    BANNED!!!
    Rating - 0%
    0   0   0
    Jan 21, 2013
    2,855
    21
    I'm hearing more and more about Tor (The onion router) as a way to give one some measure of online anonymity. Would anyone using it (and willing to admit it) mind commenting on any issues they have found?
    Texas SOT
     

    Southpaw

    Forum BSer
    Rating - 100%
    14   0   0
    Mar 30, 2009
    17,853
    96
    Guadalupe Co.
    About as much as this thread: Turkey Cooking - 5 years running best turkey ever. Are you TGT's self-designated Hall Monitor?

    I think his comment has more to do with the section you posted in and not a non firearm topic overall.
    Mods can probably move it for you. I would be interested in some talk on Tor myself.
     

    jasont

    Active Member
    Rating - 0%
    0   0   0
    Jul 17, 2008
    344
    11
    Houston
    I tried it just to see what it was about. You're going through 7 other peoples computers so it's incredibly slow. Makes the web pages load weird sometimes because of things that get lost in the process. A lot of the servers used have been blocked by different message boards and e-mail websites so you can't log onto them. It's just a pain and I haven't tried it again since I first downloaded it.
     

    Sapper740

    TGT Addict
    BANNED!!!
    Rating - 0%
    0   0   0
    Jan 21, 2013
    2,855
    21
    I tried it just to see what it was about. You're going through 7 other peoples computers so it's incredibly slow. Makes the web pages load weird sometimes because of things that get lost in the process. A lot of the servers used have been blocked by different message boards and e-mail websites so you can't log onto them. It's just a pain and I haven't tried it again since I first downloaded it.
    Thanks, that's the kind of info I was interested in hearing.
     

    Sapper740

    TGT Addict
    BANNED!!!
    Rating - 0%
    0   0   0
    Jan 21, 2013
    2,855
    21
    I think his comment has more to do with the section you posted in and not a non firearm topic overall.
    Mods can probably move it for you. I would be interested in some talk on Tor myself.
    If that's the case, then I apologize for snapping at Fool's Gold.
     

    benenglish

    Just Another Boomer
    Staff member
    Lifetime Member
    Admin
    Rating - 100%
    7   0   0
    Nov 22, 2011
    23,709
    96
    Spring
    Using TOR moves you from "easily logged at the backbone in case we want to look at you later" to "at least mildly painful to track online." IOW, unless you're a high-value target, it keeps you off the radar.

    No, it's not perfect. Yes, if enough nodes are run by attackers (specifically including government entities) then it's compromised.

    However, monitoring you is no longer *easy* and makes someone do extra work. Generally, monitoring of you, specifically, is best done at your local ISP. But since you're off the radar at the backbone, you're far less likely to attract the attention necessary for you to be specifically monitored. That means you're no longer the low-hanging fruit in the surveillance game. That has, imo, substantial value.

    If you're at all security conscious, you try to encrypt wherever possible. If you believe the open web is too open, you can use TOR. (For some really basic info, see: https://www.eff.org/files/2013/12/02/tormythsandfacts12-1-2013.pdf ). And if you're totally paranoid, go live on Freenet.

    I use TOR regularly. If it's new to you, I suggest you download the Tails liveCD, a Linux distro that will demonstrate the basics. It's easy and doesn't touch your hard drive unless you specifically tell it to. After booting it, however, the first thing to do is turn off Javascript in the browser.

    You can get it here: https://tails.boum.org/
     
    Last edited:

    benenglish

    Just Another Boomer
    Staff member
    Lifetime Member
    Admin
    Rating - 100%
    7   0   0
    Nov 22, 2011
    23,709
    96
    Spring
    If you're really searching for anonymity, look into some offshore anonymous VPN services.
    The persistent impression in the darknet community is that paid VPNs are simply too easy to abuse. It is inconceivable that some are not set up specifically as traps. I have never figured out which ones are trustworthy and I don't know anyone credible who purports to be able to do so.
     

    jordanmills

    TGT Addict
    Rating - 0%
    0   0   0
    Sep 29, 2009
    5,371
    96
    Pearland, TX
    If you're really searching for anonymity, look into some offshore anonymous VPN services.

    The persistent impression in the darknet community is that paid VPNs are simply too easy to abuse. It is inconceivable that some are not set up specifically as traps. I have never figured out which ones are trustworthy and I don't know anyone credible who purports to be able to do so.

    Seconded. Since it's centralized and has a single point of entry and exit, it's very easy to transparently compromise a VPN service without warning.
     

    Sapper740

    TGT Addict
    BANNED!!!
    Rating - 0%
    0   0   0
    Jan 21, 2013
    2,855
    21
    Using TOR moves you from "easily logged at the backbone in case we want to look at you later" to "at least mildly painful to track online." IOW, unless you're a high-value target, it keeps you off the radar.

    No, it's not perfect. Yes, if enough nodes are run by attackers (specifically including government entities) then it's compromised.

    However, monitoring you is no longer *easy* and makes someone do extra work. Generally, monitoring of you, specifically, is best done at your local ISP. But since you're off the radar at the backbone, you're far less likely to attract the attention necessary for you to be specifically monitored. That means you're no longer the low-hanging fruit in the surveillance game. That has, imo, substantial value.

    If you're at all security conscious, you try to encrypt wherever possible. If you believe the open web is too open, you can use TOR. (For some really basic info, see: https://www.eff.org/files/2013/12/02/tormythsandfacts12-1-2013.pdf ). And if you're totally paranoid, go live on Freenet.

    I use TOR regularly. If it's new to you, I suggest you download the Tails liveCD, a Linux distro that will demonstrate the basics. It's easy and doesn't touch your hard drive unless you specifically tell it to. After booting it, however, the first thing to do is turn off Javascript in the browser.

    You can get it here: https://tails.boum.org/
    Thanks Ben, that was the kind of info I was looking for.
     

    benenglish

    Just Another Boomer
    Staff member
    Lifetime Member
    Admin
    Rating - 100%
    7   0   0
    Nov 22, 2011
    23,709
    96
    Spring
    Appreciate it. As pro tech as I am, some people find it funny how cynical I am about some of it.

    Errata Security: Anonymity Smackdown: NSA vs. Tor
    That's a good article. Thanks for the link.

    I think a point-by-point discussion of the objections in that article would put everyone to sleep so I won't go there. However, he says a few things that bear comment.

    Quotes are from the article.

    Tor has many weaknesses, especially the "Tor Browser Bundle". Experts might be able to protect their privacy with Tor against the NSA, but the casual user probably can't.

    Much of the problem with TOR is that people approach it with the wrong frame of reference. I've always disliked the Tor Browser Bundle for specifically this reason. It encourages people to install some software that puts a button on a bar on their browser. They hit the button and think they're anonymous. The whole concept of installing the Bundle on a machine encourages the thought process that "it's just another application" so it's "business as usual, with better cloaking".

    Nothing could be further from the truth.

    The safe deployment of TOR requires layers of security in depth. I never do anything over TOR that can be related to my real life. Even my names are different. I certainly would never, ever, ever attempt to connect to any service that I use in regular life. The author of the article talks, for example, about using regular services over TOR. To wit:

    ...if you have your Outlook mail or Twitter open (and aren't using SSL), these will cause a new path to be created through the Tor network every 15 minutes, or 96 new paths every day, or 3000 new paths a month.

    That means over the long run, there's a good chance that the NSA will be able to catch one of those path with a three-hop configuration, and completely unmask you.

    That's just nuts. No one who care about anonymity would ever connect to any service/board/site/whatever that is associated with their real-world identity. If you're going to be anonymous, you don't make it easy for people to figure out who you are. Example? Recently, there has been some speculation that the main developer behind BitCoin has been identified. The people who make that claim are actually relying (primarily) on style analysis of his written words. That's a pretty thin justification for pointing a finger. But if anyone wants to be anonymous online, it's incumbent on that user to leave no more of a clue to their identity than this sort of theorizing.

    The notion, apparently accepted by the author of the article you linked, that people will connect to their personal Twitter or email accounts over TOR is ridiculous. Anyone that naive, well, I'm not going to be terribly surprised when they get caught.

    The author is also concerned about various attacks specific to TOR. For example, he cites the Freedom Hosting bust thusly:

    ...Tor was hacked -- kinda. A guy hosting hidden services was arrested (with help from FBI), and his servers changed to deliver malware to expose user IP addresses (with help from NSA).

    That's true, as far as it goes. However, the hack was limited to certain versions of certain browsers and was entirely dependent on Javascript to work. No TOR user should be running Javascript, though. The ones that do don't know what they're doing.

    Maybe they installed the Tor Browser Bundle and just thought of it as another application. If so, they demonstrated that having a tool and knowing how to use it are two completely different things.

    The author of the article addresses this in his conclusion:

    Experts can probably use Tor safely, hiding from the NSA -- assuming they control a smaller number of nodes, and that their 1024-bit key factoring ability is small. It would require a lot of opsec, putting apps on a different [virtual] machine than the proxy, and practicing good opsec to make sure egress connections are encrypted.

    However, the average person using the Tor Browser Bundle is unlikely to have the skills needed to protect themselves. And this might be good thing: it means dissidents throughout the world can probably hide from their own government, while our NSA cleans the network of all the drug dealers and child pornographers.

    As an aside, it took me a while to take the article seriously when he ends it with saying, in essence, "It's OK if the NSA runs roughshod over civil liberties as long as they're catching people we all hate." As gun owners, we should appreciate the irony and the danger of that attitude. However, I got past that and looked at his technical arguments.

    While he's right that separating the apps and the proxy on different machines is key to "bet your life" anonymity over TOR, I think he overstates the case. It should generally be enough to simply be a different person over TOR.

    I never, while in TOR, tie my TOR life to my meatspace life. I mostly use it to passively consume data from websites that the government doesn't like. Most folks would be surprised how much very interesting news can be gleaned from sites that would get you put on a watch list in the U.S. Until Al-Jazeera was finally recognized as a legitimate news source, for example, anyone who visited it a great deal could find that patronage rewarded with official suspicions in the U.S. That's just one example.

    I also use a (technically) different machine to access TOR. While the hardware may be shared, the user account that boots into TOR has no access to the crypto keys that unlock every other part of my drive space. (Yes, I use full disk encryption religiously. I have for over a decade. It was a habit I picked up at work and frankly I can no longer comprehend why everyone doesn't do it.) If I want to save something over TOR, I must enter a ridiculously long passphrase to give it write access to a removable drive. My normal boot drive and data drive are always idle when I'm using TOR.

    As an aside, I once ran a Freenet node 24/7. When I did, I set it up on completely different hardware. Since my normal internet connection was through my cable company, I got a DSL connection from a completely different entity and dedicated it to the Freenet machine. That ISP never saw anything from me except encrypted streams going in and out.

    A similar attitude is necessary to stay safe (at least, as safe as would make me comfy) on TOR. I agree with the author of the article that some "average" users will not have enough of that attitude. However, I disagree with his basic point. He says that "normal" users aren't likely to be safe using TOR. I think anyone serious enough to learn about TOR is just a couple of short steps away from "safe enough".

    If a user is so lazy they won't take that last couple of steps then they might get bit. I don't believe TOR, itself, deserves any blame for that.

    PS - Damnit. I went ahead and put everyone to sleep, didn't I? ;)
     

    Southpaw

    Forum BSer
    Rating - 100%
    14   0   0
    Mar 30, 2009
    17,853
    96
    Guadalupe Co.
    I never, while in TOR, tie my TOR life to my meatspace life. I mostly use it to passively consume data from websites that the government doesn't like. Most folks would be surprised how much very interesting news can be gleaned from sites that would get you put on a watch list in the U.S. Until Al-Jazeera was finally recognized as a legitimate news source, for example, anyone who visited it a great deal could find that patronage rewarded with official suspicions in the U.S. That's just one example.

    Hell, I've been visiting up Al-Jazeera and Al-Manar for years, sometimes I'll even open up WhiteHouse.gov at the same time just to mess with them. :green:

    But.. thanks for that post Ben, it was very informative.
     
    Every Day Man
    Tyrant

    Support

    Forum statistics

    Threads
    115,745
    Messages
    2,937,910
    Members
    34,809
    Latest member
    Gennexus
    Top Bottom