Anyone using Tor?
- Thread starter Sapper740
- Start date
The #1 community for Gun Owners in Texas
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
I think his comment has more to do with the section you posted in and not a non firearm topic overall.
Mods can probably move it for you. I would be interested in some talk on Tor myself.
I tried it just to see what it was about. You're going through 7 other peoples computers so it's incredibly slow. Makes the web pages load weird sometimes because of things that get lost in the process. A lot of the servers used have been blocked by different message boards and e-mail websites so you can't log onto them. It's just a pain and I haven't tried it again since I first downloaded it.
jordanmills
TGT Addict
I've used it. Keep in mind that it's estimated that about 75% of the exit nodes are run by the FBI. It's basically a big honey pot.
That is interesting. I was waiting for what your thoughts were on it.
jordanmills
TGT Addict
Appreciate it. As pro tech as I am, some people find it funny how cynical I am about some of it.
Errata Security: Anonymity Smackdown: NSA vs. Tor
They've also apparently been sending out compromised tor live cds.
Possible FBI infiltration of TOR | MetaFilter
Using TOR moves you from "easily logged at the backbone in case we want to look at you later" to "at least mildly painful to track online." IOW, unless you're a high-value target, it keeps you off the radar.
No, it's not perfect. Yes, if enough nodes are run by attackers (specifically including government entities) then it's compromised.
However, monitoring you is no longer *easy* and makes someone do extra work. Generally, monitoring of you, specifically, is best done at your local ISP. But since you're off the radar at the backbone, you're far less likely to attract the attention necessary for you to be specifically monitored. That means you're no longer the low-hanging fruit in the surveillance game. That has, imo, substantial value.
If you're at all security conscious, you try to encrypt wherever possible. If you believe the open web is too open, you can use TOR. (For some really basic info, see: https://www.eff.org/files/2013/12/02/tormythsandfacts12-1-2013.pdf ). And if you're totally paranoid, go live on Freenet.
I use TOR regularly. If it's new to you, I suggest you download the Tails liveCD, a Linux distro that will demonstrate the basics. It's easy and doesn't touch your hard drive unless you specifically tell it to. After booting it, however, the first thing to do is turn off Javascript in the browser.
You can get it here: https://tails.boum.org/
No, it's not perfect. Yes, if enough nodes are run by attackers (specifically including government entities) then it's compromised.
However, monitoring you is no longer *easy* and makes someone do extra work. Generally, monitoring of you, specifically, is best done at your local ISP. But since you're off the radar at the backbone, you're far less likely to attract the attention necessary for you to be specifically monitored. That means you're no longer the low-hanging fruit in the surveillance game. That has, imo, substantial value.
If you're at all security conscious, you try to encrypt wherever possible. If you believe the open web is too open, you can use TOR. (For some really basic info, see: https://www.eff.org/files/2013/12/02/tormythsandfacts12-1-2013.pdf ). And if you're totally paranoid, go live on Freenet.
I use TOR regularly. If it's new to you, I suggest you download the Tails liveCD, a Linux distro that will demonstrate the basics. It's easy and doesn't touch your hard drive unless you specifically tell it to. After booting it, however, the first thing to do is turn off Javascript in the browser.
You can get it here: https://tails.boum.org/
Last edited:
The persistent impression in the darknet community is that paid VPNs are simply too easy to abuse. It is inconceivable that some are not set up specifically as traps. I have never figured out which ones are trustworthy and I don't know anyone credible who purports to be able to do so.
jordanmills
TGT Addict
Seconded. Since it's centralized and has a single point of entry and exit, it's very easy to transparently compromise a VPN service without warning.
That's a good article. Thanks for the link.
I think a point-by-point discussion of the objections in that article would put everyone to sleep so I won't go there. However, he says a few things that bear comment.
Quotes are from the article.
Much of the problem with TOR is that people approach it with the wrong frame of reference. I've always disliked the Tor Browser Bundle for specifically this reason. It encourages people to install some software that puts a button on a bar on their browser. They hit the button and think they're anonymous. The whole concept of installing the Bundle on a machine encourages the thought process that "it's just another application" so it's "business as usual, with better cloaking".
Nothing could be further from the truth.
The safe deployment of TOR requires layers of security in depth. I never do anything over TOR that can be related to my real life. Even my names are different. I certainly would never, ever, ever attempt to connect to any service that I use in regular life. The author of the article talks, for example, about using regular services over TOR. To wit:
That's just nuts. No one who care about anonymity would ever connect to any service/board/site/whatever that is associated with their real-world identity. If you're going to be anonymous, you don't make it easy for people to figure out who you are. Example? Recently, there has been some speculation that the main developer behind BitCoin has been identified. The people who make that claim are actually relying (primarily) on style analysis of his written words. That's a pretty thin justification for pointing a finger. But if anyone wants to be anonymous online, it's incumbent on that user to leave no more of a clue to their identity than this sort of theorizing.
The notion, apparently accepted by the author of the article you linked, that people will connect to their personal Twitter or email accounts over TOR is ridiculous. Anyone that naive, well, I'm not going to be terribly surprised when they get caught.
The author is also concerned about various attacks specific to TOR. For example, he cites the Freedom Hosting bust thusly:
That's true, as far as it goes. However, the hack was limited to certain versions of certain browsers and was entirely dependent on Javascript to work. No TOR user should be running Javascript, though. The ones that do don't know what they're doing.
Maybe they installed the Tor Browser Bundle and just thought of it as another application. If so, they demonstrated that having a tool and knowing how to use it are two completely different things.
The author of the article addresses this in his conclusion:
As an aside, it took me a while to take the article seriously when he ends it with saying, in essence, "It's OK if the NSA runs roughshod over civil liberties as long as they're catching people we all hate." As gun owners, we should appreciate the irony and the danger of that attitude. However, I got past that and looked at his technical arguments.
While he's right that separating the apps and the proxy on different machines is key to "bet your life" anonymity over TOR, I think he overstates the case. It should generally be enough to simply be a different person over TOR.
I never, while in TOR, tie my TOR life to my meatspace life. I mostly use it to passively consume data from websites that the government doesn't like. Most folks would be surprised how much very interesting news can be gleaned from sites that would get you put on a watch list in the U.S. Until Al-Jazeera was finally recognized as a legitimate news source, for example, anyone who visited it a great deal could find that patronage rewarded with official suspicions in the U.S. That's just one example.
I also use a (technically) different machine to access TOR. While the hardware may be shared, the user account that boots into TOR has no access to the crypto keys that unlock every other part of my drive space. (Yes, I use full disk encryption religiously. I have for over a decade. It was a habit I picked up at work and frankly I can no longer comprehend why everyone doesn't do it.) If I want to save something over TOR, I must enter a ridiculously long passphrase to give it write access to a removable drive. My normal boot drive and data drive are always idle when I'm using TOR.
As an aside, I once ran a Freenet node 24/7. When I did, I set it up on completely different hardware. Since my normal internet connection was through my cable company, I got a DSL connection from a completely different entity and dedicated it to the Freenet machine. That ISP never saw anything from me except encrypted streams going in and out.
A similar attitude is necessary to stay safe (at least, as safe as would make me comfy) on TOR. I agree with the author of the article that some "average" users will not have enough of that attitude. However, I disagree with his basic point. He says that "normal" users aren't likely to be safe using TOR. I think anyone serious enough to learn about TOR is just a couple of short steps away from "safe enough".
If a user is so lazy they won't take that last couple of steps then they might get bit. I don't believe TOR, itself, deserves any blame for that.
PS - Damnit. I went ahead and put everyone to sleep, didn't I?
I'm with you there. But I think it has something to do with searching the internet anonymously.
Sent from the Bacon isle at your local grocery store.
Hell, I've been visiting up Al-Jazeera and Al-Manar for years, sometimes I'll even open up WhiteHouse.gov at the same time just to mess with them.
But.. thanks for that post Ben, it was very informative.
Staff online
-
VaqueroMoving stuff to the gas prices thread.....
Members online
- Hoji
- brashears9567
- 1911'S 4 Me
- Raider1
- KC Huntin
- echo1
- TXWingnut
- McCrapper
- engarom
- recoveringyankee
- AlteisenMkII
- dsgrey
- popper
- Gulfpirate101
- TheCanadianOne
- johnbeaver
- ULEWZ
- innominate
- gatorgrad84
- BB76
- ZX9RCAM
- leonidas
- thescoutranch
- Nick!
- Txdweeb
- CentexGunner82
- Texasgordo
- Ausländer
- Vaquero
- CJGarza
- Jeff S
- Raider4044
- Amated
- Oldbullhorn
- Otto_Mation
- Me
- Js1388
- digger
- Charley
- DaBull
- DubiousDan
- bigdhornfan
- moki
- glenbo
- ShootTheBreeze
- Jim D TX
- wakosama
- Fullretard
- prisondoc
- tangoparson
