It should be mentioned that Tor has its limitations. If you're just trying to avoid dragnet like surveillance, it's fine, but if you actually fear being individually targeted by a state...
It should be mentioned that Tor has its limitations. If you're just trying to avoid dragnet like surveillance, it's fine, but if you actually fear being individually targeted by a state surveillance organization, as is one of scenarios on the site, then it's extremely easy to break and deanonymize tor traffic.
Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them.
Well, there's that, but Tor is just uniquely weak. The issue is Tor makes a very limited amount of jumps, and has a hilariously low amount of exit nodes. This makes it very easy for anyone, a...
Well, there's that, but Tor is just uniquely weak. The issue is Tor makes a very limited amount of jumps, and has a hilariously low amount of exit nodes. This makes it very easy for anyone, a state actor certainly, but potentially also just someone with a botnet, or a fair amount of money, to make a bunch of exit nodes and then perform timing attacks by observing incoming requests to the tor network, and outbound requests through their exit nodes.
You could even argue just a plain jane VPN is harder. At least then, you'd have to convince or threaten whatever jurisdiction that Mullvad operates in to do your bidding. Certainly non-state actors will have a hard time. Which isn't the case with Tor.
I wouldn't be surprised if a majority of exit nodes are run by surveillance organizations. It doesn't help that running an exit node isn't very fun - it's a fast path to being arrested for abetting child pornography.
One theory that pops up from time to time is that Tor or a predecessor was created by U.S. Intelligence Agencies for enabling secure communications with operatives and assets in foreign countries....
One theory that pops up from time to time is that Tor or a predecessor was created by U.S. Intelligence Agencies for enabling secure communications with operatives and assets in foreign countries. De-anonymizing doesn’t matter quite as much if you control most exit nodes.
Security and privacy aren't binary things. Nothing provides perfect privacy, but there's a real benefit to taking steps to protect yourself. Authorities depend on the ease and scalability of...
it's extremely easy to break and deanonymize tor traffic
[citation needed]
Security and privacy aren't binary things. Nothing provides perfect privacy, but there's a real benefit to taking steps to protect yourself. Authorities depend on the ease and scalability of surveillance. It's disappointing to see in this thread the amount of defeatism, essentially saying "don't even try to resist".
There’s plenty of papers on it. Tor is infamously weak to timing attacks due to the low number of exit nodes and the predetermined number of jumps. I don’t see how it’s defeatism. You’re reading...
There’s plenty of papers on it. Tor is infamously weak to timing attacks due to the low number of exit nodes and the predetermined number of jumps.
I don’t see how it’s defeatism. You’re reading it wrong if that’s what you got out of it. You should know the limitations of the tools you use. Like I said, it’s fine for avoiding dragnet situations, which is most people.
But if the site is going to put situations like “well known opposition journalist in a hostile authoritarian government” in the situations, you should know the limitations of what Tor can get you.
A MIT meta-paper: https://css.csail.mit.edu/6.858/2023/readings/tor-traffic-analysis.pdf It references to other papers, which you can find for more specifics.
It should be mentioned that Tor has its limitations. If you're just trying to avoid dragnet like surveillance, it's fine, but if you actually fear being individually targeted by a state surveillance organization, as is one of scenarios on the site, then it's extremely easy to break and deanonymize tor traffic.
You reminded me of this (PDF):
Well, there's that, but Tor is just uniquely weak. The issue is Tor makes a very limited amount of jumps, and has a hilariously low amount of exit nodes. This makes it very easy for anyone, a state actor certainly, but potentially also just someone with a botnet, or a fair amount of money, to make a bunch of exit nodes and then perform timing attacks by observing incoming requests to the tor network, and outbound requests through their exit nodes.
You could even argue just a plain jane VPN is harder. At least then, you'd have to convince or threaten whatever jurisdiction that Mullvad operates in to do your bidding. Certainly non-state actors will have a hard time. Which isn't the case with Tor.
I wouldn't be surprised if a majority of exit nodes are run by surveillance organizations. It doesn't help that running an exit node isn't very fun - it's a fast path to being arrested for abetting child pornography.
One theory that pops up from time to time is that Tor or a predecessor was created by U.S. Intelligence Agencies for enabling secure communications with operatives and assets in foreign countries. De-anonymizing doesn’t matter quite as much if you control most exit nodes.
I want you to know I just read that whole article and was choking back tears of laughter the entire time. Thanks for sharing
Security and privacy aren't binary things. Nothing provides perfect privacy, but there's a real benefit to taking steps to protect yourself. Authorities depend on the ease and scalability of surveillance. It's disappointing to see in this thread the amount of defeatism, essentially saying "don't even try to resist".
There’s plenty of papers on it. Tor is infamously weak to timing attacks due to the low number of exit nodes and the predetermined number of jumps.
I don’t see how it’s defeatism. You’re reading it wrong if that’s what you got out of it. You should know the limitations of the tools you use. Like I said, it’s fine for avoiding dragnet situations, which is most people.
But if the site is going to put situations like “well known opposition journalist in a hostile authoritarian government” in the situations, you should know the limitations of what Tor can get you.
Please share. I know Tor is largely funded by the U.S. government and used by many nation-state actors.
A MIT meta-paper: https://css.csail.mit.edu/6.858/2023/readings/tor-traffic-analysis.pdf
It references to other papers, which you can find for more specifics.
Also relevant: Qubes
Both Edward Snowden classics