Worth mentioning is that Tor isn't entirely bulletproof so it's worth still being cautious when using it: Malwarebytes September 19, 2024 - Tor anonymity compromised by law enforcement. Is it...
Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months.
German news outlet NDR reports that law enforcement agencies got hold of data while performing server surveillance which was processed in such a way that it completely cancelled Tor anonymity. The reporters saw documents that showed four successful measures in just one investigation.
The problem that Tor faces lies in the fact that it was designed with hundreds of thousands of different nodes all over the world in mind. In reality, there are about 7,000 to 8,000 active nodes, and many of them are in data centers. As a consequence, the “minimum of three” often means “only three” which increases the potential effectiveness of timing attacks.
Based on the information provided, the Tor Project concluded that one user of the long-retired application Ricochet was de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the Vanguards add on, which were introduced to protect users from this type of attack
Which means they feel confident to claim that Tor is still safe to use. However, we would like to add that users should be aware that several law enforcement agencies–and cybercriminals–run Tor nodes, which can pose risks.
If you use Tor, here are some basic rules to stay as anonymous as possible:
Keep Tor Browser updated to the latest version for security patches.
Use the default Tor Browser settings – don’t install add-ons or change the settings unless you know what you are doing and what the implications are.
Enable the “Safest” security level in Tor Browser settings.
Only visit HTTPS-encrypted websites.
Avoid logging into personal accounts or entering personal information. If you post your personal information somewhere that undermines the whole idea of staying anonymous.
Be extremely cautious about downloading files or clicking links, even more so on the Dark Web.
Disable JavaScript if possible although this may break some sites.
Clear cookies and local site data after each browsing session.
Use a reputable VPN in addition to Tor for an extra layer of encryption.
Run up-to-date antivirus/anti-malware software on your device.
Absolutely right - and the video mentions this! Tor's anonymity requires every user to be identical, which creates a monoculture (the same bugs are present across all Tor Browser users)....
Worth mentioning is that Tor isn't entirely bulletproof so it's worth still being cautious when using it
Absolutely right - and the video mentions this! Tor's anonymity requires every user to be identical, which creates a monoculture (the same bugs are present across all Tor Browser users). Additionally, Tor Browser is based on Firefox's Extended Support Release builds, which only receives patches for vulnerabilities considered Critical and High (as opposed to Medium and Low).
Use a reputable VPN in addition to Tor for an extra layer of encryption.
A great piece of advice that is often ignored. Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic has been done in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.
Privacy Guides (full disclosure: I'm a team member) has a great overview page that covers all of these points in detail.
I know who you are, and have been following privacyguides (and before that privacytools) work for some time. ;) I didn't actually know about that Tor overview page though, that's good stuff! p.s....
I know who you are, and have been following privacyguides (and before that privacytools) work for some time. ;) I didn't actually know about that Tor overview page though, that's good stuff!
p.s. BTW, I didn't mean my comment to be disparaging or dismissive of your video or site's work at all, so I hope it didn't come across that way. I meant it merely as an 'in addition to' kind of thing so people would understand that they can't just download the Tor browser, browse like normal using it, and still expect to be totally anonymous. :P
Shit, my privacy efforts must be failing /s In all seriousness, thanks for the kind words. It's always nice to see one's projects being appreciated! And don't worry, your comment didn't seem...
I know who you are
Shit, my privacy efforts must be failing /s
In all seriousness, thanks for the kind words. It's always nice to see one's projects being appreciated! And don't worry, your comment didn't seem disparaging or dismissive at all ;P
Worth mentioning is that Tor isn't entirely bulletproof so it's worth still being cautious when using it:
Malwarebytes September 19, 2024 - Tor anonymity compromised by law enforcement. Is it still safe to use?
Absolutely right - and the video mentions this! Tor's anonymity requires every user to be identical, which creates a monoculture (the same bugs are present across all Tor Browser users). Additionally, Tor Browser is based on Firefox's Extended Support Release builds, which only receives patches for vulnerabilities considered Critical and High (as opposed to Medium and Low).
A great piece of advice that is often ignored. Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic has been done in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.
Privacy Guides (full disclosure: I'm a team member) has a great overview page that covers all of these points in detail.
I know who you are, and have been following privacyguides (and before that privacytools) work for some time. ;) I didn't actually know about that Tor overview page though, that's good stuff!
p.s. BTW, I didn't mean my comment to be disparaging or dismissive of your video or site's work at all, so I hope it didn't come across that way. I meant it merely as an 'in addition to' kind of thing so people would understand that they can't just download the Tor browser, browse like normal using it, and still expect to be totally anonymous. :P
Shit, my privacy efforts must be failing /s
In all seriousness, thanks for the kind words. It's always nice to see one's projects being appreciated! And don't worry, your comment didn't seem disparaging or dismissive at all ;P