• ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    6
    ·
    edit-2
    1 year ago

    There is a strong suspicion that the TOR network has been turned into a NSA honeypot by virtue of the NSA running more than half of the TOR exit nodes. Do you really want to take that chance?

    Not to mention, pretty much the only thing most honest people use TOR for is to defeat geoblocking, and most geoblocked sites of any importance blacklist TOR exit nodes. So it’s not even that useful.

        • eleitl@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          4
          ·
          edit-2
          1 year ago

          I typically don’t have the time to watch videos but I did in this case. It’s not wrong. The question is: what is your threat model?

          First, Tor is not designed to protect you from a global passive adversary nevermind an active one. Global network probes can be used to identify individual sessions by traffic timing correlations. Locating hidden services is quite easy that way, since they’re sitting ducks. It is fairly easy to remotely compromise hidden service marketplaces for TLA players and/or use physical access to hardware and/or operators to make them cooperate with LEOs.

          If you are trying to avoid ISP level snooping and blocking, advertisers, Google and national scale actors then Tor is the right tool to use. And by all means, do run your own relays to help the network. The more relays we have, the harder the attack.

      • ExtremeDullard@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        edit-2
        1 year ago

        I said suspicion, not evidence. The suspicion arises when you try to answer the following 2 basic questions:

        • Who wants to deanonymize TOR users the most?
        • Who has the resources to run TOR servers and provide the service for free and why?

        Or put another way, apart from a few idealists like the Calyx Institute, nobody in their right mind would foot the bill to run servers mostly used by hackers and pedos. Therefore, the most likely operators are law enforcement and nefarious barely-constitutional three-letter agencies.

        • eleitl@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          TLAs, LEOs and criminals are both Tor end users and have an interest in attacking Tor users.

          Everybody has the resources to run Tor relays and even exits, though the latter can become a massive legal nuisance. Servers are cheap. Read the Tor mailing list archives.

          As to ‘mostly used by hackers and pedos’, please provide the evidence. Factual one, not non-sequiturs based on faulty assumptions.

        • Red Wizard 🪄@lemmygrad.ml
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Ok so the CIA, NSA, and FBI are running the majority of Tor nodes. Is there evidence that the data is being used to prosecute/harass/intimidate people?

          Wouldn’t there be unusual IP addresses on exit nudes?

          I’m just trying to follow this thread.

          • ExtremeDullard@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Is there evidence that the data is being used to prosecute/harass/intimidate people?

            So you’re okay with the TLAs snooping around and watching what you do provided they don’t act on it? I’m not, if only as a matter of principle. To quote the great movie Anon, it’s not that I have something to hide, it’s that I have nothing I want them to see.

            Besides, remember, this is the United States: just say terrorism or national security, and due process and habeas corpus go out the window - in which case, you may not hear about somebody being harassed or prosecuted at all.

        • IphtashuFitz@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Regarding your second point, I worked in IT at a large university about 15 years ago and set up an exit node briefly on a spare system I had. The IT security team tracked it down fairly quickly because of the sudden flurry of malicious traffic associated with it. So I had to shut it down fairly soon after I fired it up.

          Most networks are likely going to have a similar reaction if running an exit node results in malicious activity on those networks. Ask yourself - who would willingly allow that to happen? It wouldn’t surprise me if the answer is organizations that want to monitor that traffic for one reason or another.

      • lagomorphlecture@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        1 year ago

        Idk if the NSA runs all those exit nodes but this is definitely not the first time I’ve heard that it isn’t secure. Luckily I have nothing to hide so I use Google for everything and send them a daily summary of my offline activities in case they missed anything.

    • eleitl@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      I’ve been using it since the early days and ran relays and exits. It’s good for anonymity against your ISP, advertisers and lesser adversaries than being targeted by TLAs. Can be a bit slow. Make sure to use encryption to protect against bad exit nodes.

      • brzrd@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Quick question: How does one set up encryption while using the Tor browser for things like searches and regular browsing (research, etc)? Would be useful to know. Appreciate.

        • eleitl@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          You just use https. There are extensions like HTTPSEverywhere, but they potentially add bits to your fingerprint. DuckDuckGo also offers their search interface as a hidden service, perhaps worth bookmarking.

    • FredericChopin_@feddit.uk
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I used to use it. I used it to buy Xanax and it was bad times but the tor and Darknet market aspect was fine.