I don’t think any typical internet user would accept Tor’s latency. User behavior has indicated again and again that convenience and frictionless-ness is the overriding priority for the majority. I appreciate the work done by the Tor community, but I also think we need to be realistic about what the threat model is and what viable solutions are on the table:
* If you’re concerned about the MAANGs of the world hoovering data for targeted adverts I think you’d get far more traction with aggressive privacy legislation and brutal oversight, or (and I recognize this is extreme) straight nationalization of some of their products with a mandate to operate them in the public interest like PBS or the Beeb
* If you’re concerned about an authoritarian state actor Tor was pwned years ago. TBH I think trying to win against ex. US TLAs in straight cryptography or protocol supremacy is kind of a fools errand (you’re ultimately going to get clobbered purely on the resource differential) and that the best bet is security through obscurity.
Just my 2c, maybe overly fatalistic so curious about counter views
If everyone used it wouldn't latency go down (more nearby nodes), or is it that for privacy via timing attacks they don't preference nearby nodes and/or they add artificial delays?
I might misunderstand how Tor works, but unless you are a relay I don’t think you participate in routing. Unlike BitTorrent, clients don’t automatically contribute resources back to the network.
That’s a good question, tbh I have no idea. Yeah presumably if the user base increased then the number of nodes would also grow, but definitely unclear to me what level of latency (if any) is required for privacy
I used it plenty at the University to access research articles (sci hub). There are other use cases that go beyond the usual stuff that government try to monitor by serving exit nodes, or doing correlation attacks. Anyway, even if you were a terrorist, using your would be better than not using it. There are probably other solutions that they implement, sure.
If you're not doing anything that affects national security they won't bother burning that capability on you. They save action only for those they can take action against in a clandestine way (so the fact they can crack Tor is not on public record), or against someone so dangerous they need to act quickly for national security reasons (and a government acting quickly with overwhelming force is hard to keep secret).
Lately, it's been surreptitiously fingerprinting or exploiting their Firefox fork, timing attacks (if you can see metadata all of the packets in the country or world, they can take as many hops as you choose, someone and or something can still easily line them up),
or other op-sec screwups (controversial, because what is reporterd as fatal OpSec flaws can just as easily be parallel construction finding something that would look or sound blatantly obvious in retrospect).
> If you’re concerned about an authoritarian state actor Tor was pwned years ago.
I mean.. wasn't it created by a department of the US Navy? What did everyone expect? The "white label" slapped on it years ago was that this was meant to help "Iranian dissidents" share information on the web.
The utility of this network to everyday people was never going to exist.
I haven't used TOR recently but from my memory one of the biggest issues with is was speed. Yes you get anonymity but websites also load 2-3x slower because they have to go through all the nodes on the network. The people that care about privacy at the expense of speed already use TOR, and for everyone else it's going to be a very hard sell.
In my experience, TOR's been fine for latency, but the problem I've been having is getting stuck in an infinite loop of Cloudflare "Checking if the site connection is secure."
There just isnt enough exit nodes that cloud providers have opted to either blacklist, or heavily deprioritize those nodes' traffic.
I'd want to see every computer connected to the internet turn into an exit node! It makes it infeasible to block those IPs, and also prevents people from being charged a crime for such traffic.
Yep. Decentralization entails degraded service, almost as a thermodynamic principle. It's the "eating your vegetables" of technology; even if you think people should, you can guess how many actually do.
Why do you believe decentralization is responsible for TOR’s speed? Decentralization often improves speed by routing around traffic, and the regular non-TOR internet is decentralized. BitTorrent is often faster than regular internet due to its additional decentralization of the data. I suspect TOR is slow due to intentionally long and twisty routes, added encryption, extra hops that require more processing, low numbers of exit nodes, and limited bandwidth at the exit nodes. In a way, the speed is probably partly a byproduct of TOR accidentally centralizing traffic at the scarce exit nodes.
Not decentralization, but anonymous decentralization that involves indirect routing. Decentralization can actually offset that anonymity tax somewhat by the fact that you might have multiple sources that you can request data from in parallel.
Ironically, once I cut all vegetable and, in fact, all plant-based calories, out of my diet, I experience dramatic health and fitness benefits. I expect in this case the conventional wisdom is also exactly backwards and in fact transparency is more important than privacy.
Latency is bad, throughput is pretty decent. Unfortunately this is a side effect of it's routing system (routing through 3 random nodes around the world).
Latency is actually pretty reasonable once you're connected. Connection times are where most people really feel the slowness with Tor. For example, chat and SPA's are pretty snappy over Tor.
There is no anonymity with tor if there is logging. There is only Obfuscation for most use cases. The latency makes is also have poor appeal. An untrusted internet or a hostile network isn’t going to change because there is a pretext of anonymity. I personally think highly trusted peers are the only solution.
I can't decide if it would be easier to convince people of the benefit of extra steps/slow internet/privacy protections, or to reflexively engage their skepticism/critical thinking muscles upon hearing Save-The-Children-and-Stop-The-Terrorists rhetoric.
As it stands, it seems most people (of a certain race and class, anyway) feel more threatened by vague stories of child abductors in white vans at WalMart[1,2] or terrorists (c. 2000's generally) than being randomly victimized by our j̶u̶s̶t̶i̶c̶e̶ legal system.
Nothing to hide, nothing to fear, as they say. Abstract thought and generalization are hard, I guess.
Tor doesn’t deliver any of those things. It’s a tool developed for spies that is mostly used to facilitate grifts and move contraband.
I’m not worried about clowns in white vans or terrorists. If you want protection from the government, you need to advocate for protection under the law. Journalists, NGO workers, etc have to figure out how to manage risk and may need to self-censor to avoid those risks. Tor won’t protect you if you irritate MBS.
There is active targeted surveillance by a nation state. Tor is not going to help you. No crypto or tech alone will help you, you’ll need to develop extreme opsec practices to stand even a remote chance against a well funded and well equipped adversary focusing on targeting you.
Then there is passive mass surveillance, i.e. the presidential surveillance program, which Tor/VPNs/HTTPS etc will absolutely help with.
I'm not sure what deliverables you're referring to, but if it's not useful for shielding one's identity from prosecutors/persecutors, why would spies, grifters, traffickers, terrorists, child abusers, and puppy-kickers make such extensive use of it?
"reflexively engage their skepticism/critical thinking muscles upon hearing Save-The-Children-and-Stop-The-Terrorists rhetoric"
Not part of human nature. Save the children/Rethoric is embedded. Reflexive thinking has variying energy requirements and for most requires external kickstart, when possible at all
Forcing tor in all new network adapters is more feasible, which is saying much.
> Not part of human nature. Save the children/Rethoric is embedded.
This is ahistorical. Childrens' rights are a late-19th Century creation. We have become child worshipers, we are not naturally child worshipers.
There's a quasi-Christian doctrine that states that children are born virtually unstained, and that being unstained makes you more deserving of life. As you grow older, you are stained by the demands of the world, which makes you less deserving of life. However, the idea that a child's life is more important than an adult's life would seem moronic to people much before the 20th Century. It just takes 6 years to make a 5 year-old. It takes 51 years to make a 50 year-old. 5 year olds know almost nothing, and need to be taken care of. Every 50 year-old has a bunch of knowledge that can't be recovered, and generally can take care of themselves.
You know we used to send them into the mines... and we used to value them because of how deeply they could get their little hands into factory machinery.
I got out of academic fingerprinting research when I realized I was on the wrong side of the discussion. I’ve just never seen or heard of privacy violations that particularly bothered me.
I too have never experienced a violation of privacy which had a significant observable impact on my life. You and I have been fortunate in this respect.
Some people are literally targeted for harassment and murder because of some aspect of their identity, journalism, or activism. This isn't a hypothetical.
Tl;Dr the dissident Khashoggi was infected with NSO malware before he was murdered by the Saudi government. That's a pretty clear violation of privacy in service of something I would guess you disagree with.
This story isn't an anomaly, I think if you looked into this further you would find innumerable privacy violations which bother you.
People who are generally ambivalent on TOR are the ones that we need to convert. I believe the message needs to be that anonymity is not only desirable but mandatory as well, especially because of the rise of platforms that literally track each and every possible metric about your daily life and habits. Besides, even if someone says that TOR is used for illegal purposes, we all need to remind them that legality is distinct from morality and is always defined by those currently in power.
"Tor is only used for illegal purposes" is as valid as saying "only criminals use cash so they can buy things without a digital trail." I pay cash -- and refuse to use affinity/shopper cards because I would rather pay for my privacy which is worth more to me than 4 cents/gallon off on gasoline.
> worth more to me than 4 cents/gallon off on gasoline.
The stores are getting wiser about this. My local Fred Meyer (a Kroger brand now) has a fuel rewards program -- for every $100 you spend, you get 10 cents off per gallon on your next fillup. Given how expensive groceries are, a lot of people are saving more like 50 cents per gallon, not 4.
They've also started doing instant discounts at the register, which was something that Safeway aggressively did from the beginning. FM isn't quite that aggressive yet, but when I scan the shopper card just before paying, it isn't unusual for it to knock $20-30 off a $150 purchase.
If it really were just 4 cents a gallon, I expect less people would bother. But it's not. The stores are steadily increasing the penalty for shopping without a loyalty card.
Cash is still king in Germany, and it always weirds tourists out. Personally I think it's great, and just like you do much of my shopping in cash because I don't want my bank knowing everything about my diet etc.
> I believe the message needs to be that anonymity is not only desirable but mandatory as well, especially because of the rise of platforms that literally track each and every possible metric about your daily life and habits
Normal people don’t care if their metrics are being tracked - that is happening to practically everybody all day every day, and very few people are experiencing any direct and measurable negative consequences. In their defence, why should they weigh the hypothetical-risk above the real-benefits of giving up privacy (ie, convenience and price)?
I believe if the message of privacy advocates is to have any effect at all on normal people, we really need to start focussing on things that normal people care about, not hypothetical and philosophical arguments
It's a frog in a steadily boiling water problem. People not caring about their privacy enables certain actors to increasingly encroach it and then suddenly you find that these actors know everything there is to know about you including what you buy, eat, use, discard etc. This is not just a hypothetical scenario. For instance, look at any digitally capable dictatorial regime. No one now has the power to speak up in these regimes because everything they say is tracked and can be traced back to them and they themselves gave the regime this power happily in the past.
Anonymity is one of those things that if you do not fight consistently for, will be eventually taken away from you. I fail to envision a society where anonymity doesn't really matter for most people because as long as there is a society, it'll imply there is a control structure. And as long as there is a control structure, it'll keep on dictating what you can and cannot do. Unless you unreasonably assume that such a structure will always, without a fail, be perfectly correct, in the event that you disagree with it, you're certain to be in trouble.
I'd like to reiterate once again, there is a distinction between morality and legality. For instance, it's never immoral to bring wrongdoings to light, and yet, it's horrendously illegal to expose classified government secrets, even if they are terrible.
People's data is being farmed and their identity leaked and sold on the dark web, and they're probably not educated enough to care. That's what you want to preserve?
As an exercise, I've been using Tor Browser as a daily driver on my personal laptop, and ended up with a 3-browsers approach:
* Firefox ESR -- For sites that are necessarily linked to my identity, such as HN and shopping. Sometimes this also gets sites that don't have to be linked to me, such as if I'm too lazy to copy&paste a link from HN into Tor Browser. (Keyboard switching/starting: Mod+F)
* Tor Browser -- Almost everything else. This is the bulk of my traffic, and innocuous, not "he just switched to Tor Browser, so must be doing something interesting". (Keyboard switching/starting: Mod+W)
* Chromium -- This is my total subjugation browser, used when more-private&secure options fail for something I really need/want to access. No ad blockers, but some awful DRM enabled. Current used only for one obnoxious video streaming service. I would like to get rid of this browser entirely. (Keyboard starting intentionally discouraging: Mod+P C H R O M Enter)
My vintage laptop can handle all 3 at once, just fine. Though I usually make them short-lived -- to reduce clutter, free compute resources, and clear trackers.
That's the personal laptop. My work laptops will partition browser use differently, such as for whatever the current Web development needs, and keeping all-day corporate SaaSes (e.g., GitLab, and mandated Web apps) open in one browser, while making another browser for short-lived public Web browsing sessions.
There's also a place for Tor Browser on the work laptop, for public browsing about topics that you don't want to hypothetically leak to competitors, but some companies will flip out if they detect Tor on the corporate network.
If we all use it, it will slow to a crawl. Even more than now.
Nobody that’s not halfway suicidal is running exit nodes on their home machines (I won’t, I don’t want police knocking on my door).
And just for the onionspace… yeah I saw some bad stuff there. After what I saw I don’t think anonymity is a good idea. There is darkness inside people that lack of rules, lack of order, lack of accountability brings out.
>yeah I saw some bad stuff there. After what I saw I don’t think anonymity is a good idea
This is a somewhat one-sided way of thinking.
Tor is a tool that can be used for useful things as well as misused for bad things (like a knife or a truck). Now, leaving aside the fact that websites related to credit card fraud, child pornography, and terrorism also have a large presence on the Clearweb.
Also, I'd like to note that Instagram is a global hub for human trafficking, and the moderators' stories don't sound any more innocuous than the Onion stories.
I use Tor daily and abide by the law, but don't want to miss the anonymity or pseudonymity of a Whonix VM and a Tails session.
Since I've been hosting Tor Nodes since I was 14, I don't have to worry about showing up on blacklists of 3-letter organizations, since I've been on top for over a decade anyway.
> Since I've been hosting Tor Nodes since I was 14
Honest question: why do people host exit nodes when they aren't 14 anymore?
Given how dangerous it is to host one, and how little personal benefit one gets from it, I kinda assumed most exit nodes are hosted by three-letter agencies from various countries. Is that so? If not, how so?
And in the end it can't circumvent stuff like the great firewall of China.
In the end Toe is just a legacy project from the CIA/NSA that has outlived it's usefulness. The NSA has certainly redteamed all the ways to take it down or uncloak users, if needs be, so it's not even a tool against a potential fall into dictatorship of the USA.
> And in the end it can't circumvent stuff like the great firewall of China.
Actually, this isn't true: Tor with private Snowflake bridges can be very effective against the Great Firewall. I'm an activist who works in this area and I've spoken with activists who were using it as recently as this year.
The issue is scaling bridge discovery, since any automated bridge discovery mechanism rapidly exposes available bridges to a determined censor. But any team doing high profile, notable, or sensitive work can find an individual or organization outside China to provide them with private bridges. So Tor is one effective option now for key activists in China, just not a mass-scale solution for everyone.
Tor is a meme in 2023. Even advocates for it seem to believe it's only really good for circumvention, which is the totally wrong way to look at it. Having a built-in outproxy to the web is probably it's greatest flaw, not its strength. Why? Because there's nothing stopping anyone from setting up exit nodes and analyzing the traffic. The open web itself is a vulnerability. Being an anonymizer for the web also encourages people to not contribute energy to "hidden services" but to the non-hidden web, which is self defeating.
And as others have pointed out, Tor wouldn't scale if everyone was using it. Contrast this with I2P which not only would scale but become more resistant to DDOS attacks with the more nodes on the network. Unlike For, I2P has no distinction between nodes, mostly because it's not designed to be an outproxy. But no, let's keep insisting that everyone use a deep state tool with chronic flaws because reasons. /s
It's certainly an interesting mindset: "I'd rather live in a neighborhood where the HOA is run by psychopathic busybodies, even if it means I have to become a pod person!"
>I have yet to find something which lets you get a good peek at that data. Does anyone know of anything?
You don't need Tor to avoid advertisers. Blocking all cookies and browsing in private mode will get you 99% of the way there. Throw in an ad-blocking VPN and there's basically nothing anyone can know about you that you aren't explicitly sharing.
This is not really true, because of how centralized the web is. From Google fonts to jquery and the million in between endpoints, most sites you visit are going to be reporting you to Google. Logging into a single identity verifying site or even just viewing a distinct set of sites can all work as instant deanonymizers.
A VPN that has multiple users using the same IP simultaneously can help on this front, but I don't know how common this is? Basically emulating how Tor exit nodes work. Though even that is also almost certainly possible to break.
I am off facebook. I think they are not the bulk of the problem anyways.
You can see something similar with your Google ads profile, but only if you have personalized ads on. (I am sure they still have the profile on you, you just can't view it)
I was pleasantly surprised to find Tor mode in Brave browser. I was looking for private browsing mode and it was right there. It was pretty darn fast and usable too. I honestly hope this feature and browser get more uptake
- Part of the protection Tor provides is due to having the single browser made specifically for Tor. Nearly everyone uses it; this gives you a sufficiently large crowd to blend into. There are fingerprintable clusters inside this crowd, but at least they are still large enough. By using any other browser, you make yourself stand out and even diminish the anonymity of the whole network a tiny bit. This can become a problem if enough people are using custom browsers. Brave in particular is also not restricted enough by default (no JS etc). Default settings for everyone matter.
- Brave's Tor feature wasn't thoroughly tested in real situations. AFAIK they had issues with it, and also warned users not to rely on it as it's not complete.
> Brave in particular is also not restricted enough by default
While I'm in agreeance with everything you've said it should be pointed out that Tor Browser doesn't ship with JS disabled either, it simply breaks so much of the web that they've concluded it's not reasonable for a browser to do by default if they want to attract new users.
Brave has loads of good features Chrome doesn't but people are put off by it because "muh crypto integration", which can be disabled permanently in settings.
The crypto integration is an indication of a compromised vision and a lack of judgment. If the dev is willing to shove that in, what else is in there that I’m not aware of?
This is misleading. Brave had added items such as cryptocoin affiliate "cards" on the new tab page even for users who have had every cryptocoin aspect disabled.
Further, there is no way to pre-emptively disable the cryptocoin elements on new profiles on the same Brave installation.
They also started selling people's copyrighted website data to ai companies via a new api recently, explicitly "granting" a license to use it for ai training, without the copyright owners (ie, independent bloggers) permission
Yeah, to me it seems like a skeevy browser for people without the IQ to use Firefox with good add-ons like uBlock Origin and not be put off by crypto integration.
Readit News
* If you’re concerned about the MAANGs of the world hoovering data for targeted adverts I think you’d get far more traction with aggressive privacy legislation and brutal oversight, or (and I recognize this is extreme) straight nationalization of some of their products with a mandate to operate them in the public interest like PBS or the Beeb
* If you’re concerned about an authoritarian state actor Tor was pwned years ago. TBH I think trying to win against ex. US TLAs in straight cryptography or protocol supremacy is kind of a fools errand (you’re ultimately going to get clobbered purely on the resource differential) and that the best bet is security through obscurity.
Just my 2c, maybe overly fatalistic so curious about counter views
Lately, it's been surreptitiously fingerprinting or exploiting their Firefox fork, timing attacks (if you can see metadata all of the packets in the country or world, they can take as many hops as you choose, someone and or something can still easily line them up),
or other op-sec screwups (controversial, because what is reporterd as fatal OpSec flaws can just as easily be parallel construction finding something that would look or sound blatantly obvious in retrospect).
I mean.. wasn't it created by a department of the US Navy? What did everyone expect? The "white label" slapped on it years ago was that this was meant to help "Iranian dissidents" share information on the web.
The utility of this network to everyday people was never going to exist.
I'd want to see every computer connected to the internet turn into an exit node! It makes it infeasible to block those IPs, and also prevents people from being charged a crime for such traffic.
Not decentralization, but anonymous decentralization that involves indirect routing. Decentralization can actually offset that anonymity tax somewhat by the fact that you might have multiple sources that you can request data from in parallel.
Deleted Comment
Deleted Comment
As it stands, it seems most people (of a certain race and class, anyway) feel more threatened by vague stories of child abductors in white vans at WalMart[1,2] or terrorists (c. 2000's generally) than being randomly victimized by our j̶u̶s̶t̶i̶c̶e̶ legal system.
Nothing to hide, nothing to fear, as they say. Abstract thought and generalization are hard, I guess.
[1] https://www.cnn.com/2019/12/04/tech/facebook-white-vans/inde...
[2] https://www.snopes.com/fact-check/white-van-facebook-hoax/
The story’s walls are closing in on cracking down on cryptographic guarantees of privacy, network access, and information sharing.
I’m not worried about clowns in white vans or terrorists. If you want protection from the government, you need to advocate for protection under the law. Journalists, NGO workers, etc have to figure out how to manage risk and may need to self-censor to avoid those risks. Tor won’t protect you if you irritate MBS.
There is active targeted surveillance by a nation state. Tor is not going to help you. No crypto or tech alone will help you, you’ll need to develop extreme opsec practices to stand even a remote chance against a well funded and well equipped adversary focusing on targeting you.
Then there is passive mass surveillance, i.e. the presidential surveillance program, which Tor/VPNs/HTTPS etc will absolutely help with.
Not part of human nature. Save the children/Rethoric is embedded. Reflexive thinking has variying energy requirements and for most requires external kickstart, when possible at all
Forcing tor in all new network adapters is more feasible, which is saying much.
This is ahistorical. Childrens' rights are a late-19th Century creation. We have become child worshipers, we are not naturally child worshipers.
There's a quasi-Christian doctrine that states that children are born virtually unstained, and that being unstained makes you more deserving of life. As you grow older, you are stained by the demands of the world, which makes you less deserving of life. However, the idea that a child's life is more important than an adult's life would seem moronic to people much before the 20th Century. It just takes 6 years to make a 5 year-old. It takes 51 years to make a 50 year-old. 5 year olds know almost nothing, and need to be taken care of. Every 50 year-old has a bunch of knowledge that can't be recovered, and generally can take care of themselves.
You know we used to send them into the mines... and we used to value them because of how deeply they could get their little hands into factory machinery.
Some people are literally targeted for harassment and murder because of some aspect of their identity, journalism, or activism. This isn't a hypothetical.
Here's one example from the top of my head:
https://www.independent.co.uk/news/world/middle-east/khashog...
Tl;Dr the dissident Khashoggi was infected with NSO malware before he was murdered by the Saudi government. That's a pretty clear violation of privacy in service of something I would guess you disagree with.
This story isn't an anomaly, I think if you looked into this further you would find innumerable privacy violations which bother you.
The stores are getting wiser about this. My local Fred Meyer (a Kroger brand now) has a fuel rewards program -- for every $100 you spend, you get 10 cents off per gallon on your next fillup. Given how expensive groceries are, a lot of people are saving more like 50 cents per gallon, not 4.
They've also started doing instant discounts at the register, which was something that Safeway aggressively did from the beginning. FM isn't quite that aggressive yet, but when I scan the shopper card just before paying, it isn't unusual for it to knock $20-30 off a $150 purchase.
If it really were just 4 cents a gallon, I expect less people would bother. But it's not. The stores are steadily increasing the penalty for shopping without a loyalty card.
Deleted Comment
Normal people don’t care if their metrics are being tracked - that is happening to practically everybody all day every day, and very few people are experiencing any direct and measurable negative consequences. In their defence, why should they weigh the hypothetical-risk above the real-benefits of giving up privacy (ie, convenience and price)?
I believe if the message of privacy advocates is to have any effect at all on normal people, we really need to start focussing on things that normal people care about, not hypothetical and philosophical arguments
Deleted Comment
Everyone should know how to use Tor, but we shouldn't have to, at least not all the time.
People's data is being farmed and their identity leaked and sold on the dark web, and they're probably not educated enough to care. That's what you want to preserve?
* Firefox ESR -- For sites that are necessarily linked to my identity, such as HN and shopping. Sometimes this also gets sites that don't have to be linked to me, such as if I'm too lazy to copy&paste a link from HN into Tor Browser. (Keyboard switching/starting: Mod+F)
* Tor Browser -- Almost everything else. This is the bulk of my traffic, and innocuous, not "he just switched to Tor Browser, so must be doing something interesting". (Keyboard switching/starting: Mod+W)
* Chromium -- This is my total subjugation browser, used when more-private&secure options fail for something I really need/want to access. No ad blockers, but some awful DRM enabled. Current used only for one obnoxious video streaming service. I would like to get rid of this browser entirely. (Keyboard starting intentionally discouraging: Mod+P C H R O M Enter)
My vintage laptop can handle all 3 at once, just fine. Though I usually make them short-lived -- to reduce clutter, free compute resources, and clear trackers.
That's the personal laptop. My work laptops will partition browser use differently, such as for whatever the current Web development needs, and keeping all-day corporate SaaSes (e.g., GitLab, and mandated Web apps) open in one browser, while making another browser for short-lived public Web browsing sessions.
There's also a place for Tor Browser on the work laptop, for public browsing about topics that you don't want to hypothetically leak to competitors, but some companies will flip out if they detect Tor on the corporate network.
Nobody that’s not halfway suicidal is running exit nodes on their home machines (I won’t, I don’t want police knocking on my door).
And just for the onionspace… yeah I saw some bad stuff there. After what I saw I don’t think anonymity is a good idea. There is darkness inside people that lack of rules, lack of order, lack of accountability brings out.
This is a somewhat one-sided way of thinking.
Tor is a tool that can be used for useful things as well as misused for bad things (like a knife or a truck). Now, leaving aside the fact that websites related to credit card fraud, child pornography, and terrorism also have a large presence on the Clearweb.
Also, I'd like to note that Instagram is a global hub for human trafficking, and the moderators' stories don't sound any more innocuous than the Onion stories.
I use Tor daily and abide by the law, but don't want to miss the anonymity or pseudonymity of a Whonix VM and a Tails session.
Since I've been hosting Tor Nodes since I was 14, I don't have to worry about showing up on blacklists of 3-letter organizations, since I've been on top for over a decade anyway.
Honest question: why do people host exit nodes when they aren't 14 anymore?
Given how dangerous it is to host one, and how little personal benefit one gets from it, I kinda assumed most exit nodes are hosted by three-letter agencies from various countries. Is that so? If not, how so?
In the end Toe is just a legacy project from the CIA/NSA that has outlived it's usefulness. The NSA has certainly redteamed all the ways to take it down or uncloak users, if needs be, so it's not even a tool against a potential fall into dictatorship of the USA.
Actually, this isn't true: Tor with private Snowflake bridges can be very effective against the Great Firewall. I'm an activist who works in this area and I've spoken with activists who were using it as recently as this year.
The issue is scaling bridge discovery, since any automated bridge discovery mechanism rapidly exposes available bridges to a determined censor. But any team doing high profile, notable, or sensitive work can find an individual or organization outside China to provide them with private bridges. So Tor is one effective option now for key activists in China, just not a mass-scale solution for everyone.
And as others have pointed out, Tor wouldn't scale if everyone was using it. Contrast this with I2P which not only would scale but become more resistant to DDOS attacks with the more nodes on the network. Unlike For, I2P has no distinction between nodes, mostly because it's not designed to be an outproxy. But no, let's keep insisting that everyone use a deep state tool with chronic flaws because reasons. /s
Deleted Comment
Maybe, but it's nothing in comparison the darkness that comes out of people who want rules and someone held accountable.
Any ideas for how to eradicate it without authoritarianism?
This extends to social networking too. As much angst as there is about moderation, it’s a feature people want.
I have yet to find something which lets you get a good peek at that data. Does anyone know of anything?
You don't need Tor to avoid advertisers. Blocking all cookies and browsing in private mode will get you 99% of the way there. Throw in an ad-blocking VPN and there's basically nothing anyone can know about you that you aren't explicitly sharing.
A VPN that has multiple users using the same IP simultaneously can help on this front, but I don't know how common this is? Basically emulating how Tor exit nodes work. Though even that is also almost certainly possible to break.
I had a look when I went in there a few years ago to disable all their collection and they basically know every website you go to.
You can see something similar with your Google ads profile, but only if you have personalized ads on. (I am sure they still have the profile on you, you just can't view it)
- Part of the protection Tor provides is due to having the single browser made specifically for Tor. Nearly everyone uses it; this gives you a sufficiently large crowd to blend into. There are fingerprintable clusters inside this crowd, but at least they are still large enough. By using any other browser, you make yourself stand out and even diminish the anonymity of the whole network a tiny bit. This can become a problem if enough people are using custom browsers. Brave in particular is also not restricted enough by default (no JS etc). Default settings for everyone matter.
- Brave's Tor feature wasn't thoroughly tested in real situations. AFAIK they had issues with it, and also warned users not to rely on it as it's not complete.
While I'm in agreeance with everything you've said it should be pointed out that Tor Browser doesn't ship with JS disabled either, it simply breaks so much of the web that they've concluded it's not reasonable for a browser to do by default if they want to attract new users.
Meanwhile, we know for certain that Firefox has played a role in multiple deanonymizations.
Deleted Comment
Further, there is no way to pre-emptively disable the cryptocoin elements on new profiles on the same Brave installation.