Jump to content
Not connected, Your IP: 18.119.125.61
pr1v

Tor or not Tor

Recommended Posts

I would like to know your opinions about using Tor or stop using it.

There are many "paranoid" voices today since Jacob Applebaum and other member (I don't remember his name but his opinion was not very good about how Tor was changing) are not in the project and even that they are collaborating with CIA. Yes, it sounds paranoid but who knows in this corrupt world...

The fact is that using Tor the agencies will target you more than not using it, but the same could happen with VPN,s. In this case, what are your opinions or cons about using or not using Tor nowadays?

Thanks

Share this post


Link to post

As long as nickm, mikep and arma are still writing 90% of the code, Tor will be fine.
Also with people like Bruce Schneier and Matt Blaze on the new board, I don't think it is getting taken over.

 

Bruce Schneier has a very solid background in terms of privacy advocacy, and in some areas his contributions

can be compared or exceed the ones made by EFF. So you should probably take the tinfoil hat off.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Thank you zhang888.

Anyway, many agencies can create a new tor service (even Snowden when working in NSA did it) to track all users. But of course we must trust the VPN we use too. Maybe the question would be if we should use only a VPN without using Tor. I was using VPN+Tor before but now I am not so sure if it's worse than only using the VPN. If my data can be passing through many malicious nodes then what's the best option between these two. Do we really need Tor?. I know I could be more anonymous but the opposite is also true when I am exposing myself to be a better target to some agencies out there. As we can see, Tor has been compromised many times before by NSA (maybe it still is) and when it's discovered many months had passed. Maybe VPN + Tor browser without tor (to avoid fingerprinting) is enough.

Share this post


Link to post

Malicious exit does not mean a compromised protocol as a whole.

Your "all or nothing" approach is not perfect as well, since it is a per-case and per-individual scenario.

Of course not, but what about Tor browser being compromised from time to time (it's too late when it's discovered) and more and more malicious exit nodes from different agencies?, adding that discovering you (and sooner or later I think you will be) will make you a target (forever?)

Share this post


Link to post

Hello !

 

OP the truth is that we're all being watched by someone or something and increasingly so.

 

No software is perfect either, regardless of if it's Tor or VPN software. But confining yourself to not using certain technologies, unless proven to be unsafe (such as the PPTP protocol), doesn't help you much necessarily. This is why we collectively have to fight for our rights, in each of our respective countries. If your argument for not using Tor is that you might get targeted more, then you might as well stop going online in a sense. If the same argument is made (and it has been) for VPNs, will you stop using them too?

 

Also, I don't think you're paranoid. Being a concerned and aware citizen is not being paranoid; that's simply what people in high places would like you to believe, in order to marginalise your opinion.

 

Furthermore, if there's a time to be paranoid for a good reason, these must surely be the times.

 

Air Staff always recommend a partition of trust. Using a VPN + Tor. This helps defeat malicious Tor nodes too. But it depends on what you're trying to achieve.

 

By the way, I should add that at least the Tor browser is hardened; especially compared to a normal browser. So if they're going to compromise you or anyone, you might as well make 'em work for it

 

Sent to you from me with datalove


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

If you are really worried you could get an account from a second vpn provider and run it in a virtual machine...partition of trust, i.e. both providers would have to be compromised to loose anonymity. Still worried? You could run AirVpn over TOR in your host machine and then run second vpn on virtual machine...5 hops in total...gonna be slow. If you're still worried, well you're up to some really dangerous shit like leading Ukrainian independence, promoting Chinese democracy. or overthrowing Putin (buy a good life insurance policy and don't eat anything you haven't cooked yourself)....only access the net from an open public wifi with no cameras after spoofing your MAC address. There's more you could do, but at that point you need to be willing to practice a complex and demanding security protocol. Luck.

Share this post


Link to post

Kepler_452b, TobysNose: You missed my point. I am only worried if Tor could be a worse option, that's all, and if it's better to ONLY use VPN. And this was from the latest news about Tor. If I was so worried about anonymity then I would not say to ONLY run a VPN and about "paranoid voices", I would have asked something like Kepler answered.

LZ1: good answer, thanks.

Share this post


Link to post

 

pr1v, your question is too vague and too black and white as zhang said. I would be reluctant to use TOR by itself for something important...both entry and exit nodes could be compromised. But it really depends who you are trying to defend yourself from. What is your threat model?

 

Share this post


Link to post

pr1v, your question is too vague and too black and white as zhang said. I would be reluctant to use TOR by itself for something important...both entry and exit nodes could be compromised. But it really depends who you are trying to defend yourself from. What is your threat model?

Well, I mean in the daily use with my computer, for everything. I never use my real IP in my computer, it's filtered with iptables and only allow internet in tun0 with AirVPN. And as I said, I was using Tor over AirVPN to add more security in the case my IP could be exposed or AirVPN itself compromised. But as you are answering and I said, many nodes can be compromised and it's easy to create a node by everyone. I know that Tor check for malicious nodes but I also know that Tor has been compromised before, and when they knew was months after it happened. So, my question was if maybe using only AirVPN in my computer would be enough and more secure in my communications than using AirVPN + Tor, and more when there are some suspicious thoughts about how Tor is changing these days. Using only AirVPN would be more direct, yes, but less malicious servers in the net too. So, I was thinking about it and I wanted to know your opinions.

Share this post


Link to post

 

 

 

Tor has been compromised before, and when they knew was months after it happened.

Please explain.

I don't remember well the date or year, so I searched it, an example:

https://invisibler.com/tor-compromised/

This is just yellow press blog that tries to make it as dramatic as possible.

Here is the official attack statement and analysis:

 

https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

 

"Together these relays summed to about 6.4% of the Guard capacity in the network."

 

In order for you to be vulnerable to this attack, you have to be unlucky enough to use a circuit out of all

~4k that included a combination of at least 2 of those malicious 6% ones. Can be a good statistical value

of de-anonymized users but very unpractical to target a specific individual with this kind of attack.

Especially when now there are tools to detect and automatically block relays that have the same

characteristics, like same /16 or same ASN.

 

https://nymity.ch/sybilhunting/


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Many "don't know" and "believe" in the official statement. Of course they make their investigations and they think x and y, but not totally sure about it.

And as you know these past months there was a 0-day against Tor browser. Do you know something more about it and if it ended well, or nothing yet?.

In my opinion it's not difficult to be hacked when using Tor, and if you are hacked 1 time you will be a target, maybe forever.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...