pr1v 36 Posted ... I would like to know your opinions about using Tor or stop using it. There are many "paranoid" voices today since Jacob Applebaum and other member (I don't remember his name but his opinion was not very good about how Tor was changing) are not in the project and even that they are collaborating with CIA. Yes, it sounds paranoid but who knows in this corrupt world... The fact is that using Tor the agencies will target you more than not using it, but the same could happen with VPN,s. In this case, what are your opinions or cons about using or not using Tor nowadays? Thanks 1 OmniNegro reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... As long as nickm, mikep and arma are still writing 90% of the code, Tor will be fine.Also with people like Bruce Schneier and Matt Blaze on the new board, I don't think it is getting taken over. Bruce Schneier has a very solid background in terms of privacy advocacy, and in some areas his contributionscan be compared or exceed the ones made by EFF. So you should probably take the tinfoil hat off. 1 OmniNegro reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
pr1v 36 Posted ... Thank you zhang888.Anyway, many agencies can create a new tor service (even Snowden when working in NSA did it) to track all users. But of course we must trust the VPN we use too. Maybe the question would be if we should use only a VPN without using Tor. I was using VPN+Tor before but now I am not so sure if it's worse than only using the VPN. If my data can be passing through many malicious nodes then what's the best option between these two. Do we really need Tor?. I know I could be more anonymous but the opposite is also true when I am exposing myself to be a better target to some agencies out there. As we can see, Tor has been compromised many times before by NSA (maybe it still is) and when it's discovered many months had passed. Maybe VPN + Tor browser without tor (to avoid fingerprinting) is enough. 1 OmniNegro reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... Malicious exit does not mean a compromised protocol as a whole.Your "all or nothing" approach is not perfect as well, since it is a per-case and per-individual scenario. 1 OmniNegro reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
pr1v 36 Posted ... Malicious exit does not mean a compromised protocol as a whole.Your "all or nothing" approach is not perfect as well, since it is a per-case and per-individual scenario.Of course not, but what about Tor browser being compromised from time to time (it's too late when it's discovered) and more and more malicious exit nodes from different agencies?, adding that discovering you (and sooner or later I think you will be) will make you a target (forever?) Quote Share this post Link to post
LZ1 672 Posted ... Hello ! OP the truth is that we're all being watched by someone or something and increasingly so. No software is perfect either, regardless of if it's Tor or VPN software. But confining yourself to not using certain technologies, unless proven to be unsafe (such as the PPTP protocol), doesn't help you much necessarily. This is why we collectively have to fight for our rights, in each of our respective countries. If your argument for not using Tor is that you might get targeted more, then you might as well stop going online in a sense. If the same argument is made (and it has been) for VPNs, will you stop using them too? Also, I don't think you're paranoid. Being a concerned and aware citizen is not being paranoid; that's simply what people in high places would like you to believe, in order to marginalise your opinion. Furthermore, if there's a time to be paranoid for a good reason, these must surely be the times. Air Staff always recommend a partition of trust. Using a VPN + Tor. This helps defeat malicious Tor nodes too. But it depends on what you're trying to achieve. By the way, I should add that at least the Tor browser is hardened; especially compared to a normal browser. So if they're going to compromise you or anyone, you might as well make 'em work for it Sent to you from me with datalove 3 OmniNegro, Kepler_452b and cm0s reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
Kepler_452b 77 Posted ... If you are really worried you could get an account from a second vpn provider and run it in a virtual machine...partition of trust, i.e. both providers would have to be compromised to loose anonymity. Still worried? You could run AirVpn over TOR in your host machine and then run second vpn on virtual machine...5 hops in total...gonna be slow. If you're still worried, well you're up to some really dangerous shit like leading Ukrainian independence, promoting Chinese democracy. or overthrowing Putin (buy a good life insurance policy and don't eat anything you haven't cooked yourself)....only access the net from an open public wifi with no cameras after spoofing your MAC address. There's more you could do, but at that point you need to be willing to practice a complex and demanding security protocol. Luck. Quote Share this post Link to post
me.moo@posteo.me 80 Posted ... or buy a spaceship and believe evolutionary crap that life springs from inanimate material and go live in Andromeda or surrounding areas 1 go558a83nk reacted to this Quote Share this post Link to post
pr1v 36 Posted ... Kepler_452b, TobysNose: You missed my point. I am only worried if Tor could be a worse option, that's all, and if it's better to ONLY use VPN. And this was from the latest news about Tor. If I was so worried about anonymity then I would not say to ONLY run a VPN and about "paranoid voices", I would have asked something like Kepler answered.LZ1: good answer, thanks. Quote Share this post Link to post
Kepler_452b 77 Posted ... pr1v, your question is too vague and too black and white as zhang said. I would be reluctant to use TOR by itself for something important...both entry and exit nodes could be compromised. But it really depends who you are trying to defend yourself from. What is your threat model? Quote Share this post Link to post
pr1v 36 Posted ... pr1v, your question is too vague and too black and white as zhang said. I would be reluctant to use TOR by itself for something important...both entry and exit nodes could be compromised. But it really depends who you are trying to defend yourself from. What is your threat model?Well, I mean in the daily use with my computer, for everything. I never use my real IP in my computer, it's filtered with iptables and only allow internet in tun0 with AirVPN. And as I said, I was using Tor over AirVPN to add more security in the case my IP could be exposed or AirVPN itself compromised. But as you are answering and I said, many nodes can be compromised and it's easy to create a node by everyone. I know that Tor check for malicious nodes but I also know that Tor has been compromised before, and when they knew was months after it happened. So, my question was if maybe using only AirVPN in my computer would be enough and more secure in my communications than using AirVPN + Tor, and more when there are some suspicious thoughts about how Tor is changing these days. Using only AirVPN would be more direct, yes, but less malicious servers in the net too. So, I was thinking about it and I wanted to know your opinions. Quote Share this post Link to post
zhang888 1066 Posted ... Tor has been compromised before, and when they knew was months after it happened. Please explain. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
pr1v 36 Posted ... Tor has been compromised before, and when they knew was months after it happened.Please explain.I don't remember well the date or year, so I searched it, an example: https://invisibler.com/tor-compromised/ Quote Share this post Link to post
cm0s 118 Posted ... use as many layers as ya can cheerz 1 Kepler_452b reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... Tor has been compromised before, and when they knew was months after it happened.Please explain.I don't remember well the date or year, so I searched it, an example:https://invisibler.com/tor-compromised/This is just yellow press blog that tries to make it as dramatic as possible.Here is the official attack statement and analysis: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack "Together these relays summed to about 6.4% of the Guard capacity in the network." In order for you to be vulnerable to this attack, you have to be unlucky enough to use a circuit out of all~4k that included a combination of at least 2 of those malicious 6% ones. Can be a good statistical valueof de-anonymized users but very unpractical to target a specific individual with this kind of attack.Especially when now there are tools to detect and automatically block relays that have the samecharacteristics, like same /16 or same ASN. https://nymity.ch/sybilhunting/ Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
pr1v 36 Posted ... Many "don't know" and "believe" in the official statement. Of course they make their investigations and they think x and y, but not totally sure about it. And as you know these past months there was a 0-day against Tor browser. Do you know something more about it and if it ended well, or nothing yet?. In my opinion it's not difficult to be hacked when using Tor, and if you are hacked 1 time you will be a target, maybe forever. Quote Share this post Link to post