this post was submitted on 29 Jul 2023
87 points (92.2% liked)

Technology

59232 readers
3899 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 1 year ago (3 children)

Evidence for your claims, please.

[–] [email protected] 14 points 1 year ago (2 children)

Here's a video referring to OPs opinion that the tor network is compromised.

Not proof, but reasonable explanation for why people believe this to be the case.

https://youtu.be/pvBAaUPzvBQ

[–] [email protected] 13 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/pvBAaUPzvBQ

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] -3 points 1 year ago* (last edited 1 year ago)

I typically don't have the time to watch videos but I did in this case. It's not wrong. The question is: what is your threat model?

First, Tor is not designed to protect you from a global passive adversary nevermind an active one. Global network probes can be used to identify individual sessions by traffic timing correlations. Locating hidden services is quite easy that way, since they're sitting ducks. It is fairly easy to remotely compromise hidden service marketplaces for TLA players and/or use physical access to hardware and/or operators to make them cooperate with LEOs.

If you are trying to avoid ISP level snooping and blocking, advertisers, Google and national scale actors then Tor is the right tool to use. And by all means, do run your own relays to help the network. The more relays we have, the harder the attack.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (2 children)

I said suspicion, not evidence. The suspicion arises when you try to answer the following 2 basic questions:

  • Who wants to deanonymize TOR users the most?
  • Who has the resources to run TOR servers and provide the service for free and why?

Or put another way, apart from a few idealists like the Calyx Institute, nobody in their right mind would foot the bill to run servers mostly used by hackers and pedos. Therefore, the most likely operators are law enforcement and nefarious barely-constitutional three-letter agencies.

[–] [email protected] 6 points 1 year ago

TLAs, LEOs and criminals are both Tor end users and have an interest in attacking Tor users.

Everybody has the resources to run Tor relays and even exits, though the latter can become a massive legal nuisance. Servers are cheap. Read the Tor mailing list archives.

As to 'mostly used by hackers and pedos', please provide the evidence. Factual one, not non-sequiturs based on faulty assumptions.

[–] [email protected] 1 points 1 year ago

Regarding your second point, I worked in IT at a large university about 15 years ago and set up an exit node briefly on a spare system I had. The IT security team tracked it down fairly quickly because of the sudden flurry of malicious traffic associated with it. So I had to shut it down fairly soon after I fired it up.

Most networks are likely going to have a similar reaction if running an exit node results in malicious activity on those networks. Ask yourself - who would willingly allow that to happen? It wouldn’t surprise me if the answer is organizations that want to monitor that traffic for one reason or another.

[–] [email protected] -2 points 1 year ago

Idk if the NSA runs all those exit nodes but this is definitely not the first time I've heard that it isn't secure. Luckily I have nothing to hide so I use Google for everything and send them a daily summary of my offline activities in case they missed anything.