this post was submitted on 29 Jul 2023
269 points (100.0% liked)

Technology

34978 readers
53 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] shapesandstuff@feddit.de 49 points 1 year ago (6 children)

So when I first learned about TOR almost 10 years ago in uni, it was said to be compromised to a significant extent by secret services holding entry and exit nodes.

Is that not true anymore?

[–] worfamerryman@beehaw.org 25 points 1 year ago (1 children)

I’ve hear something similar. I think I read that the US Air Force has a bunch of nodes or something.

Additionally I don’t really understand what I would use it for if I already have a vpn and how it might put me a risk of legal trouble if I’m using it and someone routes something bad through me while I’m using it…

I’m not even sure how to talk about it.

I am decently technical, I just don’t know this tech.

[–] NateSwift@beehaw.org 35 points 1 year ago (3 children)

Disclaimer that I haven’t used Tor in a while, do your own research, etc

The US navy designed and open sourced the Tor network. If all the traffic meant to be anonymous was coming from the US navy it doesn’t work well as an anonymizer. There’s been various claims that they have backdoors over the years, but to my knowledge none have held water.

Unless you’re running an exit node (which requires different software than the Tor browser) other people’s traffic isn’t getting routed through you so you’re fine legally.

VPNs are not very good at protecting you from the websites or services you connect to. They’re best used to hide where you’re connecting to from your ISP. Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.

The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot

[–] kent_eh@lemmy.ca 5 points 1 year ago

The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot

That's why I never continued to use it after the times I experimented with Tor.

[–] sudo 2 points 1 year ago (1 children)

Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.

But can't you just spoof most of that if you really want to? If you're putting in the effort to be concerned with anonymity.

[–] worfamerryman@beehaw.org 2 points 1 year ago (2 children)

Thanks for summarizing this for me. I think I could just use a vpn and librewolf to accomplish what you are talking about with the tor browser.

Librewolf wipes everything once it’s closer and it pretty basic if you use the default settings.

Are people using it to casually browse Lemmy and stuff?

[–] ReversalHatchery@beehaw.org 6 points 1 year ago

I use librewolf, but for me the first thing to change was to do not delete things on exit. I'm looking for a better firefox, not a lighter tor browser

[–] DestroyMegacorps@lemmy.ml 5 points 1 year ago

Theres also the mullvad browser which is just tor browser without the tor part

[–] seasonone@opidea.xyz 5 points 1 year ago (3 children)

Most of the nodes are hosted by Tor Foundation itself

[–] magmaus3@szmer.info 9 points 1 year ago

[citation needed]

[–] shapesandstuff@feddit.de 2 points 1 year ago (1 children)

Is there any way to check that?

[–] seasonone@opidea.xyz 10 points 1 year ago* (last edited 1 year ago)

Yup. You can check a lot of stat about a node on tor website. https://metrics.torproject.org/

If true, I'm not happy about that. I want lots of different owners so it's harder to compromise the network by compromising a single entity.

[–] Gargari@lemmy.ml 5 points 1 year ago (2 children)
[–] krash@lemmy.ml 4 points 1 year ago

Compare and use the right service for your needs: https://geti2p.net/en/comparison/tor

[–] shapesandstuff@feddit.de 1 points 1 year ago* (last edited 1 year ago)

Interesting, ty

[–] cambionn@feddit.nl 5 points 1 year ago (1 children)

I also heared that bit about the secret service owning nodes a few years ago. It was trough a teacher that's also really in the stuff outside of teaching, and has a network of non-teaching proffesionals in the field.

It's something to keep in mind, at the very least. Tor already has some weaknesses anyways. You shouldn't trust it blindly just because it's Tor. If anything, I think it more has a false rep for how strong it is over struggling with a stigma.

[–] shapesandstuff@feddit.de 3 points 1 year ago

It was pretty much the same context for me, yeah.

Opsec always applies

[–] dwindling7373@feddit.it 3 points 1 year ago (2 children)

Aren't bridges meant to prevent that?

[–] shapesandstuff@feddit.de 8 points 1 year ago

Iirc holding both the entry and exit of a routed connection, you can in theory match traffic going through, which would let you connect a user to the server/site they are connecting to. It might still be encrypted at that point, idk the details anymore.

[–] itchy_lizard@feddit.it 1 points 1 year ago

No, bridges are meant to bypass censorship

[–] itchy_lizard@feddit.it 2 points 1 year ago (1 children)

I don't think a single credible source has shown this to be a vulnerability. You're talking about an attack that would cost, what, millions of dollars to run per day?

[–] shapesandstuff@feddit.de 2 points 1 year ago (1 children)

Dunno if it's all that expensive when there are hundreds of nodes on several individual malicious networks confirmed https://nusenu.medium.com/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac

[–] itchy_lizard@feddit.it 2 points 1 year ago (1 children)

You'd need much more than hundreds of nodes.

[–] shapesandstuff@feddit.de 1 points 1 year ago

The graph tracks exit probability and the article speaks about the matter, especially what you're referencing. Check it out.