269
Tor’s shadowy reputation will only end if we all use it | Engadget (www.engadget.com)
submitted 11 months ago by seasonone@opidea.xyz to c/technology@lemmy.ml
54 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[-] Skimmer@lemmy.zip 94 points 11 months ago* (last edited 11 months ago)

I just don't think Tor Browser is currently suited as a primary browser for most people. You lose things like staying logged into websites, you can't (or at least shouldn't) really add extensions like a good content blocker, you generally can't tweak or customize the browser to your liking, etc. Plus factor in things like the slow speeds, being blocked by websites, bombarded with captchas everywhere, etc, and it just becomes a harder and harder sell for a lot of average people.

Tor Browser's great and it absolutely has its need and purpose, I'm not trying to knock it for that at all because it works damn well for what it is and what it tries to do, but I just think its hard to be using as a primary browser and daily driver in its current form, at least for a lot of people.

load more comments (1 replies)
[-] shapesandstuff@feddit.de 49 points 11 months ago

So when I first learned about TOR almost 10 years ago in uni, it was said to be compromised to a significant extent by secret services holding entry and exit nodes.

Is that not true anymore?

[-] worfamerryman@beehaw.org 25 points 11 months ago

I’ve hear something similar. I think I read that the US Air Force has a bunch of nodes or something.

Additionally I don’t really understand what I would use it for if I already have a vpn and how it might put me a risk of legal trouble if I’m using it and someone routes something bad through me while I’m using it…

I’m not even sure how to talk about it.

I am decently technical, I just don’t know this tech.

[-] NateSwift@beehaw.org 35 points 11 months ago

Disclaimer that I haven’t used Tor in a while, do your own research, etc

The US navy designed and open sourced the Tor network. If all the traffic meant to be anonymous was coming from the US navy it doesn’t work well as an anonymizer. There’s been various claims that they have backdoors over the years, but to my knowledge none have held water.

Unless you’re running an exit node (which requires different software than the Tor browser) other people’s traffic isn’t getting routed through you so you’re fine legally.

VPNs are not very good at protecting you from the websites or services you connect to. They’re best used to hide where you’re connecting to from your ISP. Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.

The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot

[-] kent_eh@lemmy.ca 5 points 11 months ago

The biggest issue for day to day use for me is how slow it is. Because your traffic is being routed through 3-5 nodes before getting to its destination overall speed and latency suffer a lot

That's why I never continued to use it after the times I experimented with Tor.

[-] worfamerryman@beehaw.org 2 points 11 months ago

Thanks for summarizing this for me. I think I could just use a vpn and librewolf to accomplish what you are talking about with the tor browser.

Librewolf wipes everything once it’s closer and it pretty basic if you use the default settings.

Are people using it to casually browse Lemmy and stuff?

[-] ReversalHatchery@beehaw.org 6 points 11 months ago

I use librewolf, but for me the first thing to change was to do not delete things on exit. I'm looking for a better firefox, not a lighter tor browser

[-] DestroyMegacorps@lemmy.ml 5 points 11 months ago

Theres also the mullvad browser which is just tor browser without the tor part

[-] sudo 2 points 11 months ago

Modern fingerprinting using things like browsing habits, installed software, web browser size, cookies, etc is barely effected by VPNs and the Tor browser takes care of an minimizes lots of those tools.

But can't you just spoof most of that if you really want to? If you're putting in the effort to be concerned with anonymity.

[-] seasonone@opidea.xyz 5 points 11 months ago

Most of the nodes are hosted by Tor Foundation itself

[-] magmaus3@szmer.info 9 points 11 months ago

[citation needed]

[-] shapesandstuff@feddit.de 2 points 11 months ago

Is there any way to check that?

[-] seasonone@opidea.xyz 10 points 11 months ago* (last edited 11 months ago)

Yup. You can check a lot of stat about a node on tor website. https://metrics.torproject.org/

[-] sugar_in_your_tea@sh.itjust.works 1 points 11 months ago

If true, I'm not happy about that. I want lots of different owners so it's harder to compromise the network by compromising a single entity.

[-] Gargari@lemmy.ml 5 points 11 months ago

Try i2p

[-] krash@lemmy.ml 4 points 11 months ago

Compare and use the right service for your needs: https://geti2p.net/en/comparison/tor

load more comments (1 replies)
[-] cambionn@feddit.nl 5 points 11 months ago

I also heared that bit about the secret service owning nodes a few years ago. It was trough a teacher that's also really in the stuff outside of teaching, and has a network of non-teaching proffesionals in the field.

It's something to keep in mind, at the very least. Tor already has some weaknesses anyways. You shouldn't trust it blindly just because it's Tor. If anything, I think it more has a false rep for how strong it is over struggling with a stigma.

[-] shapesandstuff@feddit.de 3 points 11 months ago

It was pretty much the same context for me, yeah.

Opsec always applies

[-] dwindling7373@feddit.it 3 points 11 months ago

Aren't bridges meant to prevent that?

[-] shapesandstuff@feddit.de 8 points 11 months ago

Iirc holding both the entry and exit of a routed connection, you can in theory match traffic going through, which would let you connect a user to the server/site they are connecting to. It might still be encrypted at that point, idk the details anymore.

load more comments (1 replies)
[-] itchy_lizard@feddit.it 2 points 11 months ago

I don't think a single credible source has shown this to be a vulnerability. You're talking about an attack that would cost, what, millions of dollars to run per day?

[-] shapesandstuff@feddit.de 2 points 11 months ago

Dunno if it's all that expensive when there are hundreds of nodes on several individual malicious networks confirmed https://nusenu.medium.com/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac

[-] itchy_lizard@feddit.it 2 points 11 months ago

You'd need much more than hundreds of nodes.

[-] shapesandstuff@feddit.de 1 points 11 months ago

The graph tracks exit probability and the article speaks about the matter, especially what you're referencing. Check it out.

[-] Zeth0s@reddthat.com 16 points 11 months ago

Problem is that many sites don't work because of anti-ddos and anti bot measures.

It is a pity

[-] LoafyLemon@kbin.social 4 points 11 months ago

Cloudflare is pretty TOR-friendly, they even offer onion routing for your website.

https://developers.cloudflare.com/support/firewall/learn-more/understanding-cloudflare-tor-support-and-onion-routing/

[-] itchy_lizard@feddit.it 1 points 11 months ago

Yeah, we need to make it illegal to block someone from doing a simple GET request just because they're using a privacy tool.

It should only be legal to block access based on how you act, not based on how you look.

[-] bleistift2@feddit.de 14 points 11 months ago

I’d feel bad using the Tor network for everyday browsing. I think it should be reserved for people who really need it to protect themselves.

[-] seasonone@opidea.xyz 55 points 11 months ago

No. Use it for everyday tasks. If Tor is used by only people who need them, they will be easily detected. The whole reason US Navy released Tor to public was so normal users can scramble the usage detection. One more advantage is that right now lot of website block tor users if more users will use tor then they might stop it.

[-] Synopsis0795@lemmy.ml 8 points 11 months ago

Won't it cause browsing to much slower than it normally is?

[-] Dreyns@lemmy.ml 23 points 11 months ago

More usage means more visibility which means more recognition and thus more funding

[-] GeekyNerdyNerd@sh.itjust.works 9 points 11 months ago

A slower connection is better than ending up in prison, the re-education camps or worse, beheaded.

Without average Joe's using it for nonsense Tor usage is basically a neon sign saying "I'm doing something worth hiding. Come and kill me."

[-] shapesandstuff@feddit.de 9 points 11 months ago

Maybe, but the added obfuscation is probably worth it to the people who need it.

It's not meant to be a high performance browser amyway

[-] amanneedsamaid@sopuli.xyz 3 points 11 months ago

This is an incorrect, unrealistic way to view this. By using the Tor network normally (you argument certainly applies to doing overly traffic intensive tasks like torrenting over Tor) you are normalizing its use, protecting those who really rely on it. If the only people using Tor were criminals and people who needed the protection, listening on Wifi networks for connections to Tor could lead to immediate prosecution (look what the UK is trying to do with encrpytion, and that French case where all of the evidence against a suspect was use of open source technology like Tor.) By default, Tor does not hide the fact its being used from your network (thats what a bridge is for), so the more people use Tor, the safer everyone is.

If you really want to help those that need Tor's protection, run Snowflake on your desktop or Orbot's 'kindness' on Android. This allows users to use your device as a bridge, bypassing censorship in other countries / networks.

[-] ComradeR@lemmy.ml 8 points 11 months ago

Sorry if my question is stupid, but can I use it as a "regular" browser (like Chrome, Mozilla, Opera, etc) on my Android smartphone?

[-] intothesky@lemmy.ml 12 points 11 months ago

Yes, but you lose all data after exit

[-] itchy_lizard@feddit.it 1 points 11 months ago

Yes, that's the point.

load more comments (1 replies)
[-] Nr97JcmjjiXZud@infosec.pub 4 points 11 months ago

You can, but you really shouldn't.

[-] ComradeR@lemmy.ml 4 points 11 months ago

Why?

[-] Xylight@lemmy.xylight.dev 14 points 11 months ago

It's meant for you to be completely anonymous. Logging in to stuff would defeat the whole purpose of TOR, as it would associate your activity with the account you logged into. When browsing sites without really needing to interact, it's good, as the sites cannot track you easily.

load more comments (1 replies)
[-] StoicLime@lemm.ee 8 points 11 months ago

I would use it if it wasn't so slow. I get that it's slow because of the security, but that's precisely the reason it can never be my primary browser.

[-] JoMiran@lemmy.ml 7 points 11 months ago

Is there an index of Tor network only sites?

[-] itchy_lizard@feddit.it 2 points 11 months ago

Yes. Alec Muffett was the guy who setup the most popular Tor darkent site: Facebook. I think he did Twitter's too. He maintains an excellent list.

https://github.com/alecmuffett/real-world-onion-sites

[-] Spendrill@lemm.ee 7 points 11 months ago

We'll see if Google's new efforts manage to kill the thing.

[-] itchy_lizard@feddit.it 2 points 11 months ago

The US government would never allow Tor to die. They need it to conduct ~terrorism~ cyberwarfare

[-] blobjim@lemmygrad.ml 4 points 11 months ago

The reason why Tor is publicly available is to get lots of people using to better hide western intelligence agency traffic. So this article is basically stenography for the CIA. It may be secure or whatever, but you're essentially helping US assets hide their internet traffic.

[-] itchy_lizard@feddit.it 2 points 11 months ago* (last edited 11 months ago)

You're looking at it from the wrong end.

In fact, the international intelligence community is helping me to launder my drug purchasing traffic.

[-] vd1n@lemmy.ml 1 points 11 months ago

Existence is chaos anyway. Not saying I don't feel what you say. I'm indifferent. Respectable 1st governing is a thing of the past.

[-] CookieJarObserver@sh.itjust.works 2 points 11 months ago

Its good that not everyone uses it because otherwise the notes would run hot.

load more comments
view more: next ›
this post was submitted on 29 Jul 2023
269 points (100.0% liked)

Technology

33638 readers
232 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
MinutePhrase@lemmy.ml