This opinion is controversial, and I’m not going to go into all of the reasons why, but unless you REALY know what you’re doing Tor can’t be trusted.
I’d wager only 1% of people on Hacker News would be capable of using a Tor setup for more than a day without getting owned.
You’re better off buying a burner iPod or iPad, stick to public wifi spots, and factory reset it once a week. Even then, watch what you type since vocabulary is fingerprintable.
Do you by any chance have any refs or links at hand explaining the topic more into depth. There are quite a lot on Tor www but covering more common use.
If you're good enough to understand how to use Tor securely you're good enough to know why random "newbuser"s shouldn't be on it. Tor is far more fingerprintable than people think it is and its riddled with adversaries and malware. Even if you're good you have a separate problem now: Keeping the USG et al from painting a target on you.
It isn't worth it.
You're in league with wannabe terrorists, misguided natsec journalists, blackhats, child pornographers. For what? What problem are you solving that warrants this heat?
Just use a burner iPad and wipe it frequently. If you're truly paranoid light up a DigitalOcean droplet with a pre-paid credit card and a false name and install OpenVPN on it make an image and cycle your IP. But short of being both a data scientist & cybersec expert (or an actual state actor with training from both) you aren't going to stay black from the NSA and to pretend otherwise is stupid.
> Tor is far more fingerprintable than people think it is
You seem to have no idea about the existence of pluggable transports.[1][2]
> and its riddled with adversaries and malware.
Yes, and so is I2P... Freenet... the Internet?
> Even if you're good you have a separate problem now: Keeping the USG et al from painting a target on you.
Isn't that an argument for using Tor? As Mike Perry (who works now on the vanguard proposal implementation) puts it, "we want enough people to actually use Tor Browser such that it becomes less interesting that you're a Tor user. We have plenty of academic research and mathematical proofs that tell us quite clearly that the more people use Tor, the better the privacy, anonymity, and traffic analysis resistance properties will become."
> Just use a burner iPad and wipe it frequently. If you're truly paranoid light up a DigitalOcean droplet with a pre-paid credit card and a false name and install OpenVPN on it make an image and cycle your IP.
Your IP will be known since you connect directly using your IP to the droplet. Also doesn't protect you from browser fingerprinting which alone may have leaked enough information to identify you.
[2] : https://www.pluggabletransports.info/ (really good folks work on them, and we should appreciate the amount of work that they put in obfs research)
I've been on HN for almost 10 years. You aren't going to get a cut and dry answer from most pros because most pros aren't going to post things in public forums. Pluggable transports have nothing to do with it. I've actually helped defenders against Tor based attackers. I've de-anon'd them. It was easy as fucking shit because most attackers are dumb and the Tor browser isn't 0day proof or as network isolated as people think it is.
Who is your adversary and what are the costs you are willing to bear to hide from them?
There are very few answers to that question that come out with: "Use Tor"
For the 99.9% of adversaries having a wipeable iPad will stop browser fingerprinting and switching up IPs or cafes will stop IP tracking. It wont stop network attacks, but you'll be pretty safe from 0days. For most journalists (or even drug dealers) it's the right approach.
"For the 99.9% of adversaries having a wipeable iPad will stop browser fingerprinting and switching up IPs or cafes will stop IP tracking."
Down my way, the streets are littered with cameras and I suspect they can match time and IP address and id you easily. This is the same in most industrialized nations probably.
(Not hiding from anybody here, just a thought experiment)
Edit: Very frequently the Police will ask for drivers who have in-car cameras when there is a crime or accident. And a lot of them do have cameras. In Australia.
The theory is that making your computer less finger printable and hence less unique is near impossible compared to a iPad you wipe on every use (you still have to use the iPad for other things). https://panopticlick.eff.org/ is pretty scary I'm almost always unique unless I do a trick like that.
An iPAd or any mobile device, including Android or Windows Mobile ones, runs mostly off closed software and drivers. You can wipe it completely but if the network device firmware instructs it to send a small magic packet somewhere to tell which terminal is that and where to find it, you're lost. If it had eavesdropping malware on it, it will be installed back with the next upgrade.
Unless one can set up packet inspection and filtering on a mobile network, and manufacturers release everything (hardware+firmware+software) as open source, there's no way to have security on any mobile device, including those sold as super secure.
This sadly also applies to bench PCs too, although the choice of the OS to install and being able to implement filtering lessens the problem just a bit.
And while ios might be a harder target for malware, Safari has plenty of problems -- such as inability to block JS unless needed, no adblocking. And iOS is quite chatty, sends all sorts of info back to Apple. No potential to filewall at all.
Of course you can. This is the argument used by governments in the UK and other countries, e.g. for key disclosure law (it’s illegal to possess encrypted data which you are unable to decrypt upon demand).
Even 5 - 10 years ago, basic disk encryption was seen as pretty sophisticated, in a “what’s at risk if you’re willing to do that?” kind of way. Now it’s standard. You can say similar things for 50 char randomized passwords encrypted on the client, TPMs, TLS by default, etc. etc.
The ratios are likely to change over time as more people realize that their privacy is important.
> To bolster your argument in a non-technical way: if Tor made users untrackable by US intelligence, would US intelligence really keep funding it?
Maybe; if US intelligence's high-value targets can be targetted by means that Tor does not protect (compromising endpoints, emissions-based techniques, etc.), and Tor provides US intelligence agents a way to exfiltrate information in a way immune to any but more involved, specifically targetted techniques, it might still be valuable to both have Tor exist and have it used by enough people not on US intelligence payroll that it's mere use didn't finger people as agents.
You have to remember that US intelligence does more than monitor people's communications, it also needs communication channels that are accessible, unmonitored, and deniable for its own agents.
Right, that's the theory, and certainly they do need users on Tor to create noise for their own agents. But considering their nonstop drive to weaken other forms of encryption and insert backdoors, I'd be a little bit cautious about taking that at face value if I wanted to start the next Silk Road.
" if Tor made users untrackable by US intelligence, would US intelligence really keep funding it?"
On top of dragonwriter's answer, I'll point out that "U.S. intelligence" doesn't exist as one entity in the way you ask that question. There are a number of groups that cooperate in some ways and compete or just diverge in others. The NSA and FBI want Tor cracked the most to find their targets. Whereas, the State Dept and/or the CIA that back Tor's funding want to protect both dissidents and assets overseas from state-level agencies monitoring communications. They need it to be unbreakable for some set of nation-state attackers.
Now, that doesn't mean that it needs to be unbreakable for the NSA, etc. The original guidance I read on Tor even warned that global adversaries would probably break it. The Many Eyes collaborations have visibility into a lot of the network. They're probably also honeypotting it with high-bandwidth links. It's also written in a tricky protocol in unsafe language on OS's done similarly running untrustworthy apps. They'll probably always have attacks on it for at least worthwhile targets even if State and CIA don't want that. It will still be valuable in many threat models, including NSA if combined with other methods. Especially if about delaying rather than permanently denying them info.
Of course it is true that US intelligence is far from monolithic, but I think it's a useful-enough abstraction for the purpose of thinking about the issue.
There is a wide and growing gulf between what cyber experts know and what the tech savvy public knows. The world is changing so fast right now you almost need to invent your adversary's tools to be free from them.
If you're talking with large numbers of people that don't trust Tor then it speaks more to the quality of your friends than it does about the prevalence of this opinion.
Even if you use it perfectly, between fingerprinting techniques which could be used to cross-reference your logged-in "normal" use and some of the communications Yasha Levine dug up (showing that Tor gave intelligence services early notice of vulnerabilities that had not been patched), I would be sure someone couldn't pierce the veil of anonymity.
That article is four years old. This claim I heard in an interview from him for his book that just came out (he got a bunch of e-mails through FOIA requests, as I understand it), and isn't addressed by this "very concise refutation." And some of the claims seem a little bit of a stretch (using the "Gate" suffix is a nod to Gamergate?
Isn't it more plausible that this is the same reference to Watergate that's been applied to every political scandal since 1973?). And it seems like that article mostly agrees with all the factual claims it examines but disagrees with the interpretation or their level of significance, rather than exposing anything as a falsehood.
> That still doesn't contradict the fact that using Tor is better than not.
Is it a fact? If Tor achieves nothing for someone trying to hide from the government except announcing that you have something you want to hide (is that the case? I don't pretend to be certain, but it seems possible) then I'm not sure it's better.
I haven't really had time to go through everything, so I was just going by what I remembered from the interview. The idea that they were sharing zero-days seemed like a big deal but I didn't really see which one he was referring to skimming those earlier, so I didn't bother linking. The other point he harped on a lot was them taking marching orders (for instance, that the application should be localized for Farsi during a time when the US was looking to promote dissenters in Iran).
I am reading the book now so I feel like I'll have a better judgment once I've finished. I didn't find your Twitter exchange very illuminating either way.
Can he give a legitimate source for that very serious claim? Note how he overplays a lot of things that are publicly and openly known. Yes, the Tor Project got funding at various points in time from the state department to improve "human rights" and "freedom of speech" around the world, especially certain countries deemed hostile to the US. So what? Yes, Roger Dingledine publicly stated (in a CCC talk) that he gave a talk at the NSA and another one at the GCHQ. So what? Does that mean that he's suddenly an NSA shill that will try to implement a backdoor in Tor for the simple reason that he gave a talk to them?
If the Internet is such a surveillance threat, and Tor doesn't help, why doesn't this Yasha Levine point to a single alternative?
He's just a FUD spreader, as demonstrated on the other posts, so just move on. If you think Tor isn't a technical solution then please provide alternatives.
So? It was just an example to show how Mr. Yasha misrepresents and twists facts to fit his preconceived conspiracy theory.
> Is it a fact?
Yes, because of the three hops design.
> If Tor achieves nothing for someone trying to hide from the government except announcing that you have something you want to hide (is that the case?
Millions of people use Tor nowadays that the mere fact that you connected directly to the Tor network doesn't reveal much. Not to mention that there are ways to hide the fact that you're using Tor thanks to pluggable transports.
As I said, I don't see anything in that article that makes me think that "Mr. Yasha" twisted any facts; simply that the author of the article doesn't agree with his interpretation.
> As I said, I don't see anything in that article that makes me think that "Mr. Yasha" twisted any facts; simply that the author of the article doesn't agree with his interpretation.
Are you joking? He wrote entire paragraphs on Tor in his book to push his thesis and you're thinking that it comes down to a matter of differing "interpretations".
I’d wager only 1% of people on Hacker News would be capable of using a Tor setup for more than a day without getting owned.
You’re better off buying a burner iPod or iPad, stick to public wifi spots, and factory reset it once a week. Even then, watch what you type since vocabulary is fingerprintable.
It’s very hard to stay dark these days.