Advice Request Tor privacy? Book: Surveillance Valley

[simmerskool]

Read Surveillance Valley by Levine (2018), seems well documented (85 pages of fine print footnotes), basic assertion is that not only did the gov't develop Tor, or onion routing, we all knew that, but that it continues to fund Tor, and that it can hack / crack Tor whenever it wants . Has anyone read this book that understands this subject more deeply than I do that can provide an informed comment on the real privacy of Tor, Torbrowser. Another assertion is that Tor is basically a honeypot, I've seen that comment before but disregarded it because I understood the encryption was secure, but perhaps it isn't. (maybe this is old news?)

 

[Arequire]

Three big issues with the funding/honeypot conspiracy theory:

First of all, you can review every line of Tor’s code to see exactly what it does. The program is open source. No one has ever found backdoors into Tor nor has anyone disputed the fundamental design of the network: The more users, including governments, the better anyone on earth can hide within Tor.

Second, the U.S. government contains multitudes that act in contradiction to each other every single day. All of the National Security Agency’s goals are not necessarily in line with every bureau of the State Department’s aims.

Third, Tor prominently displays its financial records and has for years...

Also add to the fact that Tor's developers have been attempting to shift away from dependence on federal funding and say that increasing non-governmental funding is a priority.

Fact is if you're not running an exit node or doing anything illegal on the dark web then you're perfectly fine using Tor and shouldn't be dissuaded from using it because of conjecture.

 

[simmerskool]

Three big issues with the funding/honeypot conspiracy theory:
Also add to the fact that Tor's developers have been attempting to shift away from dependence on federal funding and say that increasing non-governmental funding is a priority.
Fact is if you're not running an exit node or doing anything illegal on the dark web then you're perfectly fine using Tor and shouldn't be dissuaded from using it because of conjecture.

good info.
I'm not arguing or supporting a "conspiracy theory," I stumbled onto the book and read it. I don't disagree with most of your comments and the book's author might not either...? The honeypot theory seems very logical, at least on the surface. One of his comments that surprised me (somewhat) was his suggestion that the gov't has probably cracked SSL, or will in the near future. I think I've learned enough recently that I know what you mean by "not running an exit node" but when you say you're perfectly fine using Tor if you're not doing anything illegal, to me that suggests one of the book's author's points, ie, the gov't can look-in anytime it wants and see what you're doing?? Perhaps I'm reading too much into this comment? Also what's illegal varies from country to country, eg, defeating censorship by using Tor is probably illegal in some countries. (not a new idea, eg, Fahrenheit 451)(some people think of Snowden as a criminal, others as a whistleblowing hero defender of freedom -- author suggests that Snowden used more "tools" than just using Tor in order to disseminate the classified info he leaked). I guess lately I'm "struggling" between using Tor or a good vpn for privacy. Reading... some folks say use both Tor together with vpn, others say never use them together. I'm lately thinking that no one really knows, except the few on the very inside of this, and they're not saying or they're misdirecting us. Just thinking out loud.

 

[Arequire]

was his suggestion that the gov't has probably cracked SSL

I doubt they need to crack it (but they probably will eventually if they haven't already). There's plenty of ways to get around encryption with enough resources. No doubt they could gain access to root certificates and encryption keys if they wanted to. Not to mention exploiting backdoors in different equipment or performing MITM attacks on encrypted traffic. Once quantum computing rolls around all our current encryption will be completely worthless anyway (so much so that the NSA is worried about it too).

Also what's illegal varies from country to country, eg, defeating censorship by using Tor is probably illegal in some countries.

I meant illegal activity pertaining to Tor's usage. Don't go buying drugs, guns, stolen credentials, etc. Don't go trying to hire a hitman. Don't go looking for CP or other disgusting material, etc. Abide by country specific laws too; if the use of anonymity software is illegal in X country and by using said software you face the possibility of imprisonment, injury or death then I definitely don't advocate doing so.

I guess lately I'm "struggling" between using Tor or a good vpn for privacy.

Tor's better for privacy but nowhere near as user friendly as a VPN. I attempted to use Tor as my main browser after the Snowden leaks and it was a miserable experience.
If you're happy to deal with all the issues that come with using Tor then feel free to use it. I personally only use it via Tails when I desire actual anonymity and the rest of the time I keep a VPN permanently connected.

 

[simmerskool]

I doubt they need to crack it (but they probably will eventually if they haven't already). There's plenty of ways to get around encryption with enough resources. No doubt they could gain access to root certificates and encryption keys if they wanted to. Not to mention exploiting backdoors in different equipment or performing MITM attacks on encrypted traffic. Once quantum computing rolls around all our current encryption will be completely worthless anyway (so much so that the NSA is worried about it too).

I meant illegal activity pertaining to Tor's usage. Don't go buying drugs, guns, stolen credentials, etc. Don't go trying to hire a hitman. Don't go looking for CP or other disgusting material, etc. Abide by country specific laws too; if the use of anonymity software is illegal in X country and by using said software you face the possibility of imprisonment, injury or death then I definitely don't advocate doing so.

Tor's better for privacy but nowhere near as user friendly as a VPN. I attempted to use Tor as my main browser after the Snowden leaks and it was a miserable experience.
If you're happy to deal with all the issues that come with using Tor then feel free to use it. I personally only use it via Tails when I desire actual anonymity and the rest of the time I keep a VPN permanently connected.

@Arequire thanks for thoughtful replies. I was using Tor when I really wanted to be privately anonymous, but now just wonder if that makes you a "target." On the plus side, lately Tor has been very fast for me, errr, I have not really tested it, but the slowdown feels minimal and not enough to keep me from using Tor. Also happy with my vpn, fast and always works, but is higher end price-wise. I sometimes do a double hop on the vpn, I mixed it up some, keep 'em guessing... Actually I take these "precautions," but I don't have any real expectation in privacy. Thanks for the MIT link, fingerprinted for sure :emoji_flushed:

 

[hyena]

Fact is if you're not running an exit node or doing anything illegal on the dark web then you're perfectly fine using Tor and shouldn't be dissuaded from using it because of conjecture.

This is right, and if you are not doing anything illegal on the Internet, you are perfectly fine using your ISP and shouldn´t be dissuaded from using it. You don´t need Tor, fact.

 

[itchy]

They don't even need to be able to "crack" Tor's system of anonymization. If they have access to enough enter and exit nodes they can do a correlation attack in which they correlate when you send information from an entrance node to an exit node. You can read more about it here.

Future more if they bust someone using their own 0day on Tor they're going to have to explain to the courts how they were able to deanonymize the person, which will inevitably cause a hot fix to Tor. It's way easier to say, bust someone by them accidentally giving out personally identifiable information, or making a honeypot Tor website.

I'm guessing Tor is also used by the government to this day because they can hide within the public's footprint of using Tor, I mean that's why they created it right.

 

[Kubla]

This is right, and if you are not doing anything illegal on the Internet, you are perfectly fine using your ISP and shouldn´t be dissuaded from using it. You don´t need Tor, fact.

If you are not doing anything illegal you also have the right to not be followed around, your every move recorded, or perfect strangers looking in every window of your home viewing every aspect of your private life, which is what you get using just your ISP.

A VPN pulls down the the shades and Tor closes the curtains!

Tor and VPNs are not something you should be dissuaded from using or be afraid to use, they are tools everyone should be using period.

I use Brave browser with its private tab with Tor and connect using a VPN, all the time, I am not doing anything nefarious, I am just not making it easy for someone else to track me everywhere I go or try and profit off of my existence.

 

[illumination]

If you are not doing anything illegal you also have the right to not be followed around, your every move recorded, or perfect strangers looking in every window of your home viewing every aspect of your private life, which is what you get using just your ISP.

Always more then one way to look at something ,it is called perspective....

Your home is not the same as the internet, not even close.
If you were to make a comparison it would be more like leaving your home and going out into public and expecting privacy. You have to treat the internet the same as going out in public, and just watch what you divulge.

For the time being, one can still have privacy in their home, although the more people become lazy and default to convenience of technology "smart homes", that privacy will be gone some day soon for them.

 

[Kubla]

Always more then one way to look at something ,it is called perspective....

Your home is not the same as the internet, not even close.
If you were to make a comparison it would be more like leaving your home and going out into public and expecting privacy. You have to treat the internet the same as going out in public, and just watch what you divulge.

For the time being, one can still have privacy in their home, although the more people become lazy and default to convenience of technology "smart homes", that privacy will be gone some day soon for them.

Therein lies the problem, just normal everyday browsing we divulge more information then we are aware of by design!

You can't just watch what you divulge, you have to control what you allow to be divulged, relying on safe browsing practices alone today is like trying to defend your self against a sword with shield made of aluminum foil.

 

[illumination]

Therein lies the problem, just normal everyday browsing we divulge more information then we are aware of by design!

You can't just watch what you divulge, you have to control what you allow to be divulged, relying on safe browsing practices alone today is like trying to defend your self against a sword with shield made of aluminum foil.

So tell me, is your real name Kubkla?
I'm guessing not, because you controlled what you divulged when you signed up here correct? A user always has the choice to keep their private sensitive information private by choosing wisely their method of divulging.

Privacy is just one facet of safe browsing habits, one that most users are not really that concerned with. Telemetry is mainly used by companies to diagnose issues, to better serve their customers, it is not all evil. One does not need to take that foil shield and develop a hat.