/cyb/ - cyberpunk and cybersecurity

Will the NSA spy on me more if I use Tor?

>>629
You can use TOR while on a VPN to hide its use from your ISP, which is where the NSA would catch it.

>>629
Use hidden services to protect your privacy

Don't tell me what to do. You're not my real mom.

>>629

It's possible that using Tor will cause the NSA to gather more of your communications. I remember the mention of "selectors" in the Snowden leaks to that effect. But it's probably still a net increase in privacy because the NSA isn't the only adversary. Using Tor makes it harder for your ISP to sell your data, and it makes it harder for websites and third party trackers to track you. For the vast majority of people, those are bigger threats than the NSA.

As always, in the end, remember to practice good OPSEC.

I do this:
VPN -> Tor -> .onion or HTTPS domains w/o JS, if the link you want to access is through HTTP then quick-search it via Startpage and use their proxy.

>>628
Tor is not a magic bullet solution for privacy.
It is possible to track people online using the size of their browser window(javascript), or by the words they use in posts(linguistic analysis), or by any other means that exists out there.
Tor is good for circumventing oppressive governments and networks, but it does not do much to protect you from downloading dumb stuff or doxxing yourself.

>>628
Obligatory: https://youtu.be/eQ2OZKitRwc

>>628
fuck off NSA i'll do what i want

>>629
yes. its basically a honeypot. yes, you'll be "anon" to lower level law enforcement, but do anything serious or piss off the higher levels of authorities and its worthless

>>628
BBG is also one of the Tor Project's biggest funders, paying out about $3.5 million from 2008 through 2013. BBG's latest publicly-known Tor contract was finalized in mid-2012. The BBG gave Tor at least $1.2 million to improve security and drastically boost the bandwidth of the Tor network by funding over a hundred Tor nodes across the world — all part of the US government's effort to find an effective soft-power weapon that can undermine Internet censorship and control in countries hostile to US interests. (We only know about the BBG's lucrative funding of Tor thanks to the dogged efforts of the Electronic Privacy Information Center, which had to sue to get its FOIA requests fulfilled.)

>>628
You're like, 6 years too late, dude.

>>2708
>yes. its basically a honeypot. yes, you'll be "anon" to lower level law enforcement, but do anything serious or piss off the higher levels of authorities and its worthless
>yes, you'll be "anon" to lower level law enforcement,
Great; that's what I want.
>but do anything serious or piss off the higher levels of authorities and its worthless
I'd expect most people to be aware of this,
>>2710
>>2711
as well as this, since where the Tor Project gets it's funding has been public knowledge since fucking forever. I don't understand people who seem to think that this is some death-blow counter to people who recommend people using Tor. You're saying I won't get targeted advertising based on search history metadata? GREAT! You're saying I won't get surveilled by my ISP that operates within ''my jurisdiction''? GREAT! You saying I probably won't be able to blow up the Pentagon through launching the Tor Browser? I'm not sure why you'd expect yourself to be able to.

Whole thread of unsustainable claims. Did fluorescent tanned peoples hijack the thread as always?
>Don't use Tor young kids, or Big Guys will come and put you in jail!
You say it is compromised, honeypot, insecure, etc, post a link explaining why and where. No technical proof, only some jew who votes for blue party instead of red party blabbing? Fuck off.
Pro tip: financing doesn't mean it's compromised. The government finances it because they also use it, no big deal. Your local police cop also gains from anonymity when investigating a crime, as well as military or FBI. Did you know that Linux was also funded by numerous governments around the globe? Boo, scary!
RTFM first, then again and again until you understand how it works. Yes, the system is not perfect and I can name five ways of fingerprinting users on Tor network, I doubt you LARPers can.

>>2726
>some jew
was this really necessary?

otherwise, i agree with you
>I can name five
douzo

>>2726
truth is that you can't opsec without first and foremost knowing your counterparty and second knowing your attacker. people who hang out on cyberpunk forums will at best have a drug dealer as a counterparty and nobody particular for an attacker. it's ALL larping, so secure/insecure is entirely moot, like american aircraft carriers, it will never be tested in battle.

but since you asked, here's a sampling of papers from arxiv, now they are mostly mitigation papers, and some of them might've been implemented, but they are mitigation against known attacks, with somewhat pessimistic conclusions. i've kind of grouped the papers into three categories, based on the attack vector.

first group of papers is for when you're trying to use tor to defend yourself against alphabet agenciest. when your attacker has monitoring access to internet relays and internet providers, they can run correlation attacks to automatically deanonymize tor traffic. that's a well known conclusion, and there's evidence from snowden leaks that that's already happening. second is sybil attack, this is more proactive, where instead of monitoring, you're actually controling a large number of tor nodes. this is the kind of attack that a foreign agency can run: no access to underlying network, but can easily purchase machines in u.s. and elsewhere. finally i only include one paper that demonstrates that you can't just route your application over tor and expect it to be magically anonymous, the paper is about exploiting p2p apps to reveal information about user, but it can also serve as a placeholder to remind you that your apps leak in general (i'm sure you can find plenty of papers on arxiv on fingerprinting firefox, etc.)

none of this translates into "tor is compromised omg", but at the very least it ought to keep people from blindly recommending tor as a kind of panacea for internet anonymity.

1) https://arxiv.org/abs/1505.05173 "We focus on traffic correlation attacks, which are no longer solely in the realm of academic research with recent revelations about the NSA and GCHQ actively working to implement them in practice. "
https://arxiv.org/abs/1410.1823 "The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems and Internet exchanges, which can observe different overlay hops belonging to the same circuit. "

2) https://arxiv.org/abs/1602.07787 "Being a volunteer-run, distributed anonymity network, Tor is vulnerable to Sybil attacks. Little is known about real-world Sybils in the Tor network, and we lack practical tools and methods to expose Sybil attacks. " "Our findings include diverse Sybils …. Our work shows that existing Sybil defenses do not apply to Tor"
https://arxiv.org/abs/1401.4917 "it is easy for exit relays to snoop and tamper with anonymised network traffic and as all relays are run by independent volunteers, not all of them are innocuous." (in the same paper they show that small percentage of exit relays account for bulk of tor traffic)

3) https://arxiv.org/abs/1103.1518 "Exploiting P2P Applications to Trace and Profile Tor Users"

>>2726
I just fingerprinted you for being a /pol/tard. Get scrappin'!

>>2727
I get mad when people say words that hurt my feewings and make goyim aware of my tribe's 6000-year-old talmudic conspiracy ; - ;

>>2748
That's a really cool image to accompany disinformation. As has been said in this thread, tor may not be perfect, but in no way shape or forms tries to say that it is; only the media and it's followers try to say that. Tor is a tool that does what it sets out to do well. Proper utilization of the tool/service may very well lead to an increase in anonymity.

>>629
It's likely

>>628
There are thinks about the TOR that make me skeptical about how good it is for privacy like the fact the Tor Browser will update without asking me and that it is built from firefox and what could be in there that is bad for privacy.

>>3334

sometimes I feel like a lot of effort from the Tor Project is going into things to make it accessible to non technical people. Such people are unlikely to pay close enough attention to updates and might not fix things in general. Much of this is also visible in Tails.

I dont like firefox, but I'm willing to beleive that it has been reasonably secured by the Tor folk in their release. Personally I dont use Tor browser usually, but run things through different browsers that are also fairly well chained down and restricted.

Assuming you KnowWhatYou'reDoing (tm), I reckon you can get by fine not using the Tor browser, but just using Tor, and paying attention to security issues. If you dont just question certain policies of Tor, but the trustworthyness of the or-organization then perhaps you should just use something else.

But if the latter, I'd like to hear your reasoning.

>>3334

Tor and not TOR. Tor doesn't update without you asking. As of today there was an update and you had to manually accept it or use the browser a usual.

Firefox is entirely open source what ever is in it we know this is why Tor project is free software and still use it or that FSF use firefox for their Icecat fork.

If you feel threat coming a libre software i don't know what to tell you.

The merge window opens on the 15th; anyone have any interesting patches?

I have one for offline/pre-generated hs3 keys that I should spruce up and contribute.

>>628
I don't see it discuss but Tor browser is stupidly fast in the last years I'm on the verge of switching for it full time.

>>2708
>>632
>>631
Do you have a source for any of these claims?

>>634
This makes sense, basically just don't do anything stupid with Tor

>>2752
No true scottsman. "No real non-jew (gentile?) would disagree with my antisemitism. " Logical fallacy.

>>2726
>RTFM first, then again and again until you understand how it works
The specs are only a guide to help you understand the code.
If you want to prove to yourself and others that Tor is secure/insecure then the code is what you need to read.
https://gitweb.torproject.org/torspec.git/tree/
https://gitweb.torproject.org/tor.git/tree/

>>4063
You realize it's exactly your kind of over-sensitivity which drives said "antisemitism" in the first place. When someone talks soykaf about anything else you sit back and don't bat an eyelid but when "Jews" are mentioned is a vaguely disparaging context you scramble the nuclear attack helicopters in defense. Then you wonder why people are suspicious of Jews and think they have something to hide. Just chill it with the antiantisemitism.