this post was submitted on 20 Sep 2024

181 points (96.9% liked)

Privacy

31284 readers

874 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

181

Tor says it’s "still safe" amid reports of police deanonymizing users (www.bleepingcomputer.com)

submitted 1 day ago by [email protected] to c/[email protected]

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 41 points 1 day ago (3 children)

The TOR network itself is safe - at least assuming the TLAs don't control at least half of the nodes, which is far from impossible. But let's assume...

The weak point comes from the browser: that's how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that's the problem: it disables so many unsafe functionalities that it's essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that's how they get caught.

[–] [email protected] 6 points 16 hours ago

I mean, the advice I've heard for one who's threat model is "the feds are actively trying to identify me" is to have a dedicated burner computer that you do all of your illegal activities on and no other activities. Then of course on top of that avoid saving secrets onto the device and type them in manually every time (ephemeral distros like Tails are good for that)

[–] [email protected] 10 points 21 hours ago (1 children)

My understanding is that Tor Browser works fine, there's just some dumb website owners that block Tor traffic by IP address.

[–] [email protected] 11 points 19 hours ago (1 children)

And ... guess what ... www.bleepingcomputer.com, the source of the story, is one of those.

[–] [email protected] 7 points 19 hours ago* (last edited 19 hours ago)

Maybe email them and let them know about the misconfiguration

Let them know that tor users can't read their article about Tor

[–] [email protected] 3 points 1 day ago (1 children)

Do you think it's better to use a VPN if you aren't using TOR Browser?

[–] [email protected] 15 points 1 day ago (1 children)

All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.

[–] [email protected] 15 points 1 day ago (3 children)

ISPs definitely keep records. At least some VPNs claim that they don't, and that their networks are set up in such a way that they can't. Some organizations claim to validate the claims of the VPNs, but it's unclear if they're trustworthy.

So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don't/can't.

[–] [email protected] 7 points 23 hours ago (1 children)

Yes, and there's also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.

[–] [email protected] 7 points 18 hours ago (1 children)

You can pay anonymously, but if you regularly connect from your home IP address, it hardly matters.

[–] [email protected] 1 points 17 hours ago (1 children)

I think the point here is to deny ISP data to sell.

[–] [email protected] 1 points 16 hours ago

Yeah I use mullvad for mostly that reason myself.

[–] [email protected] 4 points 21 hours ago (1 children)

The VPN company themselves may not keep logs. However, they might be a little black box somewhere in the data center...

[–] [email protected] 5 points 20 hours ago (1 children)

As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you're gonna do something incriminating, then I guess you should create a new account each time.

[–] [email protected] 2 points 1 hour ago (1 children)

That's true but it also depends what attack vector you're trying to defeat. If someone is doing a timing attack and you're running through a VPN, it might be harder to work for them, depending on where they sit.

[–] [email protected] 1 points 16 minutes ago

Yeah, VPN at the very least adds another hoop they have to jump through.

[–] [email protected] 4 points 23 hours ago (1 children)

I mean, you could set up your own VPN on a VPS and ensure it doesn't keep logs. You could also get a VPS in a different legal jurisdiction from where you're at.

[–] [email protected] 1 points 47 minutes ago

Depending on what you're doing, that probably wouldn't be a significant hinderance to law enforcement. Child sexual abuse, drug trafficking, etc., all tends to get lots of interagency cooperation, regardless of political issues.