• It’s really worth reading the article.

    Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity.

    The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there’s no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University.

    I don’t know if it’s even possible, but it would be cool if I could use the fediverse over TOR just for the sake of supporting TOR. Not sure if there would have to be specific .onion instances, if normal instances could just be mirrored with a .onion address, or if a .onion instance would even be able to federated in the first place. I just don’t know how it works.

    Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

    I’m certain an all-out legislative war would be waged against TOR if it were to become popularized for most of those reasons, under the more convenient guise of “criminals and children!”

    • You don’t need to access a .onion instance to use Tor. You can simply perform your day-to-day web usage through Tor directly.

      On your phone, you can even use Tor natively with most of your apps.

      • What effect would using Tor browser to access a non onion site have over using a different, privacy-focused browser? Honest question. I assumed Tor browser was no different than other browsers in that aspect.

        •  ctr1   ( @ctr1@fl0w.cc ) 
          link
          fedilink
          English
          4
          edit-2
          2 years ago

          The difference is that your ISP doesn’t know where your packets are headed, and the destination doesn’t know where your packets came from. The ISP sees you connect to the entrance node and the destination sees you connect from the exit node, and it’s very difficult for anyone to trace the connection back to you (unless they own both the entrance and exit and use traffic coorelation or some other exploit/fingerprint). Regardless, both parties are generally able to tell that you are using TOR if they reference lists of known entrance/exit nodes. Also the anti-fingerprinting measures taken by TB are a bit more strict than other privacy-focused browsers

            • It is confusing, Tor is an excellent privacy tool if used properly (don’t log in to stuff), but I guess it’s still a technical hurdle to most. Probably also from a lack of marketing.

              I think in countries where the government is decidedly more authoritarian it’s more known. On my relay right now I see a ton of russian and a smaller amount of German connections.

            •  ctr1   ( @ctr1@fl0w.cc ) 
              link
              fedilink
              English
              12 years ago

              No problem! And yeah, it’s good to see people talking about it over here. I think it’s the best tool for online privacy OOTB (depending on your threat model), and it gets better the more people use it.

    • I’m certain an all-out legislative war would be waged against TOR if it were to become popularized for most of those reasons, under the more convenient guise of “criminals and children!”

      I guess we’ll have to see what happens after that right wing Twitter account posted CSAM, Twitter suspended the account, then Elon said they removed the posts and reinstated the account 🤷🏽‍♂️

    • Well any instance owner could also get an onion link and host the instance over tor.

      Of course the instance itself can’t really hide. Since it needs to federate with others that are not onions. But your accesses would all show as from localhost.

    • I mean, I’ve used it. It works. But I don’t get why you would bother most of the time. It’s slow as hell and while I’m generally fairly concerned about my privacy there is a point where I can’t be bothered.

    • I don’t know if it’s even possible, but it would be cool if I could use the fediverse over TOR just for the sake of supporting TOR.

      Here are two #Mastodon onion nodes:

      • iejideks5zu2v3zuthaxu5zz6m5o2j7vmbd24wh6dnuiyl7c6rfkcryd.onion
      • 7jaxqg6lfcdtosooxhv5drpettiwnt6ytdywfgefppk2ol4dzlddblyd.onion
  • I always have Tor installed and I often use it instead of incognito browser sessions when researching stuff. It’s sometimes slow and Cloudflare made it a lot more annoying to use than ~5-10 years ago, but I’m glad it exists.

    I’m sure it’s still more useful to US interests though, or it wouldn’t be funded anymore.

        •  TWeaK   ( @TWeaK@lemm.ee ) 
          link
          fedilink
          English
          112 years ago

          Yes exactly, and I think there have been stories recently where the exit node host has been held liable for content that’s gone through it.Which is complete bullshit, but the unfortunate reality is that the legal system doesn’t need to understand technology to regulate it.

          •  jarfil   ( @jarfil@beehaw.org ) 
            link
            fedilink
            English
            4
            edit-2
            2 years ago

            It’s not bullshit. If A has proof your system launched an attack, or sent CSAM, to another system, but your only defense is “I let anyone use my system in that way”, then at the very least you’re an accomplice.

            •  TWeaK   ( @TWeaK@lemm.ee ) 
              link
              fedilink
              English
              22 years ago

              It is bullshit, because it puts the onus of policing everything on any service provider. If a TOR exit node provider is responsible for all traffic through their node, then an ISP is responsible for all traffic through them to their users - yet it is not reasonable for ISP’s to do this. Nor should it be acceptable by law and even less so if the purpose is for law enforcement to bypass the warrant system by having private parties do the investigation for them.

              •  jarfil   ( @jarfil@beehaw.org ) 
                link
                fedilink
                English
                22 years ago

                Well, the law enforcement ship has sailed a long time ago, it’s more of a flotilla by now. Data communication service providers (including ISPs) have some customer identification and data retention requirements in exchange for immunity from the data itself, but otherwise —reasonabke or not— there are more and more traffic policing laws that get introduced for ISPs to abide. By starting a Tor Exit node, you become a service provider, and the same laws start to apply.

                It’s no joke that we live in a surveillance state, just that some go “full surveillance” like China, while others go “slightly less in-your-face surveillance” like the US/EU.

        • Would it be possible to allow exit nodes to blacklist specific kinds of traffic and somehow privately verify that the traffic is not one of the blacklisted kinds (zero knowledge proof perhaps sorry not a CS person)?

          •  jarfil   ( @jarfil@beehaw.org ) 
            link
            fedilink
            2
            edit-2
            2 years ago

            An exit node can put in place any filters, blacklists, mitm, exploit injection, logging, and anything else it wants… on unencrypted traffic. Using HTTPS through an exit node, limits all of that to the destination of the traffic, there is no way to get a ZK proof of all the kinds of possible traffic and contents that can exist.

          • I was using peerblock and one of the blocklists contained known governmental IP addresses. Those blocked connections began quickly filling the logs.

            Spooked the crap outta me. It’s been a few years since I did that, so I could have that detail wrong. I know it was for sure one of the three letter acronyms, DOD, FBI, CIA, but they were definitely incoming.

            •  xvlc   ( @xvlc@feddit.de ) 
              link
              fedilink
              English
              12 years ago

              That does not sound plausible to me. Typically, your own computer would be behind a router that is either doing NAT or has a firewall (probably the former). Any incoming traffic would be directed to the router without any chance of reaching your computer. Whatever you saw was either outgoing traffic or incoming traffic in response to connections initiated by your own computer.

              • Consider this, the Tor software was accepting connections from government IPs.

                Regardless of whether it was active intrusion or a significant portion of the Tor network, (at that time) had a number of governmental IP ranges in it, It’s enough to dissuade my use, at least without more significant OpSec.

                I do understand your point though.

          • I use peerblock and had some good blocklists set up. The hardest part should be finding peerblock or a more modern fork, the blocklists are mostly public. Helps keep from connecting to known bad actors.

      • While I agree with you, I’m wondering what the benefit is of watching youtube and posting/reading lemmy/mastodon through a tor network. Because those are the main things I do. While I do understand that in some countries and also in public wifi networks the chances of traffic being intercepted and man in the middle attacks are higher, I do not expect that to happen to my fibre connection in my western country.

      •  NaoPb   ( @NaoPb@beehaw.org ) 
        link
        fedilink
        English
        6
        edit-2
        2 years ago

        I’d rather not waste my time reading an article about a program I’m not currently using to find out if I should use it our not. I’d rather see a post that has bulletpoints with pre’s and cons. My time is limited enough as it is.

        [edit] I realise that my comment will probably come across as unfriendly so I will add some explaining to it.

        I am currently in a western country using a fibre landline and I trust my internet provider to not intercept my data or use things like a man in the middle attack. Am I right for assuming that and if so, would tor prevent that? Will tor slow down my internet? I mostly watch youtube videos and read/post on lemmy/mastodon. I am not against using tor at all, but my energy and time are limited so I don’t feel like reading a whole article just for an app I do not feel the need to use. I am currently very happy with my firefox browser and all the add-ons I use. And with all the modifications I have put into it to make it work just the way I like. Would I loose all that by switching to tor? I am prepared to change to tor but I am not in the camp of “protect privacy at all costs, even if it greatly inconveniences me”. Especially if the risks of not using tor seem quite low in my situation.

        • okay. perhaps instead of wasting your time writing an entire paragraph, you should read the article and you’ll find out that that entire paragraph was irrelevant

          it’s actually not an article about the pros and cons of tor. it could not be summed up in bullet points about the pros and cons of tor

          i’ll admit to being a little facetious before, but i implore you to read articles before commenting on them

          •  NaoPb   ( @NaoPb@beehaw.org ) 
            link
            fedilink
            English
            32 years ago

            Thing is… if I have to do that for every time someone linkdrops an article, I’ll have no time left in my day.

            And it seems I was right that I have no real reason to use tor.

            •  zeus ⁧ ⁧ ∽↯∼   ( @Zeus@lemm.ee ) 
              link
              fedilink
              English
              4
              edit-2
              2 years ago

              Thing is… if I have to do that for every time someone linkdrops an article, I’ll have no time left in my day.

              if you spent less time writing comments about articles you haven’t read, you might have more time. do you do this in other walks of life? wander into restaurants you’ve never eaten at and announce “i don’t think there’s really any reason to order the fish”?

              And it seems I was right that I have no real reason to use tor.

              okay, i’ll sum the article up for you. the more people that use tor, the more it protects vulnerable people. journalists writing exposés about corrupt governments, refugees trying to flee, etc. the more normal people using tor, the more they get lost in the crowd. it’s nothing to do with whether you have any reason to use tor, that’s irrelevant. by using it, you’re helping those in vulnerable positions. happy? now go write something inciteful

  • I heard of a guy who went to prison because he bought something from Allegro (Polish Amazon) over TOR. Someone used the same exit node for hacking, so they pinned it on him.

  • Someone correct me if I’m wrong.

    Operating nodes is expensive, offers no reward, and comes with a serious legal risk.

    This won’t stop the NSA from operating a few. I assume that a significant portion of Tor nodes is run by intelligence agencies. If they control all nodes used for a connection(i believe three are used), they can probably piece together what connections a user is having.

  • I’ve always wondered what it would be like, but I’ve also heard so many creepy stories about it I just don’t want someone hacking my bank because I’m an idiot. So I stay away from it. I wish I was more tech savy.

      • There’s a TOR browser, but calling tor “just a browser” is really odd and not really correct. The TOR project is the routing protocol that bounces your traffic around. You can do so through the TOR browser, but the browser isn’t TOR. It also isn’t the only way to use TOR.

        Also, while HTTPS is close to universal now, it’s still possible to use HTTP and theoretically a malicious exit node could modify any unencrypted traffic.

        • I promise you that like 90% of the creepy stories you’ve heard are people either exaggerating or just straight-up lying to sound cool on the internet. The kind of stuff that actually needs to operate over the TOR network doesn’t exactly want to be easily discoverable by normal people.

          You’re no more likely to accidentally stumble across illegal / dangerous content while using TOR than you are while using any other browser.

        • As long as you stay off of any .onion sites, there won’t be any difference w.r.t. dark/deep web access. If a domain doesn’t end in .onion, then it can be accessed with a regular web browser anyway.

    • Hate to burst your bubble but many of the stories are just that, stories. Vast majority of the onion sites out there are either forums like 4chan or hobbyist sites like the old days of the internet.

      Illegal websites do exist but they’re rare and hard to find, they also are subject to being taken down. They’re nothing like the stories though. In fact majority of the websites that exist when you search for these topics are just bitcoin scams, i.e. a livestream website that asks you to pay $200 in bitcoin to enter, almost certainly a scam because livestreaming over Tor is terrible due to low spead and it breaks the anonymity due to generating tons of unique traffic.

      TL;DR Tor is a tool that can be used for privacy on the clearnet it can also be used to host your own onion sites. Dark web stories do have a small element of truth to them but are mostly scary stories to tell in the dark.

      • Why, no, thank you, I don’t have any appreciation for this bubble you are bursting. I figured some had to be just tales but it’s hard to know exactly how much of it is bs. So thanks.