'Tor's Shadowy Reputation Will Only End If We All Use It' (engadget.com) 65
Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.
"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.
Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.
"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.
Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.
With the ridiculous laws maybe (Score:1)
If any of these "protect the children" laws get passed where basically every web site will require mandatory identity theft information from every person then we will all be pushed off the regular web to the darker places. Including kids. These bills/laws are so backwards it hurts my head.
Re:With the ridiculous laws maybe (Score:5, Funny)
I have no problem providing personal data.
As long as it doesn't have to be mine.
Tor node operator here. (Score:2, Interesting)
Re: (Score:2)
Only very shady places makes me use the Tor browser because of the speed issue.
And finding those juicy tor addresses for my marijuana habit has been problematic as of late, besides I was burned on the last two shipments so I kinda was turned off from net shopping my illicit goods.
Getting a letter from the customs office saying that a package was held because of its contents and wondering if I wanted to come down to collect it in person was rather humorous...
Re: (Score:2)
It's as if they don't know that their username remains attached to their comments...
Re: (Score:3)
Yep. Makes me think they never read or understood what the Tor documentation tells you you need to do to be actually safe. Well, I guess some of them are really just trolls trying to push an anti-Tor anti-freedom agenda because Authoritarianism is just such a great idea...
Re: (Score:1)
Funny considering how cons like to crow that anonymity is for weaklings. Show that face now bitches! haha.
Still dangerous to run an exit node (Score:5, Interesting)
It's still extremely dangerous to run an exit node. If someone 'misbehaves', it's your ass that's on the line.
Re: (Score:2)
Resolved by intelligence agencies running lots of exit nodes so they can examine the traffic!
Luckily, this has already been implemented.
Re: (Score:3)
As long as the criminals are sticking with hidden services, there isn't any risk to those brave souls running exit nodes.
Really, hidden services are where TOR really shines. Not only do they offer better protection for users, they can even improve performance. When you don't need to hide the identity of your server, you can get away with shorter routes.
Facebook, of all companies, has had a hidden service operational since 2014. This is a good thing. We want more hidden services as the more we have the
Re: (Score:2)
It's still extremely dangerous to run an exit node. If someone 'misbehaves', it's your ass that's on the line.
Isn't this a relic of the 00s where people were being sued based on IP addresses? I thought the courts have now wisened up to an IP address not tying to a person?
Re: (Score:2)
Courts wisening up? What weird country do you live in that yours do that?
Re: (Score:2)
I suspect not.
It's well known that Tor is used for a lot of shady stuff, so by running an exit node you're probably guilty of aiding and abetting those crimes.
Plus, the whole "you need more than just an IP address" argument doesn't apply. If you're running a Tor exit node then that request for child porn or whatever DID come from your computer. And it's not that hard to prove it.
Now, good luck proving that it came from your Tor exit node and not from you personally.
Especially to a judge and jury that's pr
Re: (Score:2)
Especially when there's no question that you DID download it.
I would say there's no question that you did NOT download it. Your computer did, but at the direction of someone else, not you. Getting a judge and/or jury to agree is a different story.
Re: (Score:2)
Yeah, the exact line gets murky. But, at a minimum it was done with your implied consent. It's not like a hacker took over your computer or something, you intentionally connected it to the tor network so that others could use it as they like, knowing that this was something that some people would likely use it for.
In the absence any sort of social consensus that the good of things like tor outweigh the evils, that's at best going to be a really uncomfortable place to argue a case from.
Re: (Score:2)
It's even problematic to run transit node. Some webpages (Ryan Air, I'm looking at you!) will only preset you simple error page if your IP is on transit nodes list.
Just like . . (Score:1)
dirty syringes? I get it!
Re:Attracting Suspicion 101 (Score:4, Funny)
A slutty, horny blonde with large tits.
There, I said it. Now hurry and hold it against me.
Tor is a product of DARPA, but... (Score:3)
...if the only users of the network are government actors, that doesn't provide much security/anonymity.
It's too hard and/or dangerous to run an exit node. The US government should provide legislative immunity to the operators to encourage their participation in the network, thereby increasing its overall security for every participant.
Re: (Score:2)
Tor is not a DARPA product. DARPA financed part of the research, but Roger Dingledine thinks that back then, they did not know what they were financing.
Re: (Score:2)
Why would the US government want better security for the criminals they're hunting?
Better security for the insurgents they're helping polarize overseas is one thing, but there's no reason to protect Americans to get that. In fact doing so just makes it easier for foreign powers to turn the tables and polarize American insurgents.
Good luck (Score:5, Informative)
Re: (Score:1)
lol reminds me of torrents and their public trackers. Stupid design.
Re: (Score:2)
it's more like posting ac because your opinion is too weak to have a name attached to it
Re: (Score:3)
Torrents are not designed to distribute illegal stuff. The design is entirely sane and pretty smart. Misuse it for illegal stuff and it does not really work well anymore.
Re: (Score:1)
Yeah right. It's a feature, not shortsightedness.
Re: Good luck (Score:3)
Sure you weren't accessing your bank over tor?
Been running middle nodes for long. They keep my boxes behind entry/exit nodes, and generate plenty of noise on my wires. I like.
Also using tor for very trivial stuff where I'm not logged in: /., supermarket deals, news, tech support searches, you name it. That's what the web gets for profiling its visitors.
Of course unless you're trying to hide your visits from local intermediaries like ISP, government, work or what not, it often doesn't make much sense to hide
Re: (Score:2)
Also using tor for very trivial stuff where I'm not logged in: /., supermarket deals, news, tech support searches, you name it. That's what the web gets for profiling its visitors.
I am doing the same. Also use it for looking up any type of medical info. Never noticed any negative effects.
My guess is the OP did something wrong or the instructions were flawed and his gateway allowed reflector attacks or the like. That will get you blocked temporarily in many places. I had to put in some rate limiting in my Linux vServers (no Tor instances there) because that kept happening. No problems since then anymore.
Re: (Score:2)
Re: (Score:3)
it often doesn't make much sense to hide your IP from places where you do log in.
Unless the account isn't yours... /s
The problem is "conspiracy" (Score:1)
Re: (Score:3)
The Tor network is FOSS. Don't you think somebody would have found out and published this if your assessment were remotely true?
Re: (Score:2)
Neither do I know for sure but maybe he is referring to TOR nodes ran by governments just like the contractors for movie companies who send DMCAs and sometimes sue are active on torrent.
Re: (Score:1)
I was referring to the TOR protocol (and not to the honeypot-like appearance and outcomes some of the more practical criticism focuses on). Accepting packages from an unknown origin, peeling off a layer of encryption, and forward along toward an unknown destination, and [if recommendations are followed], maintaining no logs.
This is in sharp contrast to the conventional communications operators, which do maintain records of how their customers are using their services and cooperate with lawful investigation
Re: (Score:2)
You really have not done your research. How pathetic.
Shopping? (Score:2)
Re: (Score:2)
I assumed he meant shopping for prices and available products without giving your identity.
Tor is generally safe as long as you're not a fool (Score:4, Interesting)
The problem is, most people are actually fools, one look at how they chose politicians and how they accept ever increasing draconian rules to rule their lives is pure proof of that.
If you ask most people (and I've asked a lot), they will tell you they have no need to hide anything so they won't use tor at all.
Yes - we IN HERE know the arguments too well, and we know the counter arguments too, well if you have nothing to hide, why not give us your bank keys, keys to your house etc. the usual stuff.
But people don't see it like that, they blindly trust authorities, heck - today people even trust those with the most likes, and whatever they say must be true, right?
That's the society we live in. Fraud is on the increase, our country has seen a rise so heavy that over 10 percent are now subject to fraud every year, and people aren't getting much wiser.
You could argue the same for those milking cows that think it's fine to work from 18 to 69 and then just die with horrible diseases, regular aging, and never enjoying a single day of their life, they trust the authorities, they go about their daily business without experiencing freedom a single day of their life.
Tor is a form of freedom, but you need to actually have a functioning mind to use it. For example, your regular Joe will still reveal themselves on Tor, they will use their usernames which they used to use in the open internet - which ofc. will unmask them, they will use their logins, they will regularly search their friends names and hence reveal themselves eventually anyway.
The average Tor user is also considered a potential terrorist or a criminal, same with Linux users and anyone that doesn't follow the norm. In some countries just using VPN or voting differently is enough to label you.
That's because people are worried, don't think properly, too lazy to educate themselves, to fearful to do something outside the norm, don't think they have anything to hide and increasingly accept more and more survellance and control of their lives.
Sad to say it - but I kinda think they deserve what they have coming.
Re: (Score:2)
The problem is, most people are actually fools, one look at how they chose politicians and how they accept ever increasing draconian rules to rule their lives is pure proof of that.
Pretty much. As if the millions that died to end this crap did not have a point, they now want all that again.
Sad to say it - but I kinda think they deserve what they have coming.
Indeed. The only compassion I have is for the minority that gets it and that gets caught in this as well.
Already Am (Score:2)
My API-using bot for Discord sometimes gets issues with web services getting attacked or local Cloudflare PoPs having problems. I use ToR to route around the issues and (for the few services I connect to that have ToR servers) use alternate methods to reach them.
Re: (Score:2)
I do that as well. Also a nice ElCheapo distributed VPNs that works on Linux for checking from where a service is accessible in a network exposure analysis for a customer for example.
TOR's "shadowy" reputation will never end (Score:4, Insightful)
Re: (Score:3)
You are right. The largest traffic component by far in Tor is people logging into Facebook. (Look it up.) I do fully agree that Facebook ist a "sewer of the worst refuse that humanity has to offer".
Brave browser includes Tor by default (Score:2)
I was pleasantly surprised to discover that in addition to the usual 'open private tab' option, Brave offers 'open a tor tab'.
Why does anyone have a VPN?
I've been blocking tor exit nodes for a long time (Score:3)
Losing out on the ability to block sources of bad traffic is just too big of a minus on the modern internet. It's just not good enough to be told that the only way we're allowed to handle this kind of thing is to block by content. And so I, like a lot of people, just block tor (and a lot of things like it), broadly, from accessing a lot of things I have administrative control over, for the good of those services. Prevents a lot of abuse, both social and technical.
Yeah, it’s totally legit and (Score:3)
Don’t get me wrong, there are totally legit reasons why people might want to keep their web activities off the radar. Activists in Iran or Russia, etc. etc.
Beyond that, it’s only good for self-styled anti-government types who don’t liekthe idea of being monitored. News flash - using tor is probably a good way to dodge monitoring by the internet companies, sure, but at the cost of being on the radar of much more serious spy agencies. I’m sure the NSA has a division purely dedicated to monitoring tor users. Do you really want to be on that watch list? Once you’re on it, you probably never get off it.
I support Tor’s existence, but let’s please be clear-eyed about it. It’s not an Everyman’s browser and it never will be. You do you, but with vpns available, the use case for tor is extremely weak even in most places with oppressive governments.
Re: (Score:2)
Most Tor traffic is to regular web-pages. Of the hidden service part, apparently most is people logging into Facebook.
Re: (Score:2)
Like unrestricted property (Score:4, Interesting)
Most Americans prefer to buy a home in a subdivision with a homeowner's association. They specifically choose such locations because they want protection from unruly neighbors, or from those who might want to set up a weed shop next door, or let their home deteriorate, or a host of other things that cause blight and decrease property values. They are willing to accept the rules and regulations, and yes, inspections, to maintain the property value of their home.
Some do prefer unrestricted property because they don't want the rules, they want privacy, just like TOR users. The down side is, you do take a risk of finding yourself next to a noisy frat house or worse.
TOR won't ever become mainstream, for the same reason people want deed restrictions. They actually prefer the relative security of browsing in an environment that is more controlled, and yes, monitored.
Just like cryptocurrency (Score:2)
TOR and cryptocurrency share a lot of the same objectives. A focus on privacy, and a freedom from regulations. In both cases, these goals are not actually achieved, as demonstrated by government seizures of crypto wallets of ransomware gangs, and crackdowns on drug trafficking on the TOR network. TOR makes people *feel* more secure because traffic is harder to trace. But at the same time, it literally *attracts* government scrutiny because those same goals (privacy and freedom from regulation) are goals tha
Slashdot story about TOR - LOL!!! (Score:1)
How hilarious is that? Slashdot hates TOR!
Anyone that's tried to use it knows what I mean - from B.S failed logins (yep, my password is correct, since I'm using a password manager) to incessant "You are now allowed to use this resource" B.S., it's clear that while proclaiming that Slashdot embraces anonymity (another B.S. statement), they obviously don't want you to use it with their precious 90s crummy site.
L-O-fuckin'-L!!!!!
I was going to comment (Score:3)
It was a really good comment too. Shame really.