Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Privacy

'Tor's Shadowy Reputation Will Only End If We All Use It' (engadget.com) 65

Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.

"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

This discussion has been archived. No new comments can be posted.

'Tor's Shadowy Reputation Will Only End If We All Use It'

Comments Filter:
  • by Anonymous Coward

    If any of these "protect the children" laws get passed where basically every web site will require mandatory identity theft information from every person then we will all be pushed off the regular web to the darker places. Including kids. These bills/laws are so backwards it hurts my head.

  • by Anonymous Coward
    I operate 2 non-exit and 1 exit Tor node for 3+ years and I also use Tor daily (using Tor on router). The speed was improved for the past years but if you hate slow internet & cannot wait you might have a problem & need to adjust your habit a little. Also get ready for Cloudflare popping up everywhere [0xacab.org] & sites closing doors for you.
    • Only very shady places makes me use the Tor browser because of the speed issue.
      And finding those juicy tor addresses for my marijuana habit has been problematic as of late, besides I was burned on the last two shipments so I kinda was turned off from net shopping my illicit goods.

      Getting a letter from the customs office saying that a package was held because of its contents and wondering if I wanted to come down to collect it in person was rather humorous...

  • by Dwedit ( 232252 ) on Friday July 28, 2023 @09:05PM (#63723124) Homepage

    It's still extremely dangerous to run an exit node. If someone 'misbehaves', it's your ass that's on the line.

    • Resolved by intelligence agencies running lots of exit nodes so they can examine the traffic!

      Luckily, this has already been implemented.

    • by narcc ( 412956 )

      As long as the criminals are sticking with hidden services, there isn't any risk to those brave souls running exit nodes.

      Really, hidden services are where TOR really shines. Not only do they offer better protection for users, they can even improve performance. When you don't need to hide the identity of your server, you can get away with shorter routes.

      Facebook, of all companies, has had a hidden service operational since 2014. This is a good thing. We want more hidden services as the more we have the

    • It's still extremely dangerous to run an exit node. If someone 'misbehaves', it's your ass that's on the line.

      Isn't this a relic of the 00s where people were being sued based on IP addresses? I thought the courts have now wisened up to an IP address not tying to a person?

      • Courts wisening up? What weird country do you live in that yours do that?

      • I suspect not.

        It's well known that Tor is used for a lot of shady stuff, so by running an exit node you're probably guilty of aiding and abetting those crimes.

        Plus, the whole "you need more than just an IP address" argument doesn't apply. If you're running a Tor exit node then that request for child porn or whatever DID come from your computer. And it's not that hard to prove it.

        Now, good luck proving that it came from your Tor exit node and not from you personally.

        Especially to a judge and jury that's pr

        • by nasch ( 598556 )

          Especially when there's no question that you DID download it.

          I would say there's no question that you did NOT download it. Your computer did, but at the direction of someone else, not you. Getting a judge and/or jury to agree is a different story.

          • Yeah, the exact line gets murky. But, at a minimum it was done with your implied consent. It's not like a hacker took over your computer or something, you intentionally connected it to the tor network so that others could use it as they like, knowing that this was something that some people would likely use it for.

            In the absence any sort of social consensus that the good of things like tor outweigh the evils, that's at best going to be a really uncomfortable place to argue a case from.

    • by zdzichu ( 100333 )

      It's even problematic to run transit node. Some webpages (Ryan Air, I'm looking at you!) will only preset you simple error page if your IP is on transit nodes list.

  • dirty syringes? I get it!

  • by FuzzMaster ( 596994 ) on Friday July 28, 2023 @09:52PM (#63723170)

    ...if the only users of the network are government actors, that doesn't provide much security/anonymity.

    It's too hard and/or dangerous to run an exit node. The US government should provide legislative immunity to the operators to encourage their participation in the network, thereby increasing its overall security for every participant.

    • by gweihir ( 88907 )

      Tor is not a DARPA product. DARPA financed part of the research, but Roger Dingledine thinks that back then, they did not know what they were financing.

    • Why would the US government want better security for the criminals they're hunting?

      Better security for the insurgents they're helping polarize overseas is one thing, but there's no reason to protect Americans to get that. In fact doing so just makes it easier for foreign powers to turn the tables and polarize American insurgents.

  • Good luck (Score:5, Informative)

    by RobinH ( 124750 ) on Friday July 28, 2023 @10:11PM (#63723188) Homepage
    I tried running a Tor gateway based on an article in Make Magazine about how to setup a Raspberry Pi for this purpose. It was setup as a middle node and a local proxy, but not an exit node. Within a couple days my web banking portal (TD Canada Trust) blocked my home IP address, even for traffic I wasn't routing through Tor. I could still access web banking from work, but not from home. I shut down the Raspberry Pi and within about 3 days I could access my web banking again. The list of intermediate Tor nodes is public, and for some reason TD was blocking the whole list, and not just exit nodes. That certainly discourages people from running middle nodes.
    • lol reminds me of torrents and their public trackers. Stupid design.

    • Sure you weren't accessing your bank over tor?

      Been running middle nodes for long. They keep my boxes behind entry/exit nodes, and generate plenty of noise on my wires. I like.

      Also using tor for very trivial stuff where I'm not logged in: /., supermarket deals, news, tech support searches, you name it. That's what the web gets for profiling its visitors.

      Of course unless you're trying to hide your visits from local intermediaries like ISP, government, work or what not, it often doesn't make much sense to hide

      • by gweihir ( 88907 )

        Also using tor for very trivial stuff where I'm not logged in: /., supermarket deals, news, tech support searches, you name it. That's what the web gets for profiling its visitors.

        I am doing the same. Also use it for looking up any type of medical info. Never noticed any negative effects.

        My guess is the OP did something wrong or the instructions were flawed and his gateway allowed reflector attacks or the like. That will get you blocked temporarily in many places. I had to put in some rate limiting in my Linux vServers (no Tor instances there) because that kept happening. No problems since then anymore.

      • by RobinH ( 124750 )
        The instructions I used were the print version of these [makezine.com] (and were older than those instructions). If the problem was that I was accessing my bank through Tor, then why would it still be blocked for a couple days after I turned off the Tor proxy/gateway? It was either than the bank was being overzealous, or there was a problem in the setup instructions.
      • by ls671 ( 1122017 )

        it often doesn't make much sense to hide your IP from places where you do log in.

        Unless the account isn't yours... /s

  • Years ago when I first heard about it, my assessment of TOR network was (and still is) that it is a government sponsored criminal *conspiracy, and that the only legal "protection" I'd have if I were to operate it in any capacity and in the recommended manner would be government reticence to act consistently and prosecute its own contractors and agencies (which seems like it would prove rather flimsy a protection if a particularly high-profile incident occurs and I get caught up in the ensuing investigation)
    • by gweihir ( 88907 )

      The Tor network is FOSS. Don't you think somebody would have found out and published this if your assessment were remotely true?

      • by ls671 ( 1122017 )

        Neither do I know for sure but maybe he is referring to TOR nodes ran by governments just like the contractors for movie companies who send DMCAs and sometimes sue are active on torrent.

        • I was referring to the TOR protocol (and not to the honeypot-like appearance and outcomes some of the more practical criticism focuses on). Accepting packages from an unknown origin, peeling off a layer of encryption, and forward along toward an unknown destination, and [if recommendations are followed], maintaining no logs.

          This is in sharp contrast to the conventional communications operators, which do maintain records of how their customers are using their services and cooperate with lawful investigation

  • If you shop via Tor as the article suggests, you anyway give all your info away, address, contact, payment..
    • by ls671 ( 1122017 )

      I assumed he meant shopping for prices and available products without giving your identity.

  • by MindPrison ( 864299 ) on Saturday July 29, 2023 @01:21AM (#63723370) Journal

    The problem is, most people are actually fools, one look at how they chose politicians and how they accept ever increasing draconian rules to rule their lives is pure proof of that.

    If you ask most people (and I've asked a lot), they will tell you they have no need to hide anything so they won't use tor at all.

    Yes - we IN HERE know the arguments too well, and we know the counter arguments too, well if you have nothing to hide, why not give us your bank keys, keys to your house etc. the usual stuff.

    But people don't see it like that, they blindly trust authorities, heck - today people even trust those with the most likes, and whatever they say must be true, right?
    That's the society we live in. Fraud is on the increase, our country has seen a rise so heavy that over 10 percent are now subject to fraud every year, and people aren't getting much wiser.

    You could argue the same for those milking cows that think it's fine to work from 18 to 69 and then just die with horrible diseases, regular aging, and never enjoying a single day of their life, they trust the authorities, they go about their daily business without experiencing freedom a single day of their life.

    Tor is a form of freedom, but you need to actually have a functioning mind to use it. For example, your regular Joe will still reveal themselves on Tor, they will use their usernames which they used to use in the open internet - which ofc. will unmask them, they will use their logins, they will regularly search their friends names and hence reveal themselves eventually anyway.

    The average Tor user is also considered a potential terrorist or a criminal, same with Linux users and anyone that doesn't follow the norm. In some countries just using VPN or voting differently is enough to label you.

    That's because people are worried, don't think properly, too lazy to educate themselves, to fearful to do something outside the norm, don't think they have anything to hide and increasingly accept more and more survellance and control of their lives.

    Sad to say it - but I kinda think they deserve what they have coming.

    • by gweihir ( 88907 )

      The problem is, most people are actually fools, one look at how they chose politicians and how they accept ever increasing draconian rules to rule their lives is pure proof of that.

      Pretty much. As if the millions that died to end this crap did not have a point, they now want all that again.

      Sad to say it - but I kinda think they deserve what they have coming.

      Indeed. The only compassion I have is for the minority that gets it and that gets caught in this as well.

  • My API-using bot for Discord sometimes gets issues with web services getting attacked or local Cloudflare PoPs having problems. I use ToR to route around the issues and (for the few services I connect to that have ToR servers) use alternate methods to reach them.

    • by gweihir ( 88907 )

      I do that as well. Also a nice ElCheapo distributed VPNs that works on Linux for checking from where a service is accessible in a network exposure analysis for a customer for example.

  • by Arnonyrnous Covvard ( 7286638 ) on Saturday July 29, 2023 @02:14AM (#63723428)
    Its reputation is well-deserved. TOR is a sewer of the worst refuse that humanity has to offer. Just because you like swimming in it doesn't mean you are of that same quality, but it also doesn't change that you're swimming in a sewer. Some people may have a legitimate need for something like TOR, some support it for ideological reasons, but most people who use it are doing something they shouldn't be doing. TOR carries more illegal activity by design. That repels people who also don't hang out in dark alleys in real life. It is not unusual for web sites to block TOR exit nodes, and not just if the web sites use Cloudflare. If you run a web site and see where the malicious traffic comes from, it is not a big leap to wield the ban hammer. That makes TOR a worse choice for legitimate traffic and spurs the separation into a "light" net, which normal people use, and a darknet for the criminals. You might call it a self-fullfilling prophecy, but the actual design goal of hiding your identity is what makes TOR attractive to criminals, not its reputation. This design goal creates a self-reinforcing separation of the user groups, and since it's a fundamental design goal, it will never change. TOR's reputation is set in stone by what it is.
    • by gweihir ( 88907 )

      You are right. The largest traffic component by far in Tor is people logging into Facebook. (Look it up.) I do fully agree that Facebook ist a "sewer of the worst refuse that humanity has to offer".

  • I was pleasantly surprised to discover that in addition to the usual 'open private tab' option, Brave offers 'open a tor tab'.

    Why does anyone have a VPN?

  • Losing out on the ability to block sources of bad traffic is just too big of a minus on the modern internet. It's just not good enough to be told that the only way we're allowed to handle this kind of thing is to block by content. And so I, like a lot of people, just block tor (and a lot of things like it), broadly, from accessing a lot of things I have administrative control over, for the good of those services. Prevents a lot of abuse, both social and technical.

  • by hdyoung ( 5182939 ) on Saturday July 29, 2023 @09:54AM (#63723874)
    Everyone should be using it because everybody on the planet wants to run a .onion website that’s invisible to 99.999% of the population, avoided like the plague by the search engines, completely shunned by advertisers, and viewed with hostility by basically every government on the planet. Yup, lots of wholesome activity going on over those websites, at least after you filter out the honeypots run by intelligence agencies. Sure, you can try to use it for legit purposes, at the cost of wearing a massive “this guy is extremely sus” blinking LED sign on your forehead and putting yourself squarely on the radar of 23 different government groups with 3-letter acronyms.

    Don’t get me wrong, there are totally legit reasons why people might want to keep their web activities off the radar. Activists in Iran or Russia, etc. etc.

    Beyond that, it’s only good for self-styled anti-government types who don’t liekthe idea of being monitored. News flash - using tor is probably a good way to dodge monitoring by the internet companies, sure, but at the cost of being on the radar of much more serious spy agencies. I’m sure the NSA has a division purely dedicated to monitoring tor users. Do you really want to be on that watch list? Once you’re on it, you probably never get off it.

    I support Tor’s existence, but let’s please be clear-eyed about it. It’s not an Everyman’s browser and it never will be. You do you, but with vpns available, the use case for tor is extremely weak even in most places with oppressive governments.
    • by gweihir ( 88907 )

      Most Tor traffic is to regular web-pages. Of the hidden service part, apparently most is people logging into Facebook.

  • by Tony Isaac ( 1301187 ) on Saturday July 29, 2023 @12:59PM (#63724150) Homepage

    Most Americans prefer to buy a home in a subdivision with a homeowner's association. They specifically choose such locations because they want protection from unruly neighbors, or from those who might want to set up a weed shop next door, or let their home deteriorate, or a host of other things that cause blight and decrease property values. They are willing to accept the rules and regulations, and yes, inspections, to maintain the property value of their home.

    Some do prefer unrestricted property because they don't want the rules, they want privacy, just like TOR users. The down side is, you do take a risk of finding yourself next to a noisy frat house or worse.

    TOR won't ever become mainstream, for the same reason people want deed restrictions. They actually prefer the relative security of browsing in an environment that is more controlled, and yes, monitored.

  • TOR and cryptocurrency share a lot of the same objectives. A focus on privacy, and a freedom from regulations. In both cases, these goals are not actually achieved, as demonstrated by government seizures of crypto wallets of ransomware gangs, and crackdowns on drug trafficking on the TOR network. TOR makes people *feel* more secure because traffic is harder to trace. But at the same time, it literally *attracts* government scrutiny because those same goals (privacy and freedom from regulation) are goals tha

  • by Anonymous Coward

    How hilarious is that? Slashdot hates TOR!

    Anyone that's tried to use it knows what I mean - from B.S failed logins (yep, my password is correct, since I'm using a password manager) to incessant "You are now allowed to use this resource" B.S., it's clear that while proclaiming that Slashdot embraces anonymity (another B.S. statement), they obviously don't want you to use it with their precious 90s crummy site.

    L-O-fuckin'-L!!!!!

  • by PeterGM ( 5304449 ) on Saturday July 29, 2023 @08:37PM (#63724698)
    I was going to comment but some obtrusive bullshit newsletter signup blocked most of my screen. So now I'm posting absolutely nothing of relevance to this subject in protest.

    It was a really good comment too. Shame really.

You are always doing something marginal when the boss drops by your desk.

Working...