I've already made all the arguments I have. If that's not enough, well, I'll wash my hands of it. You keep confusing terms. "Compromised" is not necessarily "hacked." And given the public stance of the TOR developers, I think it was a pretty official warning. Everyone can decide for themselves how secure they think the solution they are using is. Here half of the forum thinks that VPN is a panacea from all intelligence agencies of the world (especially if the server is your own). What can I say...
-
XSS.stack #1 – первый литературный журнал от юзеров форума
TOR: the good honeypot
- Автор темы basileusapoleiaoff
- Дата начала
Proof of what? First you said I accused ts of promoting Tor, when that was clearly not the case. Now you demand technical proof which no one offered. I just shared my opinion. What is your goal here, officer?
subjectively speaking, it seems funny to be writing all these backdoors and shit when global viewership has been acknowledged as its' achilles heel since forever and attribution can be done silently
Officer?!, Dont act like this, we dont need this kind of thing here bro. I asked for technical proofs because I believe its more interesting than just saying something dont works without providing any real evidence.
Последнее редактирование:
"Affirmanti incumbit probatio" (the burden of proof is upon him who affirms), says the latin maxim. So, as long as it cannot be proven technically, it will be mere speculation.
Oh, here comes the head of the department.
Attacking people from forum because lack of evidences is not smart.
It's not smart to try to mislead inexperienced forum members. Counter question -- can you prove the opposite, that TOR is not controlled by intelligence agencies and that there is zero risk of being caught when using it? Prove it. Code.
I never said this, what I can say is that I dont know about any vulnerabilities on software.
It's not my problem if you see cops on every corner of the earth. But, if you think that anyone who doesn't agree with you is out to ruin your life, I think you've been in the wrong forum for two months.
https://xss.pro/threads/83232/post-577496
sorry, I will not share any code or hosting providers I've used, so you could treat that post as a hearsay or anecdote.
P.S.
The same thing as you said was done by Lizard Squad at some time they filled a great number of nodes on Tor but it did not allowed to reveal anything about the users.
When someone who argues with me on security issues denies the obvious (learn the math in risk management) -- he's either a cop or an idiot. I don't see any other explanation. As for whether I chose the right forum or not -- that's for me to decide.
Let's say like this
Tor can help to make your internet usage more anonymous, but is not sufficiant
Is just one part of arsenal of all tools that can be used to hide your trace and identity
It is no sillver bullet. There are no silver bullets. I never recomend using Tor without Vpn, or using Tor on your private internet connection. Needs to be some burner router just for crime purposes.
they will say "oooh but every Tor circuit have 3 nodes"
Yes and so ?
How big are chances of encountering 2 malicious ( Nsa operated ) nodes within same circuit ?
I don't have accurate info, this what I am saying is pure guessing now, but let's say is 5% chance of encountering 2 malicous nodes within the same onion circuit ? Maybe is more, maybe is less, but that's not the point I am trying to make.
If there are 2 compromised nodes in one Tor circuit it means entire Tor circuit is compromised.
That would mean, that, for example, 1 out of 20 times you open Tor, your entire Tor activity is deanonymized, starting from your IP you use to connect to Tor, all the way to destination IP to which you connect through the exit node.
And I am pretty sure is more than 5% chances of encountering 2 malicious nodes.
And then allways, on some english speaking forums, there are feds who are saying "tor is sufficient, using tor with vpn is less safe" and they being stupid arguments like money trail behind Vpn and such noob shit.
Tor can help to make your internet usage more anonymous, but is not sufficiant
Is just one part of arsenal of all tools that can be used to hide your trace and identity
It is no sillver bullet. There are no silver bullets. I never recomend using Tor without Vpn, or using Tor on your private internet connection. Needs to be some burner router just for crime purposes.
they will say "oooh but every Tor circuit have 3 nodes"
Yes and so ?
How big are chances of encountering 2 malicious ( Nsa operated ) nodes within same circuit ?
I don't have accurate info, this what I am saying is pure guessing now, but let's say is 5% chance of encountering 2 malicous nodes within the same onion circuit ? Maybe is more, maybe is less, but that's not the point I am trying to make.
If there are 2 compromised nodes in one Tor circuit it means entire Tor circuit is compromised.
That would mean, that, for example, 1 out of 20 times you open Tor, your entire Tor activity is deanonymized, starting from your IP you use to connect to Tor, all the way to destination IP to which you connect through the exit node.
And I am pretty sure is more than 5% chances of encountering 2 malicious nodes.
And then allways, on some english speaking forums, there are feds who are saying "tor is sufficient, using tor with vpn is less safe" and they being stupid arguments like money trail behind Vpn and such noob shit.
That is the other side of the coin.
Renting server somewhere online and runing it like your own Vpn.
Yes, again, same as Tor, it can help you to hide your traces, it can help in anonymizing you. But is sooo far away from being a silver bullet. You are much easier to be profiled like this compared to using commercial Vpn.
Yes, you rent Vps from someone, maybe you configure it to not keep logs. But that Vps have host, that Vps have datacenter, and the crucial, most important thing, that Vps have an ISP.
If is not loged at one end, for sure is loged at the other end. People forget that "the botnet" is physicall. Datacenters, optic cables and such shit.
Nation states are holding entire population in MITM through ISPs.
Entire internet is the occupied zone
Yes, as every other occupied zone, it have some opaque spaces in it, spaces of resistance, zones of opacity... if you like
Only custom cascading of diffefent hopes of Vpns, Tors, and such things is relatively a solution.
Like runing one Vpn on OpenWrt router, another Vpn on Linux Host Os, whonix gateway for Vm, connect maybe to some rdp, on rdp also another vpn. All from different providers and different sources.
And source of connection, ISP, is it on your name connection, is it from mobile device, from 4G router, is it hacked wifi... Plays much bigger role then people like to admit.
Who big of redfag is for ISP when they see big % of all packages on users connection going through Tor. Or if you just use single hop of one Vpn, they directly see at which IP you connect and can compare timestamps of that IP and your connection logs
Like runing one Vpn on OpenWrt router, another Vpn on Linux Host Os, whonix gateway for Vm, connect maybe to some rdp, on rdp also another vpn. All from different providers and different sources.
And source of connection, ISP, is it on your name connection, is it from mobile device, from 4G router, is it hacked wifi... Plays much bigger role then people like to admit.
Who big of redfag is for ISP when they see big % of all packages on users connection going through Tor. Or if you just use single hop of one Vpn, they directly see at which IP you connect and can compare timestamps of that IP and your connection logs
I Agree with this kind of path and also with the part where you say there is no silver bullet. Tor is not perfect and no one solution will be, but adding it at some part of the connection path at least increase difficult to perform the path in the reverse order.
exactly
from my experience linked above I am pretty sure there is more than 50% chance of encountering 2 malicious nodes in 3.
The thought came to me earlier https://xss.pro/threads/90630/ I would appreciate your guys input and criticism https://xss.pro/threads/90630/
Many big brains find math to be a complex subject. Encryption is math and math is expensive. Evil exit nodes are not new nor should they be ignored and one must never put all trust in one thing. The economics of your opsec is much more important than you choos TOR or VPN. It is a much more complex problem. There is now way to be perfect but one could be more expensive to compromise.