There are numerous difficulties associated with TOR that are not really the fault of TOR, but are consequences for how the internet is designed. There is nothing in the structure of the Internet that was designed to protect privacy.
Well funded adversaries can have a large number of machines act as routers and exit points, and by manipulating traffic delays at various hops, they can disambiguate a large percentage of the traffic that flows through the TOR network (some headlines this past year have suggested ~3/4 of all traffic can have the source be de-anonymized). There is simply no way to work around this. There is also no place on the planet that is safe from large state actors, particularly the NSA. I use VPNs to obscure my traffic from the ISPs that I use and to have a little control over the routing that my packets take. I am under no illusion that any of this protects me from the CSE or NSA (or any other such exceptionally well funded organizations). None of this protects against OS and browser fingerprinting. You can still be tracked based on the services that you connect to. Chances are that most of those services will hand your data over to various agencies with little to no effective judicial oversight. Just forgetting to log-off from a site like facebook means that every site with a Facebook like button leaves a trail that Facebook records. This is also true of the other "social" networks. It does not matter if you use TOR or any other technology. A final word about encryption. It is helpful to think of encryption as a time lock. All it really does is to slow down access to the encrypted data. The math is sound, but there can still be (or more accurately probably are) flaws in the various implementations. Never assume that encrypted data is safe, especially data at rest (data stored on a cloud service for example). If complete privacy is what you want, the Internet is not a good place to get it. Again we circle back to figuring out exactly what you want to protect and from whom. Ask and answer this question first before even considering technical solutions. Unfortunately there are no simple solutions, and there is a lot of work required both in the learning and implementation. On Fri, Apr 3, 2015 at 12:32 AM, Viorel Tabara <viorel.tab...@infrabit.net> wrote: > On 03/12/2015 01:38 PM, Gustin Johnson wrote: > > Even TOR which was designed to do this as much as possible is far from > > perfect (essentially best case is that TOR provides a 50/50 chance that > your > > privacy is maintained). > > Gustin, I couldn't find anything about the 50/50 privacy, if you have any > pointers can you share? > > > This can have some advantage in that your exit point can be in a > different > > legal jurisdiction, but never assume that you are protected. [...] Your > > browser is still connecting to the same endpoints, the web sites still > use > > various tracking methods to uniquely identify your connection, and none > of > > this is solved by a VPN. > > If Joe is looking for anonymity while browsing, then a simple solution is > using > the Tor browser (which provides https, protection against canvas > fingerprinting > etc.) over an SSH socks tunnel to a VPS outside NSA (and friends) > jurisdiction. > If the SSH tunnel dies the browser won't connect, here's an output from my > session: > > Apr 02 22:42:47.000 [notice] Bootstrapped 90%: Establishing a Tor > circuit > > Apr 02 22:42:48.000 [notice] Tor has successfully opened a circuit. > Looks > like client functionality is working. > > Apr 02 22:42:48.000 [notice] Bootstrapped 100%: Done > > Apr 02 22:42:49.000 [notice] New control connection opened from > 127.0.0.1. > > ... > > Apr 02 23:34:20.000 [warn] The connection to the SOCKS5 proxy server at > 127.0.0.1:44380 just failed. Make sure that the proxy server is up and > running. > > Apr 02 23:34:21.000 [warn] The connection to the SOCKS5 proxy server at > 127.0.0.1:44380 just failed. Make sure that the proxy server is up and > running. > > This will make an interesting reading for everyone interested in privacy: > > > http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance > https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN > https://tails.boum.org/doc/about/warning/index.en.html > > -- > Viorel > > > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
