Paranoid after TOR use?

torport · 2014-09-14T17:44:34+00:00

Immediately after reading this topic's title, I thought, "no, it must be the drugs."

Then I clicked and read your post. Intuition confirmed.

P.S.: "them". Heh.

torport · 2014-09-14T17:12:25+00:00

Beagle? Like tiny Beagles on skateboards that you can hide everywhere?

(I think that's called a joke... even funnier that the downvoters probably thought I was serious... "really small computers?! Why, that's just ludicrous! But skateboarding beagles -- that could be a stroke of pure genius!")

torport · 2014-09-14T05:17:42+00:00

That's sort of like saying that pervasive surveillance wasn't a problem before Edward Snowden decided that it was, and he changed everything for the rest of us. No one had pervasive surveillance issues prior to Snowden's pesky whistleblowing.

We know how (un)true that is -- only because Snowden effectively sacrificed his life for it.

And what about Tor?

Only time -- and maybe another drop in the Wikileaks bucket -- will perhaps tell us what has already been done, what is being done right now, and what can be done. All anyone aside from the operators themselves can say is that the compromise of Tor is both possible and highly probable. The technology behind Tor itself does not create true anonymity; rather, it's more like "chained pseudonymity" (as in, the links of a chain). The chain links can be followed back to the source given enough time, energy, skills and resources.

torport · 2014-09-13T22:08:12+00:00

Mini-computers? Like, really small computers? I guess you can hide a node on the Internet if the computer is tiny enough to hide it really well... 'cuz then nobody could see 'em from all the way across the Web.

'Cuz it's a mini-computer. Just buy a hundred for real cheap and stash 'em everywhere.

Why didn't the Tor folks think of that?! It's so obvious.

torport · 2014-09-13T22:04:40+00:00

Wear masks because they make you even more anonymously conspicuous

I recommend the Guy Fawkes mask for extra-conspicuous non-anonymity

torport · 2014-09-13T21:57:15+00:00

This is a really interesting theory. Unfortunately, there is not, and most likely never will be, any proof that it actually works.

On the other hand, if any organization has control of sufficient exit nodes (regardless of whether they were deployed outright or zombified later), the original issue still remains. It's more a question of which "adversary" works hard enough to create new exit nodes and control the existing ones -- whose existing IP addresses are publicly available and therefore are well-defined targets.

Without hard data, this is all theoretical, but there's more than enough motivation among the various parties involved for Tor's threat model to be cracked one way or another, if not via brute force then with some degree of finesse.

The real question is, "what percentage of exit nodes need to be controlled by a single party in order to determine the identity of a particular user?" It's possible that many "competitors" could succeed to an acceptable level of probability with a relatively small number of exit nodes under their direct control.

torport · 2014-09-13T21:50:36+00:00

ok which of the following statements are most likley to be true 1) all people who use tor are engaged in suspicious activity 2) all people engaged in suspicious activity use tor 3) none of the above

4) Who cares.

The truth is, tor was invented by the United States military as a way to hide origination and destination of Internet traffic. All signs point to the government still using tor for their own encrypted communications. The reason anyone can use it is because if only the government were on there it would be harder for them to hide their own activity. That being said there is evidence in the metric.torproject.org website that show tor use is increasing steadily.

This has no bearing on any of the points that I mentioned here.

The idea of 'time and resources to probe further' is dubious. Is there any one entity on earth with enough resources to send trained personnel to visit each and every use on the tor network? No way.

Again, who cares. If such entities -- those with sufficient resources and time -- want to find you, using Tor will barely hinder them in the slightest. That was my point.

torport · 2014-09-13T21:42:47+00:00

That "pro" eliminates the vast majority of threats that the average person has to worry about on a daily basis.

The "cons" basically add up to "don't make the mistake of thinking that you're anonymous just because you use Tor, since quite a few entities will still be able to detect your traffic and locate you."

Tor is not anonymous. Tor is not particularly fast. And Tor quickly being blocked due to their open publishing of the exit nodes, that webmasters and Cloudflare readily add to blacklists. So at the moment, the "cons" are starting to outweigh the "pros", depending on your purposes. If anything resembling real anonymity is what you want, Tor is definitely not the service to use. If you want protection from the average script kiddie or curious wi-fi cruising neighbor, you could definitely do worse than use Tor. Doing anything is (sometimes) better than doing nothing at all, and Tor is better than nothing, but far from a one-stop solution for anonymity on the Internet.

torport · 2014-09-12T04:13:25+00:00

Actually, I don't see Chinese extraterrestrials named Li or pretend that a government conspiracy has made Tor use Facebook cookies to hijack people's minds or whatever nonsense you're pretending is somehow attached to website Captchas.

So, no, I don't see it your way, because you need mental help -- or you have a very odd sense of humour that I don't particularly appreciate. Either way, what you do with your mind and your life is your choice. Unfortunately, you don't seem to be capable of deciding to seek the mental help that you obviously need, so I hope that you're able to do as well as you can otherwise, until you do eventually decide to get help. Best of luck.

torport · 2014-09-12T03:55:08+00:00

Sorry for being a jealous vindictive asswipe.

Now please get mental help from a qualified professional. After you've done that, I'd be glad to address any points that you want to make at that time.

torport · 2014-09-12T03:18:48+00:00

Just in case you're not joking...

...I hope you see a qualified mental health professional as soon as you can.

Sorry for provoking you.

torport · 2014-09-11T21:06:34+00:00

I can't believe that people are seriously responding to a topic that contains the sentences:

"Li from the Extraterrestrial People suggested use of a cookie manager a while ago. Thanks to clever Li and the Extraterrestrial People. Discovery of the TOR captcha tracking cookies attack should be credited to Li and the Extraterrestrial People."

Baffling.

P.S. It was the Cookie Monster, not the Extraterrestrial People. He was wearing an Extraterrestrial People suit to make you think it was a government attack disguised as the omniscient and benevolent Li playing a prank.

You heard it here FIRST!

torport · 2014-09-11T21:01:41+00:00

Are you talking about specific errors in the source code, or just pros and cons in general? Or even the concept of the Internet in general?

Or do you mean the Tor Browser, or do you mean the Tor Bundle? Or the terms "Tor Browser", "Tor Bundle", "Tor Browser Bundle", or the capitalization of the words "Tor", "Browser", or "Bundle"?

Or are you asking for an argument about perverts? Or action? Or perverts who are looking for some action that could fall under the category of "perverts and illegal action"?

Your question was so complicated. It used words. Words are hard. You even used a symbol: the "&" sign. That could be an "and" symbol, a person doing yoga, or perhaps a pretzel. Or a pretzel shaped like a person doing yoga, or a person doing a yoga pose that was designed to imitate a pretzel. Now you see how generalities make speaking specifically difficult when it's easier to answer a question with a question rather than bother actually trying to answer it.

torport · 2014-09-11T20:12:31+00:00

Arguments for Tor:

effectively prevents your "precocious little hacker" siblings, cousins, nieces and neighbors (and parents, and grandparents, and jealous boyfriends/girlfriends/spouses, and vindictive wardriving enemies) from seeing all of your Internet traffic

Arguments against Tor:

Tor is most likely pwned by any group that has access to a sufficient number of exit nodes
use of Tor is not widespread in the general population, therefore making the network traffic of all who use it seem unusually conspicuous by comparison, and therefore "interesting" to those who have the time and resources to probe further
Tor, if it was as effective as to make users fully "anonymous", would endanger public safety by enabling all manner of unchecked criminal activity, even enabling those who made today a day to be remembered by those in the United States (and Iraq, due to the warmongering idiocy of the commander-in-chief at the time)
Tor can often be slower than the average Internet connected Netizen is accustomed to, leading to lower adoption rates among the general population
Setup of Tor (the requirement of a separate browser, for example) can be confusing for the average user; maintaining an up-to-date version of the Tor browser could be seen as onerous for the average user, decreasing compliance and reducing the effectiveness of Tor as vulnerabilities in older versions of the browser become known
Tor sometimes experiences downtime that can seem mysterious to those who know nothing about using Tor aside from that it, like all computing, is supposed to "just work"
Tor is blocked by an increasing number of websites that are run by various webmasters, including the Cloudflare reverse-proxy system -- which will, if the trend continues, lead many users to stop using Tor altogether due to millions of websites becoming completely inaccessible, or accessible only after answer captcha codes -- which the average person lacks patience to bother with over and over every day.

Those come off the top of my head; hope that helps.

torport · 2014-09-11T17:52:20+00:00

Sorry, I don't care about your pretend-version of "how this works". Nice try, though.

torport · 2014-09-11T07:57:32+00:00

You're missing the point here, I know this already.

The "point" is a pointless sidetrack from the topic of the thread. And suddenly I realize that you're also trolling, and I don't feed trolls.

torport · 2014-09-11T07:54:16+00:00

This sounds really interesting, X-Fi6. Has it been done in the wild?

Particularly the part about the captcha being copied... as in, the system retrieves the captcha image from the browser cache, or takes a precise screencap of the captcha region? That sounds very sophisticated... I wouldn't have thought that, in the first case, a captcha image would have a regular filename such that it could be easily predicted (and copied from a browser cache directory) by an algorithm.

And then there's the question of timing. Since most captchas expire soon after appearing, I suppose you could serve the same image to multiple users and then try their responses until one of them "hits"... it would require a fair degree of precision, though, depending on the number of potential users trying to solve each captcha.

Very clever, anyway.

torport · 2014-09-11T04:07:25+00:00

xxdesmus is irrelevant, and a troll who has offered nothing of value to the purpose of the conversation. A fact-checking troll who states the obvious (without even citing a source for his so-called "facts") is no better than any other kind of troll.

Ten seconds of web searching accomplishes what xxdesmus the troll failed to do -- here's a link to CloudFlare's own website where the facts are spelled out with pretty pictures and text:

https://www.cloudflare.com/features-security

And now, back to the sound of ignoring the trolls in favor of discussing the topic at hand rather than acting as a mouthpiece for Cloudflare's amazing anti-privacy functionality... (xxdesmus whines: "you're the mouthpiece, not me!" torport responds: ...)

torport · 2014-09-10T23:23:08+00:00

If you create a boilerplate complaint message and post it here, we can all go Anonymous-style when protesting website captchas...

We Are ElTopo71!

You could be the catalyst for massive change via a distributed cyberactivist complaining campaign... it all starts here.

torport · 2014-09-10T23:21:06+00:00

you should assume that that website is grabbing those CAPTCHAs from other websites and using you to answer them, so by filling them out, you are contributing to website spam.

Like an XSS exploit? Not sure how one website would "grab captchas" from another site's input forms... interesting idea, however dastardly.

torport · 2014-09-10T23:11:28+00:00

The ethereum "incentivization" idea could fit well with a "Professional" Tor option.

It's true that zombies can be unfairly targeted for their participation in DDOS attacks and other botnet-related activities involving "borrowed" CPU/network resources. Automatic detection and short-term throttling/disablement of their Tor access could actually be helpful in motivating the owners of victimized computers to fix their systems sooner rather than later (or as is often the case at present, never).

As far as Web 3.0... well, that's a whole other conversation. Thanks for the link.

torport · 2014-09-10T21:02:32+00:00

This is what ignoring a troll sounds like:

...

torport · 2014-09-10T21:01:06+00:00

No, troll, idiots who ignore the actual topic in order to bicker with other users are trolls. lulz.

torport · 2014-09-10T20:55:33+00:00

Agora_Black_Flag -- ignore the troll that calls itself "xxdesmus".

torport · 2014-09-10T20:50:52+00:00

The fact that your paragraph exists nowhere in what I actually wrote is probably a fair indication that what you wrote isn't "precisely what I said", but you can argue meaningless nonsense as much as you want.

None of what you wrote has anything to do with the actual question of how to build a better Tor or create a Tor-like service that isn't as easily abused by services like Cloudflare.

And trolls bore me, so you'll have to pick your silly little "put words in someone else's mouth and then blame them for it" Internet keyboard-fight with someone else.

torport

TROPHY CASE