1 yr. ago • 89%

How secure is Tor network?

For example, I downloaded Tor network and using it for illegal activities. Can my govt track me? Can US govt track me? I know it encrypts something but if I remember correct, FBI was able to find some Tor users before.

Note: illegal activities was for example. I'm not going to do anything illegal. I'm just planning to serve my instance with a onion address.

47 comments

This post glows so hard I'm going to need a pair of sunglasses.

65
- Wait, is the joke about me being CIA? Cause I’m not CIA 100%
  
  9
  
  That's exactly what a fed would say
  
  63
Short answer: In theory, pretty much anything you're doing on the modern internet can be traced back to you. It's just a question of how much effort, sophistication, and time someone's willing to invest in the tracing. Tor is a pretty high bar for them to clear, so it'll protect you against a pretty high bar of attempting to track you down -- but that's only true as long as you're not doing anything careless to compromise your own security, and it's pretty easy to do something careless (especially in the long term).

This DEFCON talk goes into a lot of the nitty-gritty details and reality. The speaker sold drugs on the dark web for quite a while, but eventually got caught and went to federal prison, so he knows both sides of it.

55
- Here is an alternative Piped link(s): https://piped.video/watch?v=NGiUhjuB22Y
  
  Piped is a privacy-respecting open-source alternative frontend to YouTube.
  
  I'm open-source, check me out at GitHub.
  
  13
- Thanks for the video, I'll check it out.
  
  4
Most tor users got caught because of bad OPSEC, not because of the tor network itself…

40
- Bad opsec and hubris/idiocy.
  
  11
- Maybe, parallel construction confuses the quality of ToR a bit. If I was a APT and compromised ToR I wouldn't want anyone to know, so i would use parallel construction to always have a non-ToR reason for a take down.
  
  7
- So we need other security methods besides using Tor? Like what?
  
  1
  
  Not using anything Google/Microsoft related would be a good start.
  
  20
Don't do illegal activities.

What signal fiasco?

You should read the Tor foundation documentation before trusting your freedom to it.

You can be tracked on Tor, but the question is by who, and when. If you login to gmail over tor then google knows your using tor. If you access tor from your home computer then your isp knows your using tor.

If your threat model includes Advanced Persistent Threats at the nation state level, then they can do Cybill attacks and control enough nodes that they could track you.

30
- "illegal activities" doesn't always mean buying crack cocaine, or whatever. depending on where you live it can mean:
  
  accessing wikipedia, forming communities, performing union activities...
  
  in other words, the ruling class of your country decides something being threatening their power, and that becomes an illegal activity.
  
  of course everyone can be tracked. also everyone is not julian assange, so i'm not so worried about using tor for "illegal activities".
  
  9
- What I meant with Signal fiasco is, they didn’t published server code for a year and the fact that they’re a US establishment. It’s not looking that bad but I’m not going to trust them anymore.
  
  -2
  
  ToR was started by the US Navy and still gets funding from the navy every year. ToR is a tool used by the US for spooks and spook assets globally. The only reason it was made public was to generate enough noise to hide the spook talk.
  
  So applying your logic means you shouldn't use ToR either.
  
  17
Signal fiasco?

11
- [This comment has been deleted by an automated system]
  
  4
- I guess the phone number leak, I wouldn't really call it a fiasco though
  
  3
  
  That was also a hack on Twilio. Signal itself wasn't compromised in any way if I am not wrong.
  
  6
  
  I said "fiasco" because they did not share the backend server repo for a while and did not make any statement about it. Maybe a little overreaction than it should be. But for an app that promises privacy, it's kinda annoying.
  
  2
Nice try

9
- Sheesh, almost got you 😅
  
  0
Please don't do anything illegal...

9
As long as you stay ^far ^far away from Javascript, you should be fine.

7
On a serious note, if I'm not mistaken, most cases of Tor users identity being uncovered is via information the user either unintentionally leaving information public, or privately told another user, which was made public due to a betrayal or a security breach.

In most other cases involve security flaws in Tor clients not the network, again if I'm not mistaken.

5
smart move to add that note, they nearly send out a swat team

5
@iso depends if you click on this click: https://dowloadtor.melroy.org

3
- Were the link go? I'm too spooked to click
  
  4
  
  The Curiosity of the human mind is the weakest link.
  
  1
- I'm intrigued. What is that link?
  
  1
  
  It's a download link for Chromium based Tor browser named nginx.
  
  1
  
  The Curiosity of the human mind is the weakest link.
  
  0

You've viewed 47 comments.