There is a growing chorus of people who blindly recommend Tor to anyone looking for online anonymity. This recommendation often ignores mountains of evidence suggesting that Tor is not the “privacy tool” it’s made out to be.

No privacy tool is above criticism or scrutiny, and each has pros and cons. Unfortunately, Tor has garnered a cult-like following in recent years among people who pretend it’s infallible. Honest criticism of Tor is often met with accusations of “FUD” and ad-hominem attacks, so as not to disrupt the collective Groupthink.

Never mind the fact that the Tor network is a popular hangout for pedophiles and drug dealers – along with the law enforcement these types attract. Today, Tor is being marketed as some kind of grass-roots privacy tool that will protect you against government surveillance and various bad actors.

According to Roger Dingledine (Tor co-founder) and other key Tor developers, getting people (outside the US government) to widely adopt Tor is very important for the US government’s ability to use Tor for its own purposes. In this goal, they have largely succeeded with Tor being widely promoted in various privacy circles by people who don’t know any better.

But is Tor really a secure and trustworthy privacy tool?

Comments

You must log in or register to comment.

NotQball wrote on August 12, 2024 at 12:52 PM

I did NOT monitor TOR the same way as i2p. There are some obvious "concessions"/sell-outs. I do NOT want to open THAT can of worms. What is obvious:

Bad crappers: some entry guards and some exit nodes. These guys sell your data even from browsing ebay and Amazon. That desperate.
In MY OPINION Tor Browser is mediocre...
If you run YOUR OWN Tor servers and i2p routers (plural), despite of what you heard, SOME i2p traffic through Tor will help you out with TOR. You NEED 2 KNOW what you are doing on both networks and have some monitoring tools. This is for people in dire situations with enough knowledge of both networks. It is more of a problem for i2p than TOR. Don't make me sorry that I brought it up!

Saint_Cuthbert OP wrote on August 12, 2024 at 10:45 PM

In your third statement, are your referring to the fact that I2p is now blocking Tor traffic?

NotQball wrote on August 13, 2024 at 2:07 AM

The Official router does block through TOR traffic. It is an OK decision since it is an entry level router. I rarely test that version. The truth is that you do not want a lot of traffic over 30% (varies depending on conditions) through slower networks: satellite, ygg, flokinet some cell, modems, some VPNs. It does help with security but at a cost. Don't be stupid... in theory some entry guard may be able to block you unless you use your own servers. Again: If your threat model dictates it don't hesitate!

cumlord wrote on August 13, 2024 at 5:30 AM

I've always assumed that it's monitored to some degree. Not like all tor users can be monitored clearly at all times, but from the aspect that running tor doesn't make you nsa proof. nothing does, but it does a good job at making you blend in, so when i want to look like everyone else and not do something identifiable, tor doesn't seem so bad. i think that's probably it's best use case, when what you chose to do with it would be like a needle in a haystack identifying you, but it can't correct for user error.

good to see new people interested in this kind of stuff even if they show you they just logged into their bank account with tor. they got the right spirit i guess.

Saint_Cuthbert OP wrote on August 15, 2024 at 9:36 PM

There are only some odd-thousand tor nodes out there. For a powerful adversary to run many of them doesn't seem too unbelievable (50 cent army). They may not be able to hire someone to watch each and every node al the time, but they could possibly automate the process with artificial intelligence.

The Whonix documentation discusses how Tor users can be fingerprinted by their typing speed, among other things. And remember that it wasn't public knowledge that emails and phone calls could be tracked on a large scale until somewhat recently. In The Art of War is says to make your enemy think that you're weak when you're strong and strong when you're weak.

cumlord wrote on August 16, 2024 at 5:50 AM

Pretty much. tor is comparatively centralized and a lot more high profile than i2p. Fingerprinting is the thing that scares me the most, there's lots of identifiable metrics. Also instructive to look at how people have gotten deanon in the past but it doesn't anticipate the future or current capabilities. I'd think they'd spend the most energy targeting or trying to compromise high value targets/individuals like marketplaces/admins for the intel they could attain over a long period and we would be none the wiser. even if they don't have a big picture view of everything right now there's lots of tools that can be used to focus in on something of interest. I guess a good defense is to not be of interest.