https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-tors-exit-nodes/ https://chloe.re/2015/06/20/a-month-with-badonions/
Hopefully, this is an example of an oversight or a slow moving bureaucracy, not something worse. It's entirely possible that those are government controlled exits. These and other related issues keep cropping up with Tor and make one question its trustworthiness. That too could be by design. Creating doubt and division is standard operating procedure for the NSA. IMO, the best a user can do with this specific issue is to blacklist those exits.
Yes, but many Tor users still haven't gotten the message And maybe worse, the Tor Project is not being very forthcoming about this. Most of the exits that she identified as bad are still part of the Tor network. Maybe that's because they don't trust her methodology. But at least they could say that, no?
The issue also opens up some far more serious possibilities like coercion or governments seizing or controlling a large percentage of the exits. I share her concerns over the centralization of control which makes that center of control a very choice, high value target. Tor already has trust issues due to where a lot of their funding comes from. Their lack of a response and failure to take any action only adds to the problem.
Governments have the budgets to make as many tor nodes as they want and provide them with as much bandwidth as they want. Government owned nodes could easily dwarf the numbers of privately controlled ones.
That is true for one reason only, inaction. If even 1% of the people hosted a relay or exit, there'd be more nodes than all the governments combined could create or ever hope to monitor. It's the inaction of people that makes their actions possible. Government resources might be huge, but they're nothing compared to the combined resources of the people. It's past time that people wake up and realize that.
Probably a lot of people who could host one because they have the resources are afraid to in case it makes them a target for surveillance etc.
Speaking of people in general, I wonder how many have actually heard of Tor let alone know what a relay or an exit node is. With those I touch base with offline I never hear it mentioned.
Thanks mirimir. I took a look at her research and it's very interesting. I would hope the TOR developers would take her seriously I checked the TOR nodes she was talking about and they are in the Ukraine and India. Not suprising The guy in India is the main culpret. He is running Windows LOL. That's because TOR is taboo in society. There are basically 3 types of TOR users tin foil hat wearing folks, pedophiles and drug dealers. Ask yourself would you want to be indified with those 3 users?
That individual chose to do this. He could have done the same thing with linux. Windows has nothing to do with it. I ran an exit for almost 2 years on Windows. Anyone choosing to run an exit should take the time to properly secure and harden their equipment, knowing that it's a potential target. That might be able to be applied to Tor users. It doesn't fit relay and exit operators. We "tin foil hat wearing folks" might choose to run an exit. That label is disappearing fast now. A pedophile or drug dealer won't run an exit. Relays and exits are publicly listed. They don't want that kind of attention. They're just Tor users, just like government and corporate criminals.
The Making of a Conservative Environmentalist, by Gordon K. Durnil, 2001, at p. 43 http://www.iupress.indiana.edu/product_info.php?products_id=21990
indified? why do I get the feeling that wasn't an honest mistake? Call it all the tinfoil hats you want but all I'm interested in is the facts AND protecting my privacy which I should have every right to do. The fact is unless you obfuscate your ip, you're identified. If you don't want that happening then how many ways are there to fix that? Afaik not that many.
@mirimir Two sets of laws and standards of acceptable behavior. The one for corporations and governments is anything you can get away with is allowed. If they're caught, they get a public slap on the wrist.
noone_particular I agree with you. My comment was a bit tounge and cheek really. Please don't be offended. I know there more factors at play for TOR users.
I didn't take you that way. You were basically repeating the script the media uses to describe Tor users. Even in local news, that control is obvious. Example: every time someone gets busted (or framed) for child porn, there's always an interview with the frightened mother who's scared for her kids. Around here, they keep reusing the same interviews.
Yes I know how the media works. The corperate-tabloid media really has it in for TOR. I don't subscribe to their agenda.
In that respect, they're no different than the countries with "state controlled media" as the US is fond of saying. The only difference is that in the US, state and corporate are interchangeable terms. The real problem is that most of the people in the US are too absorbed in self gratification and garbage entertainment to see it. The near ideal flock of sheep. All that's left is disarming them.
@noone_particular - poor Internet users are already disarmed. We have these delusions of avoiding being low hanging fruit, spending time and money in attempts to protect ourselves, when the systems themselves are "terrifically weak" and in some cases, deliberately compromised. There are HUGE penalties for any citizen attempting self-defence (responding to attack), and the only people "legitimately" able to attack are our wonderfully accountable government agencies. So as far as the Internet's concerned, they've already achieved Machiavelli's goal regarding the citizens. What they appear to have neglected is that they are killing the golden goose.
There is a double standard involved that users could take advantage of. Corporations and businesses have greater freedom to defend themselves, and more. If users incorporate, the same laws should apply.