Tor users increasingly treated like second-class Web citizens

Discussion in 'privacy technology' started by ronjor, Feb 24, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Some VPN exits are also blocked :(
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    That is one reason I like the deep web, where its the opposite. Great sites and you MUST be connected to hidden servers via TOR. Its the King and educated users are very safe indeed! Don't believe everything you read about DW. Sure the really bad is there but some of the brightest minds hangout there as well. You pick the doors you walk through and if you keep deciding upon the "bad" doors (you decide what those are not me), of course you expose your mind to those things.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    OpenVPN Onion VPS for Evading Discrimination Against Tor
    https://dbshmc5frbchaum2.onion/OpenVPN-Onion-VPS.html
    Detailed instructions follow. The URL only works with Tor. You can access using one of the https://tor2web.org/ services, if necessary.
     
  5. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    301
    Location:
    Swiss
    A blacklist for Onions would be nice, I already saw an DNS based method to do so but from what I know it's beta and it's unclear if that prevents not several other bypasses.
     
  6. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    I'm guessing that your ISP can "see" you surfing the DW unless you are using a VPN ...

    .... is that right ?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    With this bypass, websites have no way to know that Tor is involved. They can tell that you're using a VPN. And they can figure out who's hosting the VPS. So sure, it could be blocked. But it wouldn't be a Tor-based block.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes. And you always want to use Tor through at least one VPN.
     
  9. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    .... thought so , but many thanks for clarifying :)
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    In the interest of being fair and balanced you have to know there are many users that would disagree with both Mirimir and myself on this subject. In fact the TOR team would take exception to it as well. Presumably if all users were on TOR than TOR would mask all traffic for the internet in general. The problem is that is NOT the case and where we live TOR usage draws attention. Most internet surfers are lazy and so the presumption is that a connection on TOR must be nefarious. Those same assumptions don't seem to be made regarding VPNs.

    One thing that lends to the assumption, again being fair and balanced, is that hidden servers in the deep web can and do offer "very bad services" by absolutely any standard a logical mind would set. These simply don't exist via VPN's because advanced users know TOR anonymity is far superior to a one hop VPN.

    I can only stand by my opinion, and share it with Mirimir, that a couple of VPN's in front of the TOR circuit are absolutely worth the time to configure the same.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes, what Palancar says is true. The Tor Project doesn't recommend using VPNs before Tor. They argue that VPNs could be honeypots. But in using VPNs, you're choosing to trust the VPN more than you trust your ISP. At least, however, you have far more freedom to choose VPNs vs ISPs. Your ISP tends to share your vulnerability to coercion, whether it's the local gangs or formal legal jurisdiction. But the VPN may be far away, and not readily coerced by thugs that threaten you.

    So let's say that an adversary controls many Tor relays, and they deanonymize some of your circuits, through controlling (or at least, monitoring) both entry guard(s) and exit node(s). If you're accessing sites of interest, they can track you down through your ISP. They know your ISP-assigned IP address, which is often dedicated (at least, at any particular time, even if it changes occasionally). But if you're using a VPN, they just know a VPN exit IP address, which is shared among numerous users. So they would need logs from the VPN, and would need to figure out which login IP address corresponded to their entry guard traffic of interest.

    Anyway, using Tor through VPNs has become very popular, from what I see on reddit, privacy guides, onion sites, etc, etc. I've been arguing the point for years, and events have been proving me right. There are many defendants who got nailed from the CMU data who'd be free if they'd used VPNs. And then there's the Freedom Hosting takedown. Maybe even the Silk Road mess.
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Plus let me emphasize that I am not advocating for how to commit crime against persons and get away with it. Absolute opposite. I am strongly advocating for my rights not to have online crimes committed against me by invasion of my privacy. No person has a right to know what I do online even if its something as simple as checking the weather in my favorite holiday destination.
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @mirimir - another important feature is that VPNs allow you to spread your jurisdiction, whereas your ISP is in the jurisdiction that is likely spying on you!

    @Palancar - completely agree about having to reclaim rights. My personal fear - and I think a rational and significant one - is that of the probability of false positives from bulk dataset mining (according to mad selectors) and crazy or malicious fingering.

    My personal inclination right now is to use Jondonym, who DO provide the ability to give lawful warranted access to the mix operators. That's the deal citizens in democracies signed up to, NOT the bulk suspicion-less data collection and mining - where algorithmic guilt is even worse than having a real person inspecting it.

    Regarding the fingering part, leaving aside planting of evidence by LEA (which is certainly a possibility given TAO and GCHQ "equipment interference"), if I were a bad actor, I think I'd be spreading a huge amount of chaff to keep LEA busy following up false leads to innocent people (which might include me).
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    https://support.cloudflare.com/hc/en-us/articles/203306930
     
  15. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    CloudFlare pop-ups are something I run into a dozen times a day. It gets old but it does get the job done apparently. I leave all my TOR settings default except no scripts is turned on.

    I am starting to see those trees, signs, cars, and lakes in my sleep!
     
  16. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    .... my edit above ^

    I agree that using Tor is now firmly associated with nefarious activity in the public's imagination.

    Every time I read of online crime these days ( Silk Road , stolen card details , pedophiles etc ) there seems to be
    an obligatory section in the article "explaining" how important Tor is to such criminal activity .

    And yes , that's why we need VPNs ( chained ) , but that is starting to look less like a solution , and more like
    another can of worms to be opened.

    That may seem a defeatist attitude , but the wide range of differing opinions in this thread alone would appear to support it ...
    .... or not ?

    I can't help but picture entire teams in TLAs whose sole job is searching for " almost invisible" internet users .
    There was an article published which detailed the extensive "toolbox" contents in Prism but I can't find it now ....
    ... Greenwald ? , The Intercept ?

    ... just my two cents ...
     
    Last edited: Mar 4, 2016
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I'd say that it's a strategy. But not a solution. There are no solutions. Or no permanent ones, anyway. Adversaries keep looking for holes. You have a roof. But roofs sometimes leak. So you design structures with safe drainage.
    Which differing opinions? Using VPNs through Tor? Some Tor devs just have irrational issues about VPN services ;)
    Maybe so. It's hard to be "invisible".
     
  18. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    You just have to arrive at a balance for yourself based upon needs. My "obsession" with privacy is just that. If I were doing something online where there would be substantial payoff for an adversary to get me in a pair of handcuffs, I would not run the exact setup I do. In a scenario/mission like that I would buy a machine for cash and that machine would never be used on my home network (regardless of how good my tunneling, etc... was ------ > NEVER). I would use my long distance antenna from at least 1/4 mile away from the many wifi's I have access to. Advantage of big city life! I would never be physically present in my home while using that machine even if connected to another "donor's" network. The laptop battery would be removed except when in direct use (never have a battery installed while present at my home). These are all things I can do in my sleep, but they aren't needed solely for the purpose of strict privacy. At least not yet, but we'll see what the politicians do to us over time!
     
  19. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    my edit above ^

    I definitely side with DeBoetie on my fundamental right to privacy , and the right to take steps to protect it ,
    because I'm certain that nobody else will !

    But it seems like we face some serious compromises here.

    By using VPNs , Tor , hardened browsers ( extensions , about:config etc ) we must certainly stand out
    from the vast proportion of folks who use their machines and browsers " straight out of the box ".

    They will be checking emails and social networks , shopping , booking travel , banking etc and mostly unaware
    of the torrent of personal info that is being harvested from them .
    Meanwhile there's this very small percentage who are effectively leaking NOTHING .... and it's surely going to draw
    attention for just that reason ? ..... ( The Panopticlick Effect ? )

    I really don't want to throw out the baby with the bathwater

    Those Snowden documents , even in redacted form , show a startling array of snooping tools , all available with a click.
     
  20. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    My feeling is that judicious use of personas help avoid standing out. One has to accept an "official" observable version of ourselves, while minimising the amount of information that leaks that way - it's not just technical controls, it's the whole (chilling) nature of the abuse by corporations and governments that means that we do indeed have to watch what we say online (and that means generally, not saying it at all - and indeed, avoiding or minimising the siren social media offerings). And keeping the personas rigorously distinct.

    Inevitably, there is a component which "has to" interact with banks and official sources, and there is no possibility of obfuscating that - they know where you live!

    That does not mean one cannot have other personas that operate differently, but stay under the radar to an extent - e.g. by using VPNs which isn't that unusual, or by using other obfuscating mechanisms.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    What @deBoetie said :)

    For example, using only cash in meatspace maybe attracts too much attention?
     
  22. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    deBoetie, Mirimir ------------------- > [thumbsup]
     
  23. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
  24. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Hey that sounds really cool. I have never heard of an antenna like that. Can you buy one on ebay or somewhere? Can you recommend a brand? That could come in handy just in general while traveling or just out and about etc....like the park..

    Why remove the battery?
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Look for a yagi WiFi antenna. You can also build your own. Or a cantenna (made from a metal can). If you're willing to spend, get a https://www.ubnt.com/airmax/bulletm/ and a parabolic antenna. I've hit standard hotspots at ~5 km :)
     
Loading...