I am personally working on a tiny side project to build a chat/forum/etc platform based around onion services for all users. Traditionally, it was annoying to have to ask users to install Tor and open up the control port so your app could leverage it. In a recent alpha there is an experimental tiny little C API that can start the Tor system in-app . Leveraging some of the work from , I put in some effort to get all the steps working to compile Tor statically in a a single Rust exe on Windows . As Tor's embeddability game increases, I hope more apps will consider using it as part of their network stack. Granted I know the problems that are inherent with "vendoring" security libs like these, but for some uses the benefits outweigh the costs of requiring separate downloads and separate daemons running.
0 - https://blog.torproject.org/tor-0331-alpha-released-back-uns...
1 - https://github.com/iCepa/Tor.framework
2 - https://github.com/cretz/rtsw-poc
 : https://github.com/ipfs/notes/issues/37
It's good to have a fallback network in case issues arise in Tor and something needs to plug the gap in the interim, and I2P would fulfill that roll pretty well.
 : https://securedrop.org/directory
- "anonymous reports will be considered only in particular cases" (!)
- you cannot report if you are a private person/company
- you have no kind of legal counseling / protection
- other limitations
This said, the issue revolves more generally about the Italian Law, anonymous reports have much lesser credit/relevance than signed ones (this is understandable).
Besides the internet/modern way, the concept of "esposto anonimo" (anonymous report ) is well planted in the Law, but has very low "relevance", basically if you send one you are just suggesting the Authority to look in a certain direction, but there is no guarantee whatever that they will do so.
In fact, only a few information are required. Your job title aka position (make sense in case is a manager reporting an illegal activity other than a cleaner which might have really small amount of information) the entity involved and if you work in that entity or you just had some sort of relationship.
After all it make sense to have a big set of data to investigate in. If not would be complicated for anyone to understand what's going on. You're still reporting it at the anti corruption authority, so even if you give them more details you should be confident that they'll treat it carefully.
All the personal data (such as name, last name and so on) are optional. And, if you choose to not share your personal data, the form will be considered only if you complied with a level of detail that's enough to do an eventual investigation (if not, since they can't reach you out to ask you or details, would be useless to say "on December 2014 I saw a guy giving 10 euro to another one in the aisle of the department X in the state company Y. But was too dark and I can't tell who they are").
I’d wager only 1% of people on Hacker News would be capable of using a Tor setup for more than a day without getting owned.
You’re better off buying a burner iPod or iPad, stick to public wifi spots, and factory reset it once a week. Even then, watch what you type since vocabulary is fingerprintable.
It’s very hard to stay dark these days.
Do you by any chance have any refs or links at hand explaining the topic more into depth. There are quite a lot on Tor www but covering more common use.
It isn't worth it.
You're in league with wannabe terrorists, misguided natsec journalists, blackhats, child pornographers. For what? What problem are you solving that warrants this heat?
Just use a burner iPad and wipe it frequently. If you're truly paranoid light up a DigitalOcean droplet with a pre-paid credit card and a false name and install OpenVPN on it make an image and cycle your IP. But short of being both a data scientist & cybersec expert (or an actual state actor with training from both) you aren't going to stay black from the NSA and to pretend otherwise is stupid.
You seem to have no idea about the existence of pluggable transports.
> and its riddled with adversaries and malware.
Yes, and so is I2P... Freenet... the Internet?
> Even if you're good you have a separate problem now: Keeping the USG et al from painting a target on you.
Isn't that an argument for using Tor? As Mike Perry (who works now on the vanguard proposal implementation) puts it, "we want enough people to actually use Tor Browser such that it becomes less interesting that you're a Tor user. We have plenty of academic research and mathematical proofs that tell us quite clearly that the more people use Tor, the better the privacy, anonymity, and traffic analysis resistance properties will become."
> Just use a burner iPad and wipe it frequently. If you're truly paranoid light up a DigitalOcean droplet with a pre-paid credit card and a false name and install OpenVPN on it make an image and cycle your IP.
Your IP will be known since you connect directly using your IP to the droplet. Also doesn't protect you from browser fingerprinting which alone may have leaked enough information to identify you.
 : https://www.torproject.org/docs/pluggable-transports.html.en
 : https://www.pluggabletransports.info/ (really good folks work on them, and we should appreciate the amount of work that they put in obfs research)
Who is your adversary and what are the costs you are willing to bear to hide from them?
There are very few answers to that question that come out with: "Use Tor"
For the 99.9% of adversaries having a wipeable iPad will stop browser fingerprinting and switching up IPs or cafes will stop IP tracking. It wont stop network attacks, but you'll be pretty safe from 0days. For most journalists (or even drug dealers) it's the right approach.
The rest just gets you more heat than its worth.
Down my way, the streets are littered with cameras and I suspect they can match time and IP address and id you easily. This is the same in most industrialized nations probably.
(Not hiding from anybody here, just a thought experiment)
Edit: Very frequently the Police will ask for drivers who have in-car cameras when there is a crime or accident. And a lot of them do have cameras. In Australia.
Stop this FUD. You can make the same argument about safes, VPNs, disk encryption, paper, roads, etc. etc. ad nauseam.
What are the specific exploits in Tor which are “easy as shit” to use? If you’re unable to be specific, why is that?
except you can't since the ratios are totally different.
Even 5 - 10 years ago, basic disk encryption was seen as pretty sophisticated, in a “what’s at risk if you’re willing to do that?” kind of way. Now it’s standard. You can say similar things for 50 char randomized passwords encrypted on the client, TPMs, TLS by default, etc. etc.
The ratios are likely to change over time as more people realize that their privacy is important.
what the ass does this even mean
Maybe; if US intelligence's high-value targets can be targetted by means that Tor does not protect (compromising endpoints, emissions-based techniques, etc.), and Tor provides US intelligence agents a way to exfiltrate information in a way immune to any but more involved, specifically targetted techniques, it might still be valuable to both have Tor exist and have it used by enough people not on US intelligence payroll that it's mere use didn't finger people as agents.
You have to remember that US intelligence does more than monitor people's communications, it also needs communication channels that are accessible, unmonitored, and deniable for its own agents.
On top of dragonwriter's answer, I'll point out that "U.S. intelligence" doesn't exist as one entity in the way you ask that question. There are a number of groups that cooperate in some ways and compete or just diverge in others. The NSA and FBI want Tor cracked the most to find their targets. Whereas, the State Dept and/or the CIA that back Tor's funding want to protect both dissidents and assets overseas from state-level agencies monitoring communications. They need it to be unbreakable for some set of nation-state attackers.
Now, that doesn't mean that it needs to be unbreakable for the NSA, etc. The original guidance I read on Tor even warned that global adversaries would probably break it. The Many Eyes collaborations have visibility into a lot of the network. They're probably also honeypotting it with high-bandwidth links. It's also written in a tricky protocol in unsafe language on OS's done similarly running untrustworthy apps. They'll probably always have attacks on it for at least worthwhile targets even if State and CIA don't want that. It will still be valuable in many threat models, including NSA if combined with other methods. Especially if about delaying rather than permanently denying them info.
So much so that I’d like to see an expert recommend it.
If you're talking with large numbers of people that don't trust Tor then it speaks more to the quality of your friends than it does about the prevalence of this opinion.
That's an unfounded accusation. Micah Lee wrote a very concise refutation of his smear campaign.
> I would be sure someone couldn't pierce the veil of anonymity.
That still doesn't contradict the fact that using Tor is better than not.
 : https://micahflee.com/2014/12/fact-checking-pandos-smears-ag...
> That still doesn't contradict the fact that using Tor is better than not.
Is it a fact? If Tor achieves nothing for someone trying to hide from the government except announcing that you have something you want to hide (is that the case? I don't pretend to be certain, but it seems possible) then I'm not sure it's better.
He and I discussed them a bit on Twitter: https://twitter.com/itdaniher/status/961307347950940161
I was not impressed by his response.
The "bunch of emails" seemed remarkably banal. I've written similar emails about sponsored open-source work myself.
email stack 1: https://www.documentcloud.org/documents/4367176-Tor-BBG-corr...
email stack 2: https://www.documentcloud.org/documents/4367193-Tor-BBG-corr...
I am reading the book now so I feel like I'll have a better judgment once I've finished. I didn't find your Twitter exchange very illuminating either way.
If the Internet is such a surveillance threat, and Tor doesn't help, why doesn't this Yasha Levine point to a single alternative?
Edit: Went through this https://twitter.com/itdaniher/status/961307347950940161 It seems he's just a FUD spreader and not someone interested in actual solutions.
As for "actual solutions," what do you have in mind? His claim is that it's a political problem and that throwing tech at the problem won't solve it.
So? It was just an example to show how Mr. Yasha misrepresents and twists facts to fit his preconceived conspiracy theory.
> Is it a fact?
Yes, because of the three hops design.
> If Tor achieves nothing for someone trying to hide from the government except announcing that you have something you want to hide (is that the case?
Millions of people use Tor nowadays that the mere fact that you connected directly to the Tor network doesn't reveal much. Not to mention that there are ways to hide the fact that you're using Tor thanks to pluggable transports.
Are you joking? He wrote entire paragraphs on Tor in his book to push his thesis and you're thinking that it comes down to a matter of differing "interpretations".
Use Disposable Whonix VMs in Qubes OS (available in the 4.0-rc4) for the best secure experience that you can get right now. For less security, an alternative would be to use Tails or Subgraph.
You can also control how much attack surface you expose in your browser in the Security Settings in the Tor Button (Medium (now termed Safe) disables JS on HTTP websites, JIT optimization, and sets media files to click-to-play. High (now termed Safest) disables JS everywhere, and SVG...).
 : https://tb-manual.torproject.org/en-US/security-slider.html
To de-anonymize Tails one needs to exploit Tor Browser first, then get root access. For Disposable Whonix VMs in Qubes OS one would need the additional availability of a Xen exploit to break out of the VM in order to de-anonymize it.
The corrupting entity can not replace the corrupted entity, because it does not have the sufficient structures- and would fall prey to other corrupting entitys almost instantly. It can not grow bigger then the corrupted entity, due to its being dependent regarding nourishment on the corrupted entity.
All is fair in this little war. Strategys include shedding hard to corrupt matter (skin, muscus, nails and hair), have tissue with incredible replacement rates (colon-cells). Fast pace the life cycle of the corrupted entity, and have not enough nourishment in the offspring to continue the corruption.
Remedys include using of all natural substances (eat leaves to kill the worms), to behaviour changes (famous the way foxes bath, with a brush of hair forming a flea-raft)
Synchronize breeding cycles, to starve parasites and diseases. Destroy breeding grounds and switch locations, for stationary parasites.
Diversify into different corrupted entity-types to prevent specialized parasites from target hopping.
Im aware that this is dangerous comparison, and thus want to press that i do not compare humans with vermin. I do compare organizations made up by humans with organisms and parasites.
This measure is basically encouraging the parasites infrastructure to turn upon themselves. There is no reward and there is no protection of the parasite being damaged.
So it will be used mainly by other parasites to battle among one another (leak information about the neighboring clan)- or to have parasites on the parasites (aka the lower echelon members of the mafia removing upper echelons to raise).
I have to admit i never observed this myself, so for what is worth is currently hear say.
Kudos to Italy for betting on the horse that will inevitably win.
>"Why do you think tor is going to 'inevitably win'?"
Not just tor, but p2p in general. Basically the theory is that, as a species, we're used to few-source/many-sink communications networks.
We've been using them from the printing-press all the way up to DVDs. The internet & its "many-source" capabilities represents a threat to the prior (and existing) information-source monopolies...such as any media industries, national-banks, or governments.
A great way not completely lose control of information dissemination is to control the paths information must take.
Two great examples of threatening p2p protocols are Tor and the distributed bitcoin-ledger. Taken in conjunction with "criminal activity" historically being the way to demonize most cutting-edge tech when it challenges the status-quo, and a pattern starts to present itself.
To answer your question: I think our regulators are being reactionary Luddites & that p2p is sort of the spirit of what's driving this whole internet-thing...otherwise it would be interactive television.
The internet is practically already interactive television! very few people create and host, compared to the number of consumers.
You're assuming we can't build a p2p network that is faster and better than the centralized ones we have today. People will eventually choose p2p because it brings them more ease and convenience.
(source linked in the article, but in Italian: http://www.anticorruzione.it/portal/public/classic/Servizi/S...)
Because they're still not production ready. The code for v3 onion services still needs to mature, and when it does, it will become the default.
And that's assuming there are no hidden backdoors in your hardware. Which will be used, if you're important enough to track.
Try it. I'm pretty sure you will end up unique:
See how unique you are. Spoiler; You are unique unless you are paranoid. Really, really paranoid.
Admittedly there is a high chance that the Italian high brass has NO finger on the American high brass, however as long as there is no certainty it's a safety risk.
If thinking the govt is broken is treason, you can't fix it any more, but not because it's perfect.
Any references you would want to provide for this claim?
Even with https, if the feds are in cahoots with the certificate authorities, you would be just as vulnerable to this sort of injection right?
However, tor hidden services is another story. I think this is where a bad actor would hit a wall.
That's why Tor Browser comes with NoScript.
It's impossible for Tor to magically encrypt the whole Internet. With any network that will allow you to access the clearnet, the endpoint will see the plaintext if the website you're communicating with doesn't have HTTPS. You're criticizing Tor for something that's impossible to solve. If you think that's possible then please open a ticket to https://trac.torproject.org/ outlining the solution. (Note that the Tor network is scanned to detect bad exits, and authorities flag them with a bad exit flag but they're still used for onion services and stuff)
Also now HTTPS usage is in the 70% from FF telemetry, and onion services are end-to-end encrypted.
> If you access an http site, a government controlled exit node could inject js and eventually gather enough info through profiling mouse movements and browsing habits to ID you.
Do you realize that the Tor Browser comes with loads of patches to Firefox that seek to minimize the amount of entropy leaked by your browser fingerprint? To be specific,
> Timing-based Side Channels
> Attacks based on timing side channels are nothing new in the browser context. Cache-based, cross-site timing, and pixel stealing, to name just a few, got investigated in the past. While their fingerprinting potential varies all timing-based attacks have in common that they need sufficiently fine-grained clocks.
> Design Goal: Websites MUST NOT be able to fingerprint a Tor Browser user by exploiting timing-based side channels.
> Implementation Status: The cleanest solution to timing-based side channels would be to get rid of them. This has been proposed in the research community. However, we remain skeptical as it does not seem to be trivial even considering just a single side channel and more and more potential side channels are showing up. Thus, we rely on disabling all possible timing sources or making them coarse-grained enough in order to render timing side channels unsuitable as a means for fingerprinting browser users.
> We set dom.enable_user_timing and dom.enable_resource_timing to false to disable these explicit timing sources. Furthermore, we clamp the resolution of explicit clocks to 100ms with two Firefox patches. This includes performance.now(), new Date().getTime() , audioContext.currentTime, canvasStream.currentTime, video.currentTime, audio.currentTime, new File(, "").lastModified , new File(, "").lastModifiedDate.getTime(), animation.startTime, animation.currentTime, animation.timeline.currentTime, and document.timeline.currentTime.
> While clamping the clock resolution to 100ms is a step towards neutering the timing-based side channel fingerprinting, it is by no means sufficient. It turns out that it is possible to subvert our clamping of explicit clocks by using implicit ones, e.g. extrapolating the true time by running a busy loop with a predictable operation in it. We are tracking this problem in our bug tracker and are working with the research community and Mozilla to develop and test a proper solution to this part of our defense against timing-based side channel fingerprinting risks.
 : https://www.torproject.org/projects/torbrowser/design/
Not criticizing tor. Just pointing out a couple of ways in which a tor user could give themselves up by doing stupid things while using tor.
Interesting stuff on timing based attacks. Thanks