Tor Browser is painstakingly maintained to make it suitable for Tor. Even Brave's Tor mode is more fit for purpose than proxying Tor manually.
I'd also argue that it's better for the anonymity of all to use a browser prepared to avoid fingerprinting.
(I'm stretching the analogy to point out that you are correct that he is providing cover [the hay], but that most of the traffic currently is of the type that the surveilling entity is looking for [the needles]).
Could you say why this is recommended?
If you use .onion services for anything... interesting, you should also be aware that the first step an advanced attacker might do with a compromised site is to try and completely own all browsers visiting.
Tor Browser is based on Firefox, and has a bunch of anti-fingerprinting measures built in to it which have been slowly upstreamed to Firefox (as well as ensuring the Firefox doesn't send anything without going through Tor -- something which historically has been hard to do as a Firefox user).
Keep in mind that this only protects publishers, not those accessing the website.
More info: https://www.tor2web.org/
I've seen these proxies bleed into more problematic Tor use cases among vulnerable individuals. Defaults matter, and as technical people we should assume a bit of 'do no harm' moral responsibility for people who seek our advice.
Tor Browser is painstakingly maintained to be fit for its specific purpose. If you're not authorized to install Tor Browser on a device and to emit Tor traffic on the network you're using, you generally shouldn't access Tor there.
Anyone using Tor to access resources that might get them in trouble in the country they're in should look into proper operational security with Tor Project-provided infrastructure like bridges. The special purpose Tails operating system can be used with bootable USB memory on common hardware like laptops without leaving a trace.
1 - https://www.torproject.org/docs/bridges.html.en
2 - https://tails.boum.org/
Tor Browser has millions of active daily users VS Brave Browser has only a very small amount.
1. Run the service.
2. Disable blocking onion in about:config.
3. In firefox set manual proxy and enable proxy dns for socks5.
Takes all of two mins.
That said, it's generally better to run the official TOR Browser instead. It has security nerds working over every aspect of it to make it as anonymous as reasonably possible. Deanonymization is shockingly powerful in the age of big data.
If you want to be anon, use tor.
For a network wide approach, you will need to set up PAC and a network accessible tor proxy. The PAC would have a rule that redirects all .onion hosts to the network accessible tor proxy.
iptables -t mangle -A PREROUTING -d 127.192.0.0/10 -j TPROXY --on-ip 127.0.0.1 --on-port 9040 -p tcp
iptables -t mangle -A PREROUTING -d 127.192.0.0/10 -j TPROXY --on-ip 127.0.0.1 --on-port 9040 -p udp
In practice some sites drop Tor connections, and localisations come through wrong, but that doesn't seem to be why you said "no".
Captchas on some sites, for sure, sometimes a different route will fix it. Usually mainstream sites either block tor or work properly.
And don't even think about trying to sign up for some free service like an email account or game account. Your account will be flagged before you finish thinking up your username.
Well, it's the websites using Cloudflare, not Cloudflare doing it for fun. You're better served hating other Tor users for ruining nice things for you.
But you're lucky if a service even allows Tor. I straight up block it for some of my applications since it's 99.99% abuse.
"Use tor for everything" might be good life advice, but it's not a good answer for "how do I avoid using tor for everything" :P
Tor hidden services are notoriously difficult to protect from DDoS attacks due to its code being mostly single-threaded. Build 5000 circuits to any darknet site, max out one core on the server, and you take it offline. Cheers to BBC for this great step forward for privacy. Hopefully their traffic surges to bring more attention to .onion scaling problems.
Surely if some well funded organisation (Eve) were to install a similar number of relays itself, then it is reasonably likely that for a given user a packet would eventually travel across relays solely owned by Eve, and at that point Eve could map a Tor address to a physical IP?
Operating 6000 nodes in a manner unlikely to cause suspicion , and correlating packets across those nodes, is a massive undertaking, but it seems that it would be well within the means of e.g. NSA.
Would this work, or am I missing something fundamental about how Tor works?
> A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic […]
What's going to kill Tor is a global passive adversary, meaning someone with perfect visibility of all traffic going in and out of Tor nodes by tapping network infrastructure and correlating at the endpoints. I'm sure the NSA is working on this. They couldn't do it in 2013, but what could they have accomplished in the 6 years since the Snowden leaks?
It's also possible to use machine learning to "fingerprint" encrypted blobs entering guard nodes and correlate them with websites (even onion services!), although it gets less feasible as the set of potential websites increases.
More reading: https://blog.torproject.org/how-report-bad-relays
What I am thinking about is the hypothetical case that 3000 of the 6000 active relays today had been started and operated by Eve over the last few years according to Tor guidelines and without any external sign that the nodes were centrally controlled.
If that were true it would be hard for a user to detect, and it seems to me that Eve would be able to reasonably easily break the privacy protection of Tor.
Tor circuits tend to go through many countries and rarely do they go through the same country twice. Not sure if this is part of the node selection criteria. But if you can’t have two nodes within a circuit go through the same country, and someone identifies you, then you’re dealing with a hell of a global adversary.
FWIW I think many people are concerned more about being monitored by their local governments rather than foreign ones.
You can do that with a credit card and AWS. Setting up server presence in multiple countries is trivial. Setting up enough of them is expensive.
Official version is website bug tho.
The purpose is to deliver the viewpoint of the UK to other countries, such as Iran, Russia, China.
Sure, there is some criticism of BBC news, but I don't think you could ever compare it to the junk filled propaganda machine that is RT.
EDIT: for clarity, I wasn't suggesting the BBC did either.
The propaganda is what's in between
Eg. Today's home page, first headline "Russia's 'secret weapon' for winning influence in Africa – and it's not what you might think".
Then have a look at the op-ed pieces that are basically hit-pieces disguised as journalism.
Also, there are things that they do not report (or omit) which is what you should be most concerned about.
I know roughly who writes the cheques at thr BBC, RT, NHK, or DW.
With privately owned media, figuring out where they're not going to be impartial is a lot more subtle. Who's buying the ads? What other companies are owned by major shareholders or key staff?
World Service - mainly radio, but also TV, is to deliver a UK viewpoint to the world - traditionally "the colonies".
A current example: Hongkong. They have headline reporting every time there is a protest while other protests in other countries, and arguably much more significant protests, barely get a mention. This is not a coincidence.
Edit: A lot of the replies to this comment try to rationalise. This is being willfully blind.
Noam Chomsky has written a lot about the issue of raltive importance of reporting in order to manipulate public opinion. This is exactly what is happening because it should be obvious to everyone that there is a campaign against China ongoing.
Sure choice of facts and style can and does show a middle-left bias, but as for agenda. If it is that crystal clear, then what is it!
I will say though, the trend of media outlets to report opinions of interviewers as news and for the populus to take those avenues of news and run with them as facts, has been something that plays out upon social media. This then as we have seen, is used by news outlets as sources of news (ala Tweets have becomes news sources now). This does create the potential for massive feedback loops. But then, no media outlet seems immune to that.
Hong Kong is a former British colony with international importance, Chile is not.
I think it is still better to have access to the other point of view,
and as one frenchman once said, even if you don't agree with a point of view, you should defend the right to be able to say it.
Do you have other examples?
150+ people have died in Iraq over the last month during wide scale protests. There is an article on this on the BBC's website.
On the other hand, there is almost live coverage with embedded journalists as headline news every time a protester throws something at the HK police, or every time the HK police throws a teargas canister at protesters.
Well, state your bias? Why did you formulate it as "against China" and not "for people of Hongkong"?
The content can either be static like mirrors of banned sites (wikipedia, BBC and the tor website). It would be at secret locations.
The site should randomly pick a few of it's Chinese users. When they visit public pages, they will be redirected to the secret locations. (With a welcome message).
It will appeal to apolitical Chinese, because they will feel they are unraveling secrets.
It will be hard for the Chinese government to clamp down: They will struggle to identify these websites and when they shut them down, they will hurt their own industries.
If it becomes successful, then China will make that fear real, and start running the same thing themselves.
While the Tor browser can be used to access the regular version of the
BBC News website, using the .onion site has additional benefits.
"Onion services take load off scarce exit nodes, preserve end-to-end
encryption [and] the self-authenticating domain name resists
spoofing," explained Prof Steven Murdoch, a cyber-security expert from
University College London.
The only other parts that remain HTTP (that I've seen) are certain archived content, e.g. the older Learning and Languages portals.
BBC is one of very few sites on my HTTP allowed list. By default I've disabled HTTP completely.
People are starting to use that to create .eth domain names that point to .onion sites.
That's why news and public service actors with global ambitions launching onion services is likely a huge net gain in the long run.
*Currently illegal in some jurisdictions, more coming soon!
Bit ironic given that the influence of the government at the BBC.
BBC is publicly funded and unlikely to be banned in the UK but they provide global news coverage.
Sadly, in the US, extremists ( particularly the left ) are leading the charge to censor "politically incorrect" speech.
You can either donate to various groups running Tor servers, the developers, or take part on your own.
Also, as a side note, in countries where Tor access is actively inhibited, users may need to rely on bridges.
I ask because I have 5-6 Raspberry Pis, a couple retired Supermicro boxes, and old Cisco gear that isn't doing much...
Well, I've only linked to communities listed by the Tor Project itself.
Otherwise, the same way you would check whether HN or your local tea store is the NSA. You do your own research, run your own risk analysis, and if you want to stay sane, by default you give people the benefit of the doubt.
Generally, it's best not to run Tor relays from home as services will start to blacklist your IP as a proxy.
If you are going to be an exit node, then you should inform yourself about he legal challenges you might face, since you don't know what people will access with your IP address.
Being an entry or middle-level node is less of a problem but some uncertainties remain, so this depends on your local laws.
I actually tend to assume websites like HN are the NSA or at least the NSA have read access to their databases. Maybe it's my tinfoil hat tendencies but instead of giving them the benefit of the doubt I would rather not give them any data I don't mind the NSA having.
> Everyone has read access to HN
No, not to their databases as OP is discussing. It would be definitely a crime if any of us had that info as it would imply we broke in and stole it - but OP is suggesting that they assume NSA already has it (a potentially paranoid but also reasonably fair thing to do, IMO).
From a personnel standpoint, isn't Thiel on the board of HN/YC and doesn't Thiel have basically uncountable NSA/CIA/etc connections? I'm not saying Thiel has anything to do with HN's security - but clearly, saying HN's databases might be accessed by someone like CIA (while a board member of YC is active in sales & partnerships to CIA etc) isn't that crazy.
He is not.
None of us know how many points your comment has, or if you have an email address on file, or how many times you visited HN today, or what IP you're using, etc. But all of those things are in the HN database(s) I'm sure!
I'll go out on a limb and predict that my HN internet points score is not a signal of interest to NSA selection criteria.
Social voting data is a rather sizable and useful dataset for surveillance agencies. HN has a high concentration of current-high-impact and future-high-impact individuals and is therefore a reasonably interesting trove of information.
I realize all this is indeed tinfoil-hat-ish stuff. But I'd be shocked in NSA/CIA/FBI etc was disinterested in online social voting habits of users.
Also, you latched on to a single example I gave. HN may have your email address privately (if you gave it to them) and they also have your IP/access logs. This is all stuff that they save but is not publicly available information.
I'm sure there's more as well. It's not just "internet points" and reducing the discussion down to simply dismissing a single one of my thoughts isn't going to get us anywhere.
I'm pretty certain there's nothing the NSA doesn't already have. See the Swowden gifts on MUSCULAR the better-known PRISM, and XKEYSCORE. There are other relevant programs, but I don't have my notes on that stuff with me at the moment.
Anyway, I won't argue about how much the NSA values internet scores. Let's just say I can imagine a targeted extortion campaign against a specific individual using such inputs, but I can't see how the Great Hoover would use them as any sort of actionable signal.
But you can't calculate the 'score' without knowing who those people are, when they voted, and what else they voted on too. The score is a summary generated from lots of information. It's not just some number that carries no value.
(And if you don't, APTs, will assign one to you....)
No communication channel can be guaranteed to be 100% secure in the broad sense, i.e. even One-Time Pads can be stolen, recipients of messages can be watched to see what they’re up to, etc.
Users of Tor should assume that the whole channel (not just the Tor part) can be compromised by a willing and capable adversary, and take additional precautions if they feel it’s necessary, e.g. “tradecraft” https://en.m.wikipedia.org/wiki/Tradecraft
Conversely, if you're engaging in illegal online behavior from your home IP, intermittently running a TOR exit node could be a useful mechanism for creating plausible deniability.
I think this also specifically refers to exit nodes, no ? Running an intermediate relay should be fine as you'll only be shuffling encrypted tor traffic to other relays.
Being a Tor relay you participate in a public proxy network, so you automatically run risk that someone will harvest your IP address for whatever reason, e.g., lists for companies trying to prevent browsing via tor, etc.
When I was hosting a exit node I was getting over 50GB/day
Also the "limiting bandwidth" section here: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#...
As for exits, you'll be dealing with abuse reports from countless parties, including the off-chance that someone sends a death threat through your exit and you have may to fend off law-enforcement that still hasn't gotten the memo on Tor. In countries, like the US where any police encounter might turn deadly, I'd highly advise against running exits at home.
As a Tor exit operator, I can in fact honestly tell you not to run exits on production business networks, or basically anywhere where you're not prepared to be a recipient of a lot of unwanted attention.
It's also worth setting up a Tor relay to use a different external ip address. Because VPN/Procy whitelists employed by dumb web firewall products will temporarily blacklist all publically listed Tor relay IPs.
Here's a typical residential setup: ISP-provided broadband modem in bridged mode + some sensible home router with security patches you should be using anyway and the Tor relay server connected to the modem with a non-managed switch (if needed).
Please note that Bridges give help directly to individuals who can't access Tor, due to blockage in their home country. They don't use a lot of bandwidth and aren't listed publicly, so bad actors on the firewall market won't block them.
So, if you only have one IP address available and you want to do the internet at large a huge solid, just run a Bridge.
For anyone interested in running Tor relays, here's an intro to why your new box won't use all available bandwidth for a while https://blog.torproject.org/lifecycle-new-relay
In practice, though, TOR is more convenient for such things because a resource's name (the onion address) doesn't change when the content does. This difference makes it rather unlikely that you're going to find the lets-make-an-illegal-deal crowd gathering around BitTorrent.
But legally, and from the ISP's perspective, seeding a torrent with incriminating content is no different than running a TOR exit node that happens to be trafficking that content--it's just that since they attract different crowds, one is more likely to attract the wrong kind of attention than the other.
Also, you get to choose what you seed on BitTorrent, but when you run an exit node, you don't. So you're unlikely to even know what kind of incriminating content is going through your internet connection.
The (non CIA ) people who use it primarily act as traffic in order to improve the security for operatives . Your Mileage May very
You shouldn't run exit nodes from a home connection due to possible abuse. If a person uses it to do something illegal you may end up with law enforcement busting down your door. Relays are safe though.
Citation please? Last I checked people get charged with things they didn't do, or weren't responsible for, in just about every system of justice - that's why we have courts.
This leads to the other issue of your service being cut...
Is this not the case, or is it not a black/white answer?
Tor's anonymity depends on distributed control of its nodes. If one entity, say a government org, controls a large portion of entry and exit nodes it may be able to trace some requests. That's an attack that has been known since the beginning though, it's not new.
Tor is just a proxy. A fancy proxy that uses onion routing, but a proxy nonetheless. Think of it as a CDN that does not have to hand over customer details because they have plausible deniability about who you are. Unlike commercial CDN's however, Tor does not try to prevent hacking. That exercise is left to the people running the servers that Tor is routing to. As it turns out, some criminals may be lazy or inept.
Another is to find a place that will agree to power your machine and allow it to hook in to the ethernet if it runs a tor node.
At any rate, running a tor node isn't as simple as running apt-get.
The amount of configuration you need to run a node isn't terribly difficult. There is plenty of documentation online and really it's just changing a few lines in the config file. The Tor daemon is pretty good about pointing out potentially undesirable configuration options if you watch the log file on startup.
If you mean that you don't want to relay traffic that carries child porn, than you can't do that, since you can't see what you are relaying (and even if you did, you'd need to automatically recognize it which is not easy afaik).
It creates an interesting moral problem. If people who view such material are in the wrong because they support the harm it causes, then are not people who support Tor in general also guilty of the same? Yes, they have more noble reasons for doing so, but do the ends justify the means, especially when dealing with such a topic?
How is this any different than FedEx or USPS? They don't read your mail to see what it is. To a near certainty at least some of what they deliver contains child pornography.
And what about roads? I bet child pornographers sometimes use roads for child pornography related purposes. Does that mean we're all complicit as taxpayers? Or maybe it's that the child pornographers are the guilty parties and common carriers are not the police.
Because of the hypothetical impedance of some unknown (but likely very small) amount of trafficking, millions of people found it more difficult to find partners for their entirely consensual acts.
Congratulations you've spawned another decade's worth of sov-cit arguments
sudo snap install tor-middle-relay
(Aside from David Attenborough documentaries, they’ve always been worth it)
While I agree that no news corporation should ever be censored and should be accessible to all including the "dark-web", the level of clickbait / fake-news level content on the BBC website is getting ridiculous in some areas and contradicts with their duty to be fair, impartial and balanced as the only UK state broadcaster privileged with a royal charter.
Apart from the actual World News section, the front page + newsbeat section is completely littered with frivolous cringe-worthy content and memes that isn't worth paying attention to, neither is purchasing the TV license for.
That said, I often see both sides of a debate complaining about the bias of the BBC. So long as that is the case then we can reasonably assume they are doing a fair job of walking the fine line between both sides.
This is absolutely not true, because unscrupulous parties are careful to complain vociferously (and shamelessly) even about coverage that is heavily skewed in their own favour.
Since the Andrew Gilligan debacle (where the BBC sacked a reporter and apologised profusely over the self-evident truth he had reported: that Tony Blair lied about Iraqi WMD), the BBC has gradually transformed itself from a public broadcaster to a state broadcaster. The only time you hear a reasonable balance of views on an issue these days is where the governing party itself is split on it.
This has been the BBC response to criticism of its news reporting for a long time now.
However there are very few debates which have only two points of view, and the very act of reducing every issue to a "both sides" argument is a real problem for the BBC (well, for me anyway!)
It's not even confined to clickbait, the articles are getting seriously dumbed down too - you'd think many of them were written for children!
And it's not even confined to online - the news section on Radio 1 is an absolute joke these days - if the online content is dumbed down, then this is seriously dumbed down to the point where you'd think it was for pre-school children!
"Undercover at a 'seduction bootcamp’"
"The peasant whose binge drinking went global"
"'Why I'm desperate to get rid of my bum implants'"
"We spent a morning in Rick Astley's home studio"
"Lizzo credits writer of 'DNA test' tweet after row"
I well I suppose that makes a change from:
"'I’m a Muslim artist inspired by the female body'"
"On stage at a Jewish queer club night"
To be fair I guess having Tor access to that content is probably needed in some locations. I just wish it was presented separately to genuine news content.
If you open up something like the World section (and subsections), you'll get a lot of good reporting.
I also find the shows From Our Own Correspondent the Global News Podcast to be world-class news sources.
The main problem I have is not a lack of good content but filtering good from frivolous.
You'll see that in the technology section too.
For every insightful article you'll find 3 discussing "so called "computer mice" are a way to interact with a so called computer"...
So, in a way, if BBC wishes to remain accessible among people who are used to... certain popular British news outlets, it shouldn't isolate itself in an ivory tower. If BBC's domestic target demographics have a poor reading level, that's likely more of a Britain problem than a BBC problem.
There's probably also an aspect of serving populations inside Britain who don't speak English as their first language. The BBC's mission statement also mentions mirroring Britain to the world, which likely increases the need for accessible language.
This is a basic soft power strategy anyone seeking global relevance should pay attention to.
1 - https://www.bbc.com/aboutthebbc/governance/mission
edit: also their "reporting" on anything climate related is amazing. It's no wonder that extinction rebellion, a movement originating in the UK, has as the first demand to "tell the truth". At first I was confused because climate change in my media consumption was a regularly occurring topic. But then I checked the bbc website. See  for a screenshot. This is at a time, mind you, when the whole of Europe was shattering temperature records left and right, and Greenland was melting. And they choose to report on a thumb wrestling tournament.
It’s easy to prove this isn’t true, by looking at its Brexit output. The BBC represents middle- and upper-middle-class London, regardless of who’s in power in Number 10, and regardless of any other part of the country.
(maybe it doesn't get stripped bc the flag is encoded as [U][K], two "letterlike symbols" but still it's the first time i've seen one!)
System Preferences → Keyboard → Show input menu in menu bar
edit: yeah, my cat got removed :/
I guess they're distinguished by unicode block: the regional indicator letters are "Enclosed Alphanumeric Supplement", and emoji are "Miscellaneous Symbols and Pictographs". still not sure why remove them though