Hacker News new | past | comments | ask | show | jobs | submit login
We Can Choose an Internet Without Surveillance (torproject.org)
120 points by Sami_Lehtinen 27 days ago | hide | past | web | favorite | 62 comments

Can you imagine if Mozilla went with the nuclear option and replaced "private" tabs with Tor tabs? Going further, what if every Tor tab (by default, letting you opt out) acted as a node on the network and donated some minuscule bandwidth? I can see some tech heads being against such a thing, but your average user would have no idea 0.5Mb/sec (or some % of a speed tested value) is being used while their private tab is open and the number of users/nodes would skyrocket. Imagine the ever Tor tab potentially being an exit node!

The Tor FAQ addresses this at


Some other problems:

* Possibly Sybil attacks get worse or harder to detect, because attackers can convincing simulate being a bunch of regular users with a browser

* Possibly mitigating malicious nodes gets harder, because people can create lots of super-ephemeral nodes that fail to forward traffic, but there's no way to notice this in time to protect other users

* Users could be very angry about relaying exit traffic without expecting it, especially if they got in legal trouble as a result (when EFF ran a campaign to encourage people to run Tor nodes, we discouraged people from running exit nodes in their homes)

I must admit I am perplexed by the last line in the story: "Donate today, and Mozilla will match every dollar of your donation."

I personally do not think that Mozilla is doing enough to protect its users and is partially to blame for where we are. They seem to be piling more and more features on that users don't want.

> Can you imagine if Mozilla went with the nuclear option and replaced "private" tabs with Tor tabs?

That's one thing I really like about Brave. There's an option for a private Tor session.

Sending traffic over Tor and using the Tor browser are different things: The former is just a proxy, the latter an anonymity tool. Is Brave doing the former or the latter?

i run security at Brave and here's the answer from Taylor, our lead Tor dev:

Using the Tor network is one part of internet anonymity, serving to conceal where you are. But using the Tor network does no good if the application helpfully adds X-My-Actual-IP-Address: to every HTTP request, and browsers tend to do a lot of things like that which we have to play whack-a-mole with. What we implement in Brave is somewhere between (a) naively just setting a SOCKS proxy, like you can do in vanilla Firefox or Chromium, and (b) mimicking everything about the Tor Browser and following the Tor Browser Design Document to the letter (https://2019.www.torproject.org/projects/torbrowser/design/). So, while you are right that there's more to Tor and that we're not the Tor Browser (and that's why we are careful to say 'private windows with Tor' and not 'Tor windows', per agreement with the Tor Project about branding), there's also more to what Brave does than just setting a SOCKS proxy like in Firefox or Chromium and leaving it at that.

It is great to hear that Brave is indeed doing more than just proxy.

It has a great UX already and with VPN0 announced a month or so back, Brave is really pushing the envelope and do seem to have the right mindset.

Also, thanks a lot for responding.

I'm confused as to what you are trying to say. When you use the Tor browser, it sends all your traffic over the Tor network. That's how it keeps you anonymous. Perhaps you are thinking of hidden services.

Tor Browser does more than just proxying. See my response above.

>Can you imagine if Mozilla went with the nuclear option and replaced "private" tabs with Tor tabs?

Considering they don't even have a built-in PGP implementation in Firefox, which would make so much sense, I honestly can't imagine what you described. Tor is a relatively complex technology that requires knowledgeable use on user's part. (I.e. you're not supposed to resize windows, the browsers can't do certain things, it gets chewed up by Cloudflare and so on.)

For many people, half a megabit is more than their Internet uplink speed, and many are on capped/metered connections as well.

I haven't checked, but I imagine there's a "Metered connection mode" that limits things like auto-updates and perhaps loads lower resolution images. That could also disable bandwidth donation. You could also set the bandwidth to scale based on a speed test instead of a flat rate.

Sure, a lot more people would try it if Firefox made it easy. However, they might also stop using it pretty quickly if it's inconvenient.

Here's a similar experience I had: for a while I would open any news link shared on Hacker News in Incognito mode, but at this point it gets blocked so often there's not much point.

And leading to wide swaths of users being banned from tons of sites that use one of the many publicly-available tor banlists for some reason they have zero understanding of.

Or make banning tor unpalatable.

> but your average user would have no idea 0.5Mb/sec (or some % of a speed tested value) is being used

This is quite wrong

FWIW I'm not. I believe the "some % of a speed tested value" covers that scenario though. It's not a hard problem.

What if there was a browser extension that randomly selected, say, about 1% of requests to be routed through tor? Everybody using it would help make Tor safer, while being just minimally annoyed by the latency and the CAPTCHAs. Plus it might incentivize hosts to be less annoying to Tor users, if they saw a bigger fraction of legitimate traffic. I think I'd chip in and use it...

Anything wrong with that idea?

It would be lacking the isolation and anti-tracking stuff that Tor Browser does, so the level of anonymity that users would get would be much worse. But it seems like in your proposal the users aren't expecting to get anonymity, so they wouldn't necessarily object when they don't get it.

Many clearnet sites would be extra-confused by seeing requests that are partially Tor and partially non-Tor (with subresources being requested from different locations). But the behavior isn't necessarily invalid in any way, so maybe sites should get used to it. :-)

I think the performance hit would be pretty considerable if you think about the optimization that some sites, browsers, and CDNs have been doing. If you imagine users who choose browsers (or sites) based on perceived speed, they might not react that well to deliberately slowing down connections for privacy.

(I think your idea is interesting.)

You might overload the tor network and annoy a lot of people with the slower and more unreliable connection that asks for wayyyy more captchas.

The Tor browser helps with websites, but with a "privacy router" you can make sure connections from apps and the OS are routed as well. E.g. https://www.kickstarter.com/projects/glinet/mudi-4g-lte-priv...

I was excited about this concept a few years ago and talked it over with the Tor developers. Their concern is that the Tor Browser has an elaborate ongoing effort to prevent tracking by removing unique identifiers and isolating session state. A regular browser used through Tor would be extremely trackable because it wouldn't hide or isolate any of these things, and indeed you could associate Tor activity with non-Tor activity easily.

Other software doesn't normally take these precautions, and so you would often end up leaking a ton of identifying information when applications that didn't expect it were proxied by Tor.

So it would be pretty much similar to all these dime a dozen VPN companies shilling "Ultimate anonymity! Safe from hackers! Screw the fed!" but it's just in a physical form.


That still protects you from tracking on the local network and makes IP-based geolocation ineffective, which is not nothing.

The problem with TOR adoption is being able to act as an exit node without getting a subpoena, and that depends on the laws of each region.

You want to help? Add a native .onion address to websites you work on.

You save bandwidth and contribute to normalization.

To add to this, with v3 onion services you can designate your site as a single-hop rendezvous if your service doesn't need to be truly "hidden". This helps reduce latency significantly.

There don't seem to be any good choices here. Use normal Web browsers and you will get tracked/have your privacy invaded. Use Tor and you will look/get monitored like a terrorist. What do we do next?

1.) Download (IceCat) or roll your own (FF+addons) security-focused browser

+ Very secure if done properly

+ Fully controllable/customizable

- Takes a considerable amount of time and energy to create & keep updated

- Unique combinations of addons exacerbate fingerprinting concerns

2.) Encourage anyone who cares about privacy to use Tor, with the aim of normalizing (de-terrorist-izing?) Tor traffic (think HTTP->HTTPS transition, HTTPS traffic was suspicious 15 years ago)

+ Most maintainable/viable long term solution

+ Standard configuration cripples some fingerprinting

+ Easy for anyone to set up and keep updated

- Concern regarding US intelligence controlling a large number of exit nodes and/or currently have the capability to de-anonymization Tor users

- Hard to get people to switch browsers

- Very hard to get people to switch to a slower browser

- Will take a while

Didn't FBI track down and catch Dread Pirate Roberts despite all the Tor network/browser anonymity? Did he do something stupid to break his anonymity or did FBI break Tor in some way?

Ross Ulbricht made some mistakes by reusing account names etc that he had made on the clearnet[0, 1]. But at the time there were (tinfoil-hat-wearing) folks that thought that this was actually parallel construction and Tor was backdoored.

Here is the relevant section from the Times article on the IRS agent that figured it out:


Mr. Alford’s preferred tool was Google. He used the advanced search option to look for material posted within specific date ranges. That brought him, during the last weekend of May 2013, to a chat room posting made just before Silk Road had gone online, in early 2011, by someone with the screen name “altoid.”

“Has anyone seen Silk Road yet?” altoid asked. “It’s kind of like an anonymous Amazon.com.”

The early date of the posting suggested that altoid might have inside knowledge about Silk Road.

During the first weekend of June 2013, Mr. Alford went through everything altoid had written, the online equivalent of sifting through trash cans near the scene of a crime. Mr. Alford eventually turned up a message that altoid had apparently deleted — but that had been preserved in the response of another user.

In that post, altoid asked for some programming help and gave his email address: rossulbricht@gmail.com.


[0] https://en.wikipedia.org/wiki/Ross_Ulbricht#Silk_Road,_arres...

[1] https://en.wikipedia.org/wiki/Silk_Road_(marketplace)#Arrest...

[2] https://www.nytimes.com/2015/12/27/business/dealbook/the-uns...

The Silk Road guy was using _GMail_ ? Heh. Interesting.

And not move from time to time? May be you always get caught.

Allegedly, fake IDs en route to DPR were intercepted at the Canadian border, and that investigation yielded Ross Ulbricht. Whether or not this is a plausible explanation is a matter of perspective.

If DARPA created the internet aren't there are all sorts of backdoors and systems we don't know about built in? I've never really understood - if you can - those fundamentals.

Well, the thing about the internet is that it's completely open: implementers work off of specifications. If you're curious what sort of back doors might be in the specifications, you can read them all at ietf.org (although there are a lot of them). How they're implemented varies from one implementation to the next, but they _have_ to follow the specification, or else they won't be compatible with other implementations, leaving little room for "secret" back doors in the specifications themselves.

Privacy and encryption schemes operating over the Internet already assume hostile actors can see your traffic at any or all points between your device and the other end, so that's not an added concern (and yes, lots of entities are snooping on every single thing they can, to be clear). Beyond that, it's just public protocols. Any holes or inadequacies in those that allow monitoring or eavesdropping are well-known and are why privacy and encryption schemes for Internet-enabled software exist in the first place.

All that really remains is that one or more governments have secretly broken essentially all crypto. Which is possible, I guess, but unrelated to their developing the Internet. There's a non-zero chance there are shenanigans going on with some root cert servers for SSL encryption, which require trust for their related identity-assurance schemes to work properly, but again, that's not related to government development of the Internet.

Not that it matters, but if you're worried DARPA funded the internet you should be more worried Radio Free Asia (founded by the CIA during the Cold War and currently funded by the US government) funds Tor development right now.

I don't think this means there are back doors. I did find it amusing Jacob Applebaum hung around in Berlin pretending to be in exile because of American repression while being paid a $100,000 salary by the State Department, funneled indirectly through the military industrial complex.

Source: https://pando.com/2014/07/16/tor-spooks/ (I think Pando's core facts are correct but some of their conclusions are overblown)

Edit: mixed up CIA and State Dept

You should read up on the history of the internet. ARPA was funding researchers who ended up creating what we call the internet today. This doesn't mean it was "ordered" by Pentagon or something of that sort. Most of the ideas came from individuals acting on their own accord.

Very aware of the history of the ietf public internet, and the US Military Network (MILNET) for Unclassified traffic Defense Secure Network One (DSNET 1) for Secret traffic Defense Secure Network Two (DSNET 2) for Top Secret traffic Defense Secure Network Three (DSNET 3) for Top Secret/Sensitive Compartmented Information (TS/SCI).

What sort of backdoors does that history make you suspect?

Something at a progenitor level that no one is aware of but which is called by certain actions

Implemented in hardware? Software? Protocol flaws? By ISPs? By other infrastructure operators?

The Internet protocols are all public and are developed by IETF, not DARPA.


The Internet is operated by Internet service providers, not DARPA. The U.S. government role in directly operating the Internet ended in 1995 with the shutdown of NSFNet. The ISPs buy hardware from private companies that implement the public Internet protocols.

That doesn't mean that there aren't backdoors of various kinds in Internet infrastructure, but whatever backdoors exist aren't likely to exist by virtue of DARPA's role in funding the original research.


We've banned this account, as well as associated accounts and website, for abusing HN for promotion.

If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you won't do that in the future. That means: (1) not using HN primarily for promotion, but participating sincerely in the community; (2) not using multiple accounts to promote your site; (3) not systematically deleting promotional articles after you've posted them; (4) being up-front about your association with your site instead of obscuring it.

This reads like one of those articles where they list established services and casually include an unknown one. It's best to disclose your affiliation.

That's what it actually is. If you look at cloudyo's comment history, its all about Duple.

I don't mind self-promotion on HN, especially if they built it themselves, but this is a bit much.

And unfortunately using multiple accounts too: https://news.ycombinator.com/item?id=21500881

Anybody know of any other privacy-oriented Dropbox/Drive alternatives?

I've been using Syncthing for years: https://syncthing.net/

It's entirely P2P, so no 3rd party hosting of your files, no trusting someone's crypto/update schemes, or having to set up your own servers (although you still can easily add it to a VPS if you want offsite). There's also a nice mobile app:


You can also securely share directories with another person who uses Syncthing, I've found autosync directories are easier than using something like Airdrop for sharing photos with family.

I don't know much about them, but Sync https://www.sync.com seems to be in this space.

Has a 5GB free tier, higher tiers cheaper than dropbox. Based in Canada if that matters.

I'm using them for years as a form of backup. Very reasonable priced, works flawlessly for me though I mainly use as a form of backup for a synced folder. GDPR compliant.

I've seen a HN poster promote filestash.app which looks like it's either self-host or hosted. I guess you might have to add in something like Spideroak, Backblaze, or tarsnap if you want to self host + backup.

Or Syncthing as others have pointed out.

I'm still thinking which is best. They're slightly different use cases. But generally, I'd only really trust it if there's open source, otherwise there's lock-in.

Nextcloud is a wonderful bit of FLOSS, been using it for years now.

Duple home page states "CREATE YOUR OWN PRIVATE CLOUD AT HOME, IN ONE CLICK." This is blatantly false as is most everything that advertises itself as "one click". Please change it to a real number like, oh I don't know, 12 maybe? Plus a bunch of keystrokes... Sorry for the unsubstantial comment but this really grinds my gears.

Love Proton, DDG, and Signal. Use them all the time. Never heard of Duple. But, FWIW I use pCloud instead - it's a paid service (I bought a one-time lifetime license of 2TB of space).

pCloud's software is solid. I battle tested a number of other cloud services before selecting them. Their implementation is excellent - with virtually every other provider I found missing features or easily discovered bugs when putting them through the ringer in terms of testing.

Just gonna toss StartPage (https://www.startpage.com/) out there as an alternative to Google.

DDG uses bing under the hood. StartPage proxies requests to Google. I've just personally found the latter to give better consistent results, particularly with my searches for technical/programming issues.

You might reconsider your use of StartPage. It was taken over by an Ad company recently.


DuckDuckGo doesn't "use bing under the hood" exactly: it has a large number of sources, including some other search engines like Bing, Yahoo and Yandex but also its own crawler ("DuckDuckGoBot")[0].

[0] https://help.duckduckgo.com/results/sources

Thank you for the correction; is this a recent development? I'll definitely give DDG another try, especially in light of rapnie's comment about StartPage's recent acquisition by a company with a very likely conflict of interest.

another alternative to gmail is https://posteo.de

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact