I don't know if any of that was true and even if it was I'm sure a lot has changed with how Tor handles privacy and directs traffic. Are there any good resources for average Joe internet users to read about how the browser works so I can better understand the risks/rewards?
The basic idea is that with Tor, you make HTTPS connections to the "tor relay", a network of volunteers who route your traffic around the world to make it hard to track. You can use Tor in two ways: you can join the relay network and route traffic for others, or you can just use the browser and make queries. If you do decide to join the relay network you have an additional decision about whether you will be an "exit node", one that does the final request to the destination website and thus appears to be the initiator of the request. This is an option because it can be difficult on home internet setups: if someone uses your exit node to post a lot of stupid crap to Reddit and Reddit tries to IP-ban them, then you are suddenly IP-banned from Reddit at home, because you ran the exit node.
If you are just a user then the only thing you need to know is that there is a price for your privacy, which is that routing your traffic all the way around the world takes a little more time than sending it straight to you, and this has two effects -- a latency jump which exists basically no matter how big the network gets, and a slowdown in your bandwidth which depends on how big the network is relative to the number of people trying to browse with it.
I think there’s a lot more to worry about than reddit shitposts eg straight up criminal activity apparently coming from your router, and in way you’d have difficulty proving was tor and not you or your family.
One of those volunteers is nusenu: https://medium.com/@nusenu/the-growing-problem-of-malicious-...
Complete side note.. but this just reminds me of back when I was in college in the late 90s, and our entire apartment buildings traffic was a hub (not a switch).. so I had a packet sniffer running for fun on linux and could see everything from everyones internet since every single packet was rounting to every machine on the network, and lots of stuff had no encryption... nuts to think how open stuff was back in the day.
Not from the point of view of "legal intercept" stuff, more like "switch gets confused and doesn't know how to route, so broadcasts as a workaround".
After that, check out the video explaining how hidden services work.
If you want to see a simple implementation of an onion router, I built one in TypeScript: https://github.com/seisvelas/onion-router-ts
(be warned, I also did that as an exercise to learn more TypeScript. So it's not good TS. But improvements and issues are more than welcome from any TS gurus out there!)
More broadly, any privacy tech can be undone by poor 'operational security'. For example Ross Ulbricht - 'Dread Pirate Roberts' of Silk road - posted on StackOverflow under his own name to ask "How can I connect to a Tor hidden service using curl in php?" 
You will also be targeted for browser exploitation without a warrant. Tails in an isolated environment is probably the best way of using Tor.
Someone who knows more can probably elaborate, but after hearing them present year after year, and how much global advocacy they engage in, and their transparency, I find it unlikely they have NSA spooks embedded.
I use it when I need to read something objectionable through a VPN. (Still not perfect, because I run a VPN on EC2 and the exit zone is in the US...)
Not trying to be flame-baity here, but with Trump's ranting about making ANTIFA a terror org, and with the recent legislation that allows warrant-less IP tracking, I am legitimately concerned I might end up on a watch list because I visit a website this admin finds objectionable.
Sorry, can you explain what this means? Would my home IP address be the "entry IP address" you're referring to?
Tor works pretty much like this:
You -> Relay 1 -> Relay 2 -> Relay 3 -> The website
Each arrow is an encrypted connection. The content of the exchange on a single arrow is the address of the next hop and the query of the next hop. Thanks to this:
- Relay 1 only knows you're going through Relay 2
- Relay 2 doesn't know who's asking (you) but knows it passed through Relay 1 and is going through Relay 3
- Relay 3 doesn't know who's asking (you) and where you entered, but knows it's going to the website
The nodes in the middle know everything that goes through them, but don't have the big picture.
The entry IP address is the IP address of Relay 1. Your computer must know an address to connect to, and that address is distributed in listings by the Tor Project. Since this listing is public, it also makes it easier for censors to censor, or at least detect who's interested in connecting through Tor
So, don't use EC2 or stuff hosted by other US companies for things to you want to keep private from the US gov.
Also note the US gov shares intelligence with other countries, as mentioned by a sibling post.
GDPR has specific exemptions for law enforcement and national security. Governments are allowed to get the data by claiming it's for national security. Some EU countries may have better protections than others.
To give better advice I guess people would want to know what your risk model is. Who do you think is after your data? What do you want to protect?
Mostly curiosity: what is the highest degree I can obscure my web use and meta data with off-the-shelf technologies?
Good. This is, in my opinion, one of the bigger pain points of the whole Tor experience.
I don't personally think the problem is with understanding how onion addresses work (I've explained them to my mother and she understands the concept pretty easily), it's just the user-experience that has always been kind of a pain - even for people that use Tor often and understand it well.
I don't use the Tor browser for a number of reasons, so I can only hope other browsers follow suit.
It's politicising software. Open-source software should never have an official, hard-coded opinion about any of the content findable through it.
I've seen the Firefox org increasing do similar things when reading their email newsletter. It even stopped me donating to Firefox.
A core idea of Tor is to not censor. When you give special access to some sites, it feels like the opposite of net neutrality. That is on the censorship spectrum.
I guess it's not too bad if they never block any content at the protocol or software level, but at some point, giving certain content privileged features at the software/protocol level is a two-edged sword. It means you're forced to deny supporting other content.
Indeed, once Tor starts having an official opinion about online content at the browser level, who's to stop people starting to pressure Tor to block certain content, since they're basically starting to be in that realm now? It can be a slippery slope.
I'd prefer at the very least it be toned down to a third party add-on. It's great to make onion sites easier to access, of course. But it should be in a way that doesn't involve political or legal barriers for content creators.
BTW, I highly encourage anyone with a linux box at home just sitting there 24/7 to start an obfs4 bridge relay. It's not that hard, and low on resources. #tor-relays IRC extremely helpful in getting you set up.
I've been running one for about a year and it's provided tens/hundreds of GBs of Tor Internet to people hopefully in Asia, South America, and the Middle East - protesters who really, really need some help in anonymization or gaining access to blocked content.
Tor connections against normal sites use 3 hops while they use 6 hops against onion sites. Controlling or potentially even analysing the traffic from 2 of the hops is enough to know where the user connects to (it might be 4 hops for the onion case but I am not sure). I am pretty sure that NSA has enough resources for their own nodes. I2P has a better architecture in general but it still does not solve the issue. I am looking into evaluating lokinet at the moment.
In general tor does not have a great track record. For example they took ages to upgrade from an 80-bit sha-1 truncated address scheme with dh1024 and aes128 into something more modern.
That aside, what do you concretely propose as alternatives to TOR for the seriously privacy-conscious (and those, such as activists and dissidents, who need anonymity in a life-or-death way.
This does not really help regarding what I mentioned.
> using said machines or TOR alone from an IP address that isn't one's own identifiable address
Slightly better I guess but in most cases you can still be identified.
> what do you concretely propose as alternatives to TOR for the seriously privacy-conscious
Honestly, no idea. I would keep using tor for the time being but we really need an alternative.
Do you have something that you disagree with? If so just say it.
I.e. either always use HTTPS sites, or .onion sites. No HTTP unencrypted sites.
Dissidents and activists have been busted using Tor and there’s always a friendly government damage control agent ready to pop up (any forum, any time of day) to remind people that Tor couldn’t possibly be backdoored or owned, it was always some other type of thing they used in parallel construction.
Over-shilling is what clued next in. You don’t get this kind of response without a massive panopticon dispatching reputation managers. Why the heck would the NSA write NSA proof software? LOL.
EDIT: this is in reply to mapgrep and his crew:
Did I say I won't use Tor Browser? Is it really necessary to put words into my mouth to make your point? I've noticed this a lot with people who are very very lightning fast, almost unbelievably fast, to defend Tor on any forum or platform on the Internet. The speed at which it occurs, and the typical over-the-top, rude, and unnecessary attempts to make people seem to say things they 100% have not.
You should apologize. Obviously the NSA has broken Tor, they made it. Forget about current funding, where'd it originate?
And why does the Tor Project publish a list of exit nodes?
We should absolutely be aware of funding sources, skeptical of code written by other people, etc, but if you were to actually enforce in your life a position that you won’t use any security or privacy technology with funding ties to the USG you will quickly find yourself in quite an untenable position.
Some others (such as chacha20) are pretty popular too. This is the only cipher used by wireguard and one of the ciphers used by ssh and tls.
> was designed by the NSA
No it was not. It was designed by two Belgian cryptographers (the same ones that did SHA3).
> for asymmetric crypto
No offence but you seem quite clueless.
* Exit nodes might be run by malicious actors and unless you enforce always https they might snoop credentials.
* If you login to platforms like google/facebook/twitter/stock overflow it might still be possible to track you.
If you're worried that your employer is spying on you then tor can't help because they already have administrative access on your computer. I personally have a rule to never log into personal accounts from corporate devices.
I'm (personally) less concerned about government spying on me than I am about corporations. That's not to justify government overreach, but I don't like the prospects of corporations like google, facebook, twitter holding as much (or more) of my information as the government does.
Not having memorable names makes it tough for people that use a non-persistent OS for Tor. I'm all for creating more accessible URLs.
Obviously that opens up additional attack surface for de-anonymization attacks, but I think it could be done reasonably securely given sufficient effort. (Hashing and key-stretching the login credentials, fetching bookmarks over a separate Tor circuit, storing the encrypted payload in a distributed database rather than a centralized server, etc.)
Done right, a system like that could potentially even lead to an open standard for synchronizing bookmarks, passwords, and other settings across different browsers.
I also didn't realize it was an open standard. Are there any other implementations besides the one in Firefox? I couldn't find any information on that.
It's never worked for me. Just shows a page with the Noscript "this is being blocked" logo.
Maybe you turned off Noscript?
Edit: nvm it is working now.
Automatic detection of onion versions of sites sounds great.
Edit: refreshed once, still worked. Refreshed again, "You are not authorized to access this page. " Refreshed a third time, worked again.
but you might start to get downvoted on HN when this gets fixed
Has anyone else had this problem (or had this work)?
<link rel="alternate" title="my site but on tor" href="superkuhbitj6tul.onion" />
The article didn't say the exact name of the header but it mentions support.torproject.org uses it so looking into its headers:
$ curl -I https://support.torproject.org/
Give it a go if your experience wasn't great a few years back.
From a privacy point of view, couldn't you use multiple VPNs?
I don't see what could be gained from nesting VPNs because you're identifying yourself to the innermost VPN. Tor is designed so that exit nodes don't know who you are.
I imagine you could pick a few Anti US government VPNs and at least 1 wouldn't cooperate.
Assuming it's a commercial VPN it has your billing data and doesn't matter that you connected to it via another VPN.
You can hide the fact that you're using Tor by using bridges with or without pluggable transports.
> From a privacy point of view, couldn't you use multiple VPNs?
No amount of chained VPNs will offer you browser fingerprinting resistance or privacy by design.
Yeah you can root the 'droid and ditch the Goog Play Store, but you can jailbreak iOS.
Few android manufacturers even have instructions to change your rom or root the phone. Lot of them support it while apple doesn't. Android is also open source so you can push your own changes at os level and reflash it . You can't do the same for iOS. You also have control over the hardware more than you do on iOS - way easily. Overclocking isn't possible on iphones.
For information, there was a similar initiative by Namecoin with .bit.onion: https://www.namecoin.org/docs/tor-resolution/ncprop279/stemn...