Hacker News new | past | comments | ask | show | jobs | submit login

Tor should NOT be on here. It has little to do with "breaking" PRISM. PRISM is a voluntary program wherein a handful of endpoints have chosen to submit copies of their database to the NSA. Regardless of the mechanism or browser used to access Facebook, the reality is that all of that data gets uploaded to the NSA anyway, so who cares? People aren't interested in the real solution to PRISM, which is "Don't use services provided by PRISM participants".

Furthermore, Tor's outproxy network (i.e., accessing normal internet sites through Tor) is heavily compromised, rife with honeypots run by both non-governmental and governmental operatives, and nothing stops anyone from injecting more honeypots. New exit nodes are automatically registered and used by the network as soon as the client flips his/her bit. While ostensibly exit nodes are not supposed to be sniffing these packets, since it likely violates wiretapping laws in their jurisdiction (unless it's an NSA-owned exit node, of course), one would be very naive to presume such sniffing is not occurring. This means that any data that eventually hits the exit node should be considered, for all intents and purposes, public (correctly-implemented SSL may mitigate this risk where employed). This is fine if you're just trying to circumvent a firewall (remember, Tor was originally designed as a firewall-circumventer so that dissidents in China et al could convey their traffic to blocked sites; the goal was simply "get this public blog post out of China and to the rest of the world", not "hide all data from the NSA", hence the design of the exit node network) so you can use IRC, where your conversations are public anyway, but it's not fine for all kinds of browsing applications, so "try using Tor for everything" is actually horrendous advice.

The upshot of that is that like most other privacy software, you really need to understand the software well to a) actually obtain any meaningful privacy from its usage and b) not accidentally seriously harm yourself.

On top of all that, Tor traffic is easily distinguished and most likely automatically flags your NSA profile for additional attention.




> On top of all that, Tor traffic is easily distinguished and most likely automatically flags your NSA profile for additional attention.

As a fairly boring non-dissident who's just trying to be a good citizen on the internet, I think I actually consider that to be a feature.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: