Hacker News new | comments | show | ask | jobs | submit login

I find it significant they still recommend using Tor even after a seeming exposé a couple weeks back. [1] Is it the fact that some measure of security is better than none or it makes surveillance incrementally harder?

[1] http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa...

Tor is still the best solution for online anonymity, even with the shortcomings it has. (low-latency for one). The exploits were related to the Tor Browser, not the Tor daemon/network.

Is it possible for the NSA to do timing analysis if they control all internet backbones? They've installed that special room at AT&T to gather traffic. If they do that at enough ISPs would it be possible to reveal all Tor hidden services operating from within the US?

Tor is the lazy man's attempt at anonymity. I wouldn't trust it since it receives the majority of its funding from the US Government, and that government is the reason many are looking for anonymity.

For better anonymity, ditch your cell (tracking device) and use open wifi networks, with a fresh MAC address each time (you can't necessarily trust routers at $Coffee_Shop to not identify who you are).

If you think the government is one coherent entity with all of them wanting to become Big Brother, you are wrong. The fact that Tor gets its funding from the US government is irrelevant. The source code is out there for you to see and inspect and has been done so by many researchers from universities around the world.

Example: The NIST openly went against NSA.

The more people TOR use, the more secure it becomes. All attacks base on analyzing incoming and outgoing traffic or monitoring nodes which use outdated tor version. And why should be using "open wifi networks" more secure or anonymous? You don't know whos running them and who you can trust. With TOR you could still go over open wifi while having not (or much less) to worry about who may be sniffing on that wifi access point.

Can someone explain to somewhat of a layman in terms of security/privacy, why isn't there a bigger push to adopt http://www.i2p2.de/ ?

Also, how solid is it? I suppose Tor has attracted much more research over the years in comparison.

I think you mean high latency.

No, I meant low latency because it allows timing analysis if you control the first and the last node.

From a game theory perspective, if an adversary has an effective tool, defeating that tool and creating enough doubt that the adversary no longer uses the tool are equivalent.

The major vulnerabilities sound like details of implementation alone. Then there is a difference between the more easily lost privacy and the less easily lost anonymity.

Finally, people who are actual experts seem to think it remains a tool for anonymity, and explain why in a credible way.

Yes, the NSA attacks Tor, but the same documents also show they've had very little success, other than the occasional bugs in the Tor browser, and with people not updating those browsers.

But other than that, Tor is by far the best thing for your privacy right now.

On the other hand , tor is considered not secure against someone who can wiretap all or most global data(global passive attacker) , and cooperation between NSA and five eyes countries seem to fit the definition.

And tor has some weaknesses to active attackers, meaning people who control behavior of many routers, to some extent.I believe there were documents showing the NSA has this capability.

But it would be truly helpful to NSA to create the illusion that TOR is cracked. Maybe that's the point of the documents you're talking about.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact