The Tor project is really important, and I'm really glad the EFF supports it. It's come a long way in the last 10 years too. For about a year I ran a fairly high traffic couple of exit nodes (circa 2004) and it was a really scary experience - constant legal threats, phone calls from people screaming that we'd hacked their servers in the middle of the night, and several conversations with the lawyers of big media companies. People who run exit nodes have some serious stones. It was finally too much, despite the crew at the EFF being really helpful when we called asking if they might help us navigate some of the more intimidating legal waters.
All this to say, I'm really impressed at the lengths the project has gone (and continues to go) to make Tor safer, more accessible, and easier to use for nontechnical folks. I just downloaded and installed this, and it worked, and worked well. A far cry from the earlier days. Cheers to Tor and the people working on it, running exit nodes, bridge nodes, and offering legal support to those that need it.
I run one. I tell anyone who complains that's legal, explain Tor, and send them the form letter, and then never respond again. Three years running, and I've never been sued or otherwise affected.
Some may reply that is a legal risk as well. I believe it is clearly within the bounds of the law. If the police shut then down I would fight to the extent of my ability in the courts to have them restored.
I believe strongly in our system, and that all men and women (including law enforcement) are bound by the same set of laws, and are equal before them. Tor is legal under those laws, and the courts stand ready to vindicate my rights if they are violated.
What stops someone from masking their own behavior by falsely attributing it to a TOR user. That is, someone runs a TOR exit relay and whenever a complaint comes in for an action actually executed by the relay host, falsely attributing it to a TOR user.
The very same person could just use tor to begin with, without running an exit node at all. And from some perspectives, including mine, that's a good thing, at large.
Actually, there's a very simple and elegant answer to this: Tor doesn't save anything from relayed traffic to disk. So if forensic traces exist on the behavior, it was PROBABLY the node operator.
(I used to have a source for this, but I think I bookmarked it on my dead laptop.)
Not really, sometimes you need pcaps to diagnose network problems as an admin. I anonymize the IPs and shred the files afterwards. But recorded == operator is a bad heuristic.
I use Tor every day for random ordinary things, like looking up recipes or researching banal purchases. The responsiveness of the Tor network has improved dramatically in the last year.
It seems that the biggest threat to the Tor network right now, are web sites that treat Tor users differently. For example, Cloudflare is currently serving captchas to Tor users. It's an automated response based on reports of abuse from the exit node IP at some point in the past.
Some individual sites have been doing this for a while to tackle abuse problems, but for a service that handles as much internet traffic as Cloudflare does, this is not a good sign for Tor.
Though their TOS seems to forbid running an exit node, I run a fairly big relay on one of my Digital Ocean droplets - even the $5 instances have a ton of bandwidth which can be donated, if you aren't using it all for other projects.
Yes, it's called a relay, and it's very easy to configure. If you do this, your exposure would be minimal, while providing a huge benefit to the Tor network. See https://www.eff.org/torchallenge/what-is-tor.html
As already mentioned, you can run a relay. You can also only allow exits out of certain ports. So if you only wanted people to use your exit node for IRC, you can specify that in your exit rules.
I'm sure most of HN knows this already, but I've run in to enough people that used Tor but weren't aware of these that I'll post anyway. Some things to keep in mind if you're going to use Tor:
- The exit nodes can see all traffic being routed through them[1]. Be wary of using Tor for regular web surfing - the exit node can not only monitor any unencrypted traffic, but can also inject browser exploits, attempt to strip SSL[2], etc.
- HTTPS Everywhere is only enabled for sites that the EFF has whitelisted[3]. Even if a site supports SSL, don't expect HTTPS Everywhere to automatically send you to the encrypted version - always doublecheck.
- NoScript is not enabled by default in the Tor Browser Bundle[4]. Don't expect it to protect you from malicious Javascript exploits out of the box.
If you absolutely must use Tor for something, the safest way to do so is to connect to Tor, make whatever connections you need to make (and only those connections), then immediately get off.
I was referring to using the Tor Browser Bundle or any other client to access the internet over Tor, which has different security implications than running an exit node or relay.
That said, feel free to use it for whatever you want - just be aware of the tradeoffs/risks. You can't just turn on Tor and assume that you're instantly more anonymous and secure - to achieve that, people need to completely change their browsing habits. Surfing the web through Tor without taking extra precautions is essentially saying "I don't trust the web site I'm visiting or any node between it and me, but I will implicitly trust this random group of volunteer exit node operators who have assured me that they have no malicious intent."
in terms of privacy and avoiding everyday tracking of what i read, say, and search for...i actually do trust this random group of mostly volunteer exit node operators more than i trust major internet companies or my ISP...especially where SSL is supported. i live in the united states.
Do you mean that Tor adds risk over 'normal' web use, or that Tor is not as secure as people think?
The only added risk I see is that an exit node arguably could be more likely to attack the user than an ISP, but I think the difference is that attack in different ways. Most ISP's attack confidentiality as part of their business, though probably they don't insert browser exploits.
If you are a bad actor, you can run a Tor exit node and do whatever you like with other people's traffic passing by. This is similar to what you could do if you hosted a public wifi hotspot. While ISPs are in power to do such evils to their customers, it wouldn't be a sustainable business model to for example fish for credentials in their customer traffic. For an exit node administrator, this is entirely possible. Tor project monitors for bad exit nodes, but traffic eavesdropping for example is something they can't detect.
It's a trade-off. If your ISP chooses to, they can monitor non-HTTPS traffic while knowing exactly who you are.
Whereas a Tor exit is more likely to snoop, theoretically they should have no idea who you are (as long as you don't send any identifying information in plaintext).
I think the most important thing is that we should try and make the implications of both clear to as many people as possible.
FYI, even when NoScript is operating in blacklist mode rather than whitelist mode, it still offers a bunch of protections. The Tor Browser Bundle ships with the NoScript extension enabled but configured to operate in blacklist mode.
Tor Browser is an abomination. I don't know of any other software with lower ratio of real security to expected security (by the average user). See the Freedom Hosting story [0] for an example why. This time it was about pedophiles, but this danger holds for everyone, from users of silkroad clones to opposition in totalitarian countries.
Tor Browser is making tor more accessible to average computer user in the same way selling minefields cheaply makes real estate more accessible to average human.
The only reasonable way of using tor for even remotely illegal purposes is by using whonix, or roughly equivalent schemes (eg. a tor-only router + tails).
Keep in mind however that using a LiveCD means that you will lose your guard nodes, which may make it easier for an attacker to deanonymize you over time.
Also Tor Browser is usually better than using Tor + another browser.
Uh...you use some pretty strong language there. Can you provide technical information that will help me understand why is the Tor Browser an abomination?
Apart from the obvious (Firefox vulnerabilities, dangers of running Javascript or other plugins, etc.) weaknesses, I mean.
Security of firefox is beyond awful [0]. The same is true of all currently used browsers - almost certainly each has several unpatched remote code execution holes. The overwhelming majority of professional bug finding people are either working for the government(s) or selling bugs/exploits to them. These bugs aren't getting reported to the vendor. The occasional ones that are, are either reported by hobbyists, or professionals for marketing purposes.
You're the perfect example why tor browser is so bad.
>was only used against older Windows boxes
It was only used against windows systems, but it was a firefox exploit.
None of the CVE's listed affect the current version of Firefox.
Many of the vulnerabilities fixed are discovered by Mozilla's security team as well as community members, so while there may have been a vulnerability in the browser and it was fixed, it does not mean the vulnerability was known or used maliciously previous to being disclosed.
This is why you cannot judge the security of a product based upon the number of CVE's published. If the vendor in question has an open security program they will publicly disclose all security vulnerabilities they discovered internally. This is a common practice will most (all?) of the major browser vendors.
For example, look at the history of Google Chrome CVE's. You will notice huge spikes in the number of vulnerabilities. A little research, and you will find that was when the Chrome Security team started heavily fuzzing their code and fixing vulnerabilities before most of them were discovered by outside parties.
What you have to worry more about is vendors who don't publicly disclose security vulnerability information, so the only CVE's you see are the ones that independent parties published.
I'm aware that current browsers don't have a great security record (and present a huge attack surface). However, browser exploits are not so abundant that governments are willing to pop people left and right. A good, reliable browser exploit generally costs in the tens of thousands of dollars range, and even governments are hesitant to use those willy-nilly. Most of these can be mitigated with obvious precautions like disabling scripted media (no Javascript, Java, Flash, etc.)
Of course, really solid security requires a lot more effort. If I were to engage in illegal purchases using the Tor browser, I would run the browser in a VM and route all VM traffic through Tor. However, as we know from experience, the Tor Browser's (very mediocre) security is sufficient for the vast majority of casual criminals.
>You're the perfect example why tor browser is so bad.
Gee, thanks :)
Also, none of those CVEs are for the latest version of Firefox.
None of the CVE's you linked to are exploitable in the latest Firefox. "Beyond awful" security would usually require multiple unpatched exploits. Current Firefox has none.
I would tend to agree with this overall. I'm a daily user of Tor for random browsing, but I use it on what is essentially a throw-away tablet using a Tor-only router.
The NSA and other agencies around the world already has you targeted. Tor makes you safer. Tor makes you aware of risks. This is also good since you are now better suited to defend yourself accordingly.
This may be stupid, but I am slightly concerned about visiting anything related to Tor or security because of my fearful suspicion that the NSA will flag me for closer observation. That said, me frequenting a site called "Hacker" News probably sets off some red flags somewhere anyway.
The TLDR of the situation is that you shouldn't worry about what the NSA flags you as. They flagged everyone. Just assume you're on their list because you probably are anyway.
The Snowden releases have done exactly that - in a perverse way, they make me take many more risks online. "Everything I do is already being tracked, so I might as well search for that new Daesh (IS) video."
No--Everyone is on the NSA's list, that is unjust, and I would encourage you to join others to work for justice by increasing the cost of suspicion-less surveillance through mutual aid and solidarity, like using the Tor Browser Bundle.
I look at it this way: a future for humanity where everybody is cowering before "big brother" is not worth calling that. So, why would I prepare for a case that is so bad that any nuances in it are essentially meaningless? Instead, I would rather be counted as someone who bit back at the very least, no matter in how small and futile a way. If the revolution comes, that will be my Persilschein, and if it doesn't, I'd rather be taken away sooner than later. You might say, I'm not as worried about "evil" people with power not liking me because they project their own sickness, I'm rather worried about good, powerless people not liking me for IMHO correct reasons.
It's not bravery, not yet, anyway. I have never been threatened, and I figure before that changes, a lot of people who actually are brave, and much more of a threat to oppressors than I ever could hope to be, would disappear in some shape or form. So I'm not brave, I'm just slightly idealistic :)
Professional surveillance usually outwits amateur thought self-policing. May as well enjoy freedom of thought instead. With more anonymous traffic, all parties are incented to raise their game.
I wasn't making the assertion that HN supports Tor. I was just joking that some dumb flag bot in NSA's network likely flags all users visiting sites with words such as "hacker".
I feel that fear of big brother is a limitation on citizens personal freedom since people will be more guarded about what they say, inquire about, and behave. No shifty behavior. The constable may be watching.
What do you mean by "support"? You can access HN through tor, though sometimes it is blocked (perhaps depending on which exit node you happen to be routed through).
I seem to recall that posts from Tor-only HN users were treated differently, but I could be wrong. I can't recall the details, maybe it was that Tor posts were only visible to those on Tor? Would need to test to make sure.
>That said, me frequenting a site called "Hacker" News probably sets off some red flags somewhere anyway.
Probably less the name of the site as the confluence of money, power, technical expertise and occasionally violent anti-government rhetoric. Honestly, I find it surprising how many people seem to feel perfectly safe here while avoiding Facebook, Google, etc.
I feel that since I truly don't do anything that the NSA could be interested in, if I do something that puts me on their list for higher monitoring, I'm just wasting resources that they could be spending on looking for people who might be communicating with another Snowden. If I download and play with Tor, I'm really helping out people who are trying to exercise their rights. If the NSA 'list' includes everybody, then the list doesn't really have much value to them.
For all the hullabaloo about censored books, surveilled reading is just as much of a threat to the formation of free ideas as censorship, if not more so.
the book argues, quite successfully in my opinion, that these cases are entrapment. The government says that entrapment doesn't apply because terrorism.
You're right. That is stupid. That's exactly what NSA wants. For us to not even bother to try to use more privacy-friendly tools because "they may be watching us". Guess what. They are already watching us. All of us. Do you really think you have to be on a "Tor list" for the to spy on you?
They have alerts on everything. If you say something they may not like online, you're probably already on a list. Tor or not.
> I am slightly concerned about visiting anything related to Tor or security because of my fearful suspicion that the NSA will flag me for closer observation.
This is exactly what's wrong with the whole situation.
I went to a privacy conference in Europe this summer, featuring a former NSA official. The organizers explicitly asked me if I wanted to "be on the list," so of course I said yes.
To my dismay, the TSA did not attempt to search me at my home airport. Perhaps the data had not propagated to screeening yet. Regardless, it seems harder than I initially thought to get onto one of these NSA lists.
Maybe there are not many Chinese here on ycombinator, but Tor is mainly used by us to bypass the Great Firewall. And I do not mean to read articles or profess opinions that are antithetical to Chinese government, but simply to access many useful resources. Many tech blogs are blocked, for example, because they are hosted on blogspot.com
For me, at least, I don't really care about security, but usability and stability.
They already know and don't seem to mind a lot. They just disable all VPN traffic, etc during sort of special political periods e.g. Tienanmen square events anniversary.
It is probably better for the government to know how it is done so it can be stopped at will, rather than the people in question constantly finding new ways.
There are always some people who try to circumvent their censorship, and it is not worthy of their time trying to block every one of them, as long as the majority of people are properly confined.
Well, that is my speculation. I never get into any trouble for breaching the firewall.
Really nice to hear about out-of-the-box uncensored web browsing in China. It's probably only temporary in the ongoing cat and mouse game, but still good to have the win.
Can someone running an exit node in Brazil comment on how difficult it is (if it is at all) to do so given crazy local cable companies and the country's legal system? Any troubles so far? Worth the risk?
I didn't have the guts to deal with all the possible legal problems that an exit relay could spawn, and no lawyers I could find could help me with that question.
I suggest you run a non-exit relay instead, like I did for almost a year (at home). About to put it up again, after 3 months offline, now that I got better hardware to do it. Didn't have any trouble from my ISP, which was Tim, but I think that the biggest reason for that is that they are new in the business and they are trying to make things as painless as possible. It was a heavy traffic relay, I was limiting it to 4gb per day up/down bandwidth, which is quite alot, and never heard any complaints from Tim.
Question: What are the benefits one gets to run a Tor exit or relay node? Is it plain humanitarian deed or is there anything for profit as well, even a minor one.
At some point, someone linked to a site that let people donate or bounty-out for people to run Tor exit nodes, or relays. Can't remember the details, or the url, though. I've been looking for it...
I don't know how true this is? I have talked to someone who runs one of the bigger exit nodes and he said that he used to get barely one or two abuse complaints in months.
We have customers that try to run exits from time to time. We can usually tell pretty quickly, because the abuse complaints start coming in within a few days.
It seems that if you don't run the limited exit policy, you'll be hit with DMCAs pretty much instantly.
If you do run the limited exit policy, you'll get hit with abuse notifications (you hacked my site, you're posting spam, etc) pretty quickly.
All this to say, I'm really impressed at the lengths the project has gone (and continues to go) to make Tor safer, more accessible, and easier to use for nontechnical folks. I just downloaded and installed this, and it worked, and worked well. A far cry from the earlier days. Cheers to Tor and the people working on it, running exit nodes, bridge nodes, and offering legal support to those that need it.