Agreed – you can never truly be completely "safe", but Tor remains the most privacy-preserving tool we've got.
When people say they're distrustful of Tor (for various reasons) to the extent they refuse to use it, they seldom suggest alternative tools/measures that provide anywhere near the level of safety offered by Tor.
They have the opposite of a point. The logical conclusion of that line of reasoning is that everyone should use privacy tools so no one can be singled out. And that ordinary users with "nothing to hide" should be the first to start using them.
I mean, sure. And while we're at it pigs should fly.
Functional security means understanding your risks, and using privacy tools is a risk - in the sense that it does single you out in the current environment.
Your actual communications can be secure, but that doesn't stop a bad actor/government from picking you up and beating you with a wrench until you talk - if they get suspicious enough.
Just saying "everyone should use these tools!" is not actually a counter-argument. It's a fine long term goal, but it's not addressing the real risk that some folks might be in.
> I mean, sure. And while we're at it pigs should fly.
Pigs have significantly higher density than birds and lack wings. Getting them to fly under their own power would be quite a challenge. By contrast, installing Tor Browser is actually pretty easy.
> Your actual communications can be secure, but that doesn't stop a bad actor/government from picking you up and beating you with a wrench until you talk - if they get suspicious enough.
In general this is not what happens in e.g. the United States. The act of installing or using Tor doesn't in and of itself cause anyone to beat you with a wrench. Try it. Visit HN using Tor Browser. No one comes in the night to put a bag over your head.
> Just saying "everyone should use these tools!" is not actually a counter-argument. It's a fine long term goal, but it's not addressing the real risk that some folks might be in.
If you live in an authoritarian country and actively oppose the government, you are already doing something that will get you punished if you're caught and then the question is, which is more likely to get you caught? Tor has several measures to reduce the probability that you're detected. Private entry guards, pluggable transports, etc. You might still get caught, but these things reduce the probability, whereas if you openly oppose the government without using any privacy technology, you're much easier to catch. Using it in this case is pretty clearly to your advantage.
If you live in a country that has a modicum of respect for fundamental rights like privacy and due process, then you can use Tor when you're not breaking any laws and are just trying to avoid being tracked across the internet by Google and Facebook, because using Tor isn't in itself illegal. And doing this not only benefits you, it benefits the people in the first group who need it even more than you do, because it makes them stand out less.
> Visit HN using Tor Browser. No one comes in the night to put a bag over your head.
HN used to often not create new user accounts when connecting from Tor.
Twitter doesn't let a new user account to pass the prove you're human AI challenge. It says it passes but then shows an error message that there was a technical issue.
By using Tor I'm cut off from Twitter. Twitter is my social media of choice. By using Tor I'm cut off from social media.
which would defeat the purpose of tor, as your account (and presumably, your location at the time of signup), can be easily linked to your tor traffic.
The reason tor traffic is often denied is because it's hard to block or track "the same" tor use, and some people used to abuse this to perform actions that the platform does not want.
You cannot really have true privacy, and also have moderation of content.
The assumption there is that trackability is a desirable characteristic to have in a technical system. As someone who sees technical systems as the onramps to centralized abuse by institutional power, I don't see trackability as a feature, but rather an anti feature.
Consider this: just like fraud, the ideal amount of it in any purportedly liberal civilization is non-zero, because the freedom from which is derived the opportunity to engage in the behavior is more important than perfect attribution, detectability, and prosecubility of it.
People don't realize that when you set goals of zero'ing out these sorts of things, you're throwing the baby out with the bathwater.
I use TOR in the US... You're not actually making a very compelling argument here.
My statement is pretty clear - using a privacy tool can single you out. Am I afraid of that in the US? Nope, not really.
Would I be afraid of that in, say, Iran? North Korea? Russia? Israel? China? Probably.
> If you live in an authoritarian country and actively oppose the government, you are already doing something that will get you punished if you're caught and then the question is, which is more likely to get you caught? Tor has several measures to reduce the probability that you're detected. Private entry guards, pluggable transports, etc. You might still get caught, but these things reduce the probability, whereas if you openly oppose the government without using any privacy technology, you're much easier to catch. Using it in this case is pretty clearly to your advantage.
You know a clear way to avoid this risk entirely? Don't trust your communications to a public network. Is TOR better than posting directly online? probably. Is TOR still a risk? Obviously yes. Understanding your risks is important, and simply saying "Use it anyways" is not an appropriate answer. Like... at all.
> My statement is pretty clear - using a privacy tool can single you out. Am I afraid of that in the US? Nope, not really.
Which does imply that the "singles you out" argument doesn't really apply to anyone who is in the US or any country with a non-authoritarian government.
> Would I be afraid of that in, say, Iran? North Korea? Russia? Israel? China? Probably.
But in those cases your problem is the alternative. If you don't use Tor then you're trapped between the oppressive option of self-censorship or the even more dangerous option of not censoring yourself while also not using any privacy technology.
Moreover, the more people use it the less using it singles anyone out, and the more people contribute to making it harder to detect etc. See also Hofstadter's theory of superrationality.
> You know a clear way to avoid this risk entirely? Don't trust your communications to a public network.
"Just build your own internet" is frequently not a realistic proposal.
I want to firmly state that this is (fucking badly) mis-stating my whole point.
> But in those cases your problem is the alternative. If you don't use Tor then you're trapped between the oppressive option of self-censorship or the even more dangerous option of not censoring yourself while also not using any privacy technology.
Don't use online communication. Period. Talk to people face to face.
> "Just build your own internet" is frequently not a realistic proposal.
Don't use online communication. Period. Talk to people face to face.
> Which does imply that the "singles you out" argument doesn't really apply to anyone who is in the US or any country with a non-authoritarian government.
Not my damn point. And you well know it, you just don't want to concede a breath of air to the idea that you might be wrong...
> Moreover, the more people use it the less using it singles anyone out, and the more people contribute to making it harder to detect etc. See also Hofstadter's theory of superrationality.
Fallacy is fallacy. Dreaming of a utopia does not make it so, and expecting the average person to take this stance just isn't a realistic expectation. Noble goal. Shit thing to risk your personal safety on.
---
And that's the point. I advocate for these tools, I use them I when I think they're appropriate. Failing to be able to consider a possible downside isn't a "good" thing. It doesn't make the argument for these tools stronger... it makes it hard to evaluate your risk, and personally - makes me think you're actively undermining real efforts for security.
So if your actual stance is "Use these tools even though I understand it compromises your personal safety - I don't care because blah blah blah"... then I don't have enough respect for you to continue the conversation. You are only acting for you, and that's shitty.
Anyone who search for medical information online should always use a VPN and a browser that cleans itself before and afterward. Health status is one of the most valuable user data available to data brokers and is heavily collected and sought after.
I also use tor in my work in order to get a third-party perspective on a website, or when inspecting suspicious links.
It's true that a majority is from the US government through various funding schemes and grants. They're very transparent about their funding and ongoing efforts to diversify. But a little over half coming from US government sources isn't the same as their devs literally being on the gov't payroll; people often talk about Tor as if the developers themselves earn a government salary.
(Funnily, Signal also received major funding from US government sources but very few people seem to question that when lauding Signal.)
Timing attacks are a well-known weakness. There's a lot of research into timing attacks and proposed countermeasures.
Also, it's just Tor – not 'TOR'.
>Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.
The fact that adversaries need to rely on zero-days, or people running massively outdated and unsupported software, strongly suggests the network is safe and robust.
They may not have heard of Gnutella, the network, but they may be familiar with some of the software that supports it: LimeWire, Shareaza, BearShare, WireShare, FrostWire, iMesh, and probably others I'm forgetting.
LimeWire I’m familiar with and one they’ve definitely used but that seems like a thing from 20 years ago. And by the 2010s I don’t know if anyone still used it. Given that, now I’m curious on why it was mentioned to be better than TBP which survived while Limewire (not sure about the others but have never heard of them) didn’t.
When people say they're distrustful of Tor (for various reasons) to the extent they refuse to use it, they seldom suggest alternative tools/measures that provide anywhere near the level of safety offered by Tor.