1. Forum
  2. DOVE-Net
  3. Internet

  • I don't think the Tor network is inherently insecure

    From Ogg@VERT/CAPCITY2 to MRO on Thursday, September 12, 2024 19:39:00
    Hello MRO!

    ** On Wednesday 11.09.24 - 21:17, MRO wrote to Arelor:

    I don't think the Tor network is inherently insecure. Exit nodes may
    attempt to sniff at your traffic, but since every modern service you may
    use on the clearnet is encrypted then it does not make much of a
    difference, not to mention if you don't use Tor you give the chance to
    watch your traffic to even more people.

    i wouldn't trust it. you're sending your data through random people, most of them not very nice people. furthermore the us govt developed it and released it to the public.

    The Exit nodes can potentially monitor your internet activity,
    keep track of the web pages you visit, searches you perform,
    and messages you send. No doubt some government institutions
    are operating exit nodes.

    But isn't there more confidence in privacy and encryted
    sessions when using .onion destinations?


    --- OpenXP 5.0.58
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@VERT/BBSESINF to Ogg on Friday, September 13, 2024 07:40:10
    Re: I don't think the Tor network is inherently insecure
    By: Ogg to MRO on Thu Sep 12 2024 07:39 pm

    The Exit nodes can potentially monitor your internet activity,
    keep track of the web pages you visit, searches you perform,
    and messages you send. No doubt some government institutions
    are operating exit nodes.

    But isn't there more confidence in privacy and encryted
    sessions when using .onion destinations?

    if it's going through us govt nodes then encryption and privacy is probably useless.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From phigan@VERT/TACOPRON to Ogg on Saturday, September 14, 2024 06:58:43
    Re: I don't think the Tor network is inherently insecure
    By: Ogg to MRO on Thu Sep 12 2024 07:39 pm

    and messages you send. No doubt some government institutions
    are operating exit nodes.

    It's been said that well over half the exit nodes are run by the government. It's also been said that exit connections can easily be associated with entrance connections when you happen through those.

    Yes, when using .onion destinations, I believe those security risks don't apply.

    ---
    þ Synchronet þ TIRED of waiting 2 hours for a taco? GO TO TACOPRONTO.bbs.io
  • From Dumas Walker@VERT/CAPCITY2 to MRO on Saturday, September 14, 2024 10:45:00
    But isn't there more confidence in privacy and encryted
    sessions when using .onion destinations?

    if it's going through us govt nodes then encryption and privacy is probably useless.

    I think it is based on govt tech but that the nodes that most users use are
    not govt systems... unless you are implying that they are the actual source
    of the dark web (which is interesting and possible).


    * SLMR 2.1a * That which does not kill us strengthens us.
    ---
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANTIR to Ogg on Monday, September 16, 2024 18:41:02
    Re: I don't think the Tor network is inherently insecure
    By: Ogg to MRO on Thu Sep 12 2024 07:39 pm

    The Exit nodes can potentially monitor your internet activity,
    keep track of the web pages you visit, searches you perform,
    and messages you send. No doubt some government institutions
    are operating exit nodes.

    Well, I have doubts about that, considering most http traffic these days goes encapsulated in TLS.

    An Exit node can't keep track of the sites you visit because different sites are accessed over different circuits. An exit node who gets a gazillion users through it cannot realistically determinate which site visits belong to a particular user either.

    Searches cannot be tracked because the serch query is encrypted. Same with messages and the like.


    But isn't there more confidence in privacy and encryted
    sessions when using .onion destinations?

    With onion destinations you generate to DNS query so I guess that is a win.

    Still I prefer i2p.


    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From MRO@VERT/BBSESINF to Arelor on Tuesday, September 17, 2024 06:59:25
    Re: I don't think the Tor network is inherently insecure
    By: Arelor to Ogg on Mon Sep 16 2024 06:41 pm

    and messages you send. No doubt some government institutions
    are operating exit nodes.

    Well, I have doubts about that, considering most http traffic these days goes encapsulated in TLS.

    An Exit node can't keep track of the sites you visit because different sites are accessed over different circuits. An exit node who gets a gazillion users through it cannot realistically determinate which site visits belong to a particular user either.

    Searches cannot be tracked because the serch query is encrypted. Same with messages and the like.



    the probably is, you trust encryption. don't you think all the big govts have cracked that encryption or have a way around it? they are probably 10 years or more ahead of what we think they are.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Arelor@VERT/PALANTIR to MRO on Wednesday, September 18, 2024 15:41:27
    Re: I don't think the Tor network is inherently insecure
    By: MRO to Arelor on Tue Sep 17 2024 06:59 am

    the probably is, you trust encryption. don't you think all the big govts have cracked that encryption or have a way around it? they are probably 10 years or more ahead of what we think they are.

    I don't think they can crack something like modern TLS in real time. I am sure they have a bunch of pre-cracked primitives stored somewhere so they are likely to actually crack sessions... whether they can crack them soon enough for that to be useful is speculation.

    Personaly I think it is not likely they can perform real time cracking, because when they have needed such a thing they have opted to bribe operators of the trust chain instead (in order to get fake certificates to attempt MITM).


    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From MRO@VERT/BBSESINF to Arelor on Thursday, September 19, 2024 15:22:02
    Re: I don't think the Tor network is inherently insecure
    By: Arelor to MRO on Wed Sep 18 2024 03:41 pm

    the probably is, you trust encryption. don't you think all the big govts have cracked that encryption or have a way around it? they are probably 10 years or more ahead of what we think they are.

    I don't think they can crack something like modern TLS in real time. I am sure they have a bunch of pre-cracked primitives stored somewhere so they

    you have no idea what they can do. nobody does.


    Personaly I think it is not likely they can perform real time cracking, because when they have needed such a thing they have opted to bribe operators of the trust chain instead (in order to get fake certificates to attempt MITM).


    why not have both?
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::