>>407642>>407363>https://restoreprivacy.com/tor/The article is right that Tor is not a silver bullet, but only retards claim that. You still need a good OPSEC. The user's stupidity is by far the biggest vulnerability. As for issues listed in the article, none of them are fatal and most of them are not even related to Tor itself.
>1. Tor is compromised (and not anonymous)>effectively by watching communications as they enter and exit the Tor system, rather than trying to follow them inside.This is a time-based attack where you correlate the existence of traffic through time at guard nodes and exit nodes. However that requires a very long term tracking of all connections going to all guard nodes and leaving all exit nodes in order to achieve statistically confident enough time-related matches. It's theoretically possible (just like decrypting any encryption is) but too expensive to be done en masse in practice.
>One type of attack, for example, would identify users by minute differences in the clock times on their computers.This only works if your system clock is widely out of skew. If your system uses a proper time sync (and most do these days) then identification is practically impossible. Note a couple of things: Tor converts everyone's system time to UTC, your clock doesn't have a consistent enough skew, and even then that would only allow glowies to tie all your connections to one person (or rather machine), but who this person is is still unknown.
>Carnegie Mellon UniversityYes, this is an old story and they used the timing attack I've described above. IIRC the attack was used on a limited sample, it was a proof of concept in a lab setting, not applied in the wild where the network is much larger.
>honeypot schemeAttacks the vulnerabilities in the browser, not Tor network.
>2. Tor developers are cooperating with US government agenciesNever, absolutely never trust a tool because "ourguy" developed it. Do not trust anything, operate AS IF everyone is out to get you or betray you. Do not have faith, do not be a believer, rely only on the technical side of things. If there is a technical vulnerability, it doesn't matter who made the tool, their intentions won't save you. This is basic OPSEC. But all that conversely means that even a tool developed by your enemy can be used for your own purpose if it's a good tool.
(Personally, I think Torproject team are idealistic libtards with good intentions, they effectively "sell" their tool to glowies in order to get the money to keep the project going while offering the tool for free to the rest of the world. The source code is open for all the see, I've contributed some bug fixes myself as an outsider. But my point above is that their intentions are irrelevant anyway.)
>3. When you use Tor, you stand out like a glow stickAgain, OPSEC. Kim was a retard, don't shit where you sleep. It's something to be aware of but not a serious problem at all. It was the setting itself that was wrong not the tool. Just by going to a nearby Internet cafe instead of doing it literally from his own dorm room he would probably get away with it. Of course he could also take further measures to make this probability even higher. No reason to limit yourself.
>4. Anybody can operate Tor nodes and collect your data and IP addressNow this is just getting more and more ridiculous.
Only entry node knows your IP while your data is at that point 3+ times encrypted (4 times if you use HTTPS, or more if you're smart enough to further encrypt sensitive messages with PGP). Furthermore you can use bridges to hide your IP from the entry node as well as hide the fact that you're using Tor (obfuscation proxies). Not all of them are public knowledge. You can run unofficial ones as well.
Only exit node can see your data, but only if you connect over HTTP. It's up to users to pay attention to what they're doing. Again, use PGP if you want to hide your messages. And just general OPSEC to reduce your metadata fingerprint.
Which just leads to me to repeat the same basic principle again: never rely on trust, act as if all Tor nodes are compromised.
>5. Malicious Tor nodes do existSee 4.
>6. No warrant necessary to spy on Tor usersAgain, another variation of the same principle. Don't rely on the benevolence and legality of your government's actions. Don't rely on the law. Faith in your government is the stupidest thing ever.
>7. Tor was created by the US government (for a reason)Glowies use it to stay anonymous when investigating or inflitrating, they don't want their IPs to say "hey, I'm connecting from a police department". See also 2.
>8. Tor is funded by the US governmentSee 2 and 7.
>9. When you use Tor, you help the US government do spooky stuff"When glowies fund Tor project they help rushun hackers do spooky stuff. Why doesn't burger congress know about this???" Anonymity through mass uniformity, the more the merrier, that's a basic design principle of Tor. Btw, the structure of this criticism is ethical consumerism.
>10. IP address leaks when using TorBrowser vulnerabilities, not Tor network's problem. Disable JS, don't use extensions, use Whonix(!!!), etc.
And if you're poking the hornet's nest then for god's sake do not do it where you sleep. Leave your home, connect from a different IP, spoof your MAC address, have a consistent schedule, use a dedicated or a throwaway machine, etc.
>11. Using Tor can make you a targetNo shit, everybody is already a target. Using Tor won't make you into a high priority target unless you anger the glowie. There are also ways to hide that you're using Tor, none of them perfect ofc, but it's possible to add some layers of cloak with bridges or other type of proxies.
I'll admit the article could actually serve as a very good intro for Tor users IF it properly explained why Tor by itself is not a full solution. Instead it does the opposite and tries to convince you that Tor by itself is the source of all problems.