Looks like UK is going the same way as a few states. Spare a thought for us. So messed up this increasing surveillance state.

  • @[email protected]
    link
    fedilink
    101 year ago

    Tor can be compromised though, you just need someone watching a good portion of the end nodes and hosting the fastest intermediate nodes, then run a viterbi trace back to a source. Tor is also very slow.

    I’m looking at IPFS and FreeNet as viable alternatives

    • LukefromDC
      link
      fedilink
      151 year ago

      @tetris11 Slow yes, but if you download videos rather than stream them, slow is much less of an issue.

      Even the US is not capable of watching all Tor exit and guard nodes. The UK sure as hell is not. The Torproject by the way is always looking for and decommissioning malicious Tor nodes, so the risk to any one user is low.

      The usual way to attack a Tor user is to get them to connect to Tor to destination site you have compromised with javascript ON, then send a malware installer to the real target’s computer. The installer then downloads a rather standard payload that tells the computer to phone home on a non-Tor connection. The widely reported 2013 incident used a Windows-only payload, today they probably add iOS and Android. Stock android that is. If it was reasonably practical for cops to see through Tor they would not put so much effort in seeing around it instead.

      Things like the Silk Road takedown were very time consuming and labor-intensive, and required a lot of old fashioned exploits and unskilled admins at the targets. In other words, Tor, Signal, anything else running on an untrusted device also become untrusted. Silk Road was still brutally difficult for the cops, and that was a major, motivated investigation that unlike UK or Utah porn cops wasn’t going to run into a stone wall of non-extraditability or lack of jurisidiction on someone with zero local “business presence.”

      BTW, do not use Google Fiber to connect to Tor to use Google privately, because if you do, Google can see your device directly(being your ISP), and see the one exit node they are talking to, allowing a confirmation attack.