I know there are good reasons why it's not fully secure, but I'd really like to be able to access `.onion` addresses in my regular browser over TOR and everything else directly as usual. In _this_ I'm not over-worried about the risk of deanonymisation as my aim is on one hand access to resources I don't have access to now and on the other hand legitimisation of TOR as something that anyone could reasonably use, even (or especially!) if they have "nothing to hide".
You absolutely should use Tor for regular non-logged in browsing if you can bear the slowness. Exit bandwidth is limited, but I'd say being a needle in the haystack of people who actually need the privacy is a net benefit.
I'd just really advise against touching Tor with a regular browser. For starters, you shouldn't browse Tor without blocking JavaScript by default. Hogging the bandwidth needed for video is also where 'normal use' turns problematic for the people who actually rely on Tor for personal safety.
Tor Browser is painstakingly maintained to make it suitable for Tor. Even Brave's Tor mode is more fit for purpose than proxying Tor manually.
I'd also argue that it's better for the anonymity of all to use a browser prepared to avoid fingerprinting.
Well, that or he is a rare strand of hay in a stack made mostly of needles.
(I'm stretching the analogy to point out that you are correct that he is providing cover [the hay], but that most of the traffic currently is of the type that the surveilling entity is looking for [the needles]).
Because JS might be used to leverage technology that can give clues on your browser and connection, it's in general one less open hole to think about when trying to stay as anonymous as possible
Not only that, but JavaScript can get you owned, and any code loaded over a non-https connection could be rewritten in transfer. Remember: all Tor exit IPs are publicly known. Tor users are easy to target.
If you use .onion services for anything... interesting, you should also be aware that the first step an advanced attacker might do with a compromised site is to try and completely own all browsers visiting.
Interesting point. Thanks. I have a related question. I'm assuming Tor browsers don't include any javascript engine then? And also likely include some self-contained resolver library? Are there other things that differences between a standard browser and a Tor browser worth mentioning?
The Tor Browser enables JavaScript by default -- it would be impossible to use for most web browsing otherwise. In fact there is an argument to be made that you should not disable JavaScript because it makes your fingerprint more unique to the sites you visit (you're a Tor user with JavaScript disabled). It depends on whether you value your anonymity more than the risk of potentially being attacked by bad JavaScript.
Tor Browser is based on Firefox, and has a bunch of anti-fingerprinting measures built in to it which have been slowly upstreamed to Firefox (as well as ensuring the Firefox doesn't send anything without going through Tor -- something which historically has been hard to do as a Firefox user).
These proxies can appear useful, but I'm just going to drop by here to say that this a particularly bad idea to spread among non-technical people.
I've seen these proxies bleed into more problematic Tor use cases among vulnerable individuals. Defaults matter, and as technical people we should assume a bit of 'do no harm' moral responsibility for people who seek our advice.
Tor Browser is painstakingly maintained to be fit for its specific purpose. If you're not authorized to install Tor Browser on a device and to emit Tor traffic on the network you're using, you generally shouldn't access Tor there.
Anyone using Tor to access resources that might get them in trouble in the country they're in should look into proper operational security with Tor Project-provided infrastructure like bridges.[1] The special purpose Tails operating system can be used with bootable USB memory on common hardware like laptops without leaving a trace.[2]
you can download the brave.com browser for desktop, which supports Tor. After creating a Tor tab I could view https://www.bbcnewsv2vjtpsuy.onion/ without issue
Sometimes that's okay. Sometimes you don't care about privacy and just want to use a network system where people actually own their domain names instead of lease them on the whim of a corporation.
But this will need you to start the Tor deamon separately and configure the two I guess? Not as simple as just using Tor browser, or a Tor tab in Brave...
Even better you can start Firefox with the profile manager and have one profile configured for TOR and the other for normal browsing.
That said, it's generally better to run the official TOR Browser instead. It has security nerds working over every aspect of it to make it as anonymous as reasonably possible. Deanonymization is shockingly powerful in the age of big data.
Privacy Browser on Android does that - you can choose which sites are accessed over Tor and a lot more (searching with DDG via Tor, access Facebooks onion address).. Highly configurable..
If you have installed tor on your local machine, you can use an add on like proxyswitch omega (firefox and chrome) to redirect all onion websites.
For a network wide approach, you will need to set up PAC and a network accessible tor proxy. The PAC would have a rule that redirects all .onion hosts to the network accessible tor proxy.
You can use a browser extension such as foxyproxy to specify proxy settings based on url patterns. Just tell it to use the SOCKS proxy of the Tor daemon for .onion addresses, and the I2P proxy for .i2p adresses for example.
In my experience, the limiting factor is speed. Tor is not exactly the fastest protocol in the world, and while streaming video over Tor has gotten better over time, it's still not what I'd call ideal. For regular browsing, the loss of speed is inconvenient enough to annoy the average user, myself included.
I've used tor-browser and Brave's tor mode quite a bit. I've not really had problems with speed nor playing 480p video (if sites default to higher res it's sometimes a problem).
Captchas on some sites, for sure, sometimes a different route will fix it. Usually mainstream sites either block tor or work properly.
Hope you like solving CAPCHAs, because you're going to be doing a lot of that. And you can forget about searching with Google. Also you'll learn to hate Cloudflare as they straight up block you from so many websites.
And don't even think about trying to sign up for some free service like an email account or game account. Your account will be flagged before you finish thinking up your username.
> Also you'll learn to hate Cloudflare as they straight up block you from so many websites.
Well, it's the websites using Cloudflare, not Cloudflare doing it for fun. You're better served hating other Tor users for ruining nice things for you.
But you're lucky if a service even allows Tor. I straight up block it for some of my applications since it's 99.99% abuse.
"Use tor for everything" is a bad answer, because the question specifically said "I'd really like to be able to access [...] everything else directly as usual"
"Use tor for everything" might be good life advice, but it's not a good answer for "how do I avoid using tor for everything" :P
Some of BBC News' .onion neighbors are forced to constantly rotate their URLs to evade DDoS attacks (notably Empire Market). Admins constantly publish new PGP-signed links to https://dark.fail . DDoS attackers then scrape this site, shift their attacks. Sites stay online, but users are trained to expect URLs to constantly change. This has resulted in a huge spike in phishing attacks.
Tor hidden services are notoriously difficult to protect from DDoS attacks due to its code being mostly single-threaded. Build 5000 circuits to any darknet site, max out one core on the server, and you take it offline. Cheers to BBC for this great step forward for privacy. Hopefully their traffic surges to bring more attention to .onion scaling problems.
My pet theory is that these DDOS attacks are not just other merchants. I believe state actors are DDOSing to force traffic through nodes they control to deanonymize traffic.
While it doesn't solve the problem entirely, onionbalance[1] does mean that you can have more than one server handle traffic. There's also IP load balancing.
Is it paywalled? Maybe your exit node was used to scrape? I don't read NYT much but when I've checked out the .onion such as today I've had no issue reading articles.
I'm getting "Log in or create a free New York Times account to continue reading in private mode.", then click on the "Create a free account button" to be finally faced with "This action is not supported over Onion yet, sorry.".
Surely if some well funded organisation (Eve) were to install a similar number of relays itself, then it is reasonably likely that for a given user a packet would eventually travel across relays solely owned by Eve, and at that point Eve could map a Tor address to a physical IP?
Operating 6000 nodes in a manner unlikely to cause suspicion , and correlating packets across those nodes, is a massive undertaking, but it seems that it would be well within the means of e.g. NSA.
Would this work, or am I missing something fundamental about how Tor works?
You're not missing anything - Tor is not designed to defend against a global passive network observer.
> A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic […]
I believe this would work, and is one of the weak points of the ecosystem. I wonder what the impact of spinning up 6K relays in AWS across the globe would be like. I would say that spinning up 6K instances would be affordable for even small companies.
You can't just spin up 6k new relays and take over the Tor network without somebody noticing. The network is actively monitored for sybil attacks, and it takes 2+ weeks before a new node is "trusted" with significant traffic, giving network monitors plenty of time to blacklist you.
What's going to kill Tor is a global passive adversary, meaning someone with perfect visibility of all traffic going in and out of Tor nodes by tapping network infrastructure and correlating at the endpoints. I'm sure the NSA is working on this. They couldn't do it in 2013, but what could they have accomplished in the 6 years since the Snowden leaks?
It's also possible to use machine learning to "fingerprint" encrypted blobs entering guard nodes and correlate them with websites (even onion services!), although it gets less feasible as the set of potential websites increases.
Yes, the cost wouldn't be prohibitive. It is not hard to see how it could be profitable for a small security company to do this and sell the information on.
That page talks about malicious relays in the sense that they spoil traffic either through incompetence or malfeasance.
What I am thinking about is the hypothetical case that 3000 of the 6000 active relays today had been started and operated by Eve over the last few years according to Tor guidelines and without any external sign that the nodes were centrally controlled.
If that were true it would be hard for a user to detect, and it seems to me that Eve would be able to reasonably easily break the privacy protection of Tor.
You’re not misunderstanding Tor. Indeed, if you control more than 50% of the nodes then you can feasibly deanonymize clients.
Tor circuits tend to go through many countries and rarely do they go through the same country twice. Not sure if this is part of the node selection criteria. But if you can’t have two nodes within a circuit go through the same country, and someone identifies you, then you’re dealing with a hell of a global adversary.
FWIW I think many people are concerned more about being monitored by their local governments rather than foreign ones.
Sure, but if the CIA, NSA, FBI, UK, China, and Russia are all trying to control nodes, they keep each other from getting a useful share of the nodes. There are many parties that would want to deanonymize the traffic.
> But if you can’t have two nodes within a circuit go through the same country, and someone identifies you, then you’re dealing with a hell of a global adversary.
You can do that with a credit card and AWS. Setting up server presence in multiple countries is trivial. Setting up enough of them is expensive.
I dunno which Silk Road you're talking about, but the story we're supposed to believe regarding the first Silk Road is that Ulbricht used the name "altoid" both when announcing the site initially and before that on a programming forum in association with an email address tied to his real name. I believe that he really was that sloppy, but I'm still skeptical that this story isn't a parallel construction.
Many of you with homelabs ought to check out how to run a Tor relay or bridge. It's been fun setting mine up, and after a while I started getting lots of traffic! No data cap on a symmetric fiber connection, so I might as well share the love!
Once upon a time, I tried running a relay at home. Certain websites started blocking my IP - their operators wanted to block exit nodes, but indiscriminately blocked all IPs from the Tor directory, both exit nodes and relay nodes. At that point, I stopped doing it.
Tor bridges do not have this problem, do not consume a lot of bandwidth, and are very useful for people who need to circumvent firewalls. I have been running one for years without any issues. The Tor Project is currently looking for more volunteers to run bridges:
Don’t worry. You won’t get a subpoena or get a surprise visit from you-know-what. Tor relays just relays data, while exit nodes relay data from tor to Internet.
I'm confused why they're running a v2 onion address -- v3 has many benefits in terms of privacy and DoS resistance. I get that the onion addresses are longer, but you can run both in parallel.
RT covers factual news. They just choose to cover news that makes America, et al look bad and choose to not cover news that makes Russia look bad. Opinion pieces are of course opinions, not news, and are also usually pro-Russian policy opinions.
The value of a state run news service is that the bias is fairly obvious.
I know roughly who writes the cheques at thr BBC, RT, NHK, or DW.
With privately owned media, figuring out where they're not going to be impartial is a lot more subtle. Who's buying the ads? What other companies are owned by major shareholders or key staff?
The BBC is quite subtle. It's not fake news and what they report is factual, but the choice of what facts to report makes it crystal clear that they do have an agenda.
A current example: Hongkong. They have headline reporting every time there is a protest while other protests in other countries, and arguably much more significant protests, barely get a mention. This is not a coincidence.
Edit: A lot of the replies to this comment try to rationalise. This is being willfully blind.
Noam Chomsky has written a lot about the issue of raltive importance of reporting in order to manipulate public opinion. This is exactly what is happening because it should be obvious to everyone that there is a campaign against China ongoing.
Hong Kong is a very recent former British colony, the nature of the protests are unique and there's a large public interest in the Hong Kong protests specifically. This doesn't mean the BBC isn't biased, but the number of articles isn't an indication of bias in the way that people would normally use the term I think. How are you measuring the significance of protests against each other to figure out which deserve more or less attention?
Bingo. HK was a colony and there are a lot of British citizens who became that way via that colonial dominion. It's more relevant to the UK than, say, protests in Peru.
Hasn't the HongKong protests been going on for a while and with changing dynamics in protests and response. BBC reported many protests, is there one in particular that should of been more reported upon that springs to mind - for me, nope.
Sure choice of facts and style can and does show a middle-left bias, but as for agenda. If it is that crystal clear, then what is it!
I will say though, the trend of media outlets to report opinions of interviewers as news and for the populus to take those avenues of news and run with them as facts, has been something that plays out upon social media. This then as we have seen, is used by news outlets as sources of news (ala Tweets have becomes news sources now). This does create the potential for massive feedback loops. But then, no media outlet seems immune to that.
> A current example: Hongkong. They have headline reporting every time there is a protest while other protests in other countries, and arguably much more significant protests, barely get a mention. This is not a coincidence.
Hong Kong is a former British colony with international importance, Chile is not.
Everyone has an agenda, news and comments are product of people and people are inherently subjective. Moreover, much of written history, as the adage go, is documented by the victors. And even if you try to take it on you to read from broader sources and rank them by some kind of elusive objective reputation, you are still biased in trying to reconsile them with your prior system of belief about how world works.
I think it is still better to have access to the other point of view,
and as one frenchman once said, even if you don't agree with a point of view, you should defend the right to be able to say it.
Are any of the other countries with significant protests also colonies of the UK until recent decades? The HK-UK history clearly influences the significance of that event for the BBC’s audience.
I haven't said that they are not reported. It's the relative importance given that is obvious.
150+ people have died in Iraq over the last month during wide scale protests. There is an article on this on the BBC's website.
On the other hand, there is almost live coverage with embedded journalists as headline news every time a protester throws something at the HK police, or every time the HK police throws a teargas canister at protesters.
Interesting this was down voted. Presumably HN readers don't think this is accurate? From what I know of the BBC I would say this is a fair comment and that TOR might be needed for people who want to get the UK gov viewpoint in places hostile to their policies, views and positions
Imagine if CloudFlare or another CDN provider were to automatically public websites on Tor. This would be huge to drive legitimate traffic into the system. It should be trivial to publish your content on Tor as well as the clear web.
You mean like the Cloudflare Onion Service that we launched a year ago: https://blog.cloudflare.com/cloudflare-onion-service/ It performs an automatic upgrade to use the .onion from Cloudflare if you use TBB (and Brave).
I've always wanted to use this (and enabled it on all my sites, e.g. www.stavros.io), but it has never worked for me, I can always see the alt-svc header in the response (using TBB 9.0).
Here is my idea to fight The Great Firewall: Embed banned content in "normal" https websites like this one.
The content can either be static like mirrors of banned sites (wikipedia, BBC and the tor website). It would be at secret locations.
The site should randomly pick a few of it's Chinese users. When they visit public pages, they will be redirected to the secret locations. (With a welcome message).
It will appeal to apolitical Chinese, because they will feel they are unraveling secrets.
It will be hard for the Chinese government to clamp down: They will struggle to identify these websites and when they shut them down, they will hurt their own industries.
Are you using it? does it work? when I tried to use it some long time ago, it was unusably broken (asked me to validate my account by recognizing photos of some friends, but each photo was showing as a blank white rectangle).
I think GP means that facebook spent a lot of CPU cycles getting an onion address that is so human-readable/memorable; I don't remember what the old Silk Road's address was but I think I'd remember if it were silkroadcorewwwi.onion
While the Tor browser can be used to access the regular version of the
BBC News website, using the .onion site has additional benefits.
"Onion services take load off scarce exit nodes, preserve end-to-end
encryption [and] the self-authenticating domain name resists
spoofing," explained Prof Steven Murdoch, a cyber-security expert from
University College London.
Because so much of the bbc website is http, today, in 2019. At least you now get TLS between the browser and the bbc server. Accessing bbc over Tor normally leaks cleartext http to the exit nodes.
The vast majority of the BBC's services use HTTPS nowadays, including BBC News, BBC Bitesize, Sounds/Radio, CBBC and CBeebies, etc. Only pre-2010 news stories are HTTP.
The only other parts that remain HTTP (that I've seen) are certain archived content, e.g. the older Learning[0] and Languages[1] portals.
I think DNS is one of the top two most appropriate uses for blockchains. Besides the auctions and the TLD, what are the tradeoffs you're aware of between ENS and Namecoin? There's a part of me that feels like having One True Blockchain for everything sounds cool, but I also think Ethereum might be overkill for what is essentially a key-value store. Is there a formal ENS whitepaper with all the relevant high-level details in one document that my google-fu is failing to find, or are these web docs and the github code the best starting point right now? https://docs.ens.domains/
I agree that it's bad optics, but personally I think it sounds shway. If we're gonna live in a dystopian future where we have to evade omnipresent government surveillance using illegal* code, it might as well sound like something out of an '80s sci-fi novel or a '90s anime. ¯\_(ツ)_/¯
*Currently illegal in some jurisdictions, more coming soon!
I think you missed his point. Neither china nor russia censor "politically correct" speech. Of course their view of "politically correct" is different from ours and others. Europe, Islamic world, Africa, etc all protect "politically correct" speech and censor "politically incorrect" speech.
Sadly, in the US, extremists ( particularly the left ) are leading the charge to censor "politically incorrect" speech.
Hardly are there any "extremist" leftists in the US (never heard of any advocating for a revolution) and any calls for censorship come from a tiny minority of Tumblr–like social justice warriors.
Agreed that the number of extremist leftists are small in the US. Unfortunately, many of those "Tumblr-like social justice warriors" work in the academia, media and government and wield disproportionate power. And if you haven't heard of any talk of revolution, you must have lived in seclusion somewhere in the woods and missed out on 3 years of post-Trump hysteria. Lucky you.
Where is the seizing of the means of production? Even nationalization of companies is a no–no. Political discourse is radically liberal economically in the US (thanks, Mr. Reagan) so there's really little leftism in the left.
Since no one posted that, yet: Tor relies on the size the of its network to counteract blocks, prevent take overs, and naturally ensure stability as well as performance.
You can either donate to various groups running Tor servers, the developers, or take part on your own.
>Like, how do I know any of those links aren't the NSA?
Well, I've only linked to communities listed by the Tor Project itself.
Otherwise, the same way you would check whether HN or your local tea store is the NSA. You do your own research, run your own risk analysis, and if you want to stay sane, by default you give people the benefit of the doubt.
Generally, it's best not to run Tor relays from home as services will start to blacklist your IP as a proxy.
If you are going to be an exit node, then you should inform yourself about he legal challenges you might face, since you don't know what people will access with your IP address.
> by default you give people the benefit of the doubt
I actually tend to assume websites like HN are the NSA or at least the NSA have read access to their databases. Maybe it's my tinfoil hat tendencies but instead of giving them the benefit of the doubt I would rather not give them any data I don't mind the NSA having.
HN contains a lot of information that isn't visible on the public web. Ban lists, point counts, user access history, etc.
> Everyone has read access to HN
No, not to their databases as OP is discussing. It would be definitely a crime if any of us had that info as it would imply we broke in and stole it - but OP is suggesting that they assume NSA already has it (a potentially paranoid but also reasonably fair thing to do, IMO).
From a personnel standpoint, isn't Thiel on the board of HN/YC and doesn't Thiel have basically uncountable NSA/CIA/etc connections? I'm not saying Thiel has anything to do with HN's security - but clearly, saying HN's databases might be accessed by someone like CIA (while a board member of YC is active in sales & partnerships to CIA etc) isn't that crazy.
None of us know how many points your comment has, or if you have an email address on file, or how many times you visited HN today, or what IP you're using, etc. But all of those things are in the HN database(s) I'm sure!
Wait, why not? Knowing who votes for what content, when, and in coordination with whom else seems like it would be extremely useful indeed! Aren't techniques like this already used by FBI etc on Twitter when investigating illegal content and coordination of its' dissemination? Bot networks are taken down on Twitter and other sites all the time using voting data.
Social voting data is a rather sizable and useful dataset for surveillance agencies. HN has a high concentration of current-high-impact and future-high-impact individuals and is therefore a reasonably interesting trove of information.
I realize all this is indeed tinfoil-hat-ish stuff. But I'd be shocked in NSA/CIA/FBI etc was disinterested in online social voting habits of users.
Also, you latched on to a single example I gave. HN may have your email address privately (if you gave it to them) and they also have your IP/access logs. This is all stuff that they save but is not publicly available information.
I'm sure there's more as well. It's not just "internet points" and reducing the discussion down to simply dismissing a single one of my thoughts isn't going to get us anywhere.
> HN may have your email address privately (if you gave it to them) and they also have your IP/access logs. This is all stuff that they save but is not publicly available information.
I'm pretty certain there's nothing the NSA doesn't already have. See the Swowden gifts on MUSCULAR[1] the better-known PRISM[2], and XKEYSCORE[3]. There are other relevant programs, but I don't have my notes on that stuff with me at the moment.
Anyway, I won't argue about how much the NSA values internet scores. Let's just say I can imagine a targeted extortion campaign against a specific individual using such inputs, but I can't see how the Great Hoover would use them as any sort of actionable signal.
But you can't calculate the 'score' without knowing who those people are, when they voted, and what else they voted on too. The score is a summary generated from lots of information. It's not just some number that carries no value.
A small sampling of as few as 10 Facebook "likes" gives analysts a better picture of you than your friends. As few as 300, a better image than your life partner, should you have one.
(And if you don't, APTs, will assign one to you....)
Err, all the NSA needs to do to get access to our HN posts is scrape the site. National Security Letters are probably more effort to arrange than a copy of BeautifulSoup. I hope ...
Not really, there's a lot of content that isn't public, like upvoted submissions, but can give a lot of information about a person political opinions and interests.
> Like, how do I know any of those links aren't the NSA?
No communication channel can be guaranteed to be 100% secure in the broad sense, i.e. even One-Time Pads can be stolen, recipients of messages can be watched to see what they’re up to, etc.
Users of Tor should assume that the whole channel (not just the Tor part) can be compromised by a willing and capable adversary, and take additional precautions if they feel it’s necessary, e.g. “tradecraft” https://en.m.wikipedia.org/wiki/Tradecraft
> Generally, it's best not to run Tor relays from home as services will start to blacklist your IP as a proxy.
Conversely, if you're engaging in illegal online behavior from your home IP, intermittently running a TOR exit node could be a useful mechanism for creating plausible deniability.
"TOR was developed by the United States Naval Research Laboratory and funded by DARPA to help U.S. intelligence and foreign freedom fighters communicate under oppressive regimes. I run this exit node to support their patriotic work to protect freedom abroad. I have no control of the traffic that emerges, and I don't collect logs in order to protect covert intelligence operations."
> Generally, it's best not to run Tor relays from home as services will start to blacklist your IP as a proxy.
I think this also specifically refers to exit nodes, no ? Running an intermediate relay should be fine as you'll only be shuffling encrypted tor traffic to other relays.
That should be fine, but seriously check with your ISP first. They tend to not really understand the difference between middle relay and exit node, and in their heads, tor == bad.
Being a Tor relay you participate in a public proxy network, so you automatically run risk that someone will harvest your IP address for whatever reason, e.g., lists for companies trying to prevent browsing via tor, etc.
Donations are probably better, because while that hardware is helpful, it's the ISP connections that are hard to come by. If you host a Tor exit node on your home network connection, Comcast is likely going to shut down your service for abuse/TOS violations. Having some rack space in a datacenter is far more valuable and better supported by donations.
The network needs both. Too much centralization is a threat to anonymity so it needs users running nodes. At the same time you shouldn't run an exit at home on a consumer connection. Relays are fine though.
Saying you shouldn't run an exit node at home is accepting that Tor has mainly fraudulent uses. More people need to run it from home so it becomes accepted as a normal Internet usecase.
It doesn't have to be even close to "mainly fraudulent uses". If just 0.01% of users use it for illegal stuff that will get your home network connection shut down, and an exit node sees a thousand different users a month, then it would be unwise to host an exit node at home.
In terms of non-exit Tor relays, it doesn't. In fact, for anyone looking at your traffic, Tor relaying is opaque, unlike legal torrents.
As for exits, you'll be dealing with abuse reports from countless parties, including the off-chance that someone sends a death threat through your exit and you have may to fend off law-enforcement that still hasn't gotten the memo on Tor. In countries, like the US where any police encounter might turn deadly, I'd highly advise against running exits at home.
As a Tor exit operator, I can in fact honestly tell you not to run exits on production business networks, or basically anywhere where you're not prepared to be a recipient of a lot of unwanted attention.
Even non-exit nodes can put you in a bad spot (my ISP didn't like it), you'll get blacklisted by quite a few places (because not everyone got the memo that middle nodes != exit nodes)
Yeah. If your ISP is manned by dipshits, they won't like Tor relays, just because.
It's also worth setting up a Tor relay to use a different external ip address. Because VPN/Procy whitelists employed by dumb web firewall products will temporarily blacklist all publically listed Tor relay IPs.
Here's a typical residential setup: ISP-provided broadband modem in bridged mode + some sensible home router with security patches you should be using anyway and the Tor relay server connected to the modem with a non-managed switch (if needed).
Please note that Bridges give help directly to individuals who can't access Tor, due to blockage in their home country. They don't use a lot of bandwidth and aren't listed publicly, so bad actors on the firewall market won't block them.
So, if you only have one IP address available and you want to do the internet at large a huge solid, just run a Bridge.
In principle, pretty much any crime you can commit over tor, you can also commit over BitTorrent. For instance, you could advertise your assassination services by writing up a document, making a torrent of it, and then distribute the magnet link for that torrent on floppy diskettes... or whatever.
In practice, though, TOR is more convenient for such things because a resource's name (the onion address) doesn't change when the content does. This difference makes it rather unlikely that you're going to find the lets-make-an-illegal-deal crowd gathering around BitTorrent.
But legally, and from the ISP's perspective, seeding a torrent with incriminating content is no different than running a TOR exit node that happens to be trafficking that content--it's just that since they attract different crowds, one is more likely to attract the wrong kind of attention than the other.
Also, you get to choose what you seed on BitTorrent, but when you run an exit node, you don't. So you're unlikely to even know what kind of incriminating content is going through your internet connection.
Exit nodes are the points at which traffic goes from the encrypted TOR network to the clear net, and since many people like to use TOR to do legally questionable things you will likely very quickly be flooded with law enforcement requests, if not just blocked by your provider.
Well it’s a open project of the naval intelligence unit and it’s primary designed case was a deep cover operative in foreign countries reporting back info to the CIA, etc .
The (non CIA ) people who use it primarily act as traffic in order to improve the security for operatives . Your Mileage May very
Both if possible. A Pi 3 can saturate its ethernet adapter (~50Mbps) running a Tor relay. It's reasonably straightforward to setup.
You shouldn't run exit nodes from a home connection due to possible abuse. If a person uses it to do something illegal you may end up with law enforcement busting down your door. Relays are safe though.
At least in the US law enforcement can't charge you with anything. More people need to run exit relays, especially from home, so it becomes an accepted use.
> At least in the US law enforcement can't charge you with anything
Citation please? Last I checked people get charged with things they didn't do, or weren't responsible for, in just about every system of justice - that's why we have courts.
Ah, fair point, I meant convicted. However ISPs threatening to cut off your service for running a Tor relay is a good indication you won't even be charged, as the ISP (and the local authorities) should know you have safe harbor.
This leads to the other issue of your service being cut...
Because the hosting service and its IP block are all geographically constrained. This makes correlation attacks easier, as well as attacks requiring physical access.
I thought the consensus was that law enforcement can "crack" Tor these days (a la tracing the illegal traffic back to the source, not just the exit node)
Is this not the case, or is it not a black/white answer?
Tor's anonymity depends on distributed control of its nodes. If one entity, say a government org, controls a large portion of entry and exit nodes it may be able to trace some requests. That's an attack that has been known since the beginning though, it's not new.
People will hack the sites that are proxied behind Tor .onion domains. Hacking a site is also a crime, so you won't find too many documents revealing how a crime network was exposed. Instead, they gather data from the hacked servers and hand it over as anonymous tips.
Tor is just a proxy. A fancy proxy that uses onion routing, but a proxy nonetheless. Think of it as a CDN that does not have to hand over customer details because they have plausible deniability about who you are. Unlike commercial CDN's however, Tor does not try to prevent hacking. That exercise is left to the people running the servers that Tor is routing to. As it turns out, some criminals may be lazy or inept.
Running an entry or exit node is kinda risky since your IP will be associated with a lot of illegal content. Running an intermediary node is much safer. All kinds of nodes are important for the network.
The amount of configuration you need to run a node isn't terribly difficult. There is plenty of documentation online and really it's just changing a few lines in the config file. The Tor daemon is pretty good about pointing out potentially undesirable configuration options if you watch the log file on startup.
You aren’t liable as a tor exit operator. That doesn’t mean you won’t get involved in nonsense or won’t be forced to get a lawyer to prove that but in the end you aren’t liable.
I believe you can choose to be an exit relay or a middle relay. A middle relay only connects to other relays, it does not allow "outgoing" connections, i.e. you won't appear to be browsing child porn from the outside if that's what you mean.
If you mean that you don't want to relay traffic that carries child porn, than you can't do that, since you can't see what you are relaying (and even if you did, you'd need to automatically recognize it which is not easy afaik).
It creates an interesting moral problem. If people who view such material are in the wrong because they support the harm it causes, then are not people who support Tor in general also guilty of the same? Yes, they have more noble reasons for doing so, but do the ends justify the means, especially when dealing with such a topic?
> If people who view such material are in the wrong because they support the harm it causes, then are not people who support Tor in general also guilty of the same?
How is this any different than FedEx or USPS? They don't read your mail to see what it is. To a near certainty at least some of what they deliver contains child pornography.
And what about roads? I bet child pornographers sometimes use roads for child pornography related purposes. Does that mean we're all complicit as taxpayers? Or maybe it's that the child pornographers are the guilty parties and common carriers are not the police.
Moral issue aside, thanks to the unwisely expanded reach of the law via FOSTA (at least in the United States), a person who merely hosts such data might be liable:
Because of the hypothetical impedance of some unknown (but likely very small) amount of trafficking, millions of people found it more difficult to find partners for their entirely consensual acts.
>And what about roads? I bet child pornographers sometimes use roads for child pornography related purposes. Does that mean we're all complicit as taxpayers?
Congratulations you've spawned another decade's worth of sov-cit arguments
legal question here for someone who knows what they're doing, if you run a node and illegal activity is performed, are you complicit to the illegal activity?
Obviously not all of the time because otherwise ISPs, VPNs, postal services could not run. I think what is more of an issue is constantly having to prove you were not involved when police come investigate.
While I agree that no news corporation should ever be censored and should be accessible to all including the "dark-web", the level of clickbait / fake-news level content on the BBC website is getting ridiculous in some areas and contradicts with their duty to be fair, impartial and balanced as the only UK state broadcaster privileged with a royal charter.
Apart from the actual World News section, the front page + newsbeat section is completely littered with frivolous cringe-worthy content and memes that isn't worth paying attention to, neither is purchasing the TV license for.
I think one of the issues the BBC suffers from is that in the attempt to be impartial they can sometimes give undue weight to crack-pot ideas.
That said, I often see both sides of a debate complaining about the bias of the BBC. So long as that is the case then we can reasonably assume they are doing a fair job of walking the fine line between both sides.
I often see both sides of a debate complaining about the bias of the BBC. So long as that is the case then we can reasonably assume they are doing a fair job of walking the fine line between both sides
This is absolutely not true, because unscrupulous parties are careful to complain vociferously (and shamelessly) even about coverage that is heavily skewed in their own favour.
Since the Andrew Gilligan debacle (where the BBC sacked a reporter and apologised profusely over the self-evident truth he had reported: that Tony Blair lied about Iraqi WMD), the BBC has gradually transformed itself from a public broadcaster to a state broadcaster. The only time you hear a reasonable balance of views on an issue these days is where the governing party itself is split on it.
I think the Andrew Gilligan debacle, and the more recent Naga Munchetty issue, are both symptoms of the BBC falling over themselves to appear impartial at the expense of common sense.
This has been the BBC response to criticism of its news reporting for a long time now.
However there are very few debates which have only two points of view, and the very act of reducing every issue to a "both sides" argument is a real problem for the BBC (well, for me anyway!)
I agree strongly with this - there has been a slow but steady decline in the quality of BBC news content over the past decade or so.
It's not even confined to clickbait, the articles are getting seriously dumbed down too - you'd think many of them were written for children!
And it's not even confined to online - the news section on Radio 1 is an absolute joke these days - if the online content is dumbed down, then this is seriously dumbed down to the point where you'd think it was for pre-school children!
A random selection of headlines shown on the linked page:
"Undercover at a 'seduction bootcamp’"
"The peasant whose binge drinking went global"
"'Why I'm desperate to get rid of my bum implants'"
"We spent a morning in Rick Astley's home studio"
This isn't even what I'd recognise as a bad day for the Beeb News site. Some days they just report on Twitter spats with headlines
"Lizzo credits writer of 'DNA test' tweet after row"
reproducing each tweet in turn. ...actually that's from today too.
I well I suppose that makes a change from:
"'I’m a Muslim artist inspired by the female body'"
"On stage at a Jewish queer club night"
which I'm sure are great magazine content if that's your sort of thing but I'm not sure are really headline "news" IMHO (both also from today).
To be fair I guess having Tor access to that content is probably needed in some locations. I just wish it was presented separately to genuine news content.
While it looks frivolous, that's probably some kind of attempt to attract... common people to the news front page. We don't have access to BBC's analytics so it's hard to determine if this technique manages funnel the unwashed masses towards quality content.
If you open up something like the World section (and subsections), you'll get a lot of good reporting.
This is a double-edged sword. I can admit up front that don't have a very flattering view of the most popular British commercial news outlets. But they're popular.
So, in a way, if BBC wishes to remain accessible among people who are used to... certain popular British news outlets, it shouldn't isolate itself in an ivory tower. If BBC's domestic target demographics have a poor reading level, that's likely more of a Britain problem than a BBC problem.
There's probably also an aspect of serving populations inside Britain who don't speak English as their first language. The BBC's mission statement[1] also mentions mirroring Britain to the world, which likely increases the need for accessible language.
This is a basic soft power strategy anyone seeking global relevance should pay attention to.
They seem to have made it their task to report in depth on every single violent crime in the country. Being from Germany and having never lived in the UK, this is weird to me. For a crime to end up on tagesschau.de (the German equivalent to bbc.co.uk/news ) it needs to be of... well... national interest. This just seems like yellow press, honestly. Or is there something I'm missing?
edit: also their "reporting" on anything climate related is amazing. It's no wonder that extinction rebellion, a movement originating in the UK, has as the first demand to "tell the truth". At first I was confused because climate change in my media consumption was a regularly occurring topic. But then I checked the bbc website. See [1] for a screenshot. This is at a time, mind you, when the whole of Europe was shattering temperature records left and right, and Greenland was melting. And they choose to report on a thumb wrestling tournament.
They say the BBC bend to the wishes of the current government, they seem in recent years to be bending towards the Daily Mail, using fear-mongering to attract clicks and viewers, ignoring climate change protests to not put off car owners. Joining in with the newspapers by smearing anyone who speaks against the Tory party.
They say the BBC bend to the wishes of the current government
It’s easy to prove this isn’t true, by looking at its Brexit output. The BBC represents middle- and upper-middle-class London, regardless of who’s in power in Number 10, and regardless of any other part of the country.
I don't regard them as serious news service now. On the normal national news slots they present a dumbed-down precis of what the Government would like you to hear. For serious new coverage we watch Channel 4 News which isn't afraid to cover controversial and government-critical topics.
I didn't read their domestic news section, but their world news section is pretty interesting if not contrarian. And I'd say the tor node is for the world news section as people around the world aren't all that interested in british domestic news.
I guess it is probably because most people are using desktops/laptops to browse HN. I feel like Emoji use on QWERTY keyboards is harder/less common. It is possible though: 🇺🇳
On a Mac, if you have the input menu enabled in the menu bar, selecting "Show Emoji & Symbols" will pop open a palette allowing you to put all kinds of things into pretty much any text input.
System Preferences → Keyboard → Show input menu in menu bar
i was referring to the fact that last time i checked, HN stripped emoji. hold on let me check:
edit: yeah, my cat got removed :/
I guess they're distinguished by unicode block: the regional indicator letters are "Enclosed Alphanumeric Supplement", and emoji are "Miscellaneous Symbols and Pictographs". still not sure why remove them though
I’m very grateful for all paying the license fees. Through the BBCs language education programs I was able to learn English and it changed the course of my life. So thank you!
To be clear, they're talking about the un-intellectual dark web: they aren't yet willing to take the risk featuring in-band IDW viewpoints on their pages or airwaves.
Probably, in the face of trends like Brexit and a sense of their declining popularity, this is phase one of preparing to take their resistance underground if they have to.
"The intellectual dark web (IDW) is a neologism coined by American mathematician Eric Weinstein, and popularized in a 2018 editorial by Bari Weiss. The term refers to a group of public personalities who oppose what they see as the dominance of progressive identity politics and political correctness in the media and academia."
Seems like the conventional usage of the term "Dark Web" predates your usage, and is more relevant given that we're on a tech forum.
Most people understand Tor to be the 'dark web', so I wouldn't call it clickbait. Hell, it is the dark web.
It's you who's wrongly associating it with paedophilia and drugs (both amply available on the 'clearnet') IMO, which does quite a disservice to attempts to promote Tor to the newly privacy-conscious.
Straight away in the article they spell it out and make the link between Tor and the dark web:
> The Tor browser is privacy-focused software used to access the dark web
Yes it is. But that's the worst thing it's used for.
It's like saying 12-gauge shotguns are used for bank robberies...
Ok, I'm stretching the point but it's needlessly putting the association of privacy focused browsing using Tor with the nasty shit that some people do with it.
Edit: I realise my understanding of The Dark Web was incorrect so this argument is invalidated now but I'll leave it up.
But you're using 'dark web' as if it necessarily implies "the worst thing[s]" and "the nasty shit" on Tor. The term 'dark web' doesn't refer to anything nefarious in itself — it simply means content accessible only via Tor (or some other software or network).
Sure, many so-called Hidden Services offer illegal and immoral content, but the dark web is enormous. There are many more such sites offering ebooks and other (legal) media, anonymous blogging/forums/social media, whistleblowing services, censorship-resilient news platforms (BBC, NYT, The Intercept, ProPublica), cryptocurrency trading, and so on.
Hell, even the CIA has a 'dark web' presence on Tor [1].
It's also the case that onion services make up less than 3% of Tor traffic -- the perception that they are a very common thing people use on Tor is massively distorted by thinly-veiled smears by plenty of media outlets. The most-used onion service on Tor is (by a landslide) Facebook.
I always though that "dark web" is not about the kind of things you can find there, but the fact that is not "in the open internet".
Wikipedia seems to think the same way [1]:
"The dark web is the World Wide Web content that exists on darknets, overlay networks that use the Internet but require specific software, configurations, or authorization to access."
> Yes it is. But that's the worst thing it's used for.
The "dark" in dark web doesn't mean "bad", it's darkness to prying eyes. If you buy drugs on the dark web, it's the dark web. If you read literature on the dark web that your government doesn't want you to read, it's the dark web as well. The negative connotations you're associating with it are what this step by the BBC will help reduce: pointing out that the criminal use isn't the primary use of the dark web. Privacy is.
Sure, the public's exposure to the term so far has pretty much only been in connection to nasty stuff.
That will change when more normal stuff is available on the dark web and the privacy aspect gets more pronounced (privacy being a major topic these days). And "we're providing access to the free internet to everyone living in countries with authoritarian regimes that try to restrict information and oppress their citizens" is a powerful narrative. They'll be less likely to consider it evil if it's compared to the BBC German Service during WW2, broadcasting to Germany in German, unrestricted by the Nazi government.
Just like "dark side of the Moon" does ot mean "unlit" (it gets the same amount of the sun as any other side), but that signals from that side don't reach Earth.
After the fourth sentence there's an explainer video on what the dark web is, including the fact that it's "often associated with" the things you list, but that "it can also be used to protect whistle blowers or give people access to social networks in countries where they are banned." Hardly seems like clickbait to me.
The GP is saying that someone using the Tor browser could simply just visit bbc.com already. However, they'd have to exit the network, whereas with an .onion address they don't.
> 3 - Why do I, as a UK resident, have to provide money so that someone in Vietnam can access our state news?
If you access BBC News from outside the UK you'll notice that it has advertising. I don't know how much of the cost of international news this offsets, but it will help.
But the more important answer is that everyone benefits if accurate and unbiased news is available to all. The cost of running an onion site is negligible. The cost of international news (and the World Service etc.) is not, but is definitely worth it (and as pointed out elsewhere, not actually paid for by the licence fee).
That's true, most broadcasters have to also bid for broadcasting contracts which give them a-lot of revenue too if they win.
However, UK audiences tend to question the TV license if the BBC does anything out of their duty. But non-UK audiences will see ads on the site that will eventually be clicked on.
So what does the BBC do? Increase more click-bait articles on newsbeat, entertainment, brexit sections to make up for their lost UK audience that are now on other news or streaming services like Netflix, Hulu, etc.
2) World service (mainly radio, in a variety of languages) -- funded direct from the foreign office
3) World News TV (English language TV station) -- commercially funded
However the government of the time told the BBC they had to continue to fund World Service, but stopped the grant in aid. This meant that Doris in Dudley had to pay for Radio Hausa broadcasting from Abuja. Hausa is good for the UK (soft power), but it should be funded by the foreign office.
To add confusion, a couple of years ago the government then decided to invest £300m over 4 years to expand the world service reach - this money came from the foreign office.
Then there's more confusion. Many reporters for world service are expected to file into UK news too. If there's a news story in Vietnam that breaks, it will be nominally world service reporters who are on the scene reporting. Even if it's a planned event, like the Trump/Kim summit, local WS staff will be planning and often staffing that event, even if Huw Edwards is flown out to cover it, so there is still a tangential benefit
Onion services provide additional anonymity to users of the service because none of the traffic ever leaves the Tor network. Personally I think it's a great thing that users can safely and anonymously access the BBC no matter where they are in the world. Even Facebook has had an onion address (http://facebookcorewwwi.onion) for several years.
