• ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    The TOR network itself is safe - at least assuming the TLAs don’t control at least half of the nodes, which is far from impossible. But let’s assume…

    The weak point comes from the browser: that’s how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that’s the problem: it disables so many unsafe functionalities that it’s essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that’s how they get caught.

    • Trainguyrom@reddthat.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I mean, the advice I’ve heard for one who’s threat model is “the feds are actively trying to identify me” is to have a dedicated burner computer that you do all of your illegal activities on and no other activities. Then of course on top of that avoid saving secrets onto the device and type them in manually every time (ephemeral distros like Tails are good for that)

      • schnurrito@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.

        • HelixDab2@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          ISPs definitely keep records. At least some VPNs claim that they don’t, and that their networks are set up in such a way that they can’t. Some organizations claim to validate the claims of the VPNs, but it’s unclear if they’re trustworthy.

          So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don’t/can’t.

          • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            I mean, you could set up your own VPN on a VPS and ensure it doesn’t keep logs. You could also get a VPS in a different legal jurisdiction from where you’re at.

            • HelixDab2@lemm.ee
              link
              fedilink
              arrow-up
              0
              ·
              2 months ago

              Depending on what you’re doing, that probably wouldn’t be a significant hinderance to law enforcement. Child sexual abuse, drug trafficking, etc., all tends to get lots of interagency cooperation, regardless of political issues.

                • HelixDab2@lemm.ee
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  2 months ago

                  It depends on whether you believe that people should be allowed to use narcotics or not. I tend to believe that people should be able to make that choice for themselves–as it’s their own body–and ordering narcotics online decreases violence in the drug trade since there’s no longer obvious fights over territories, etc.

                  The same interagency cooperation that makes it easier to track down one groups of people and punish them also makes it easier to track down other groups of people that you might agree with.

          • communism@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            Yes, and there’s also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            The VPN company themselves may not keep logs. However, they might be a little black box somewhere in the data center…

            • NauticalNoodle@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              2 months ago

              As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you’re gonna do something incriminating, then I guess you should create a new account each time.

              • orcrist@lemm.ee
                link
                fedilink
                arrow-up
                0
                ·
                2 months ago

                That’s true but it also depends what attack vector you’re trying to defeat. If someone is doing a timing attack and you’re running through a VPN, it might be harder to work for them, depending on where they sit.

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      My understanding is that Tor Browser works fine, there’s just some dumb website owners that block Tor traffic by IP address.