[HN Gopher] Tor Browser 12.0 ___________________________________________________________________ Tor Browser 12.0 Author : soheilpro Score : 190 points Date : 2022-12-07 17:03 UTC (5 hours ago) (HTM) web link (blog.torproject.org) (TXT) w3m dump (blog.torproject.org) | autoexec wrote: | Regardless of the issues with TOR itself, or the areas where I | disagree with Tor Browser's approach, I love the project anyway | because they're great about identifying and tracking all the | things Firefox does that could put our privacy at risk. Having | more eyes on Firefox update after update is wonderful and I've | been incorporating many of their setting changes for years. I | hope they can keep doing what they do for a long time! | goombacloud wrote: | It's sad to see that Apple Silicon gets extra treatment and arm64 | work suddenly gets done while for Linux it's still amd64-only. | With Signal it's the same and they also don't offer arm64 builds. | | Nowadays it's very easy to build for arm64 - you either go the | way with cross compilation or you go the way with full qemu | binary emulation which is as simple as it gets because you would | build within an arm64 docker image, e.g., | docker.io/arm64v8/alpine or docker.io/arm64v8/ubuntu and qemu- | static handles the emulation (it will be slower than cross | compilation but as long as speed is acceptable you can go this | easy way). | data_maan wrote: | All comments here focus on extreme cases: The police viewing you | as a possible suspect, FBI becoming interested in you etc. | | Here is a much more mundane problem: Using Tor (even a VPN) while | logging in to most big Silicon Valley firma that make money with | your data (LinkedIn, Facebook, Tinder etc.) will result in your | profile being suspended REAL FAST with the only way out to upload | your gov't ID, i.e. complete deanonimization (perhaps as a kind | of punishment). | | Any solutions? | New_California wrote: | I struggle with the very same problem. Even connecting a real | physical SIM won't protect accounts from suspension. This is | crazy because it isn't based on behavior on the platform (like | posting too much or liking too much) but merely on the IP and | browser fingerprint. | | Unfortunately, no solutions in sight. | ipaddr wrote: | Stop using those services. This is a clear message that you | cannot use them privately. | deadfromtor wrote: | Just FYI that HN is very anti-tor. I made this account via Tor | just now to prove the point. It will be dead by default (unless | someone "vouches" for it). It's a very user-hostile stance that | HN takes (along with not letting you delete your account). It | really makes you wonder what they're doing with all this data? | Doxxing is almost a given. | matkoniecz wrote: | > Just FYI that HN is very anti-tor. I made this account via | Tor just now to prove the point. It will be dead by default | (unless someone "vouches" for it). | | Also, Wikipedia blanket-bans Tor because it make trivial to | avoid bans and blocks. | dang wrote: | The restrictions go away after a while, and in the meantime | users can vouch for the comments that aren't trolling or spam. | They did exactly that for your comment here, as well as for | https://news.ycombinator.com/item?id=33898410. | | This seems to me a reasonable design that balances the | competing concerns. I like that both of these comments turned | into examples of the system working properly. It's true that | they had to wait a little before getting unkilled*, but that's | not "very anti-tor" nor "very user-hostile". | | (* 20 minutes and 10 minutes, respectively) | LinuxBender wrote: | I created my account here using a MitM Squid SSL Bump proxy in | a VPS provider and posted from that proxy for a few years. Once | in a blue moon I would get rate limited, I assume because this | site was being abused. AFAIK my posts were never affected by | using my VPS proxies. VPS IP's and Tor exit node IP's are often | treated as equally hostile by many sites but not here. I avoid | Tor because every time I tried it there was just too much | latency for me and I don't like someone else controlling the | exit node. | | I eventually stopped using the proxy here on HN not because of | this site but Cloudflare and Google would grief me on so many | sites that people submit here which made it hard for me to | review them and submitting everything to archive.ph is time | consuming. I keep the MitM proxy around in case I need to go to | a very hostile website or if I want to leave a funny PTR DNS | record in their logs. | nonrandomstring wrote: | > HN is very anti-tor | | If by "HN" you mean the site technology and administrative | policy, this is quite untrue. | | I always connect by Tor (simply because I connect to everything | by Tor) and never experience _any_ problems with; | torsocks www https://news.ycombinator.com | | FWIW my account here was created over Tor, and only later when | I decided the site was kosher and a relatively friendly place | did I decide to add personal details. I don't post here with | any illusion of anonymity, rather Tor is part of my daily | dealings with the internet for a generally pro-active security | stance. I trust that a tool created by the US Navy with | "defending and spreading democracy" in mind is fit to defend my | own needs. | | I hope that like Facebook, NY Times and the BBC, we may one day | see a Hacker News hidden service onion address. | | That said there does seem to be a negative attitude toward Tor | from certain Cloud companies that Flares up here from time to | time. They seem unable to reconcile individual desires for | personal privacy technologies with their business model of | defending free speech from DDOS attacks. It's a complex problem | but I do wish they'd try harder yo get on-board with the | programme in a world where threats to clients are at least as | serious as those facing service providers. | imchillyb wrote: | "Just FYI that HN is very anti-tor..." @deadfromtor | | Citations please? | | Otherwise this is horseshit. Many of HN's users signed up and | access HN from tor. | | I /often/ utilize the tor browser to access HN. I've not had a | single issue /ever/ with that. | alexb_ wrote: | Or they realize that letting Tor users makes spam explode. | ehPReth wrote: | most sites seem to treat Tor poorly, possibly due to abuse. | well-used VPNs also can suffer from Google captchas etc. not | that I like that fact, but it seems to be inescapable | amideadfromtor wrote: | Different poster here. This account and post were done over | Tor. Let's see if this holds. | | EDIT: Yup; dead on arrival. | sterlind wrote: | it's more likely they do this to combat spamming. accounts | created by Tor are more likely to be used for spam than for | legitimate discussion, since Tor evades IP reputation. | | I'm sure you could email @dang and ask to be un-shadow-banned, | and he would do so. | jbm wrote: | Wouldn't emailing @dang be against the purpose of Tor, which | is to enhance privacy? | super256 wrote: | > Wouldn't emailing @dang be against the purpose of Tor, | which is to enhance privacy? | | Just use webmail in your tor browser. And don't send it | from your main gmail, but create a throwaway. | pbhjpbhj wrote: | Neither Google search nor YouTube seem to work (other | than very sporadically, presumably if they've not had | chance to block an IP yet) over Tor, does GMail? | Ajedi32 wrote: | It's pretty hard to sign up for an email account over | Tor. The closest I've seen is Protonmail, which will let | you make an anonymous account in exchange for a Bitcoin | payment. | ipaddr wrote: | disposable email services. | nirvgorilla wrote: | Yup. Suspicious just like when reddit became hostile to Tor. | | It's also a violation of the spirit of the internet. Tim | Berners-Lee wrote about this in the December 2010 issue of | Scientific American that any walled off website that blocks you | from accessing it is unacceptable because it's not the web | anymore. | pbhjpbhj wrote: | For me old.reddit.com seems to work just as well with or | without Tor (eg via Brave). The website served at the raw | domain barely functions IME, so perhaps that's where the | issue lie? | bombcar wrote: | The problem is user account creation, usually. | | Read-only access works pretty well in most cases (unless it | is behind Cloudflare, then you're @#$%@#^%). | orthecreedence wrote: | > Suspicious just like when reddit became hostile to Tor. | | And any website using Cloudflare. | Ajedi32 wrote: | Does that restriction go away after you get enough reputation? | Or does every single comment need to be vouched for even after | several have been posted and accumulated upvotes? | dang wrote: | The former. | super256 wrote: | How is HN anti-tor? Everyone can read your comment. Wdym by | "vouching"? | | Also, HN deletes your account when you them send a mail as | stated in the FAQ. It always sucks to delete accounts with user | comments, as it destroys context in old threads. | | As spiders crawl the web humans should consider anything they | post online as undeletable. If you send HN the beforementioned, | there is a chance that I can still browse your posts via | archive.org or google cache. | | If you're afraid of doxxing, maybe make a second thought before | hitting "reply". | input_sh wrote: | > Everyone can read your comment. Wdym by "vouching"? | | There's "showdead" profile setting that allows you to see | flagged comments, and enough "karma" allows you to vouch for | hidden-by-default content. | | It's one of those hidden (somewhat) features: | https://github.com/minimaxir/hacker-news- | undocumented#flaggi... | mothsonasloth wrote: | sasattack wrote: | Could we maybe not on this website use the term glowie | considering it's explicitly sourced from a neo nazi and a | phrase involving the n word. seems like maybe not real in line | with HN rules.... | orthecreedence wrote: | I thought glowie was a term used to describe undercover | FBI/CIA agents. It's in frequent use in leftist | (communist/anarchist, not liberal democrat) forums. | | Is there actual substance behind this claim of its origins or | is it yet another tired attempt to rewrite language for no | particular reason? | mothsonasloth wrote: | It originated from Terry Davis the creator of TempleOS, but | okay I get your point. | sasattack wrote: | True I miss remembered the details. but it has been so | amplified by neo nazis that wikitionary sources them as | popularizing it . | data_maan wrote: | I once spoke with someone who knew someone who ran an exit node | in Europe. He told crazy stories with police knocking every once | in a while. | | Also the legal structure to do that was tricky, because you want | to avoid the police searching your house; you'd also like tl | spread responsability on multiple shoulders. So you have to | create a kind of non-profit organization and run the exit node | through that. | | It's very hard work and we should be thankful for the people who | do it. | | Does anybody know more about how exit nodes are being run? | [deleted] | robert_foss wrote: | I ran one in my student housing wardrobe a decade or so ago. | | I too have some stories, but no one ever met up with me in the | flesh. | jason-phillips wrote: | Come on then, no need to be coy. | robert_foss wrote: | For example, once or twice people called me (somehow) and | asked why I was hacking their websites. I tried to explain, | but I doubt I convinced anyone. | hdheiehdfhfuf wrote: | Do Not Run An Exit Node! | | very few people have legitimate uses for an exit node. And it | is a security nigthmare for everyone (you owning their crimes, | them being at your MiTM attacks mercy, etc) | | But Do Run A Tor Node! | | everyone should join tor and it should become the main net, | with only tor traffic. | charcircuit wrote: | An ISP doesn't own the crimes that an attacker sends through | them. | implements wrote: | Well, I'm going to burn some karma by agreeing with you. | | Running an exit node is a bit like operating a no questions | asked gun shop in downtown (some deprived city). | | Sure, there's perfectly legitimate reasons to own and | therefore sell a gun to someone, but that particular shop | will be in the business of facilitating crime - and that's a | bad thing and therefore not a moral occupation. | hnarn wrote: | > But Do Run A Tor Node! | | Just a word of caution, while running a non-exit node is | obviously safer from a legal point of view, the entire list | of active tor nodes isn't secret, and there are enough people | in the world that do not understand how tor works that the | chance is non-zero that you'll still end up on a block list | somewhere for simply being a "tor node", even though you | never let any of the tor traffic out on the Internet. | | I know for a fact this can happen because it happened to me. | bauruine wrote: | I'm running exits since about 9 months. Have been running non | exits for over a decade before. The exits are run by a non- | profit (a Swiss Verein) and use the recommended setup like | described in the blog post. The ISP knows it's an exit, it has | a page on port 80 describing it and a PTR record that contains | tor-exit. | | No contact with the police till now. | | If you would like to support the Tor network but don't want to | run nodes yourself you can donate to one of the relay | associations https://community.torproject.org/relay/community- | resources/r... | dewey wrote: | > Does anybody know more about how exit nodes are being run? | | They have a good list of points on the Tor site. The most | important ones are usually to distance yourself from the exit | node and make it obvious what it does so you don't get | entangled into whatever is going through the node. | | https://blog.torproject.org/tips-running-exit-node/ | optimalsolver wrote: | The inescapable fact about Tor is that its traffic patterns make | you stand out prominently. | | Just the fact you're using it automatically makes you interesting | and worthy of a closer look. | | All well and good if you're just maintaining a cookie recipe site | on the dark web, but it's rarely ever that, is it? | sterlind wrote: | a closer look maybe, but unless they break Tor they'll only | have a close look at your timing traffic. | | if you're worried, you could use a popular VPN to connect to | Tor - using a VPN is less interesting. also, P2P app developers | could consider running non-exit nodes in their clients for | popular apps. there shouldn't be legal risks unless you're | running an exit node, and this adds more noise to the signal of | Tor users. | godelski wrote: | Why are exit nodes more legally perilous than non-exit nodes? | sterlind wrote: | they shouldn't be, but there's a practical difference in | how often your house gets raided by FBI agents. | | if a Tor user uses your exit node to email a bomb threat or | access child porn, it's your source IP that shows up. the | FBI should check your IP against the registry of exit node | IPs, but if they don't it's still your door getting kicked | in. | bombcar wrote: | Exactly - and I've noticed there aren't very many exit | nodes at all, small enough that I can start to recognize | them by name. | HackerNCoder wrote: | Yea, there is only about 1000 (actually 1300, I just | checked) exits - out of only ~6000 nodes total, the Tor | network is actually kinda small. | bluesttuesday wrote: | Using a VPN to connect to Tor can decrease anonymity. The Tor | wiki has a whole page about the topic https://gitlab.torproje | ct.org/legacy/trac/-/wikis/doc/TorPlu... | sterlind wrote: | the scenario I'm describing is "You -> VPN/SSH -> Tor" and | your link says it's a fine idea. | veeti wrote: | I once tried running a non-exit node and quickly found that a | lot of sites would blacklist my IP regardless. Can't | recommend. | shaky-carrousel wrote: | It is, in my case. All my system updates run over Tor. I do it | to generate noise. | jerheinze wrote: | This is one of the main reasons why I keep using Tor daily. | The more people use Tor for normal browsing, the less | interesting it becomes to be a Tor user, the better the | anonymity for everyone else. | INeedMoreRam wrote: | I also use Tor sometimes for the sole purpose of muddying | up the waters for investigators. | Scoundreller wrote: | I use it to get around many paywalls. | CommitSyn wrote: | Similarly, I use it to train my internal neural net to | better answer Cloudflare CAPTCHAs. | shaky-carrousel wrote: | Quoting Phil Zimmermann: | | What if everyone believed that law-abiding citizens should | use postcards for their mail? If a nonconformist tried to | assert his privacy by using an envelope for his mail, it | would draw suspicion. Perhaps the authorities would open | his mail to see what he's hiding. Fortunately, we don't | live in that kind of world, because everyone protects most | of their mail with envelopes. So no one draws suspicion by | asserting their privacy with an envelope. There's safety in | numbers. Analogously, it would be nice if everyone | routinely used encryption for all their email, innocent or | not, so that no one drew suspicion by asserting their email | privacy with encryption. Think of it as a form of | solidarity. | jerheinze wrote: | You can use pluggable transports to camouflage your traffic | (they're already built into the Tor Browser, e.g. snowflake, | obfs4 ...). | [deleted] | pr337h4m wrote: | The Brave browser has around 60 million MAUs and has Tor | bundled with it, so Tor traffic is unlikely to stand out as | much as before. | bravetraveler wrote: | Similarly, as do the Trezor wallets. | | Quite a few people involved in crypto send a bit of TOR noise | across the wires using that client to do transactions | | This is a good point, though. We need more and more things to | use it (legitimately) so that the traffic alone isn't _as_ | suspect. | | It'll always be a little suspect, I suppose, being only | visible to exit nodes or whatever | thekyle wrote: | I believe the Tor feature of Brave is an optional setting, so | I assume only a small fraction of their MAU use it. | Gigachad wrote: | It's not a setting, it's like their version of an incognito | tab. You can right click a link to "open in tor" | yreg wrote: | They also have private windows without Tor and the users | probably found out that Tor takes quite longer and works | only half the time compared to the ordinary private | window, so I wouldn't get my hopes up that it is adopted | massively. | | (Still, it's great they have done that.) | Mistletoe wrote: | Wow this is really cool. I need to look into Brave again. | dhaavi wrote: | Afaik, it does not use Tor from within the browser, but | uses a proxy server into Tor. That could have changed | though. | CommitSyn wrote: | It would certainly make sense from a marketing | perspective to claim it's using tor, and then have a tor- | proxy service (think onion.cab) use tor for hidden | services and also _attempt_ to use tor for clearnet | traffic but fail back to regular proxy if it fails. | | If it were directly using tor then I'd have to agree that | most people wouldn't use it. Only those that are | technical enough to understand what's going on and the | security aspects. But they wouldn't be using Brave for | the Tor functionality, they'd be using Tor Browser. | anotheraccount9 wrote: | Sounds like I should use my session for multiple unrelated | activities while using Tor, to cover only for one of them | (before changing my fingerprint) | bitL wrote: | Even if you run it over a VPN connection? | tylersmith wrote: | Yes, you just stand out to the VPN provider instead of your | ISP. The VPN traffic itself makes you stand out to your ISP | but in a different way. | yucky wrote: | There is also the inescapable fact that Tor was created by US | Intelligence, specifically the US Naval Research Lab[0]. And | according to FOIA documents it continues to receive a huge | chunk of funding & resources from US Intelligence, particularly | from the United States Agency for Global Media (formerly the | Broadcasting Board of Governors), which supervises our | propaganda channels Voice of America and Radio Free | Europe/Radio Liberty[1]. | | As far as I can tell, the US Intelligence community has never | explained it's aims/goals for Tor. The fact that Tor not only | attracts the type of traffic that US Intelligence would have a | lot of interest in monitoring, but also by design then funnels | that traffic through a small number of exit nodes, makes it | seem self-explanatory. But I wouldn't want to presume anything. | | [0] https://en.wikipedia.org/wiki/Tor_(network) | | [1] https://www.documentcloud.org/app?q=%2Bproject%3Athe-tor- | fil... | neilv wrote: | I use Tor Browser as my daily driver (for everything that | doesn't need me to be logged into an account), for an on- | principle protest against the out-of-control _commercial_ | surveillance that almost every Web site willingly | participates in. | | The federal government isn't in my threat model, and "you | can't fight city hall". | HackerNCoder wrote: | You don't need (outdated) FOIA documents for that... Go to | https://www.torproject.org/about/sponsors/ and you will see | that they get money from the US government, if you want to | know more about how much, go check the IRS 990 forms [1] or | check the blog post that explains the 990, it also gives | clear percentages on how much comes from where, [2] | | [1] https://www.torproject.org/about/reports/ [2] | https://blog.torproject.org/transparency-openness-and- | our-20... | yucky wrote: | This part appears to be missing from the Tor website: | | > _2,500 pages of correspondence -- including strategy and | contracts and budgets and status updates -- between the Tor | Project and its main funder, a Central Intelligence Agency | spinoff now known as the Broadcasting Board of Governors | (BBG). These files show incredible cooperation between Tor | and the regime change wing of the US government._ | | So the documents acquired via FOIA requests are worth | reading, and it's worth discussing why the US Intelligence | community has such an active interest in propping up Tor. | bombcar wrote: | It's pretty obvious that TOR is a helpful tool if you're | doing spyshit in foreign countries. | [deleted] | dinosaurdynasty wrote: | AFAIK there are US intelligence agencies that rely on and use | Tor for their agents abroad and US intelligence agencies that | try to break it for their own reasons. | treebeard901 wrote: | While this is true, it shouldn't make anyone more worthy of a | closer look. It's the same argument used to justify mass | surveillance. Trying to defend a Constitutional right to | privacy, if one exists in your country, does not mean you are | automatically trying to hide doing something wrong. | kube-system wrote: | I didn't take the parent comment to be referring to | governments. Most of the internet is made up of private | organizations, many of which are interested in the traffic | they carry. | sasattack wrote: | Also you are providing cover to agents of US intelligence who | use it | sterlind wrote: | iirc IC still mostly uses burner shell companies for IPs, at | least for running ops. Tor is fine for innocuous browsing but | Tor exit nodes will stick out like a sore thumb in the | victim's logs or IDS. | pbhjpbhj wrote: | I'm not someone who looks at a lot of server logs, but what | characterises entries as being from Tor? | bombcar wrote: | Being on the list of TOR exit nodes: | https://www.dan.me.uk/tornodes | chefandy wrote: | A colleague at a former academic job was questioned by campus | police because he was one of a handful of people on the | university network connected to TOR when a bomb threat was | submitted (I forget how, though) from an IP address running a | TOR exit node. Bomb threats from students were pretty common | during exams, so after the cops saw that it was our very | privacy conscious dev ops guy they didn't pursue him as a | suspect. If the person who did it connected to TOR from the | university network to submit a bomb threat to duck an exam, | they definitely deserve to get caught. I think that qualifies | as "just enough knowledge to be dangerous." | scrlk wrote: | Was it this incident? | | https://www.theverge.com/2013/12/18/5224130/fbi-agents- | track... | andirk wrote: | Sometimes it goes the other way too. In my high school, a | handful of kids wore all black every day. They were harmless | valley girls/guys if you spoke with them. I figured they | _wanted_ to be seen as a threat. | | Why would someone make a legit bomb threat? Isn't the point | of the bomb for it to explode? | acapybara wrote: | Maybe this could be a good thing for business development? | | Could we convert our "observers" into early customers? | insanitybit wrote: | > The inescapable fact about Tor is that its traffic patterns | make you stand out prominently. | | I'm curious as to how it stands out. I can imagine a few | things, like an ISP seeing traffic to known TOR intermediary | nodes, or maybe analyzing packets to look for some sort of | handshake? | | > Just the fact you're using it automatically makes you | interesting and worthy of a closer look. | | Sort of. But what would looking do? What does looking mean? The | traffic is encrypted, they can look all they like. In the US | they'll need more than "they connected to TOR" to get a warrant | to search your device. | goodpoint wrote: | > All well and good if you're just maintaining a cookie recipe | site on the dark web, but it's rarely ever that, is it? | | No, it isn't rare. Plenty of people use Tor for casual browsing | without triggering invasive ads and similar. It just works. | londons_explore wrote: | Tor can be made substantially less obvious if you make sure the | bitrate and packet timings over each 'hop' of users connections | are fixed. | | Eg. each client sends out 1000 1 kbyte packets per second to | each peer, once per millisecond. Inside each packet, they send | the onion encrypted user data. The rest of the packet is filled | with rand(). | | Without that protection, any network attacker can do packet | size and timing analysis to unmask nearly any user rather | quickly. | data_maan wrote: | I took class in IT privacy back in the day. Exactly this idea | came up. And while it really disables certain kinds of timing | based attacks, the problem is it doesn't scale. If everyone | did this, it seems the network would be flooded. | yjftsjthsd-h wrote: | Is that individually tunable, or are you suggesting something | that the project would have to change in their code? | resuresu wrote: | Submit a pull request then. | orthecreedence wrote: | I use it when looking up drugs and medical conditions. If the | NSA wants to spend their budget connecting me to searches about | sumatriptan or plantar fascitis then that's a useful (useful to | me, fuck the NSA) waste of their time. If not, then it creates | noise for the rest of the network. | time_to_smile wrote: | > but it's rarely ever that, is it? | | Maybe I'm unique, but my dark net activity is usually pretty | tame. The number one reason I use Tor is because browsing onion | sites reminds a bit more of how the web used to be in the late | 1990s. Lot's of garbage of course, but a lot more serendipitous | discovery than the web today. | | Because of its anonymous nature Onion sites are inherently | resistant to being swallowed whole by advertising. Nobody on | the dark web is creating "content marketing", if someone is | trying to sell you something it's obvious. You're not the | product on the dark web. | | I know it's wishful thinking, but I often hope for a parallel | web to really thrive on Tor. | mypastself wrote: | If I may ask (provided you're comfortable with disclosing) | what kind of content do you find there that's genuinely | interesting? | shaky-carrousel wrote: | Personal blogs in my case. I find a similar landscape on | Gemini. I really dislike the noise proeuced by ad-sponsored | websites. | mhitza wrote: | While not Tor, I browse I2P websites from time to time. | tracker2.postman.i2p is a great torrent tracker if I want | to easily get access to leaked material I read in the news | about. And planet.i2p to see newly "registered" websites. | Content on those websites vary, but I've stumbled upon a | couple of blogs, ranging from the mundane, to conspiracy | theory blogs, which are also fun to read. It really does | give you that 90s internet feeling. | bombcar wrote: | A surprising number of "clarinet" (er clearnet spellcheck) | sites have onion sites, if you use Brave and TOR it | sometimes shows up a little onion in the right telling you | there's an onion version available. | Scoundreller wrote: | The regular tor browser does this too. | | Nytimes.Com is an example. | agilob wrote: | So I guess Mozilla isn't working on unforking tor browser? | chungy wrote: | It's pretty much already happened. Tor Browser is little more | than stock Firefox with some of the settings changed. | HackerNCoder wrote: | Gigachad wrote: | They are probably not satisfied that Tor doesn't have a | deplatforming mechanism. | goatcode wrote: | I'm glad this knowledge and discussion is still alive and | well. F them for this. | orthecreedence wrote: | Can you elaborate on this? I think I'm missing some context. | Gigachad wrote: | Based on their blog post where they want more deplatforming | capabilities https://blog.mozilla.org/en/mozilla/we-need- | more-than-deplat... | | There was also a comment from one of the Tor foundation | members about how they wish they were able to deplatform | kiwi farms from tor but it's technically not possible. | encryptluks2 wrote: | I'm surprised that they haven't bundled Arti, their Rust-based | tor client implementation. I will say I am thankful for Tor | Browser, but any JavaScript-enabled browser seems like the wrong | choice for privacy and security. | dinosaurdynasty wrote: | Arti doesn't even support hidden services yet. | capableweb wrote: | 1) Arti is basically a prototype at this point, including it | already would be reckless, 2) Arti is a client for the Tor | protocol, and including it in the browser wouldn't have any | impact if JavaScript ships enabled/disabled by default in Tor | Browser, 3) if you really want to, you can easily change the | "Security Level" in Tor Browser to disable JavaScript for all | websites by default. | | As an alternative for the last point, turn the Security Level | to "Safest" or however it's worded, then use the included | NoScript addon to enable it for just sites that just won't work | without JavaScript. You get functional web + JS disabled in | most places where you can. | nibbleshifter wrote: | Arti isn't ready for production use yet. Its a long ways away | from being usable in TBB or as a full drop in for tor itself. | | I think in a years time that will change. | Aisen8010 wrote: | I installed the Tor Browser to access the Z Library a few days | ago. I guess I shouldn't complain, but the downloads are very | slow (I'm not sure if the problem is in my end). | Synaesthesia wrote: | In general connecting over Tor or I2p is slow. | UncleSlacky wrote: | Check Library Genesis (on the open web) before resorting to | z-lib, as that's where z_lib got most of their content in the | first place. | edgyquant wrote: | Tor works by proxying through (at least) 3 PCs before hitting | the open web. The problem is that you're trying to download | big files which is not a use case for tor. | | It's specifically for browsing the web anonymously. | at-fates-hands wrote: | When I first starting using Tor in the mid aughts, I was | using it to download movies and music. I remember talking | with a security friend and he was like, "Bruh, what are you | doing? That's not what Tor is for." and then launched into | a 20 min rant about why I was misusing Tor and affecting | other people using the service by what I was doing. | | It was a good lesson and helped me realize what Tor should | really be used for. | bombcar wrote: | It's likely that downloading music and movies is actually | _helpful_ for those using TOR to "avoid death" - because | it provides more cover and traffic. | ehPReth wrote: | Was it always 7? I seem to remember it being like 3-4? | super256 wrote: | https://i.imgur.com/h1vlxNh.png | bauruine wrote: | For a circuit to clearnet it's 3. Guard --> Middle --> | Exit. For a onion service it's 6 and the connection is a | bit more complicated [0]. The speed varies from very fast | to unbearable depending on your circuit and how bad the | ddos is at that moment. [1] You can try to create a new | and hopefully faster circuit by clicking on the onion | symbol on the left in the address bar. | | [0] https://github.com/mikeperry- | tor/vanguards/blob/master/READM... | | [1] | https://status.torproject.org/issues/2022-06-09-network- | ddos... | edgyquant wrote: | My mistake, updated my comment | bauruine wrote: | In your defense I also wasn't sure for a minute and had | to look it up. Could also have been three hops to the | intro point from the onion service. | makerofspoons wrote: | Connecting to hidden services it's 6 hops, reaching out | to the internet it's 3 hops. | ravenstine wrote: | I've basically come to the same conclusion having attempted to | use a lot of Tor Browser's default config in Firefox. Most of | it is a good idea, but trying to be untrackable while | JavaScript is turned on seems futile. Every single browser's | APIs are leaky as hell. No matter how many things are turned | off or obfuscated, there's always a few unique-ish details that | are exposed that create a fingerprint. | | There was one point where my anti-fingerprinting tactics _did_ | appear to fool Panopticlick, but that apparently didn 't last | long. Fingerprinting and anti-fingerprinting are a cat and | mouse game, and much worse so than just ad-blocking because | there's more at stake than just being annoyed by banners. | There's also _way_ too many websites doing everything, and I | mean _everything_ with JS. Fricking blog sites half the time | display nothing more than a motionless loading spinner if you | don 't have JS turned on. And if you turn JS on well good luck | because lots of things want to use <canvas> to render things | that don't even strictly need it, and you're really not going | to casually enable canvas for certain things? Even the list of | fonts is a decent metric for fingerprinting, yet that's rarely | taken seriously because even privacy experts seem to believe | that every website needs to display its own fonts for "brand | identity." | | Though I would stay away from Tor anyway, if I were to use it, | JS would have to be turned off entirely. | rodric wrote: | My default browser is Librewolf with JavaScript turned off. | If a page fails to load correctly, I reopen it in Firefox | private browsing mode (or, if it _still_ fails, Chrome | incognito mode). If it's a site I expect to come back to in | future, I bookmark it in Firefox and assign it its own | container using the Multi-Account Containers extension. | bawolff wrote: | Security is always a compromise between competing concerns. A | browser that cannot browse a significant chunk of the internet | doesn't get used and helps nobody. ___________________________________________________________________ (page generated 2022-12-07 23:00 UTC)